| Oracle® Enterprise Manager Cloud Control Oracle Database Compliance Standards 12c Release 2 (12.1.0.2) Part Number E36074-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Enterprise Manager Cloud Control Oracle Database Compliance Standards 12c Release 2 (12.1.0.2) Part Number E36074-01 |
|
|
PDF · Mobi · ePub |
These are the compliance rules for the Oracle Application Cluster Database compliance standards. The compliance standards are:
Configuration Best Practices for Oracle Real Application Cluster Database
Patchable Configuration for Real Application Cluster Database
Basic Security Configuration for Oracle Cluster Database Instance
High Security Configuration for Oracle Cluster Database Instance
The compliance rules for the Basic Security Configuration for Oracle Cluster Database standard follow.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write, and execute permissions.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures REMOTE_OS_AUTHENT initialization parameter is set to FALSE.
Severity: Critical
Rationale: A malicious user can gain access to the database if remote OS authentication is allowed.
Description: Ensures that the sec_protocol_error_trace_action parameter is set to either LOG or ALERT.
Severity: Critical
Rationale: SEC_PROTOCOL_ERROR_TRACE_ACTION specifies the action that the database should take when bad packets are received from a possibly malicious client. NONE should not be used as the database server ignores the bad packets and does not generate any trace files or log messages. If default value TRACE is used then the database server generates a detailed trace file and should only be used when debugging.
Description: Ensures PASSWORD_LOCK_TIME is set to a reasonable number of days for all profiles.
Severity: Warning
Rationale: Having a low value increases the likelihood of Denial of Service attacks.
Description: Ensures restricted access to SYS.USER_HISTORY$ table.
Severity: Minor Warning
Rationale: User name and password hash may be read from the SYS.USER_HISTORY$ table, enabling a hacker to launch a brute-force attack.
Description: Ensures restricted access to SYS.USER$ table.
Severity: Minor Warning
Rationale: User name and password hash may be read from the SYS.USER$ table, enabling a hacker to launch a brute-force attack.
Description: Ensures restricted access to SYS.SOURCE$ table.
Severity: Minor Warning
Rationale: Contains source of all stored packages units in the database.
Description: Ensures PUBLIC does not have execute privileges on the UTL_HTTP package.
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to email, network, and http modules using the EXECUTE privilege.
Description: Ensures that users profile settings IDLE_TIME have appropriate value set for the particular database and application.
Severity: Critical
Rationale: Idle sessions held open for excessive periods of time can consume system resources and cause a denial of service for other users of the Oracle database. Limit the maximum number of minutes a session can idle.
Description: Ensures that the ownership of all files and directories in the ORACLE_HOME/bin folder is the same as the Oracle software installation owner.
Severity: Critical
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write and execute permissions.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures database auditing is enabled.
Severity: Minor Warning
Rationale: The AUDIT_TRAIL parameter enables or disables database auditing. Auditing enhances security because it enforces accountability, provides evidence of misuse, and is frequently required for regulatory compliance. Auditing also enables system administrators to implement enhanced protections, early detection of suspicious activities, and finely-tuned security responses.
Description: Ensures that access to the datafiles is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The datafiles contain all the database data. If datafiles are readable to public, they can be read by a user who has no database privileges on the data.
Description: Ensures that access to the datafiles is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The datafiles contain all the database data. If datafiles are readable to public, they can be read by a user who has no database privileges on the data.
Description: Ensures that access to the control files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Control files are binary configuration files that control access to data files. Control files are stored in the directory specified by the CONTROL_FILES initialization parameter. A public write privilege on this directory could pose a serious security risk.
Description: Ensures restricted access to DBA_ROLES view.
Severity: Minor Warning
Rationale: DBA_ROLES view contains details of all roles in the database. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures that access to the server parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures that access to the initialization parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures sessions for users who connect as SYS are fully audited.
Severity: Warning
Rationale: The AUDIT_SYS_OPERATIONS parameter enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges.
Description: Ensures that the Utility File Directory (UTL_FILE_DIR) initialization parameter is not set to one of '*', '.', core dump trace file locations.
Severity: Critical
Rationale: Specifies the directories which the UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories, could expose them to all users having execute privilege on the UTL_FILE package.
Description: Ensures that all profiles have PASSWORD_LIFE_TIME set to a reasonable number of days.
Severity: Warning
Rationale: A long password life time gives hackers a long time to try and cook the password. May cause serious database security issues.
Description: Ensures restricted access to DBA_USERS view.
Severity: Minor Warning
Rationale: Contains user password hashes and other account information. Access to this information can be used to mount brute-force attacks.
Description: Ensures that access to the server parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the OS authentication prefix is set to a value other than OPS$.
