109 - 13.4 OEM and the Event Management System

Team-Fly    

 
Oracle Security
By William Heney, Marlene Theriault
Table of Contents
Chapter 13.  Using the Oracle Enterprise Manager


13.4 OEM and the Event Management System

The Event Management System provided by OEM enables you to define events you want the intelligent agent on a platform to watch for within one or more of your databases on that machine. For example, perhaps you would like to catch a high volume of I/O contention occurring within a specific database. The Event Manager can perform that activity.

The Event Management System provides you with a way to proactively monitor for specific events on each of your databases. Many of the monitoring options, like the database UpDown (indicating whether the database is up or down), the alert log being written to, and the number of processes or users exceeded, can be used to help ensure that your database is better protected and more secure.

There are several categories of event types Oracle has predefined and made available; these are broken down by the system events they will affect as follows :

  • Fault Management events

  • Space Management events

  • Resource Management events

  • Performance Management events

The following sections examine each category, and the events within, to see which events might either enhance or endanger your security system.

13.4.1 Fault Management events

You can configure the Event Management System to monitor for the following Fault Management events:

  • New values being written to the alert log (Alert option)

  • Cases where a user is being blocked from being able to perform an action ( User Blocks)

  • Whether the database is up or down (UpDown)

  • The inability of a new database connection to be made (Probe)

From a security perspective, the most significant Fault Management events are:

  • New entries to the alert log that might indicate that someone is modifying the database structure

  • The database unexpectedly being started up or shut down

  • A database connection failing to be made

13.4.1.1 Space Management events

You can configure the Event Management System to monitor for the following Space Management events:

  • The archive log area being too full for another log to be written (the database will stop until space is obtained)

  • The USER_DUMP_DEST or BACKGROUND_DUMP_DEST ( INIT.ORA parameters) space used exceeding a threshold limit

  • A table or tablespace approaching its maximum extent limit

  • A tablespace becoming so fragmented that the largest contiguous chunk available is too small

Although each of these events can impact the ability of the database or a user task to continue to run, none of these events are of great interest to you from a security point of view.

13.4.1.2 Resource Management events

You can configure the Event Management System to monitor for the following Resource Management events:

  • The addition of a datafile that exceeds the stated limit

  • Exceeding an established lock resource limit

  • Exceeding the established process limit

  • Exceeding the session limit

  • Having more users connect to the database than the LICENSE_MAX_SESSIONS value threshold you set

Of these possible events, exceeding either session or user limits is of special security significance. Too many sessions and too many users might indicate that someone is attempting to snoop around for information or hack into your system.

13.4.1.3 Performance Management events

You can configure the Event Management System to establish thresholds and monitor for the following Performance Management events:

  • Buffer cache hit ratio (Buffer Cache)

  • Chained Row

  • Data Dictionary cache miss ratio (Data Dictionary Cache)

  • The real-time, physical disk I/O rates (Disk I/O)

  • Library cache miss ratio (Library Cache)

  • Network I/O rates (Net I/O)

  • Any selected value in the V$SYSSTAT view (SysStat Table)

  • The change in any selected value from the last value obtained (SysStat Table Delta)

As with the Space Management events, although exceeding the thresholds established for these events can impact the performance of your database, sometimes quite dramatically, these Performance Management events do not ordinarily indicate security problems within your database.


Team-Fly    
Top


Oracle Security
Oracle Security Handbook : Implement a Sound Security Plan in Your Oracle Environment
ISBN: 0072133252
EAN: 2147483647
Year: 1998
Pages: 154

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net