The Database Security Assessment Tool (DBSAT) is an incredible free command line tool provided by Oracle Corporation as a utility to help you verify your database for common database security issues(including security policies and controls in place), as well as helping to identify possible sensible data stored with the database. To be able to use it you need to…
Category: Security
Playing with Google Authenticator and Oracle Cloud – Securing SSH to Oracle account with two factor authentication
The Requirement Increase security when connecting via SSH to the Oracle OS account at Oracle Cloud by implementing two factor authentication (TFA or 2FA). The Environment Oracle Cloud Instance OS: Oracle Linux 6.9 The Implementation For this exercise we will implement Google Authenticator as our TFA solution in our Oracle Cloud Instance and configure it…
Oracle CPU (Critical Patch Update) January-2009
The first CPU of 2009 is already out, was released on January 13, 2009. Like always, Oracle strongly recommends applying the patches as soon as possible. To know more about the January CPU like products and components affected, please refer to the following link: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html Cheers, Francisco Munoz Alvarez
How to find all user Roles and Privileges?
Here is the scripts to help you to get this information: PROMPT PROMPT PROMPT ******************************************** ROLES AND PRIVILEGES PROMPT PROMPT ******************************************** USER ROLES SELECT grantee user, granted_role, admin_option, default_role FROM dba_role_privs WHERE grantee IN (SELECT username FROM dba_users) AND grantee NOT LIKE ‘%SYS%’ AND grantee NOT IN (‘DBSNMP’,‘OUTLN’) ORDER BY grantee; PROMPT PROMPT ******************************************** USER…
How to setup a Basic Audit?
For any Oracle versions prior to 9i you will need to set audit_trail parameter in the pfile ie.g.: audit_trail = DB For later Oracle Versions: SQL>alter system set audit_trail = DB; To enable auditing for a specific object run the following command: SQL>AUDIT SELECT, INSERT, UPDATE, DELETE ON SCHEMA.TABLE; To stop auditing use: SQL>NOAUDIT SELECT,…