Severity: Warning
Rationale: The OS_AUTHENT_PREFIX parameter specifies a prefix used to authenticate users attempting to connect to the server. When a connection request is attempted, Oracle compares the prefixed user name with user names in the database. Using a prefix, especially OPS$, tends to result in an insecure configuration as an account can be authenticated either as an operating system user or with the password used in the IDENTIFIED BY clause. Attackers are aware of this and will attack these accounts.
Description: Ensures that access to the control files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Control files are binary configuration files that control access to data files. Control files are stored in the directory specified by the CONTROL_FILES initialization parameter. A public write privilege on this directory could pose a serious security risk.
Description: Ensures restricted access to STATS$SQLTEXT table.
Severity: Minor Warning
Rationale: This table provides full text of the recently-executed SQL statements. The SQL statements can reveal sensitive information.
Description: Ensures that access to the initialization parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter is set to either DROP or DELAY.
Severity: Critical
Rationale: If default value CONTINUE is used the server process continues execution even if bad packets are received. The database server may be subject to a Denial of Service (DoS) if bad packets continue to be sent by a malicious client.
Description: Ensures restricted access to DBA_TAB_PRIVS view.
Severity: Minor Warning
Rationale: Lists privileges granted to users or roles on objects in the database. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the server allows logon from clients with a matching version or higher only.
Severity: Warning
Rationale: Setting the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to a version lower than the server version will force the server to use a less secure authentication protocol.
Description: Checks for accessibility of well-known accounts.
Severity: Warning
Rationale: A knowledgeable malicious user can gain access to the database using a well-known account.
Description: Ensures restricted access to DBA_ROLE_PRIVS view.
Severity: Minor Warning
Rationale: The DBA_ROLE_PRIVS view lists the roles granted to users and other roles. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures restricted access to SYS.AUD$ table.
Severity: Minor Warning
Rationale: A knowledgeable and malicious user can gain access to sensitive audit information.
Description: Ensures restricted access to STATS$SQL_SUMMARY table.
Severity: Minor Warning
Rationale: Contains first few lines of SQL text of the most resource intensive commands given to the server. SQL statements executed without bind variables can show up here exposing privileged information.
Description: On UNIX systems, ensures that the owner of the Oracle software has an appropriate umask value of 022 set.
Severity: Warning
Rationale: If umask is not set to an appropriate value (like 022), log or trace files might become accessible to public exposing sensitive information.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures data dictionary protection is enabled.
Severity: Critical
Rationale: The 07_DICTIONARY_ACCESSIBILITY parameter controls access to the data dictionary. Setting the 07_DICTIONARY_ACCESSIBILITY to TRUE allows users with ANY system privileges to access the data dictionary. As a result, these user accounts can be exploited to gain unauthorized access to data.
Description: Ensures there are no default passwords for known accounts.
Severity: Warning
Rationale: A malicious user can gain access to the database using default passwords.
Description: Ensures PASSWORD_VERIFY_FUNCTION resource for the profile is set.
Severity: Critical
Rationale: Having passwords that do not meet minimum complexity requirements offer substantially less protection than complex passwords.
Description: Ensures restricted access to DBA_SYS_PRIVS view.
Severity: Minor Warning
Rationale: DBA_SYS_PRIVS view can be queried to find system privileges granted to roles and users. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures PUBLIC is not granted EXECUTE privileges on DBMS_JOB package.
Severity: Critical
Rationale: Granting EXECUTE privilege to PUBLIC on DBMS_JOB package allows users to schedule jobs on the database.
Description: Ensures PUBLIC is not granted EXECUTE privileges on DBMS_SYS_SQL package.
Severity: Critical
Rationale: The DBMS_SYS_SQL package can be used to run PL/SQL and SQL as the owner of the procedure rather than the caller.
Description: Ensures PUBLIC does not have execute privileges on the UTL_TCP package.
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to email, network, and http modules using the EXECUTE privilege.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures REMOTE_OS_ROLES initialization parameter is set to FALSE.
Severity: Critical
Rationale: A malicious user can gain access to the database if remote users can be granted privileged roles.
Description: Ensures database trace files are not public readable.
Severity: Critical
Rationale: If trace files are readable by the PUBLIC group, a malicious user may attempt to read the trace files that could lead to sensitive information being exposed.
Description: Ensures listener instances on a remote machine separate from the database instance are not used.
Severity: Warning
Rationale: The REMOTE_LISTENER initialization parameter can be used to allow a listener on a remote machine to access the database. This parameter is not applicable in a multi-master replication or Real Application Cluster environment where this setting provides a load balancing mechanism for the listener.
