roh oracle 10gr2 fga
DESCRIPTION
oracle securtyTRANSCRIPT
CS780
April 29, 2010
Cassidy Heeyeon Roh
Oracle 10g R2 Auditing Features:Fine-Grained Auditing
Auditing Monitoring and recording of selected user database
actions
SQL statements
User name
Application
Time, etc
Security policies can trigger auditing when specified elements in an Oracle database are accessed or altered, including the contents within a specified object
Auditing Purpose
Enable future accountability for current actions taken in particular schema, table, or row, or affecting specific content
Deter users (or others) from inappropriate actions based on that accountability
Investigate suspicious activity Deletion of rows from tables
Auditing Purpose
Notify an auditor that an unauthorized user is manipulating or deleting data and that the user has more privileges than expected which can lead to reassessing user authorizations
Monitor and gather data about specific database activities Updates, number of concurrent users at peak times
Detect problems with authorization or access control implementation Create audit policies to track them
Audit Records Audit records
Successful statement execution, unsuccessful statement execution, or both
Statement execution once in each user session or once every time the statement is executed
Activities of all users or of a specified user
Audit record storage
Contains audited operation, user of operation, time and date of operation
Data dictionary table database audit trail
Operating system files operating system audit trail
Audit Types Types of Audits
Statement Auditing AUDIT TABLE
Audit SQL statements by type of statement
Broad
Audit on selected user or every user
Privilege Auditing AUDIT CREATE TABLE
Statement auditing, auditing particular type of action
Audit on selected user or every user
Audit Types Types of Audits
Schema Object Auditing AUDIT SELECT ON <employees>
Audit specific statements on particular schema objects
Focused
Specified type of statement on a specified schema object
Always applies to all users of the database
Fine-Grained Auditing Audit at the most granular level
Data access and actions based on content using any Boolean measure
Audit on access to or change in a column
FGA vs Triggers Triggers PS/SQL call for every row processed
Create record only when relevant information changed by DML statement
FGA
No additional cost per row process
Audit only once for every policy
Audit when specified relevant column occur Specific type of DML statement
Changed by statement/selection
Combination criteria statement
Supports tables and views
Fine-Grained Auditing Implement security policies and associate security
policies with tables, views or synonyms
Automatic enforcement of security policies regardless of data access method (e.g. through application by ad hoc queries)
Application context with fined-grained access control is called Virtual Private Database (VPD)
Fine-Grained Auditing Advantages
Simple user-defined SQL predicates on objects as conditions for selective auditing
Query is auditing during fetch When policy conditions are met for a returning row
Able to run a user-defined event handler, if specified in policy
Implement using DBMS_FGA package or triggers
Fine-Grained Access Control (VPD) Capabilities
Limit access at row levels SELECT, INSERT, UPDATE, DELETE
Use security policies when you need them
Invoke a policy only if a particular column is referenced
Restrict access using a combination of row-level and column-level controls, by applying a VPD policy to a view
Fine-Grained Access Control (VPD) Capabilities
Have some policies that are always applied, called static policies, and others that can change during execution, called dynamic policies
Use more than one policy for each table, including building on top of base policies in packaged applications
Distinguish policies between different applications by using policy groups. Each policy group is a set of policies that belong to an application
Fine-Grained Access Control (VPD) Capabilities
Distinguish and control the use of INDEX in row level security policies
Designate an application context, called a driving context, to indicate the policy group in effect. When tables, views, or synonyms are accessed, the fine-grained access control engine looks up the driving context to determine the policy group in effect and enforces all the associate policies that belong to that policy group
Fine-Grained Auditing PL/SQL package
Administer security policies/policy groups Add, drop, enable, refresh
DBMS_RLS for VPD (fine-grained access control)
DBMS_FGA for Fine-Grained Auditing
Audit record storage
SYS.FGA_LOG$ table
Access through DBA_FGA_AUDIT_TRAIL view
Fine-Grained Auditing Minimize false or unhelpful audits with
specifications
Audit INSERT, UPDATE, MERGE, SELECT, DELETE
No need to enable AUDIT_TRAIL
Add/remove policies as necessary
Require EXECUTE privilege on DBMS_FGA package
Ability to temporarily enable/disable FGA policies
No loss of metadata
DBMS_FGA.ENABLE_POLICY
DBMS_FGA.DISABLE_POLICY
Fine-Grained Auditing Policies
Monitor data accessed based on content
Specify columns and conditions E.g. specific types of DML statements in connection with
columns specified
Specify name of routine performed when audit event occurs Notify
Alert administrator
Handle errors and anomalies
Fine-Grained Auditing Policies
Example Limiting logical access to
Specifications
Test results for product under developement
Salary
Audit Action type
Area of action
Time of action
User of action
FGA – ADD_POLICY ParametersParameter Description Default Value
object_schema The schema of the object to be audited. (If NULL, then the current login user schema is assumed.)
NULL
object_name The name of the object to be audited. -
policy_name The unique name of the policy. -
audit_condition A condition in a row that indicates a monitoring condition. NULL is allowed and acts as TRUE.
