Skip Headers
Oracle® Enterprise Manager Policy Reference Manual
11g Release 1 (11.1.0.1)

E17019-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

6 Listener Policies

This chapter provides the following information for each of the Listener policies:

The Listener policies are categorized as follows:

6.1 Security Policies - UNIX

The security policies for the Listener target on UNIX are:

6.1.1 Allowed Logon Version

This policy ensures that the server allows logon from clients with a matching version or higher only.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The SQLNET.ALLOWED_LOGON_VERSION parameter is set to %version%.

Footnote 1 The policy rule is evaluated each time its underlying sqlnetAllowedLogonVersionRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

Setting the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to a version lower than the server version will allow the server to use a less secure authentication protocol.

Action

Set the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to the server's major version. Setting this value to older versions could expose vulnerabilities that may have existed in the authentication protocols.

6.1.2 Listener Default Name

This policy ensures that the default name of the listener is not used.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The listener is addressed by the default name.

Footnote 1 The policy rule is evaluated each time its underlying lsnrDefaultNameMetricRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

Having a listener with the default name increases the risk of unauthorized access and denial of service attacks.

Action

Avoid having a listener with the default name (LISTENER).

6.1.3 Listener Direct Administration

This policy ensures that no runtime modifications to the listener configuration is allowed.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. Direct administration is enabled.

Footnote 1 The policy rule is evaluated each time its underlying lsnrDirectAdminMetricRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user who has access to a running listener can perform runtime modifications (for example, SET operations) using the lsnrctl program.

Action

All listeners must have direct administration disabled. Set ADMIN_RESTRICTIONS_<listener_name> to ON in listener.ora.

6.1.4 Listener Log File Owner

This policy ensures that the listener log file is owned by the Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The listener log file %file_name% is owned by %file_owner%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrLogFileOwnerMetricRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The information in the log file can reveal important network and database connection details. Having a log file not owned by the Oracle software owner can expose them to public scrutiny with possible security implications.

Action

The listener log file must be owned by Oracle software owner.

6.1.5 Listener Log File Permission

This policy ensures that the listener log file cannot be read by or written to by public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The listener log file %file_name% has permission %file_permission%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrLogFilePermMetricRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The information in the log file can reveal important network and database connection details. Allowing access to the log file can expose them to public scrutiny with possible security implications.

Action

The listener log file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.

6.1.6 Listener Logging Status

This policy ensures that listener logging is enabled.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. Logging is not enabled.

Footnote 1 The policy rule is evaluated each time its underlying lsnrLogStatusMetricRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

Without listener logging attacks on the listener can go unnoticed.

Action

Enable listener logging by setting the LOG_STATUS parameter to ON.

6.1.7 Listener Password

This policy ensures that access to listener is password protected.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. Listener %listener% is running without password protection.

Footnote 1 The policy rule is evaluated each time its underlying lsnrPasswdMetricRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

Without password protection, a user can gain access to the listener. Once someone has access to the listener, he or she can stop the listener. He or she can also set a password and prevent others from managing the listener.

Action

All listeners should be protected by a non-trivial password using the CHANGE_PASSWORD command.

6.1.8 Listener Trace Directory Owner

This policy ensures that the listener trace directory is a valid directory owned by Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The listener trace directory %dir_name% is owned by %dir_owner%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceDirOwnMetricRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Having a trace directory not owned by the Oracle software owner can expose the trace files to public scrutiny with possible security implications.

Action

The listener trace directory must be owned by the Oracle software owner.

6.1.9 Listener Trace Directory Permission

This policy ensures that the listener trace directory does not have public read or write permissions.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The listener trace directory %dir_name% has permission %dir_permission%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceDirPermMetricRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Allowing access to the trace directory can expose them to public scrutiny with possible security implications.

Action

The listener trace directory must not allow public to read or write to it. Restrict the directory permission to Oracle software owner and DBA group.

6.1.10 Listener Trace File Owner

This policy ensures that the listener trace file owner is the same as the Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The listener trace file %file_name% is owned by %file_owner%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceFileOwnMetricRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Having trace files not owned by the Oracle software owner can expose them to public scrutiny with possible security implications.

Action

The listener trace file must be owned by Oracle software owner.

6.1.11 Listener Trace File Permission

This policy ensures that the listener trace file is not accessible to public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The listener trace file %file_name% has permission %file_permission%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceFilePermMetricRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Allowing access to the trace files can expose them to public scrutiny with possible security implications.

Action

The listener trace file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.

6.1.12 Listener.ora Permission

This policy ensures that the file permissions for listener.ora are restricted to the owner of Oracle software.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. Permissions of listener.ora are not restricted to the Oracle set.

Footnote 1 The policy rule is evaluated each time its underlying lsnrOraPermRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

If the listener.ora file is public readable, passwords may be extracted from this file. This can also lead to exposure of detailed information on the Listener, database, and application configuration. Also, if public has write permissions, a malicious user can remove any password that has been set on the listener.

Action

Listener.ora permissions should be restricted to the owner of Oracle software installation and DBA group.

