"When you use Database Configuration Assistant (DBCA) to create a new database, Oracle Database configures the database to audit the most commonly used security-relevant SQL statements and privileges"
and
"If you manually create a database, then you should run the secconf.sql script to apply the default audit settings to your database"
Oracle Database audits the following privileges by default:
Oracle Database audits the following SQL shortcuts by default:
Remember that secconf.sql turns on audting regardless of your database using Unified Auditing or Traditional Auditing.
How?
When executed manually, the DBA is prompted for which type of auditing style that should be considered:
sqlplus / as sysdba @secconf.sql Session altered. Profile altered. Do you wish to configure 11g style Audit Configuration OR Do you wish to configure 12c Unified Audit Policies? Enter RDBMS_11G for former or RDBMS_UNIAUD for latter Enter value for 1: RDBMS_11G old 7: USER_CHOICE := '&1'; new 7: USER_CHOICE := 'RDBMS_11G';What I have found, is that if you intend to harden your Traditional Auditing policies by executing the script in a database where the Unified Auditing polices exist but is disabled, or a database running in "Mixed mode" auditing, the script will fail:
DECLARE * ERROR at line 1: ORA-46358: Audit policy ORA_ACCOUNT_MGMT already exists. ORA-06512: at line 9A simple workaround in such a case is to simply comment out the code that is irrelevant to your desired type of auditing, and rerun the script.
You can disable default auditing if you wish, see the section "Disabling and Enabling Default Audit Settings"
To check whether or not default auditing has been actived, you can query the view DBA_PRIV_AUDIT_OPTS, which describes current system privileges being audited across the system and by user. If the column USERNAME is NULL, you have introduced system-wide auditing.