Description: Ensures that all profiles have PASSWORD_GRACE_TIME set to a reasonable number of days.
Severity: Critical
Rationale: A high value for the PASSWORD_GRACE_TIME parameter may cause serious database security issues by allowing the user to keep the same password for a long time.
Description: Ensures database links with clear text passwords are not used.
Severity: Warning
Rationale: The table SYS.LINK$ contains the clear text password used by the database link. A malicious user can read clear text password from SYS.LINK$ table that can lead to undesirable consequences.
Description: Ensures PUBLIC does not have execute privileges on the UTL_SMTP package.
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to email, network and http modules using the EXECUTE privilege.
The compliance standard rules for the Configuration Best Practices for Oracle Real Application Cluster Database compliance standard follow.
Description: Checks for use of a single control file.
Severity: Critical
Rationale: The control file is one of the most important files in an Oracle database. It maintains many physical characteristics and important recovery information about the database. If you lose the only copy of the control file due to a media error, there will be unnecessary down time and other risks.
Description: When Data Guard is being used, checks the primary database for disabled force logging.
Severity: Warning
Rationale: The primary database is not in force logging mode. As a result unlogged direct writes in the primary database cannot be propagated to the standby database.
Description: Checks whether recovery area is set.
Severity: Warning
Rationale: NO_RECOVERY_AREA_IMPACT
Using a fast recovery area minimizes the need to manually manage disk space for your backup-related files and balance the use of space among the different types of files. Oracle recommends that you enable a fast recovery area to simplify your backup management.
The compliance rules for the High Security Configuration for Oracle Cluster Database standard follow.
Description: Ensures $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set and DBA group
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used access sensitive data or to launch further attacks.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the DISPATCHERS parameter is not set.
Severity: Critical
Rationale: This will disable default ports ftp: 2100 and http: 8080. Removing the XDB ports will reduce the attack surface of the Oracle server. It is recommended to disable these ports if production usage is not required.
Description: Ensures PUBLIC does not have EXECUTE privilege on the UTL_FILE package,
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can read and write arbitrary files in the system when granted the UTL_FILE privilege.
Description: Ensures that all profiles have CPU_PER_SESSION set to a reasonable number of CPU cycles.
Severity: Critical
Rationale: Allowing a single application or user to consume excessive CPU resources will result in a denial of service to the Oracle database.
Description: Ensures EXECUTE ANY PROCEDURE Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing the creation of roles will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures SELECT ANY DICTIONARY Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing SELECT ANY DICTIONARY will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used to access sensitive data or to launch further attacks.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures Oracle HTTP Server distributed configuration file ownership is restricted to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that value of parameter SEC_RETURN_SERVER_RELEASE_BANNER is FALSE.
Severity: Critical
Rationale: If the Parameter SEC_RETURN_SERVER_RELEASE_BANNER is TRUE Oracle database returns complete database version information to clients. Knowing the exact patch set can aid an attacker.
Description: Ensures tkprof executable file is owned by Oracle software owner.
Severity: Warning
Rationale: Not restricting ownership of tkprof to the Oracle software set and DBA group may cause information leaks.
Description: Ensures that all profiles have SESSIONS_PER_USER set to a reasonable number.
Severity: Critical
Rationale: Allowing an unlimited amount of sessions per user can consume Oracle resources and cause a denial of service. Limit the number of sessions for each individual user.
Description: Ensures DROP ANY ROLE Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing the creation of roles will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures externally identified users specify the domain while connecting.
Severity: Critical
Rationale: This setting is only applicable to Windows systems. If externally identified accounts are required, setting OSAUTH_PREFIX_DOMAIN to TRUE in the registry forces the account to specify the domain. This prevents spoofing of user access from an alternate domain or local system.
Description: Ensures domain server local Users group does not have Domain Users group,
Severity: Warning
Rationale: Including Domain Users group in local Users group of a domain server can cause serious security issues.
Description: Ensures Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures use of SQL92 security.
Severity: Warning
Rationale: If SQL92 security features are not enabled, a user might be able to execute an UPDATE or DELETE statement using a WHERE clause without having select privilege on a table.
Description: Ensures privileged users are authenticated by the operating system; that is, Oracle ignores any password file.
Severity: Minor Warning
Rationale: The REMOTE_LOGIN_PASSWORDFILE parameter specifies whether or not Oracle checks for a password file. Because password files contain the passwords for users, including SYS, the most secure way of preventing an attacker from connecting through brute-force password-related attacks is to require privileged users be authenticated by the operating system.
Description: Ensures that all LOB files created by Oracle are created as SecureFiles.
