Solved

Need source of scripts and commands  to capture Oracle 11G R2 Database Security posture

Posted on 2014-11-27
4
217 Views
Last Modified: 2015-06-23
I am looking for a source of scripts to run on a Windows server hosting an Oracle 11.2 G Database.  I need to produce a report of all users and their privileges, all processes and their owners and privileges, all databases and tables, all access controls on tables, all configuration data for the database and its audit features.  This is pretty much the same raw information that the discovery/collection  part of a Database Vulnerability Analysis scanner would collect.   Another party will then analyze the results collected and decide what to do to harden the system. The primary focus is Oracle, not Windows vulnerabilities.
0
Comment
Question by:sealnose
4 Comments
 
LVL 34

Accepted Solution

by:
johnsone earned 250 total points
ID: 40470289
Some of that is pretty easy to get.  You just need to dump the following views:

Users:
    DBA_USERS

Privileges, access controls:
    DBA_SYS_PRIVS
    DBA_ROLE_PRIVS
    DBA_TAB_PRIVS

No idea what you mean by "processes and their owners", the above views would already get the privileges if you are talking about database objects.

Not sure what you are looking for in terms of configuration data and audit features, but that is probably all contained in V$PARAMETER.

In terms of a script, you could easily write a script that goes into SQL*Plus, selects that information and spools it out to files.  I'm not a windows scripting person and not sure what kind of format you are looking for.
0
 
LVL 37

Assisted Solution

by:Geert Gruwez
Geert Gruwez earned 250 total points
ID: 40470344
don't forget the users with default passwords
select * from dba_users_with_defpwd

or check this article for a lot more info on security
http://www.oracle.com/technetwork/articles/sql/11g-security-100258.html
0
 
LVL 22

Expert Comment

by:Steve Wales
ID: 40845984
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question