6.1.13 Listner Inbound Connect Timeout

This policy ensures that all incomplete inbound connections to Oracle Listener has a limited lifetime. The INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file specifies the maximum amount of time the Oracle Connection Manager listener will wait for a valid connection request from the client before timing out.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Database is in an insecure state. lsnr.inbound_connect_timeout parameter is set to %value%.

Footnote 1 The policy rule is evaluated each time its underlying Lsnr_Inbound_Connect_Timeout_Rep metric is collected.

Defaults

Parameters and Their Default Values

Parameter name: DFLT_VAL

Default value: 20

Objects Excluded by Default

Not Applicable

Impact of Violation

The limit imposed by the INBOUND_CONNECT_TIMEOUT_listener_name parameter protects the listener from consuming and holding resources for client connection requests that do not complete. A malicious user could use this to flood the listener with requests that result in a denial of service to authorized users.

Action

Set the lowest possible value for the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file. Ensure that the value of this parameter is lower than the value of the SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file

6.1.14 Oracle Net Client Log Directory Owner

This policy ensures that the client log directory is a valid directory owned by Oracle set with no permissions to the PUBLIC role.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The client log directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying clientLogDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The client log directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.15 Oracle Net Client Log Directory Permission

This policy ensures that the client log directory is a valid directory owned by Oracle set with no permissions to the PUBLIC role.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The client log directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying clientLogDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The client log directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.16 Oracle Net Client Trace Directory Owner

This policy ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to the public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The client trace directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying clientTrcDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The client trace directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.17 Oracle Net Client Trace Directory Permission

This policy ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to the public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The client trace directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying clientTrcDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The client trace directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.18 Oracle Net Inbound Connect Timeout

This policy ensures that all incomplete inbound connections to Oracle Net have a limited lifetime. The SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file specifies the maximum amount of time the Oracle Net will wait for a valid connection request from the client before timing out.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Database is in an insecure state. sqlnet.inbound_connect_timeout parameter is set to %value%..

Footnote 1 The policy rule is evaluated each time its underlying Sqlnet_Inbound_Connect_Timeout_Rep metric is collected.

Defaults

Parameters and Their Default Values

Parameter name: DFLT_VAL

Default value: 30

Objects Excluded by Default

Not Applicable

Impact of Violation

Without the SQLNET.INBOUNT_CONNECT_TIMEOUT parameter or assigning it with a higher value, a client connection to the database server can stay open indefinitely or for the specified duration without authentication.

Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.

Action

Set the lowest possible value for the SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file. Ensure that the value of this parameter is higher than the value of INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file.

6.1.19 Oracle Net Server Log Directory Owner

This policy ensures that the server log directory is a valid directory owned by Oracle set with no permissions to the public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The server log directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying svrLogDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The server log directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.20 Oracle Net Server Log Directory Permission

This policy ensures that the server log directory is a valid directory owned by Oracle set with no permissions to the public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The server log directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying svrLogDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The server log directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.21 Oracle Net Server Trace Directory Owner

This policy ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to the public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The server trace directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying svrTrcDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The server trace directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.22 Oracle Net Server Trace Directory Permission

This policy ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to the public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The server trace directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying svrTrcDirRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The server trace directory must be a valid directory owned by the Oracle set with no permissions to public.

6.1.23 Oracle Net SSL_SERVER_DN_MATCH

This policy ensures the SSL_SERVER_DN_MATCH parameter is enabled in the sqlnet.ora file and in turn SSL ensures that the certificate is from the server.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours Yes Database is in an insecure state. ssl_server_dn_match parameter is set to %value%

Footnote 1 The policy rule is evaluated each time its underlying Sql_Server_DN_Match_Rep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

If the SSL_SERVER_DN_MATCH parameter is disabled, then SSL performs the check but allows the connection, regardless if there is a match or not. Not enforcing the match allows the server to potentially fake its identity.

Action

Enable the SSL_SERVER_DN_MATCH parameter in the sqlnet.ora file.

6.1.24 Restrict sqlnet.ora Permissions

This policy ensures that the sqlnet.ora file is not accessible to the public.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The sqlnet.ora file has permission %permission%.

Footnote 1 The policy rule is evaluated each time its underlying sqlnetOraPermRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If the sqlnet.ora file is public readable, a malicious user may attempt to read this file which could lead to sensitive information being exposed. For example, log and trace destination information of the client and server could be exposed.

Action

Public should not be given any permissions on the sqlnet.ora file.

6.1.25 Sqlnet Expire Time

This policy ensures a frequent check for dead connections on Oracle Net. The sqlnet.expire_time parameter in sqlnet.ora specify the interval for checking dead connection.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in insecure state. The sqlnet.expirt_time is set to %expiretime%..

Footnote 1 The policy rule is evaluated each time its underlying sqlnetExpireTimeRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

If sqlnet.expire_time is not set or set to 0, then the database never checks for dead connection and it keeps consuming database server resources.

Action

Set sqlnet.expire_time to a recommended value which should be greater than zero. Oracle recommends 10.

