Environment
NetIQ Secure Configuration Manager 5.6
NetIQ Secure Configuration Manager 5.7
NetIQ Security Agent for Unix 5.6
NetIQ Agent 7.1
Security Manager 6.x
NetIQ Secure Configuration Manager 5.7
NetIQ Security Agent for Unix 5.6
NetIQ Agent 7.1
Security Manager 6.x
Situation
What Oracle audits need enabled to utilize Oracle for Unix in Secure Configuration Manager and Security Manager
Resolution
The Netiq Oracle Monitoring Guide suggests to enable the audits shown bellow.
- AUDIT USER BY ACCESS;
- AUDIT ROLE BY ACCESS;
- AUDIT CONNECT BY ACCESS;
- AUDIT UPDATE ON SYS.AUD$ BY ACCESS;
- AUDIT INSERT TABLE BY ACCESS WHENEVER NOT SUCCESSFUL;
- AUDIT SYSTEM GRANT BY ACCESS;
- AUDIT ALTER ANY TABLE BY ACCESS;
- AUDIT DROP ANY PROCEDURE BY ACCESS;
- AUDIT CREATE ANY CLUSTER, CREATE ANY DIRECTORY, CREATE ANY INDEX, CREATE ANY LIBRARY, CREATE ANY PROCEDURE, CREATE ANY SEQUENCE, CREATE ANY SNAPSHOT, CREATE ANY SYNONYM, CREATE ANY TABLE, CREATE ANY TRIGGER, CREATE ANY TYPE, CREATE ANY VIEW, CREATE CLUSTER, CREATE DATABASE LINK, CREATE LIBRARY, CREATE PROCEDURE, CREATE PROFILE, CREATE PUBLIC DATABASE LINK, CREATE PUBLIC SYNONYM, CREATE ROLLBACK SEGMENT, CREATE SEQUENCE, CREATE SNAPSHOT, CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, CREATE TYPE, CREATE VIEW BY ACCESS;
- AUDIT DROP ANY CLUSTER, DROP ANY DIRECTORY, DROP ANY INDEX, DROP ANY LIBRARY, DROP ANY PROCEDURE, DROP ANY SEQUENCE, DROP ANY SNAPSHOT, DROP ANY SYNONYM, DROP ANY TABLE, DROP ANY TRIGGER, DROP ANY TYPE, DROP ANY VIEW, DROP PROFILE, DROP PUBLIC DATABASE LINK, DROP PUBLIC SYNONYM, DROP ROLLBACK SEGMENT, DROP TABLESPACE, DROP USER BY ACCESS;
- If AUDIT INSERT TABLE BY ACCESS WHENEVER NOT SUCCESSFUL auditing is not enabled then the INSERT Failure rule will not work in SM
Additional Information
Formerly known as NETIQKB71531
Also refer to NETIQKB56490 for tables and views privileges requirements.