Learn practical steps to harden an Oracle database against unauthorized access, including user security, privileges, auditing, encryption, patching, and monitoring. A complete Oracle DBA security guide by Learnomate Technologies.
123456789101112131415161718192021222324252627
SELECT
username, account_status
FROM
dba_users;
ALTER
USER
scott ACCOUNT LOCK;
ALTER
USER
hr ACCOUNT LOCK;
CREATE
PROFILE secure_profile LIMIT
FAILED_LOGIN_ATTEMPTS
5
PASSWORD_LIFE_TIME
60
PASSWORD_REUSE_TIME
365
PASSWORD_REUSE_MAX
5
PASSWORD_VERIFY_FUNCTION ora12c_verify_function;
ALTER
USER
app_user PROFILE secure_profile;123456789101112131415161718192021222324252627282930313233343536
SELECT
*
FROM
dba_role_privs
WHERE
grantee
=
'APP_USER'
;
SELECT
*
FROM
dba_sys_privs
WHERE
grantee
=
'APP_USER'
;
REVOKE
DBA
FROM
app_user;
CREATE
ROLE app_read_role;
GRANT
SELECT
ON
schema.table1
TO
app_read_role;
GRANT
app_read_role
TO
app_user;12
tcp.validnode_checking = YES
tcp.invited_nodes = (192.168.1.10,192.168.1.20)123456789101112131415161718192021222324252627282930
ADMINISTER KEY MANAGEMENT
SET
KEYSTORE
OPEN
IDENTIFIED
BY
"wallet_password";
ADMINISTER KEY MANAGEMENT
SET
KEY IDENTIFIED
BY
"wallet_password"
WITH
BACKUP;
ALTER TABLE
employees MODIFY (salary ENCRYPT);
CREATE
TABLESPACE secure_ts
DATAFILE
'/u01/oradata/secure01.dbf'
SIZE
100
M
ENCRYPTION
USING
'AES256'
DEFAULT
STORAGE(ENCRYPT);1234567891011121314151617181920212223242526
AUDIT
CREATE
USER
;
AUDIT
DROP
USER
;
AUDIT
GRANT
ANY
PRIVILEGE;
AUDIT
ALTER
SYSTEM
;
SELECT
event_timestamp, dbusername, action_name
FROM
unified_audit_trail
ORDER
BY
event_timestamp
DESC
;123456789101112131415161718
ALTER
USER
SYS IDENTIFIED
BY
StrongPassword;
ALTER
USER
SYSTEM
IDENTIFIED
BY
StrongPassword;
ALTER
SYSTEM
SET
remote_login_passwordfile
=
EXCLUSIVE;12345678
CONFIGURE ENCRYPTION
FOR
DATABASE
ON
;
CONFIGURE ENCRYPTION ALGORITHM
'AES256'
;123
DBMS_SERVICE.DELETE_SERVICE(
'unused_service'
);1234
chmod
-R 700 /u01/app/oracle
chown
-R oracle:oinstall /u01/app/oracle1234567891011121314151617181920212223242526272829
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema
=
>
'HR'
,
object_name
=
>
'EMPLOYEES'
,
column_name
=
>
'SALARY'
,
policy_name
=
>
'mask_salary'
,
function_type
=
>
DBMS_REDACT.FULL);
END
;
/Please to add comments
No comments yet. Be the first to comment!