NULL
audit_column The columns to be checked for access. These can include hidden columns. The default, NULL, causes audit if any column is accessed or affected.
NULL
handler_schema The schema that contains the event handler. The default, NULL, causes the current schema to be used.
NULL
handler_module The function name of the event handler includes the package name if necessary. This function is called only after the first row that matches the audit condition in the query is processed. If the procedure fails with an exception, then the user SQL statement will fail as well.
NULL
enable Whether the policy is to be enabled: TRUE means enable it. TRUE
statement_types The SQL statement types to which this policy is applicable: INSERT, UPDATE, DELETE, or SELECT only.
TRUE
audit_trail Both where to write the fine-grained audit trail and whether or not to populate LSQLTEXT and LSQLBIND.
DB+EXTENDED
audit_column_opts Whether a statement is audited when the query references any column specified in the audit_column parameter or only when all such columns are referenced.
ANY_COLUMNS
Fine-Grained Auditing Event handler Flexible event handler (handler_module)
Notify administrator when triggering event occursPROCEDURE <procedure name>
(object_schema VARCHAR2, object_name VARCHAR2, policy_name VARCHAR2 )
AS ...
Audit trail record audit_trail
DBMS_FGA.DB + DBMS_FGA.EXTENDED
SQLBIND and SQLTEXT values are recorded
DBMS_FGA.XML
Audit records written to XML-formatted OS files
Fine-Grained Auditing DBMS_FGA.ADD_POLICY Syntax
DBMS_FGA.ADD_POLICY(
object_schema VARCHAR2,
object_name VARCHAR2,
policy_name VARCHAR2,
audit_condition VARCHAR2,
audit_column VARCHAR2,
handler_schema VARCHAR2,
handler_module VARCHAR2,
enable BOOLEAN,
statement_types VARCHAR2,
audit_trail BINARY_INTEGER IN DEFAULT,
audit_column_opts BINARY_INTEGER IN DEFAULT);
Fine-Grained Auditing DBMS_FGA.ADD_POLICY Example
begin
DBMS_FGA.ADD_POLICY (
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mypolicy1',
audit_condition => 'sal < 100', -- audit when sal < 100
audit_column => 'comm, sal',
handler_schema => NULL,
handler_module => NULL,
enable => TRUE,
statement_types => 'INSERT, UPDATE',
audit_trail => DBMS_FGA.XML + DBMS_FGA.EXTENDED,
audit_column_opts => DBMS_FGA.ANY_COLUMNS);
end;
/
Fine-Grained Auditing DBMS_FGA.ADD_POLICY Example
begin
DBMS_FGA.ADD_POLICY (
object_schema => 'HR',
object_name => 'EMPLOYEES',
policy_name => 'POLICY_EMP_SAL_COMM',
audit_condition => 'NULL', -- record all
audit_column => 'SALARY, COMMISSION_PCT',
statement_types => 'SELECT, UPDATE',
audit_column_opts => DBMS_FGA.ALL_COLUMNS
-- audit when all audit_column specified are in statement_types);
end;
/
PL/SQL procedure successfully completed.
Fine-Grained Auditing Example executions as HR:
UPDATE hr.employees
SET SALARY = SALARY+ 4000
WHERE employee_id =197;
UPDATE hr.employees
SET SALARY = SALARY+ 4000,
COMMISSION_PCT = COMMISSION_PCT+ 0.5
WHERE COMMISSION_PCT > 0;
SELECT employee_id, salary FROM hr.employees;
DELETE hr.employees WHERE employee_id = 110;
SELECT * FROM hr.employees;
Fine-Grained Auditing Example executions before enabled:
UPDATE hr.employees
SET SALARY = SALARY+ 4000
WHERE employee_id =197; 1 row updated.
UPDATE hr.employees
SET SALARY = SALARY+ 4000,
COMMISSION_PCT = COMMISSION_PCT+ 0.5
WHERE COMMISSION_PCT > 0; 35 rows updated.
SELECT employee_id, salary FROM hr.employees; 107 rows selected.
DELETE hr.employees WHERE employee_id = 110; 1 row deleted.
SELECT * FROM hr.employees; 106 rows selected.
Fine-Grained Auditing DBMS_FGA.ENABLE_POLICY Example
DBMS_FGA.ENABLE_POLICY(
object_schema VARCHAR2,
object_name VARCHAR2,
policy_name VARCHAR2,
enable BOOLEAN);
BEGIN
DBMS_FGA.ENABLE_POLICY (
object_schema => 'HR',
object_name => 'EMPLOYEES',
policy_name => 'POLICY3_EMP_SAL_COMM',
enable => TRUE);
END;
/
PL/SQL procedure successfully completed.
Fine-Grained Auditing DBMS_FGA.ENABLE_POLICY Example
DBMS_FGA.DISABLE_POLICY(
object_schema VARCHAR2,
object_name VARCHAR2,
policy_name VARCHAR2,
enable BOOLEAN);
DBMS_FGA.DROP_POLICY(
object_schema VARCHAR2,
object_name VARCHAR2,
policy_name VARCHAR2,
enable BOOLEAN);
Fine-Grained Auditing Example executions when enabled:
UPDATE hr.employees
SET SALARY = SALARY+ 4000
WHERE employee_id =197; 1 row updated.
