Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
****************/
Session altered.
-------------------
16-05-2019 10:31:07
1 row selected.
BANNER
--------------------------------------------------------------------------------
5 rows selected.
INSTANCE_NAME HOST_NAME
STATUS
---------------- ----------------------------------------------------------------
------------
orcl DESKTOP-7JS000T
OPEN
1 row selected.
1 row selected.
Profile altered.
1 row selected.
-- 1.2. Definir el tiempo que permanece bloqueada la contrase�a del usuario despu�s
de bloqueo por intentos fallidos de autenticaci�n sobre el perfil por defecto
SELECT * FROM DBA_PROFILES WHERE RESOURCE_NAME='PASSWORD_LOCK_TIME' AND
PROFILE='DEFAULT';
1 row selected.
Profile altered.
no rows selected
-- 1.4. Limitar el n�mero de sesiones por usuario sobre el perfil por defecto
SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE PROFILE='DEFAULT' AND
RESOURCE_NAME='SESSIONS_PER_USER';
------------------------------ --------------------------------
----------------------------------------
DEFAULT SESSIONS_PER_USER 1
1 row selected.
Profile altered.
System altered.
/* 2. Parametros Generales */
-- "Esto se debe realizar de manera manual accediendo a la ruta del ORACLE_HOME
debe hacer los cambios reiniciar la BD y luego validar los cambios"
-- 2.4. Forzar el uso de nombre para links de bases de datos iguales a la base de
datos destino - Verificar que este en TRUE el parametro GLOBAL_NAMES
SHOW PARAMETER GLOBAL_NAMES;
System altered.
-- 2.5. Definir valor para el listener local - Verificar que este definido el
valor del LOCAL_LISTENER - Ejemplo para la BD de RRHH debe estar en LISTENER_RRHH
SHOW PARAMETER LOCAL_LISTENER;
OL=IPC)(KEY=REGISTER)))
System altered.
-- 2.6. Deshabilitar el uso de grupos del sistema operativo para gesti�n de la base
de datos - Verificar que este en FALSE el parametro OS_ROLES
SHOW PARAMETER OS_ROLES;
System altered.
remote_listener string
System altered.
System altered.
-- 2.9. Deshabilitar el uso de grupos del sistema operativo remoto para gesti�n de
la base de datos tipo UTL_FILE - verificar que este en FALSE el parametro
REMOTE_OS_ROLES
SHOW PARAMETER REMOTE_OS_ROLES;
System altered.
sec_max_failed_login_attempts integer 10
System altered.
System altered.
System altered.
-- 2.14. Habilitar seguridad sql92 - Verificar que el parametro SQL92_SECURITY este
en FALSE
SHOW PARAMETER SQL92_SECURITY;
System altered.
System altered.
BANNER
--------------------------------------------------------------------------------
5 rows selected.
/* 3. Politica De Contrase�as */
------------------------------ --------------------------------
DEFAULT PASSWORD_LOCK_TIME
1 row selected.
Profile altered.
1 row selected.
PROFILE RESOURCE_NAME
------------------------------ --------------------------------
DEFAULT PASSWORD_REUSE_MAX
1 row selected.
Profile altered.
no rows selected
-- 3.3. Restringir el n�mero de d�as que tienen que pasar para cambiar una
contrase�a sobre el perfil por defecto
SELECT PROFILE, RESOURCE_NAME FROM DBA_PROFILES WHERE PROFILE='DEFAULT' AND
RESOURCE_NAME='PASSWORD_REUSE_TIME';
PROFILE RESOURCE_NAME
------------------------------ --------------------------------
DEFAULT PASSWORD_REUSE_TIME
1 row selected.
Profile altered.
1 row selected.
NUM NAME
TYPE
----------
--------------------------------------------------------------------------------
----------
VALUE
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--
DISPLAY_VALUE
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--
ISDEFAULT ISSES ISSYS_MOD ISINS ISMODIFIED ISADJ ISDEP ISBAS DESCRIPTION
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
------ ----------
1412 remote_login_passwordfile
2
EXCLUSIVE
EXCLUSIVE
FALSE FALSE FALSE FALSE FALSE FALSE FALSE TRUE password file usage
parameter
3127891494
1 row selected.
System altered.
no rows selected
USERNAME
------------------------------
DIEGO
ITSS_TUNJA
ITSECURITY
OWBSYS_AUDIT
OWBSYS
APEX_030200
APEX_PUBLIC_USER
FLOWS_FILES
MGMT_VIEW
SYSMAN
SPATIAL_CSW_ADMIN_USR
SPATIAL_WFS_ADMIN_USR
MDDATA
MDSYS
SI_INFORMTN_SCHEMA
ORDPLUGINS
ORDDATA
ORDSYS
OLAPSYS
ANONYMOUS
XDB
CTXSYS
EXFSYS
XS$NULL
WMSYS
APPQOSSYS
DBSNMP
ORACLE_OCM
DIP
OUTLN
SYSTEM
SYS
32 rows selected.
