Security :: DBA_AUDIT_SESSION Failed Login For Username That Does Not Exist
Aug 23, 2012
When reviewing failed login attempts with this query:
SELECT username, os_username, userhost, terminal, to_char(timestamp,'dd-mon-rrrr hh:mi:ss')
FROM sys.dba_audit_session
WHERE returncode != 0
and trunc(timestamp) >= trunc(sysdate-1)
ORDER BY 5
I find some records for a username that does not exist. In any of my databases. I presume that if an attempt to a nonexistent user was made, it would be rejected before it gets to the db. But then again, a bad password would also be rejected.
View 1 Replies
ADVERTISEMENT
Aug 23, 2010
I Am unable to login in SIM 12.0.
I did nothing in server.
Should i do anything in LDAP..?
SIM user name and password is stored in LDAP. Its also running...
View 5 Replies
View Related
Apr 28, 2011
I'm running a 10.2.0.4 database with auditing enabled:
SQL> show parameter audit_trail;
NAME TYPE VALUE
------------------------------------ -------- -------------
audit_trail string DB, EXTENDED
I have auditing enabled for create session:
SQL> select audit_option, success, failure from dba_stmt_audit_opts;
AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE SESSION BY ACCESS BY ACCESS
My problem is that when I run a report against DBA_AUDIT_SESSION, the CLIENT_ID column is never populated, it's always blank. I've tried running a trigger to populate the client_identifier variable:
create or replace procedure capture_module
as
begin
dbms_session.set_identifier(sys_context('userenv','module'));
end;
/
[code]....
And if I put an access trigger on a table and create an audit event, the CLIENT_ID column from DBA_AUDIT_TRAIL and DBA_COMMON_AUDIT_TRAIL both show the updated value (module), but no matter what, I never get the CLIENT_ID column in DBA_AUDIT_SESSION to show anything - it's always null.
I want to run a report against DBA_AUDIT_SESSION that will tell me who logged in, when they logged in and out, where they logged in from and the one thing I can't get - what module they were running (SQLplus, Toad, etc). Why can't I get the CLIENT_ ID column to take the value I'm setting with the logon trigger?
View 13 Replies
View Related
Jul 15, 2010
I am using oracle 9i version. My problem is oracle window opens.But i can not login by typing the user name and password. while login an error is displayed as follows.
ORA-01033: ORACLE initialization or shutdown in progress.
View 8 Replies
View Related
Aug 9, 2011
I have installed oracle 10g database in my pc and it works fine. I can connect with sys or system user.
I have also installed oracle forms 10g in the same pc. But when I try to connect then it shows the message:
ORA-01017 invalid username/password; login denied
So I can not connect. I have tried to connect with sys or system user.
View 6 Replies
View Related
Oct 9, 2011
I created a role,and it can not login,why?
session1:
SQL> Create Role con_role Identified By hxl;
Role created.
SQL> Grant Connect To con_role;
Grant succeeded.
SQL> Grant Create Session To con_role;
Grant succeeded.
session2:
sql>connect con_role/hxl@myserver ORA-01017: Invalid username/password.
View 12 Replies
View Related
Aug 27, 2012
when i try to login to apex for first time (10.10.0.170:5555) it asked about server XDB username and password,i dont know which username and password i can use
View 4 Replies
View Related
Aug 23, 2011
I have laptop by this specification:
1) Operating System: Windows 7 64-bit
2) Virtual Machine: Windows XP Service Pack 3
3) DB: Oracle 11.2
4) Oracle Form Designer 4.5
i try to connect to SQL*PLUS 3.3 i got this error after defining in TNSNAMES.ORA in this folder c:orant networkadmin nsnames.ora
SQL*Plus: Release 11.2.0.1.0 Production on Thu Aug 18 19:49:12 2011
Copyright © 1982, 2010, Oracle. All rights reserved.
SQL> SHO USER
USER is ""
SQL> CONN SYSTEM@LOC
Enter password:
ERROR:
ORA-12154: TNS:could not resolve the connect identifier specified
View 24 Replies
View Related
Jul 2, 2011
I am not able to login in the database with sys user. when i am trying with sqlplus "/as sysdba" it is showing
ERROR: ORA-01031: insufficient privileges.
& when i am trying with sqlplus sys as sysdba it is showing
ERROR:ORA-01017: invalid username/password; logon denied.
I login with system user and changed the password of sys nd then tried login with sys but same result.
remote_login_passwordfile is set to NONE nd i am login through that user only by which i was always able to login.
View 23 Replies
View Related
Sep 24, 2013
I have a log-in problem. I created the new database and when I try to log-in with system user, its giving ORA-01017: invalid username/password; log-in denied, and when I try to log-in with "/ as sysdba" its successfully logged in.
When I try to change SYSTEM user password, I successful change and connecting and after few seconds when I try to connect its again giving same error "ORA-01017: invalid username/password; log-in denied
And I disable the case sensitive password also:
sec_case_sensitive_logon boolean FALSE
OS: windows
Oracle Versions: 11.2.0.1.0
View 6 Replies
View Related
Nov 15, 2011
I am using the below code to capture all important logs when user failed to login on database , but i cant capture the username which are failing to connect on database.
CREATE OR REPLACE
TRIGGER failed_logon_notifications
AFTER SERVERERROR ON DATABASE
[Code].....
View 3 Replies
View Related
Aug 31, 2010
When I am trying to login to the oracle server I am getting an error message:
Enter user-name: / as sysdba
ERROR:
ORA-12638: Credential retrieval failed
View 4 Replies
View Related
Jul 24, 2011
I have installed executable only (database option only) when i have installed oracle11 that time it is not asking any option for password. So is there any option to login in this type of condition?