Severity: Critical
Rationale: For LOBs to get treated as SecureFiles, set COMPATIBILE Initialization Param to 11.1 or higher. If there is a LOB column with two partitions (one that has a tablespace for which ASSM is enabled and one that has a tablespace for which ASSM is not enabled), then LOBs in the partition with the ASSM-enabled tablespace will be treated as SecureFiles and LOBs in the other partition will be treated as BasicFile LOBs. Setting db_securefile to ALWAYS makes sure that any LOB file created is a secure file.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public.
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures PUBLIC group is not granted EXECUTE privileges to the DBMS_LOB package.
Severity: Critical
Rationale: The DBMS_LOB package can be used to access any file on the system as the owner of the Oracle software installation.
Description: Ensures PUBLIC does not have execute privileges on the SYS.DBMS_EXPORT_EXTENSION package.
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. DBMS_EXPORT_EXTENSION can allow SQL injection. Thus a malicious user will be able to take advantage.
Description: Ensures grant of %_CATALOG_% is restricted.
Severity: Critical
Rationale: %_CATALOG_% Roles have critical access to database objects, that can lead to exposure of vital information in the database system.
Description: Ensures that all profiles have PASSWORD_REUSE_TIME set to a reasonable number of days.
Severity: Critical
Rationale: A low value for the PASSWORD_REUSE_TIME parameter may cause serious database security issues by allowing users to reuse their old passwords more often.
Description: Ensures that users PRIVATE_SGA profile settings have appropriate values set for the particular database and application.
Severity: Critical
Rationale: Allowing a single application or user to consume the excessive amounts of the System Global Area will result in a denial of service to the Oracle database.
Description: Ensures SELECT ANY DICTIONARY Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing SELECT ANY DICTIONARY will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures AUD$ is being audited by access for all users.
Severity: Critical
Rationale: Auditing AUD$ will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures CREATE USER Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing CREATE USER will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures DROP ANY TABLE Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing DROP ANY TABLE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: On Windows, ensures that the installed Oracle Home drive is not accessible to Everyone Group.
Severity: Warning
Rationale: Giving permission of Oracle installed drive to everyone can cause serious security issues.
Description: Ensures Oracle service does not have permissions on Windows tools.
Severity: Warning
Rationale: Granting Oracle service the permissions of Windows tools may cause serious security issues.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. Only applicable if database is in archivelog mode.
Severity: Critical
Rationale: Setting the LOG_ARCHIEVE_START initialization parameter to TRUE ensures that the archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. This feature is only applicable if the database is in archivelog mode.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) contains the Database Access Descriptors used for authentication. A publicly accessible mod_plsql configuration file can allow a malicious user to modify the Database Access Descriptor settings to gain access to PL/SQL applications or launch a Denial Of Service attack.
Description: Ensures SELECT ANY PRIVILEGE is never granted to any user or role.
Severity: Warning
Rationale: The SELECT ANY TABLE privilege can be used to grant users or roles with the ability to view data in tables that are not owned by them. A malicious user with access to any user account that has this privilege can use this to gain access to sensitive data.
Description: Ensures system privileges are not granted to PUBLIC.
Severity: Critical
Rationale: Privileges granted to the public role automatically apply to all users. There are security risks granting SYSTEM privileges to all users.
Description: Ensures SELECT privilege is not granted to V$ synonyms.
Severity: Critical
Rationale: V$ tables contain sensitive information about Oracle database and should only be accessible by system administrators. Check for any user that has access and revoke when possible.
Description: Ensures CREATE ANY LIBRARY is being audited by access for all users.
Severity: Critical
Rationale: Auditing CREATE ANY LIBRARY will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures that Oracle is not installed on a domain controller.
Severity: Warning
Rationale: Installing Oracle on a domain controller can cause serious security issues.
Description: Ensures database users are allocated a limited tablespace quota.
Severity: Warning
Rationale: Granting unlimited tablespace quotas can cause the filling up of the allocated disk space. This can lead to an unresponsive database.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: Ensures Webcache initialization file (webcache.xml) is owned by Oracle software owner.
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission.
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users.
Description: Ensures access on X$ views is restricted.
Severity: Critical
Rationale: This can lead to revealing of internal database structure information.
Description: Ensures restricted access to ROLE_ROLE_PRIVS view.
Severity: Minor Warning
Rationale: Lists roles granted to other roles. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures restricted access to USER_ROLE_PRIVS view.
Severity: Minor Warning
Rationale: Lists the roles granted to the current user. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures PUBLIC does not have execute privileges on the SYS.DBMS_RANDOM package.
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. DBMS_RANDOM can allow SQL injection. Thus a malicious will be able to take advantage.