-- NOT audited as only UPDATE on SALARY (no COMMISION_PCT)
UPDATE hr.employees
SET SALARY = SALARY+ 4000,
COMMISSION_PCT = COMMISSION_PCT+ 0.5
WHERE COMMISSION_PCT > 0; 35 rows updated.
UPDATE hr.employees
*
ERROR at line 1:
ORA-28138: Error in Policy Predicate
-- audited when UPDATE/SELECT on SALARY AND COMMISION_PCT
Fine-Grained Auditing Example executions when enabled:
SELECT employee_id, salary FROM hr.employees; 107 rows selected.
-- NOT audited as require SALARY and COMMISSION_PCT
DELETE hr.employees WHERE employee_id = 110; 1 row deleted.
-- NOT audited as DELETE action not specified
SELECT * FROM hr.employees; 106 rows selected.
SELECT * FROM hr.employees
*
ERROR at line 1:
ORA-28112: failed to execute policy function
Fine-Grained Auditing Audit trails:
SELECT * FROM SYS.FGA_LOG$;
SELECT/DELETE * FROM DBA_FGA_AUDIT_TRAIL;
847
20-APR-10 HR MET-VS\CS780
WORKGROUP\MET-VS MET-VS\CS780
HR EMPLOYEES
POLICY_EMP_SAL_COMM 698725
UPDATE hr.employees
SET SALARY = SALARY+ 4000
WHERE employee_id =197
UPDATE 20-APR-10 03.39.32.544000 PM -04:00
Audit trails as stored in OSElement Type
AUDIT_TYPE NUMBER
CLIENT_ID VARCHAR2(64)
COMMENT_TEXT VARCHAR2(4000)
DB_USER VARCHAR2(30)
ENTRYID NUMBER
EXTENDED_TIMESTAMP TIMESTAMP(6) WITH TIME ZONE
GLOBAL_UID VARCHAR2(32)
INSTANCE_NUMBER NUMBER
OBJECT_NAME VARCHAR2(128)
OBJECT_SCHEMA VARCHAR2(30)
POLICY_NAME VARCHAR2(30)
PROXY_SESSIONID NUMBER
SESSION_ID NUMBER
SQL_BIND VARCHAR2(4000)
SQL_TEXT VARCHAR2(4000)
STATEMENT_TYPE VARCHAR2(28)
STATEMENTID NUMBER
TERMINAL VARCHAR2(255)
TRANSACTIONID RAW(8)
Audit Trails ViewsView Description
STMT_AUDIT_OPTION_MAP Contains information about auditing option type codes. Created by the SQL.BSQ script at CREATE DATABASE time.
AUDIT_ACTIONS Contains descriptions for audit trail action type codes.
ALL_DEF_AUDIT_OPTS Contains default object-auditing options that will be applied when objects are created.
DBA_STMT_AUDIT_OPTS Describes current system auditing options across the system and by user.
DBA_PRIV_AUDIT_OPTS Describes current system privileges being audited across the system and by user.
DBA_OBJ_AUDIT_OPTS
USER_OBJ_AUDIT_OPTS
Describes auditing options on all objects. The USER view describes auditing options on all objects owned by the current user.
DBA_AUDIT_TRAIL
USER_AUDIT_TRAIL
Lists all audit trail entries. The USER view shows audit trail entries relating to current user.
DBA_AUDIT_OBJECT
USER_AUDIT_OBJECT
Contains audit trail records for all objects in the system. The USER view lists audit trail records for statements concerning objects that are accessible to the current user.
DBA_AUDIT_SESSION
USER_AUDIT_SESSION
Lists all audit trail records concerning CONNECT and DISCONNECT. The USER view lists all audit trail records concerning connections and disconnections for the current user.
DBA_AUDIT_STATEMENT
USER_AUDIT_STATEMENT
Lists audit trail records concerning GRANT, REVOKE, AUDIT, NOAUDIT, and ALTER SYSTEM statements throughout the database, or for the USER view, issued by the user.
DBA_AUDIT_EXISTS Lists audit trail entries produced BY AUDIT NOT EXISTS.
DBA_AUDIT_POLICIES Shows all the auditing policies on the system.
DBA_FGA_AUDIT_TRAIL Lists audit trail records for value-based auditing.
DBA_COMMON_AUDIT_TRAIL Combines standard and fine-grained audit log records, and includes SYS and mandatory audit records written in XML format.
Audit Trails Combining regular auditing (AUDIT command)
and FGA audit policies Query the DBA_COMMON_AUDIT_TRAILS data
dictionary view Union of DBA_AUDIT_TRAIL and DBA_FGA_AUDIT_TRAIL
data dictionary views
DBA_AUDIT_TRAIL view provides audit trail entries
DBA_FGA_AUDIT_TRAIL displays all audit records for FGA
Questions/Comments?