On Thu, Aug 16, 2018 at 07:41:11AM +1000, raf wrote: > Bruce Momjian wrote: > > > On Tue, Aug 14, 2018 at 03:59:19PM -0400, Bruce Momjian wrote: > > > On Fri, Aug 10, 2018 at 04:06:40PM -0400, Benedict Holland wrote: > > > > I also would take Bruce's comment with a massive grain of salt. Everything that > > > > everyone does on a database is logged somewhere assuming proper logging. Now do > > > > you have the person-power to go through gigs of plain text logs to find out if > > > > someone is doing something shady... that is a question for your management > > > > team. Also, if you suspect someone of doing something shady, you should > > > > probably revoke their admin rights. > > > > > > Agreed, the best way to limit the risk of undetected DBA removal of data > > > is secure auditing --- I should have mentioned that. > > > > So, how do you securely audit? You ship the logs to a server that isn't > > controlled by the DBA, via syslog? How do you prevent the DBA from > > turning off logging when the want to so something undetected? Do you > > log the turning off of logging? > > > > -- > > Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us > > Yes. You can set up terminal session logging with redhat's > tlog (https://github.com/Scribery/tlog) which can record all > terminal activity done via ssh, ship it offsite and replay it > for auditing purposes. So if an administrator does turn off any > logging (presumably including tlog itself), you'll at least be > able to see them turning it off. Ah, yes, I can see that as helpful. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