Description: Ensures CREATE ROLE Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing the creation of roles will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures CREATE LIBRARY Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing CREATE LIBRARY will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures that the proxy accounts have limited privileges.
Severity: Warning
Rationale: The proxy user only needs to connect to the database. Once connected it will use the privileges of the user it is connecting on behalf of. Granting any other privilege than the CREATE SESSION privilege to the proxy user is unnecessary and open to misuse.
Description: Ensures that the UTL_FILE_DIR initialization parameter is not used in Oracle9i Release 1 and later.
Severity: Critical
Rationale: Specifies the directories which UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories could expose them to all users having execute privilege on UTL_FILE package.
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: Ensures Oracle XSQL Configuration File (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used access sensitive data or to launch further attacks.
Description: Ensures roles are stored, managed, and protected in the database rather than files external to the DBMS.
Severity: Warning
Rationale: If Roles are managed by OS, can cause serious security issues.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public.
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures restricted access to SYS.LINK$ table.
Severity: Minor Warning
Rationale: A knowledgeable and malicious user can gain access to user passwords from the SYS.LINK$ table.
Description: Ensures restricted access to ALL_SOURCE view.
Severity: Minor Warning
Rationale: ALL_SOURCE view contains source of all stored packages in the database.
Description: Ensures that all profiles have PASSWORD_REUSE_MAX set to a reasonable number of times.
Severity: Warning
Rationale: Old passwords are usually the best guesses for the current password. A low value for the PASSWORD_REUSE_MAX parameter may cause serious database security issues by allowing users to reuse their old passwords more often.
Description: Ensures ALTER USER Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing ALTER USER will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures GRANT ANY PRIVILEGE is being audited by access for all users.
Severity: Critical
Rationale: Auditing GRANT ANY PRIVILEGE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission.
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users.
Description: Ensures Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that the sec_case_sensitive_logon parameter is set to true.
Severity: Critical
Rationale: This increases the complexity of passwords and helps defend against brute force password attacks.
Description: Avoids negative impact on database performance and disk space usage, caused by data collected by otrace.
Severity: Warning
Rationale: Performance and resource utilization data collection can have a negative impact on database performance and disk space usage.
Description: Ensures SELECT privilege is never granted to any DBA_ view.
Severity: Warning
Rationale: The DBA_* views provide access to privileges and policy settings of the database. Some of these views also allow viewing of sensitive PL/SQL code that can be used to understand the security policies.
Description: Ensures restricted access to USER_TAB_PRIVS view.
Severity: Minor Warning
Rationale: Lists the grants on objects for which the user is the owner, grantor or grantee. Knowledge of the grants in the database can be taken advantage of by a malicious user.
Description: Ensures that users profile settings LOGICAL_READS_ PER_SESSION have appropriate value set for the particular database and application.
Severity: Critical
Rationale: Allowing a single application or user to perform excessive amounts of reads to disk will result in a denial of service to the Oracle database.
Description: Ensures ALTER ANY TABLE Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing ALTER ANY TABLE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures CREATE SESSION Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing CREATE SESSION will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
Description: Ensures database accounts do not rely on OS authentication.
Severity: Critical
Rationale: If the host operating system has a required user ID for database account for which password is set EXTERNAL, then Oracle does not check its credentials anymore. It simply assumes the host must have done its authentication and lets the user into the database without any further checking.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures SQL*Plus ownership is restricted to the Oracle software set and DBA group.
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Not restricting ownership of SQL*Plus to the Oracle software set and DBA group may cause security issues by exposing sensitive data to malicious users.
Description: Ensures Oracle HTTP Server Distributed Configuration Files permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the name of a database link is the same as that of the remote database.
Severity: Warning
Rationale: Database link names that do not match the global names of the databases to which they are connecting can cause an administrator to inadvertently give access to a production server from a test or development server. Knowledge of this can be used by a malicious user to gain access to the target database.
Description: On UNIX systems, ensures that AUDIT_SYSLOG_LEVEL is set to a non-default value when OS-level auditing is enabled.
Severity: Warning
Rationale: Setting the AUDIT_SYSLOG_LEVEL initialization parameter to the default value (NONE) will result in DBAs gaining access to the OS audit records.
Description: Ensures that users profile settings CONNECT_TIME have appropriate value set for the particular database and application.
Severity: Critical
Rationale: Sessions held open for excessive periods of time can consume system resources and cause a denial of service for other users of the Oracle database. The CONNECT_TIME parameter limits the upper bound on how long a session can be held open. This parameter is specified in minutes. Sessions that have exceeded their connect time are aborted and rolled back.
Description: Ensures that insert failures are audited for critical data objects.
Severity: Warning
Rationale: Not auditing insert failures for critical data objects may allow a malicious user to infiltrate system security.
