Next in our blog series on Oracle 12 Unified Auditing is a discussion of Mixed Mode. Mixed Mode is the default auditing mode for Oracle 12c. Oracle describes Mixed Mode auditing as a means of becoming familiar with Unified Auditing prior to migrating to Pure Unified Auditing. Mixed Mode allows for all traditional, pre-12c log and audit functionality to co-exist with Unified Auditing. More importantly, Mixed Mode will support any current Syslog-based logging solution.
Mixed mode auditing provides the following key capabilities –
- All existing (pre-12c) auditing initialization configurations and parameters are used such as
AUDIT_TRAIL,AUDIT_FILE_DEST,AUDIT_SYS_OPERATIONS, andAUDIT_SYSLOG_LEVEL - The format of the audit records remains the same as in Oracle Database 11g Release 2
- Writes mandatory audit records to the traditional audit trails
- If the
AUDIT_SYS_OPERATIONSinitialization parameter is set toTRUE, writes audit records only to the traditional audit trails
With Mixed Mode, audit data can be found both in the traditional locations as well as in SYS.UNIFIED_AUDIT_TRAIL. This is because the Unified Auditing Policy ORA_SECURECONFIG is enabled by default. ORA_SECURECONFIG audits the same default audit settings from Oracle Database Release 11g. Integrigy recommends to either periodically purge Unified Auditing data or disable the policy. To disable ORA_SECURECONFIG policy follow the instructions in Oracle Support Note Doc ID 1624051.1.
The following table shows the definition of the default policy ORA_SECURECONFIG. Note the column ‘Common’ that shows that the policy is defined for all PDBs (tenant) databases.
|
Mixed Mode Default Unified Policy ORA_SECURECONFIG |
|||
|---|---|---|---|
|
Audit Option |
Option Type |
Common |
Integrigy Framework |
|
ADMINISTER KEY MANAGEMENT |
SYSTEM PRIVILEGE |
YES |
E11 - Privileged commands |
|
ALTER ANY PROCEDURE |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
ALTER ANY SQL TRANSLATION PROFILE |
SYSTEM PRIVILEGE |
YES |
E11 - Privileged commands |
|
ALTER ANY TABLE |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
ALTER DATABASE |
SYSTEM PRIVILEGE |
YES |
E11 - Privileged commands |
|
ALTER DATABASE LINK |
STANDARD ACTION |
YES |
E13 – Objects |
|
ALTER PLUGGABLE DATABASE |
STANDARD ACTION |
YES |
E11 - Privileged commands |
|
ALTER PROFILE |
STANDARD ACTION |
YES |
E14 - Modify configuration settings |
|
ALTER ROLE |
STANDARD ACTION |
YES |
E8 - Modify role |
|
ALTER SYSTEM |
SYSTEM PRIVILEGE |
YES |
E14 - Modify configuration settings |
|
ALTER USER |
STANDARD ACTION |
YES |
E6 - Modify user account |
|
AUDIT SYSTEM |
SYSTEM PRIVILEGE |
YES |
E11 - Privileged commands |
|
CREATE ANY JOB |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
CREATE ANY LIBRARY |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
CREATE ANY PROCEDURE |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
CREATE ANY SQL TRANSLATION PROFILE |
SYSTEM PRIVILEGE |
YES |
E11 - Privileged commands |
|
CREATE ANY TABLE |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
CREATE DATABASE LINK |
STANDARD ACTION |
YES |
E13 – Objects |
|
CREATE DIRECTORY |
STANDARD ACTION |
YES |
E13 – Objects |
|
CREATE EXTERNAL JOB |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
CREATE PLUGGABLE DATABASE |
STANDARD ACTION |
YES |
E11 - Privileged commands |
|
CREATE PROFILE |
STANDARD ACTION |
YES |
E11 - Privileged commands |
|
CREATE PUBLIC SYNONYM |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
CREATE ROLE |
STANDARD ACTION |
YES |
E7 - Create role |
|
CREATE SQL TRANSLATION PROFILE |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
CREATE USER |
SYSTEM PRIVILEGE |
YES |
E5 – Create user account |
|
DROP ANY PROCEDURE |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
DROP ANY SQL TRANSLATION PROFILE |
SYSTEM PRIVILEGE |
YES |
E13 - Objects |
|
DROP ANY TABLE |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
DROP DATABASE LINK |
STANDARD ACTION |
YES |
E13 – Objects |
|
DROP DIRECTORY |
STANDARD ACTION |
YES |
E13 – Objects |
|
DROP PLUGGABLE DATABASE |
STANDARD ACTION |
YES |
E11 - Privileged commands |
|
DROP PROFILE |
STANDARD ACTION |
YES |
E14 - Modify configuration settings |
|
DROP PUBLIC SYNONYM |
SYSTEM PRIVILEGE |
YES |
E13 – Objects |
|
DROP ROLE |
STANDARD ACTION |
YES |
E8 - Modify role |
|
DROP USER |
SYSTEM PRIVILEGE |
YES |
E6 - Modify user account |
|
EXEMPT ACCESS POLICY |
SYSTEM PRIVILEGE |
YES |
E14 - Modify configuration settings |
|
EXEMPT REDACTION POLICY |
SYSTEM PRIVILEGE |
YES |
E14 - Modify configuration settings |
|
GRANT ANY OBJECT PRIVILEGE |
SYSTEM PRIVILEGE |
YES |
E9 - Grant/revoke user privileges |
|
GRANT ANY PRIVILEGE |
SYSTEM PRIVILEGE |
YES |
E9 - Grant/revoke user privileges |
|
GRANT ANY ROLE |
SYSTEM PRIVILEGE |
YES |
E9 - Grant/revoke user privileges |
|
LOGMINING |
SYSTEM PRIVILEGE |
YES |
E12 - Modify audit and logging |
|
LOGOFF |
STANDARD ACTION |
YES |
E2 - Logoff |
|
LOGON |
STANDARD ACTION |
YES |
E1 - Login |
|
PURGE DBA_RECYCLEBIN |
SYSTEM PRIVILEGE |
YES |
E11 - Privileged commands |
|
SET ROLE |
STANDARD ACTION |
YES |
E11 - Privileged commands |
|
TRANSLATE ANY SQL |
SYSTEM PRIVILEGE |
YES |
E11 - Privileged commands |
If you have questions, please contact us at mailto:info@integrigy.com
Reference
- Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
- Oracle Database Security Guide 12c Release 1 http://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG493
- Why Mixed Mode is generating log data and how to disable it refer to “The UNIFIED_AUDIT_TRAIL is Getting Populated even if Unified Auditing was not explicitly enabled in 12c” Note ID 1624051.1, Oracle Corporation, 28 March 2014, https://support.oracle.com/rs?type=doc&id=1624051.1