Tracking Oracle Database Binaries files changes

The Linux Audit system provides a way to determine the violator of the security policy and the actions they performed such as tracking malicious changes on the oracle executable.

Using Linux Audit system we can basically do the following activities :

• Watching file access
• Monitoring system calls
• Recording commands run by a user
• Recording security events

In this short blog post i will show how we can easily use it to catch changes in “./bin” directory.

Continue reading →

Using LD_PRELOAD to implement a hidden trojan in an oracle database

In one of my previous post  i showed how we can inject a backdoor in an ORACLE database based on Dennis Yurichev findings.The described method required the modification of the oracle executable files.  Few days ago Rodrigo Jorge shared a blog post explaining how we can add another layer of security to the oracle binaries files to protect them against improper changes. That motivated me to check if i still can implement the hidden Trojan without modifying the oracle executable files ?

Continue reading →