Nonstop Database, HiRDB Version 9 System Operation Guide

[Contents][Index][Back][Next]

24.1.7 Audited events

Actions that are collected in the audit trail are called audit events. The table below lists the audit events.

When the security audit facility is enabled, audit trails are output automatically by the system for some events. For other events, the auditor can select whether audit trails are to be collected.

Table 24-2 Audit events

Event type Explanation and audited events Selectability
System administrator security events
  1. Security events performed by the HiRDB administrator or users with DBA privilege are audited.
  2. Modifications of the setting values of the connection security facility are audited.
  3. Security events performed automatically by the system are audited.
An audit trail is output when the following events occur:
  • HiRDB startup (pdstart command)#1
  • HiRDB termination (pdstop command)#1, #2
  • Auditor registration (pdmod command)
  • Audit trail table creation (pdmod command)
  • Audit trail file deletion (pdaudrm command)#3
  • Audit trail collection startup#5
  • Audit trail collection termination#6
  • Start of audit trail file overwriting
  • Transition to consecutive certification failure account lock state
  • Release of consecutive certification failure account lock state
    Applicable in the following cases:
    [Figure] During CONNECT after the account lock period has passed
    [Figure] During execution of DROP CONNECTION SECURITY
    [Figure] During execution of the pdacunlck command
  • Transition to password-invalid account lock state
  • Release of password-invalid account lock state
  • Modification of a setting value of the connection security facility:
    [Figure] Permitted number of consecutive certification failures
    [Figure] Account lock period
    [Figure] Items to be set up for character string restrictions for passwords (including an advance check)
  • Execution of the pdacnlck command
 N (an audit trail is always output).
Auditor security events These are audits of events performed by the auditor. An audit trail is output when the following events occur:
  • Data loading into an audit trail table (pdload command)
  • Swapping of audit trail files (pdaudswap command)
  • Defining events to be audited (CREATE AUDIT)#4
  • Deleting events to be audited (DROP AUDIT)#4
  • Changing the auditor password (GRANT AUDIT)#4
  • Outputting data to the audit log output file for JP1/NETM/Audit (pdaudput command)
 N (an audit trail is always output).
Session security events These are audits of user authentication by authorization identifier and password.
An audit trail is output when the following events occur:
  • Connection to HiRDB (CONNECT statement)
  • User change (SET SESSION AUTHORIZATION statement)
  • Disconnection from HiRDB (DISCONNECT statement)#9
 Y
Privilege management events These are audits of addition or deletion of user privileges. An audit trail is output when the following events occur:
  • User privilege addition (GRANT statement)
  • User privilege deletion (REVOKE statement)
 Y#7
Object definition events These are audits of object definitions, deletions, or modifications. An audit trail is output when the following events occur:
  • Object definition; this applies to the following SQL statements:
    CREATE FUNCTION
    CREATE INDEX
    CREATE PROCEDURE
    CREATE PUBLIC VIEW
    CREATE SCHEMA
    CREATE SEQUENCE
    CREATE TABLE
    CREATE TRIGGER
    CREATE TYPE
    CREATE VIEW
  • Object deletion; this applies to the following SQL statements:
    DROP DATA TYPE
    DROP FUNCTION
    DROP INDEX
    DROP PROCEDURE
    DROP PUBLIC VIEW
    DROP SCHEMA
    DROP SEQUENCE
    DROP TABLE
    DROP TRIGGER
    DROP VIEW
  • Object modification; this applies to the following SQL statements:
    ALLOCATE MEMORY TABLE
    ALTER INDEX
    ALTER PROCEDURE
    ALTER ROUTINE
    ALTER TABLE
    ALTER TRIGGER
    COMMENT
    DEALLOCATE MEMORY TABLE
 Y#7
Object manipulation events These are audits of object manipulations. An audit trail is output when the following events occur:
  • Table reference (SELECT statement)
  • Table row insertion (INSERT statement)
  • Table row update (UPDATE statement)
  • Table row deletion (DELETE statement)
  • Table deletion of all rows (PURGE TABLE statement)
  • Stored procedure execution (CALL statement)
  • Table lock control (LOCK TABLE statement)
  • List creation (ASSIGN LIST statement)
  • Returning of a value generated by a sequence generator (NEXT VALUE expression)
 Y#7
Utility operation event Security events related to object operations performed by a utility or command are audited. An audit trail is output when any of the following is executed:
  • Database load utility (pdload command)
    Target objects: TABLE and SEQUENCE
  • pddefrev command
    Target objects: PROCEDURE, TABLE, TRIGGER, and VIEW
  • Database reorganization utility (pdrorg command)
    Target object: TABLE
  • Dictionary import/export utility (pdexp command)
    Target objects: PROCEDURE, TABLE, TRIGGER, and VIEW
  • Integrity check utility (pdconstck command):
    Target objects: TABLE
 Y#7, #8

Legend:
Y: Can be selected
N: Cannot be selected

#1: The startup and termination of servers in a HiRDB parallel server configuration are not regarded as audit events.

#2: Normal termination and planned termination are regarded audit events. Forced termination and abnormal termination are not regarded as audit events. To audit forced termination or abnormal termination, use the messages output by HiRDB or the OS.
The following termination commands are not audited:
  • pdstop -f
  • pdstop -f -q
  • pdstop -f -x host-name
  • pdstop -f -u unit-identifier
  • pdstop -f -s server-name
  • pdstop -f -u unit-identifier -s server-name
  • pdstop -z
  • pdstop -z -q
  • pdstop -z -c
  • pdstop -z -s server-name

#3: Creation of an audit trail file is not regarded as an audit event. To audit creation of audit trail files, use the OS's audit facility.

#4: An output trail is also output when the database definition utility (pddef command) or the interactive SQL execution utility (pdsql command) is executed.

#5: An audit trail is output when an audit trail is to be collected because the pdaudbegin command is executed, or when HiRDB is started.

#6: An audit trail is output when HiRDB is terminated normally or by a planned termination when the pdaudend command is executed or an audit trail is collected.

#7: If the event-target object in a privilege control event, object definition event, object operation event, or utility operation event is an audit trail table, a view table that uses an audit trail as the base table, or a list that uses an audit trail as the base table, an audit trail is output unconditionally when the event terminates. You can select whether to output an audit trail during privilege checking. However, because the database load utility (pdload command) executed for an audit trail table is included as an auditor security event, the audit trail at event termination and during privilege checking is output unconditionally.

#8: When the database reorganization utility (pdrorg command) is used to reload a dictionary table, an audit trail is output unconditionally.

#9: The following are the audit trail events:
  • The server process of a single server or front-end server detects disconnection.
  • The server process of a single server or front-end server internally executes disconnection.

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2011, 2015, Hitachi, Ltd.