I am using this on windows server 2003.
View 15 Replies
View Related
Jan 31, 2013
I have installed the Oracle Instant Client* on UNIX(Mac OS X Lion 10.7.5), and I want to use it on localhost because i just want to study and test it.but here, the some error appeared to me. so I was so screwed up.
here is the error messages and the settings
Command:
~ user$ sqlplus scott tiger
ERROR:
ORA-12545: Connect failed because target host or object does not exist
env settings:
$ORACLE_HOME=/usr/local/oracle
$ORACLE_SID="Oracle 10g+ASM" // I don't know what ORACLE_SID means
$ORACLE_LIBRARY=/usr/local/oracle/instantclient_10_2
$DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$ORACLE_HOME/instantclient_10_2
$SQLPATH=$ORACLE_HOME/instantclient_10_2
$PATH=$PATH:$SQLPATH
View 1 Replies
View Related
Aug 24, 2010
how can I find out the number of login attempts made by a user in the database and the timings of the attempt
View 1 Replies
View Related
May 28, 2012
How to disable a user's sql login? To ellaborate, I want a user to login through a certain application only with his userid on database level & not through "sqlplus username@dbname".
Is it possible? If no, then what can be done to achieve below.
I have a userid which has all the update, delete privileges on it. That id needs to be configured in the application alongwith the password. So in order to avoid misuse of that id I want to block its sql access.
I am not sure whether this can be achieved or not.
View 2 Replies
View Related
Sep 16, 2011
How can i use OS authentication to login db?
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privileges
sqlnet.ora text:
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
#SQLNET.AUTHENTICATION_SERVICES = (NTS)
SQLNET.INBOUND_CONNECT_TIMEOUT=1
View 18 Replies
View Related
Mar 15, 2011
How can we create a user such that he can login only at a particular time of the day . if he try's to login other than the Time assigned ,shouldn't allow.
Can we use oracle Security policy ?
View 5 Replies
View Related
Nov 28, 2011
i create password file in oracle 10g now i want to Set the EXCLUSIVE to REMOTE_LOGIN_PASSWORD initialization parameter. so what should i do.
View 5 Replies
View Related
Aug 19, 2010
Does Oracle automatically lock an account if the number of user login attempts exceeds the maximum?
View 3 Replies
View Related
Dec 14, 2011
We have a production database on 11.2.0.2 version. The application user was prompted to change the password after his password expired.
USERID NTIMESTAMP# ACTION# RETURNCODE
------------------------------ --------------------------------------------------------------------------- ---------- ----------
M500796 13-DEC-11 06.11.06.065209 PM 100 28001
After changing the password he is not able to logon. The aud$ table does not show any occurrence of 1017, therefore it is not a question of Invalid password.
LVV> show parameter SEC_CASE_SENSITIVE_LOGON
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
sec_case_sensitive_logon boolean FALSE
View 2 Replies
View Related
Jul 16, 2013
I successfully created a Oracle Wallet in AIX. The wallet is belong to user "oracle" and permission is 755. I can access it with non-oracle user. Note: the non-oracle user is under the same group as "oracle" id.
But when I try to change the Oracle Waller permission to less than 755, I am not able to access it anymore. The error is "ORA-12578: TNS:wallet open failed".
My question is how can I access the Oracle Wallet without using 755 permission?
View 1 Replies
View Related
Feb 3, 2012
I just want to know the user login / log out information for the past 31days. how can i get that?
View 11 Replies
View Related
Feb 9, 2011
I have to find all the 'failed log ins' through audit report. then it has to be uploaded to a table. The script, either in windows or unix should be reusable and can read files one by one.
View 13 Replies
View Related
Oct 31, 2010
whats the different between a #username and ?username in a SPARE1 column?
View 5 Replies
View Related
May 15, 2013
I am trying to understand how to enable some audit so we can capture OEM logins as well.
Here is my setup. Lets say my DB that i am auditing is called audit_db (audit trail set to DB) sitting on host called host_db. and we have grid control agent on this box.now my grid control is as this. Lets say my OMS and repository is on host called OMS_host.
we run query aginst dba_audit_session to get info as to who tried failed login attemps and stuff.
Now to the part that is not working.
-- this is the good part When i intentionaly login to the audit_db with sqlplus client from my laptop with wrong username/password that is captured. we get the username,os_username,userhost,terminal.
here is the sample output
username is the wrong user that i tried to login as
os_username is the my local username(ad account)
userhost is my_laptop_name
terminal is laptop_name
from above we can figure who was trying to login(failed).
-- this is the bad part But lets say i try to login to audit_db through grid control and use wrong username/password.that gets captured too(but not all of it). we get the username,os_username,userhost,terminal.
here is the sample output
username is the wrong user that i tried to login as
os_username is the user of OMS repository db(oracle)
userhost is oms_host
terminal is unknown
Now with the above info, we cannot figure out who tried to login with bad login credential.
View 8 Replies
View Related
Dec 26, 2012
Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?
View 3 Replies
View Related
Nov 16, 2010
Lost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.
1. Is random password a great password?
A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.
2. Create the long Windows password
Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).
3. Create the Windows password constantly?
This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.
4. Write down Windows password in a proper place
Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.
5. 14 characters is the optimal password length
Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.
6. Try not to use the same Windows password for all accounts
Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.
7. Do not use some common words that other users maybe guess
Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.
You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.
View 1 Replies
View Related
Aug 18, 2010
In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
View 3 Replies
View Related
Jul 27, 2010
Provide me the script which would track all the users security violations like ... say for example i want to find which users logged in and what he did in database prospective.
View 1 Replies
View Related
