4.20 init.ora - 'audit_sys_operations= TRUE'

Information

Auditing of the users authenticated as the SYSDBA or the SYSOPER provides an oversight of the most privileged of users.
Note: It is important that the database user should not have access to the system directories where the audits will be
recorded. Ensure this by setting the AUDIT_SYS_OPERATIONS to TRUE.
Default is FALSE. Set in spfile.

Solution

Set AUDIT_FILE DEST to where you want the logs to be. Windows: Default is Event Viewer log file

See Also

https://workbench.cisecurity.org/files/574

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)

Plugin: Windows

Control ID: f68d67b087b7624aa2b190431b1cef39b9a450073a3b137b130f8aa81d53c26a