5.4 Ensure All Export Activities Are Audited

Information

Auditing all export activities in Oracle is crucial for several security and compliance reasons such as data leakage prevention, accountability and traceability as well as compliance with regulations.

Auditing export activities helps to detect unauthorized use of export tools or RMAN to exfiltrate sensitive data during a security breach. Comprehensive auditing of these activities can help detect and mitigate such threats promptly. By implementing detailed auditing for export and RMAN activities, organizations can strengthen their security posture, safeguard sensitive data, and ensure compliance with regulatory and internal policies.

Solution

Execute the following SQL statement in the CDB and in each PDB to remediate this recommendation:

ALTER AUDIT POLICY CIS_CDB_EXPORT
ADD
ACTIONS
COMPONENT=datapump
EXPORT;

Note: If you do not have CIS_CDB_EXPORT please create one using the CREATE AUDIT POLICY statement. Refer to Section 8.4 where a PL/SQL block is provided to help create or modify the audit policy to remediate this item in both container and pluggable database.

Impact:

Auditing export operations can introduce additional I/O and CPU usage, especially in large-volume exports.

See Also

https://workbench.cisecurity.org/benchmarks/16474