1 row selected.
SELECT OWNER, OBJECT_TYPE, STATUS, COUNT(1) FROM ALL_OBJECTS WHERE OBJECT_TYPE LIKE
'PACKAGE%' AND STATUS = 'INVALID' GROUP BY OWNER, OBJECT_TYPE, STATUS;
------------------------------ ------------------------------
------------------------------ ------------------------------
---------------------------------------- --- ---
1 row selected.
Revoke succeeded.
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
------------------------------ ------------------------------
------------------------------ ------------------------------
---------------------------------------- --- ---
PUBLIC SYS
DBMS_OBFUSCATION_TOOLKIT SYS EXECUTE
NO NO
1 row selected.
Revoke succeeded.
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
no rows selected
/* 5. Privilegios de Sistema */
GRANTEE PRIVILEGE
------------------------------ ----------------------------------------
1 row selected.
GRANTEE PRIVILEGE
------------------------------ ----------------------------------------
10 rows selected.
GRANTEE PRIVILEGE
------------------------------ ----------------------------------------
1 row selected.
no rows selected
no rows selected
GRANTEE PRIVILEGE
------------------------------ ----------------------------------------
2 rows selected.
no rows selected
6 rows selected.
1 row selected.
1 row selected.
no rows selected
no rows selected
no rows selected
no rows selected
REVOKE ALL ON USER_HISTORY$ FROM [usuario];
REVOKE ALL ON USER_HISTORY$ FROM [usuario]
*
ERROR at line 1:
ORA-00987: faltan los nombres de usuario o no son v�lidos
no rows selected
OWNER
------------------------------
SYS
1 row selected.
no rows selected
no rows selected
GRANTEE
------------------------------
EXP_FULL_DATABASE
SPATIAL_WFS_ADMIN_USR
SCHEDULER_ADMIN
OLAPSYS
OUTLN
DATAPUMP_IMP_FULL_DATABASE
6 rows selected.
15 rows selected.
/* 7. Privilegios de Roles */
no rows selected
1 row selected.
no rows selected
GRANTEE GRANTED_ROLE
------------------------------ ------------------------------
ITSECURITY DBA
1 row selected.
/* 8. Auditoria */
audit_trail string DB
-- Activar auditoria
ALTER SYSTEM SET AUDIT_TRAIL='DB' SCOPE=SPFILE;
System altered.
-- Desactivar auditoria
ALTER SYSTEM SET audit_trail = "NONE" SCOPE=SPFILE;
System altered.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
CREATE PROCEDURE
BY ACCESS BY ACCESS
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
CREATE PROCEDURE
BY ACCESS BY ACCESS
1 row selected.
Audit succeeded.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
Audit succeeded.
-- 8.4. Auditar actividades de tipo ALTER ANY PROCEDURE y DROP ANY PROCEDURE
SELECT * FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION = 'ALTER ANY PROCEDURE';
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
Audit succeeded.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
Audit succeeded.
-- 8.5. Auditar actividades de tipo CREATE ANY LIBRARY y DROP ANY LIBRARY
SELECT * FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION = 'CREATE ANY LIBRARY';
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
1 row selected.
Audit succeeded.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
Audit succeeded.
-- 8.6. Auditar actividades de tipo CREATE ANY TRIGGER, ALTER ANY TRIGGER y DROP
ANY TRIGGER
SELECT * FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION = 'CREATE ANY TRIGGER';
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
Audit succeeded.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
Audit succeeded.
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
1 row selected.
Audit succeeded.
-- 8.7. Auditar todas las acciones sobre las tablas de auditor�a de la base de
datos (AUD$)
--SELECT * FROM DBA_AUDIT_TRAIL;
AUDIT ALL ON SYS.AUD$;
Audit succeeded.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
ALTER SYSTEM
BY ACCESS BY ACCESS
1 row selected.
------------------------------ ------------------------------
---------------------------------------- ---------- ----------
ALTER SYSTEM
BY ACCESS BY ACCESS
1 row selected.
USERNAME OBJ_NAME
ACTION_NAME
------------------------------
-----------------------------------------------------------------------------------
--------------------------------------------- ----------------------------
COMMENT_TEXT
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--
PRIV_USED
----------------------------------------
SQL_TEXT
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--
ITSECURITY
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
SYSTEM
ALTER SYSTEM
ALTER SYSTEM
26 rows selected.
Audit succeeded.
-- 8.9. Activar la auditor�a para las operaciones hechas por los roles SYSDBA y
SYSOPER
SHOW PARAMETER AUDIT_SYS_OPERATIONS;
System altered.
spool off