Therefore, there will always be some evidence
of activity, intentional or accidental, against the SYS.AUD$ table. In addition, if AUDIT_SYS_
OPERATIONS is set to true, any sessions using as sysdba, as sysoper, or connecting as SYS itself
will be logged in the operating system audit location, which presumably even the Oracle DBAs
would not have access to. As a result, we have many safeguards in place to ensure that we record
all privileged activity in the database, along with any attempts to hide this activity!
Enabling Enhanced Auditing
As of Oracle Database 11g, the Database Configuration Assistant (DBCA) makes it easy
to enable default (enhanced) auditing. Although there is some overhead to record auditing
Data Dictionary View Description
AUDIT_ACTIONS Contains descriptions for audit trail action type codes, such
as INSERT, DROP VIEW, DELETE, LOGON, and LOCK.
DBA_AUDIT_OBJECT Audit trail records related to objects in the database.
DBA_AUDIT_POLICIES Fine-grained auditing policies in the database.
DBA_AUDIT_SESSION All audit trail records related to CONNECT and
DISCONNECT.
DBA_AUDIT_STATEMENT Audit trail entries related to GRANT, REVOKE, AUDIT,
NOAUDIT, and ALTER SYSTEM commands.
DBA_AUDIT_TRAIL Contains standard audit trail entries. USER_AUDIT_TRAIL
contains audit rows for connected user only.
DBA_FGA_AUDIT_TRAIL Audit trail entries for fine-grained auditing policies.
DBA_COMMON_AUDIT_TRAIL Combines standard and fine-grained auditing rows into
one view.
Pages:
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558