How to enable audit to trace a user/terminal who is trying to break in
username and password in the database? This is also a good way to Audit
unsuccessful database login attempts.
Do the following steps to enable auditing:
1. Modify the "init
directory to enable the AUDIT_TRAIL parameter.
AUDIT_TRAIL can be set to one of the following values:
DB or TRUE enables systemwide auditing where audited records are written to the database audit trail, the SYS.AUD$ table
OS enables systemwide auditing where audited records are written to the operating system's audit trail.
NONE or FALSE disables auditing.
Example:
--------
AUDIT_TRAIL = TRUE
2. Stop/Start the instance to make the parameter effective.
3. Enable the following audit option
SQL>AUDIT ALL BY ACCESS WHENEVER NOT SUCCESSFUL
4. Then query AUD$ as the following example
SQL> select returncode, action#, userid, userhost, terminal from aud$
RETURNCODE ACTION# USERID USERHOST TERMINAL
---------- ---------- -------- -------------------- --------------------
1017 100 SCOTT WPRATA-BR
1017 100 SCOTT WPRATA-BR
1017 100 SCOTT WPRATA-BR
The return code 1017 means ORA-1017 "invalid username/password; logon denied"
Indicating that host WPRATA-BR tried to break in username/password.
1 comment:
so, what about the service of repair acrobat, provided by other solutions?
Post a Comment