List down currently enabled audit policy
select * from audit_unified_enabled_policies;
{
"results" : [
{
"columns" : [
{
"name" : "POLICY_NAME",
"type" : "VARCHAR2"
},
{
"name" : "ENABLED_OPTION",
"type" : "VARCHAR2"
},
{
"name" : "ENTITY_NAME",
"type" : "VARCHAR2"
},
{
"name" : "ENTITY_TYPE",
"type" : "VARCHAR2"
},
{
"name" : "SUCCESS",
"type" : "VARCHAR2"
},
{
"name" : "FAILURE",
"type" : "VARCHAR2"
}
],
"items" : [
{
"policy_name" : "ORA_SECURECONFIG",
"enabled_option" : "BY USER",
"entity_name" : "ALL USERS",
"entity_type" : "USER",
"success" : "YES",
"failure" : "YES"
},
{
"policy_name" : "ORA_LOGON_FAILURES",
"enabled_option" : "BY USER",
"entity_name" : "ALL USERS",
"entity_type" : "USER",
"success" : "NO",
"failure" : "YES"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"enabled_option" : "BY USER",
"entity_name" : "ALL USERS",
"entity_type" : "USER",
"success" : "YES",
"failure" : "YES"
}
]
}
]
}
List down existing audit policies
select distinct policy_name from audit_unified_policies;
POLICY_NAME
ORA_DV_AUDPOL2
ORA_CIS_RECOMMENDATIONS
ORA_ACCOUNT_MGMT
ORA_DATABASE_PARAMETER
ORA_LOGON_FAILURES
ORA_DV_AUDPOL
ORA_SECURECONFIG
ORA_RAS_SESSION_MGMT
CIS_UNIFIED_AUDIT_POLICY
ORA_RAS_POLICY_MGMT
Get audit policy details (which created per CIS hardening guide for Oracle 18c)
select * from audit_unified_policies where policy_name='CIS_UNIFIED_AUDIT_POLICY';
{
"results" : [
{
"columns" : [
{
"name" : "POLICY_NAME",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_CONDITION",
"type" : "VARCHAR2"
},
{
"name" : "CONDITION_EVAL_OPT",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_OPTION",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_OPTION_TYPE",
"type" : "VARCHAR2"
},
{
"name" : "OBJECT_SCHEMA",
"type" : "VARCHAR2"
},
{
"name" : "OBJECT_NAME",
"type" : "VARCHAR2"
},
{
"name" : "OBJECT_TYPE",
"type" : "VARCHAR2"
},
{
"name" : "COMMON",
"type" : "VARCHAR2"
},
{
"name" : "INHERITED",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_ONLY_TOPLEVEL",
"type" : "VARCHAR2"
}
],
"items" : [
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "SELECT ANY DICTIONARY",
"audit_option_type" : "SYSTEM PRIVILEGE",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE USER",
"audit_option_type" : "SYSTEM PRIVILEGE",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE SYNONYM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP SYNONYM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PROCEDURE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PROCEDURE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE DATABASE LINK",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP DATABASE LINK",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER USER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER SYSTEM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE ROLE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP USER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP ROLE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE TRIGGER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER TRIGGER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP TRIGGER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PROFILE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PROFILE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PROFILE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PROCEDURE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER ROLE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE FUNCTION",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER FUNCTION",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP FUNCTION",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PACKAGE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PACKAGE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PACKAGE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PACKAGE BODY",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PACKAGE BODY",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PACKAGE BODY",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER SYNONYM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER DATABASE LINK",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "GRANT",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "REVOKE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "LOGON",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "LOGOFF",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "CIS_UNIFIED_AUDIT_POLICY",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALL",
"audit_option_type" : "OBJECT ACTION",
"object_schema" : "AUDSYS",
"object_name" : "AUD$UNIFIED",
"object_type" : "TABLE",
"common" : "YES",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
}
]
}
]
}
37 rows selected.
