Oracle AUDIT
AUDIT_SYS_OPERATIONS
This is a CIS Benchmark requirementAUDIT_SYS_OPERATIONS
Check
Check
SELECT UPPER(VALUE)
FROM V$SYSTEM_PARAMETER
WHERE UPPER(NAME) = 'AUDIT_SYS_OPERATIONS';
Change
Change
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS = TRUE SCOPE=SPFILE;
Changes to this parameter will take effect at next instance startupAUDIT_TRAIL
This is a CIS Benchmark requirementAUDIT_TRAIL
Check
Check
SELECT UPPER(VALUE)
FROM V$SYSTEM_PARAMETER
WHERE UPPER(NAME)='AUDIT_TRAIL';
Change
Change
ALTER SYSTEM SET AUDIT_TRAIL = none SCOPE = SPFILE;
This setting does NOT meet the CIS Benchmark requirement.Changes to this parameter will take effect at next instance startupThis is the default if the parameter is not setThis setting disables standard auditing.
ALTER SYSTEM SET AUDIT_TRAIL = db SCOPE = SPFILE;
This setting meets the CIS Benchmark requirementChanges to this parameter will take effect at next instance startupThis is the default if the database is built using DBCAALTER SYSTEM SET AUDIT_TRAIL = db, extended SCOPE = SPFILE;
This setting meets the CIS Benchmark requirementChanges to this parameter will take effect at next instance startupWrites audit records to SYS.AUD$.
ALTER SYSTEM SET AUDIT_TRAIL = os SCOPE = SPFILE;
This setting meets the CIS Benchmark requirementChanges to this parameter will take effect at next instance startupThis is the Oracle recommended settingIt also allows the log to be monitored using tools like SplunkWrites audit records to an operating system file.
ALTER SYSTEM SET AUDIT_TRAIL = xml SCOPE = SPFILE;
This setting meets the CIS Benchmark requirementChanges to this parameter will take effect at next instance startupALTER SYSTEM SET AUDIT_TRAIL = xml, extended SCOPE = SPFILE;
This setting meets the CIS Benchmark requirementChanges to this parameter will take effect at next instance startupWrites audit records to an operating system file in XML format.
Bibliography
Bibliography