Documentation - V-270510

Title

The audit information produced by the Oracle Database must be protected from unauthorized access, modification, or deletion.

Description

<VulnDiscussion>If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. In addition, access to audit records provides information an attacker could potentially use to his or her advantage. To ensure the veracity of audit data, the information system and/or the application must protect audit information from any and all unauthorized access. This includes read,...

Fix Text (Documentation Requirement)

Add controls and modify permissions to protect database audit log data from unauthorized modification, whether stored in the database itself or at the OS level. Logs are stored in the database: For Standard Auditing, Revoke access to the AUD$ table to anyone who should not have access to it. For Unified Auditing, Revoke access to the tables with AUDSYS as the owner. Use the REVOKE statement to remove permissions from a specific user or from all users to perform actions on database objects. REVOKE privilege-type ON [ TABLE ] { table-Name | view-Name } FROM grantees Use the ALL PRIVILEGES privilege type to revoke all of the permissions from the user for the specified table. Can also revoke one or more table privileges by specifying a privilege-list. Use the DELETE privilege type to revo...