Description: Ensures DROP ANY PROCEDURE Privilege is being audited by access for all users.
Severity: Critical
Rationale: Auditing DROP ANY PROCEDURE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events.
The compliance rules for the Patchable Configuration for Oracle Database standard follow.
The compliance rules for the Storage Best Practices for Oracle Real Application Database compliance standard follow.
Description: Checks for users using a permanent tablespace as the temporary tablespace.
Severity: Minor Warning
Rationale: These users use a permanent tablespace as the temporary tablespace. Using temporary tablespaces allows space management for sort operations to be more efficient. Using a permanent tablespace for these operations may result in performance degradation, especially for Real Application Clusters. There is an additional security concern. This makes it possible for users to use all available space in the system tablespace, causing the database to stop working.
Description: Checks for dictionary managed or migrated locally managed tablespaces with non-uniform default extent size.
Severity: Minor Warning
Rationale: Dictionary managed or migrated locally managed tablespaces using non-uniform default extent sizes have been found. This means that the extents in a single tablespace will vary in size leading to fragmentation, inefficient space usage and performance degradation.
Description: Checks for rollback segments in SYSTEM tablespace.
Severity: Minor Warning
Rationale: The SYSTEM tablespace should be reserved only for the Oracle data dictionary and its associated objects. It should NOT be used to store any other types of objects such as user tables, user indexes, user views, rollback segments, undo segments, or temporary segments.
Description: Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX.
Severity: Minor Warning
Rationale: These segments belonging to non-system users are stored in system tablespaces SYSTEM or SYSAUX. This violation makes it more difficult to manage these data segments and may result in performance degradation in the system tablespace. This is also a security issue. If non-system users are storing data in a system tablespace it is possible that all available space in the system tablespace may be consumed, thus causing the database to stop working.
Description: Checks for use of less than three redo logs.
Severity: Warning
Rationale: The online redo log files are used to record changes in the database. When archiving is enabled, these online redo logs need to be archived before they can be reused. Every database requires at least two online redo log groups to be up and running. When the size and number of online redo logs are inadequate, LGWR will wait for ARCH to complete its writing to the archived log destination, before it overwrites that log. This can cause severe performance slowdowns during peak activity periods.
Description: Checks for redo log files less than 1 MB.
Severity: Critical
Rationale: Small redo logs cause system checkpoints to continuously put a high load on the buffer cache and I/O system.
Description: Checks for tablespaces containing both rollback and data segments.
Severity: Minor Warning
Rationale: These tablespaces contain both rollback and data segments. Mixing segment types in this way makes it more difficult to manage space and may degrade performance in the tablespace. Use of a dedicated tablespace for rollback segments enhances availability and performance.
Description: Checks for segments in dictionary managed or migrated locally managed tablespaces having irregular extent sizes and/or non-zero Percent Increase settings.
Severity: Minor Warning
Rationale: These segments have extents with sizes that are not multiples of the initial extent or have a non-zero Percent Increase setting. This can result in inefficient reuse of space and fragmentation problems.
Description: Checks for non-system users using SYSTEM or SYSAUX as the default tablespace.
Severity: Minor Warning
Rationale: These non-system users use a system tablespace as the default tablespace. This violation will result in non-system data segments being added to the system tablespace, making it more difficult to manage these data segments and possibly resulting in performance degradation in the system tablespace. This is also a security issue. All Available space in the system tablespace may be consumed, thus causing the database to stop working.
Description: Checks for locally managed tablespaces that are using MANUAL segment space management.
Severity: Minor Warning
Rationale: Automatic segment-space management is a simpler and more efficient way of managing space within a segment. It completely eliminates any need to specify and tune the PCTUSED, FREELISTS and FREELIST GROUPS storage parameters for schema objects created in the tablespace. In a Real Application Cluster environment there is the additional benefit of avoiding the hard partitioning of space inherent with using free list groups.
Description: Checks if the DEFAULT_TEMP_TABLESPACE database property is set to a system tablespace.
Severity: Warning
Rationale: If not specified explicitly, DEFAULT_TEMP_TABLESPACE would default to SYSTEM tablespace and this is not a recommended setting. With this setting, any user that is not explicitly assigned a temporary tablespace uses the system tablespace as their temporary tablespace. System tablespaces should not be used to store temporary data. This is also a security issue. Non-system users may store data and consume all available space in the system tablespace, thus causing the database to stop working.
Description: Checks if the DEFAULT_PERMANENT_TABLESPACE database property is set to a system tablespace.