Get audit policy details (which is shipped by Oracle DB by default for 19c)
select * from audit_unified_policies where policy_name='ORA_CIS_RECOMMENDATIONS';
{
"results" : [
{
"columns" : [
{
"name" : "POLICY_NAME",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_CONDITION",
"type" : "VARCHAR2"
},
{
"name" : "CONDITION_EVAL_OPT",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_OPTION",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_OPTION_TYPE",
"type" : "VARCHAR2"
},
{
"name" : "OBJECT_SCHEMA",
"type" : "VARCHAR2"
},
{
"name" : "OBJECT_NAME",
"type" : "VARCHAR2"
},
{
"name" : "OBJECT_TYPE",
"type" : "VARCHAR2"
},
{
"name" : "COMMON",
"type" : "VARCHAR2"
},
{
"name" : "INHERITED",
"type" : "VARCHAR2"
},
{
"name" : "AUDIT_ONLY_TOPLEVEL",
"type" : "VARCHAR2"
}
],
"items" : [
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "SELECT ANY DICTIONARY",
"audit_option_type" : "SYSTEM PRIVILEGE",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER SYSTEM",
"audit_option_type" : "SYSTEM PRIVILEGE",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE SYNONYM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP SYNONYM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PROCEDURE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PROCEDURE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE DATABASE LINK",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP DATABASE LINK",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER USER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER SYSTEM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE USER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE ROLE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP USER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP ROLE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE TRIGGER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER TRIGGER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP TRIGGER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PROFILE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PROFILE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PROFILE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PROCEDURE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER ROLE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE FUNCTION",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER FUNCTION",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP FUNCTION",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PACKAGE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PACKAGE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PACKAGE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE PACKAGE BODY",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER PACKAGE BODY",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "DROP PACKAGE BODY",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER SYNONYM",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER DATABASE LINK",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "GRANT",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"policy_name" : "ORA_CIS_RECOMMENDATIONS",
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "REVOKE",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"common" : "NO",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
}
]
}
]
}
35 rows selected.
What is in CIS but NOT in Oracle shipped CIS policy?
select audit_condition ,
condition_eval_opt ,
audit_option ,
audit_option_type ,
object_schema ,
object_name ,
object_type ,
inherited ,
audit_only_toplevel
from audit_unified_policies
where policy_name='CIS_UNIFIED_AUDIT_POLICY'
minus
select audit_condition ,
condition_eval_opt ,
audit_option ,
audit_option_type ,
object_schema ,
object_name ,
object_type ,
inherited ,
audit_only_toplevel
from audit_unified_policies
where policy_name='ORA_CIS_RECOMMENDATIONS';
{
"items" : [
{
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALL",
"audit_option_type" : "OBJECT ACTION",
"object_schema" : "AUDSYS",
"object_name" : "AUD$UNIFIED",
"object_type" : "TABLE",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE USER",
"audit_option_type" : "SYSTEM PRIVILEGE",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "LOGOFF",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "LOGON",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
}
]
}
]
}
What is in Oracle shipped CIS but NOT in CIS policy?
select audit_condition ,
condition_eval_opt ,
audit_option ,
audit_option_type ,
object_schema ,
object_name ,
object_type ,
inherited ,
audit_only_toplevel
from audit_unified_policies
where policy_name='ORA_CIS_RECOMMENDATIONS'
minus
select audit_condition ,
condition_eval_opt ,
audit_option ,
audit_option_type ,
object_schema ,
object_name ,
object_type ,
inherited ,
audit_only_toplevel
from audit_unified_policies
where policy_name='CIS_UNIFIED_AUDIT_POLICY';
{
"items" : [
{
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "ALTER SYSTEM",
"audit_option_type" : "SYSTEM PRIVILEGE",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
},
{
"audit_condition" : "NONE",
"condition_eval_opt" : "NONE",
"audit_option" : "CREATE USER",
"audit_option_type" : "STANDARD ACTION",
"object_schema" : "NONE",
"object_name" : "NONE",
"object_type" : "NONE",
"inherited" : "NO",
"audit_only_toplevel" : "NO"
}
]
}
]
}