banjora {na+au+uk{auxilium}}

Our deepest apologies as this site is currently under construction... also,  this site is being developed with the new Opera 10 browser with speed dial... check it out!

Blocking Executables from an Oracle DB

Building upon the generous contributions of the Oracle community, this database trigger was designed to provide companies with SOX and ICE related information regarding any 3rd party tool’s access to a given database.

The trigger is designed to restrict access to only the ‘allowable’ programmes, and then validates the session information against specified Windows/Linux/Unix accounts. Additionally, if the executable is renamed in an attempt to disguise the programme, the trigger will not be able to identify the executable and immediately terminate the user’s session. If the database account has ‘admin’ options, the trigger will not terminate the session, but will record the session in an audit table, along with broadcasting an email with the connection information.

• All standard executables have an ‘A’ flag status and allows the programme to run unchecked
• All ‘C’ flagged programmes are checked against the user’s Windows/Linux account to validate if this user is authorized to connect with an identified programme

The database trigger basically identifies the session’s programme executable, and then validates the value against a list of values that resides within the OMON_TOOLPRIV_HDR and OMON_TOOLPRIV_DTL tables respectively.

• If the session’s programme is allowed, no action is taken
• If the session’s programme is to be validated, it checks the session information against maintained information (programme and Window/Linux account)
• If the checked programme is not allowed, it performs the following:
• Records the session information in an audit table
• Sends an email to identified recipients, with the session information and action taken
• Records the attempt and session information in the Oracle Alertlog
• Immediately terminates the user’s session
• If the checked programme is validated and allowed, it performs the following:
• Records the session information in an audit table
• Sends an email to identified recipients, with the session information and action taken
• Records the attempt and session information in the Oracle Alertlog

The rollout of this trigger and the account security maintenance is very simplistic, and is designed to reduce it’s footprint on the database by keeping most of the objects in a separate tablespace.

Step 1: Create a tablespace for the table and index objects to reside. All of the objects can be created with the SYSDBA account, as the only the trigger is recommended to reside in the SYS schema.

Step 2: Create the Email header and detail tables for the recipients

Step 3: Create the Tool Privilege header and detail tables for the executables and accounts that are authorized to run the executables

Step 4: Create the audit table for recording all ‘validated’ or offending programmes

Step 5: Create the database trigger that will perform all the needed tasks. It is preferred that this trigger is created and managed by the SYSDBA account.

• Navigation

  • Home
  • About Us
  • Contact Us
  • Portfolio
  • Site Map
• Categories

  • Development
  • Hardware
  • Informational
  • Linux
  • Oracle RDBMS
  • Oracle VM
  • plsql
  • Reviews
  • Software
  • VMware
  • Wordpress
  • Xen
• Archives

  • August 2009
  • May 2009
  • February 2009
  • November 2008
  • February 2008
  • December 2007
  • November 2007
• Recent Posts

  • Oracle VM 2.1.5 Server, Final Analysis
  • Installing Oracle VM 2.1.2 Server, Part I
  • The Differences Between Oracle 10g Releases
  • last & first {aggregate function}
  • cume_dist {aggregate, analytic function}
  • dense_rank {aggregate, analytic function}
  • first_value {analytical function}
  • Blocking Executables from an Oracle DB
  • Entrepreneurs benefit with Linkedin…
  • Treo 750 upgrade to Windows Mobile 6!