Severity: Warning
Rationale: If not specified explicitly, DEFAULT_PERMANENT_TABLESPACE is defaulted to the SYSTEM tablespace. This is not the recommended setting. With this setting, any user that is not explicitly assigned a tablespace uses the system tablespace. Doing so may result in performance degradation for the database. This is also a security issue. Non-system users may store data and consume all available space in the system tablespace, thus causing the database to stop working.
Description: Checks for dictionary managed tablespaces.
Severity: Minor Warning
Rationale: These tablespaces are dictionary managed. Oracle recommends using locally managed tablespaces, with AUTO segment-space management, to enhance performance and ease of space management.
The compliance rules for the Basic Security Configuration for Oracle Cluster Database Instance compliance standard follow.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write, and execute permissions.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures REMOTE_OS_AUTHENT initialization parameter is set to FALSE.
Severity: Critical
Rationale: A malicious user can gain access to the database if remote OS authentication is allowed.
Description: Ensures that the sec_protocol_error_trace_action parameter is set to either LOG or ALERT.
Severity: Critical
Rationale: SEC_PROTOCOL_ERROR_TRACE_ACTION specifies the action that the database should take when bad packets are received from a possibly malicious client. NONE should not be used as the database server ignores the bad packets and does not generate any trace files or log messages. If default value TRACE is used then the database server generates a detailed trace file and should only be used when debugging.
Description: Ensures that the ownership of all files and directories in the ORACLE_HOME/bin folder is the same as the Oracle software installation owner.
Severity: Critical
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write, and execute permissions.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures database auditing is enabled.
Severity: Minor Warning
Rationale: The AUDIT_TRAIL parameter enables or disables database auditing. Auditing enhances security because it enforces accountability, provides evidence of misuse, and is frequently required for regulatory compliance. Auditing also enables system administrators to implement enhanced protections, early detection of suspicious activities, and finely-tuned security responses.
Description: Ensures that access to the server parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures that access to the initialization parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures sessions for users who connect as SYS are fully audited.
Severity: Warning
Rationale: The AUDIT_SYS_OPERATIONS parameter enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges.
Description: Ensures that the Utility File Directory (UTL_FILE_DIR) initialization parameter is not set to one of '*', '.', core dump trace file locations.
Severity: Critical
Rationale: Specifies the directories which the UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories, could expose them to all users having execute privilege on the UTL_FILE package.
Description: Ensures that access to the server parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the OS authentication prefix is set to a value other than OPS$.
Severity: Warning
Rationale: The OS_AUTHENT_PREFIX parameter specifies a prefix used to authenticate users attempting to connect to the server. When a connection request is attempted, Oracle compares the prefixed user name with user names in the database. Using a prefix, especially OPS$, tends to result in an insecure configuration as an account can be authenticated either as an operating system user or with the password used in the IDENTIFIED BY clause. Attackers are aware of this and will attack these accounts.
Description: Ensures that access to the initialization parameter file is restricted to the owner of the Oracle software set and the DBA group.
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter is set to either DROP or DELAY.
Severity: Critical
Rationale: If default value CONTINUE is used the server process continues execution even if bad packets are received. The database server may be subject to a Denial of Service (DoS) if bad packets continue to be sent by a malicious client
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the server allows logon from clients with a matching version or higher only.
Severity: Warning
Rationale: Setting the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to a version lower than the server version will force the server to use a less secure authentication protocol.
Description: On UNIX systems, ensures that the owner of the Oracle software has an appropriate umask value of 022 set.
Severity: Warning
Rationale: If umask is not set to an appropriate value (like 022), log or trace files might become accessible to public exposing sensitive information.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures data dictionary protection is enabled.
Severity: Critical
Rationale: The 07_DICTIONARY_ACCESSIBILITY parameter controls access to the data dictionary. Setting the 07_DICTIONARY_ACCESSIBILITY to TRUE allows users with ANY system privileges to access the data dictionary. As a result, these user accounts can be exploited to gain unauthorized access to data.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public.
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures REMOTE_OS_ROLES initialization parameter is set to FALSE.
Severity: Critical
Rationale: A malicious user can gain access to the database if remote users can be granted privileged roles.
Description: Ensures database trace files are not public readable.
Severity: Critical
Rationale: If trace files are readable by the PUBLIC group, a malicious user may attempt to read the trace files that could lead to sensitive information being exposed.
Description: Ensures listener instances on a remote machine separate from the database instance are not used.
Severity: Warning
Rationale: The REMOTE_LISTENER initialization parameter can be used to allow a listener on a remote machine to access the database. This parameter is not applicable in a multi-master replication or Real Application Cluster environment where this setting provides a load balancing mechanism for the listener.
The compliance rules for the High Security Configuration for Oracle Cluster Database Instance compliance standard follow.