6.1.26 Tcp Validnode Checking

This policy ensures that tcp.validnode_checking parameter is set to yes in sqlnet.ora.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in insecure state. The tcp.validnode_checking is set to %validnode%The database is in an insecure state. The client trace directory %dir_name% has permission %permissions%.

Footnote 1 The policy rule is evaluated each time its underlying validnodeCheckRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

Not setting valid node check can potentially allow anyone to connect to the server, including a malicious user.

Action

Set tcp.validnode_checking to yes, hence server can allow/deny access using TCL.EXCLUDED_NODES and TCP.INVITED_NODES.

6.1.27 Use of Hostname in Listener.ora

This policy ensures that the listener host is specified as IP address and not hostname in the listener.ora file.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Host is not specified as IP address in listener.ora.

Footnote 1 The policy rule is evaluated each time its underlying lsnrHostNameMetricRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

An insecure Domain Name System (DNS) Server can be taken advantage of for mounting a spoofing attack. Name server failure can result in the listener unable to resolved the host.

Action

Host should be specified as IP address in listener.ora.

6.2 Security Policies - Windows

The security policies for the Listener target on Windows are:

6.2.1 Listener Log File Permission (Windows)

This policy ensures that the listener log file cannot be read by or written to by public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state.The users %users% have critical permissions on the listener log file %file_name%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrLogFilePermMetricNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The information in the log file can reveal important network and database connection details. Allowing access to the log file can expose them to public scrutiny with possible security implications.

Action

The listener log file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.

6.2.2 Listener Trace Directory Permission (Windows)

This policy ensures that the listener trace directory does not have public read or write permissions. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The users %users% have critical permissions on the listener trace directory %dir_name%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceDirPermMetricNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Allowing access to the trace directory can expose them to public scrutiny with possible security implications.

Action

The listener trace directory must not allow public to read or write to it. Restrict the directory permission to Oracle software owner and DBA group.

6.2.3 Listener Trace File Permission (Windows)

This policy ensures that the listener trace file is not accessible to public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Informational Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. The users %users% have critical permissions on the listener trace file %file_name%.

Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceFilePermMetricNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Allowing access to the trace files can expose them to public scrutiny with possible security implications.

Action

The listener trace file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.

6.2.4 Listener.ora Permission (Windows)

This policy ensures that the file permissions for listener.ora are restricted to the owner of Oracle software. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Warning Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Listener is in an insecure state. Permissions of listener.ora are not restricted to the Oracle set.

Footnote 1 The policy rule is evaluated each time its underlying lsnrOraPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

Not Applicable

Impact of Violation

If the listener.ora file is public readable, passwords may be extracted from this file. This can also lead to exposure of detailed information on the Listener, database, and application configuration. Also, if public has write permissions, a malicious user can remove any password that has been set on the listener.

Action

Listener.ora permissions should be restricted to the owner of Oracle software installation and DBA group.

6.2.5 Oracle Net Client Log Directory Permission (Windows)

This policy ensures that the client log directory is a valid directory owned by Oracle set with no permissions to the PUBLIC role. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state.The users %users% have critical permissions on the client log directory %dir_name%.

Footnote 1 The policy rule is evaluated each time its underlying clientLogDirNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The client log directory must be a valid directory owned by the Oracle set with no permissions to public.

6.2.6 Oracle Net Client Trace Directory Permission (Windows)

This policy ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The users %users% have critical permissions on the client trace directory %dir_name%.

Footnote 1 The policy rule is evaluated each time its underlying clientTrcDirNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The client trace directory must be a valid directory owned by the Oracle set with no permissions to public.

6.2.7 Oracle Net Server Log Directory Permission (Windows)

This policy ensures that the server log directory is a valid directory owned by Oracle set with no permissions to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The users %users% have critical permissions on the server log directory %dir_name%.

Footnote 1 The policy rule is evaluated each time its underlying svrLogDirNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The server log directory must be a valid directory owned by the Oracle set with no permissions to public.

6.2.8 Oracle Net Server Trace Directory Permission (Windows)

This policy ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes The database is in an insecure state. The users %users% have critical permissions on the server trace directory %dir_name%.

Footnote 1 The policy rule is evaluated each time its underlying svrTrcDirNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.

Action

The server trace directory must be a valid directory owned by the Oracle set with no permissions to public.

6.2.9 Restrict sqlnet.ora Permissions (Windows)

This policy ensures that the sqlnet.ora file is not accessible to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

Severity Category Target Type Versions Affected Policy Rule EvaluationFoot 1  Automatically Enabled? Alert Message
Critical Security Listener Oracle Server 8 or later The underlying metric has a collection frequency of once every 24 hours. Yes Database is in insecure state. The users %users% have critical permissions on the sqlnet.ora file.

Footnote 1 The policy rule is evaluated each time its underlying sqlnetOraPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If the sqlnet.ora file is public readable, a malicious user may attempt to read this file which could lead to sensitive information being exposed. For example, log and trace destination information of the client and server could be exposed.

Action

Public should not be given any permissions on the sqlnet.ora file.