Description: Ensures $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set and DBA group.
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used access sensitive data or to launch further attacks.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the DISPATCHERS parameter is not set.
Severity: Critical
Rationale: This will disable default ports ftp: 2100 and http: 8080. Removing the XDB ports will reduce the attack surface of the Oracle server. It is recommended to disable these ports if production usage is not required.
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used to access sensitive data or to launch further attacks.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures Oracle HTTP Server distributed configuration file ownership is restricted to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that value of parameter SEC_RETURN_SERVER_RELEASE_BANNER is FALSE.
Severity: Critical
Rationale: If the Parameter SEC_RETURN_SERVER_RELEASE_BANNER is TRUE Oracle database returns complete database version information to clients. Knowing the exact patch set can aid an attacker.
Description: Ensures tkprof executable file is owned by Oracle software owner.
Severity: Warning
Rationale: Not restricting ownership of tkprof to the Oracle software set and DBA group may cause information leaks.
Description: Ensures Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures use of SQL92 security features.
Severity: Warning
Rationale: If SQL92 security features are not enabled, a user might be able to execute an UPDATE or DELETE statement using a WHERE clause without having select privilege on a table.
Description: Ensures privileged users are authenticated by the operating system; that is, Oracle ignores any password file.
Severity: Minor Warning
Rationale: The REMOTE_LOGIN_PASSWORDFILE parameter specifies whether or not Oracle checks for a password file. Because password files contain the passwords for users, including SYS, the most secure way of preventing an attacker from connecting through brute-force password-related attacks is to require privileged users be authenticated by the operating system.
Description: Ensures that all LOB files created by Oracle are created as SecureFiles.
Severity: Critical
Rationale: For LOBs to get treated as SecureFiles, set COMPATIBILE Initialization Param to 11.1 or higher. If there is a LOB column with two partitions (one that has a tablespace for which ASSM is enabled and one that has a tablespace for which ASSM is not enabled), then LOBs in the partition with the ASSM-enabled tablespace will be treated as SecureFiles and LOBs in the other partition will be treated as BasicFile LOBs. Setting db_securefile to ALWAYS makes sure that any LOB file created is a secure file.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public.
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) is owned by Oracle software owner.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. Only applicable if the database is in archivelog mode.
Severity: Critical
Rationale: Setting the LOG_ARCHIEVE_START initialization parameter to TRUE ensures that the archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. This feature is only applicable if the database is in archivelog mode.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) contains the Database Access Descriptors used for authentication. A publicly accessible mod_plsql configuration file can allow a malicious user to modify the Database Access Descriptor settings to gain access to PL/SQL applications or launch a Denial Of Service attack.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: Ensures Webcache initialization file (webcache.xml) is owned by Oracle software owner.
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that the server's archive logs are not accessible to public.
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission.
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users.
Description: Ensures that the UTL_FILE_DIR initialization parameter is not used in Oracle9i Release 1 and later.
Severity: Critical
Rationale: Specifies the directories which UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories could expose them to all users having execute privilege on UTL_FILE package.
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: Ensures Oracle XSQL Configuration File (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used access sensitive data or to launch further attacks.
Description: Ensures roles are stored, managed, and protected in the database rather than files external to the DBMS.
Severity: Warning
Rationale: If Roles are managed by OS, can cause serious security issues.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public.
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission.
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users.
Description: Ensures Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database users it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, and so on.
Description: Ensures that the sec_case_sensitive_logon parameter is set to true.
Severity: Critical
Rationale: This increases the complexity of passwords and helps defend against brute-force password attacks.
Description: Avoids negative impact on database performance and disk space usage, caused by data collected by otrace.
Severity: Warning
Rationale: Performance and resource utilization data collection can have a negative impact on database performance and disk space usage.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures SQL*Plus ownership is restricted to the Oracle software set and DBA group.
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Not restricting ownership of SQL*Plus to the Oracle software set and DBA group may cause security issues by exposing sensitive data to malicious users.
Description: Ensures Oracle HTTP Server Distributed Configuration Files permissions are limited to the Oracle software set and DBA group.
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission.
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the name of a database link is the same as that of the remote database.
Severity: Warning
Rationale: Database link names that do not match the global names of the databases to which they are connecting can cause an administrator to inadvertently give access to a production server from a test or development server. Knowledge of this can be used by a malicious user to gain access to the target database.
Description: On UNIX systems, ensures that AUDIT_SYSLOG_LEVEL is set to a non-default value when OS-level auditing is enabled.
Severity: Warning
Rationale: Setting the AUDIT_SYSLOG_LEVEL initialization parameter to the default value (NONE) will result in DBAs gaining access to the OS audit records.
|
 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
