2 Securing the Database Installation and Configuration

This chapter contains:

About Securing the Database Installation and Configuration

After you install Oracle Database, you should secure the database installation and configuration. The methods in this chapter describe commonly used ways to do this, all of which involve restricting permissions to specific areas of the database files.

Oracle Database is available on several operating systems. Consult the following guides for detailed platform-specific information about Oracle Database:

Enabling the Default Security Settings

When you create a new database or modify an existing database, you can use the Security Settings window in Database Configuration Assistant (DBCA) to enable or disable the default security settings. Oracle recommends that you enable these settings. These settings enable the following default security settings:

  • Enables default auditing settings. See "Using Default Auditing for Security-Relevant SQL Statements and Privileges" for detailed information.

  • Creates stronger enforcements for new or changed passwords. "Requirements for Creating Passwords" describes the new password requirements.

  • Removes the CREATE EXTERNAL JOB privilege from the PUBLIC role. For greater security, grant the CREATE EXTERNAL JOB privilege only to SYS, database administrators, and those users who need it.

  • Modifies initialization and profile parameter settings. Table 2-1 lists the modified parameter settings.

    Table 2-1 Default Security Settings for Initialization and Profile Parameters

    Setting 10g Default 11g Default

    AUDIT_TRAIL

    NONE

    DB

    O7_DICTIONARY_ACCESSIBILITY

    FALSE

    FALSE

    PASSWORD_GRACE_TIME

    UNLIMITED

    7

    PASSWORD_LOCK_TIME

    UNLIMITED

    1

    FAILED_LOGIN_ATTEMPTS

    10

    10

    PASSWORD_LIFE_TIME

    UNLIMITED

    180

    PASSWORD_REUSE_MAX

    UNLIMITED

    UNLIMITED

    PASSWORD_REUSE_TIME

    UNLIMITED

    UNLIMITED

    REMOTE_OS_ROLES

    FALSE

    FALSE

To enable the default profile security settings using Database Configuration Assistant:

  1. Start Database Configuration Assistant:

    • UNIX: Enter the following command at a terminal window:

      dbca

      Typically, dbca is in the $ORACLE_HOME/bin directory.

    • Windows: From the Start menu, click All Programs. Then click Oracle - ORACLE_HOME, then Configuration and Migration Tools, and then Database Configuration Assistant.

      Alternatively, you can start Database Configuration assistant at a command prompt:

      dbca

      As with UNIX, typically, dbca is in the ORACLE_BASE\ORACLE_HOME\bin directory.

  2. In the Welcome window, click Next.

    The Operations window appears.

  3. Select Configure Database Options, and then click Next.

    The Database window appears.

  4. Select the database that you want to configure, and then click Next.

    The Security Settings window appears.

  5. Select the Keep the enhanced 11g default security settings (recommended). These settings include enabling auditing and a new default password profile option.

  6. Click Next.

    The Database Components window appears.

  7. Select any additional options, and then click Next. Answer the remaining questions as necessary.

  8. Click Finish.

Securing the Oracle Data Dictionary

This section describes how you can secure the data dictionary. The data dictionary is a set of database tables that provide information about the database, such as schema definitions or default values.

This section contains:

About the Oracle Data Dictionary

The Oracle data dictionary is a set of database tables that provides information about the database. A data dictionary has the following contents:

  • The definitions of all schema objects in the database (tables, views, indexes, clusters, synonyms, sequences, procedures, functions, packages, triggers, and so on)

  • The amount of space allocated for, and is currently used by, the schema objects

  • Default values for columns

  • Integrity constraint information

  • The names of Oracle Database users

  • Privileges and roles granted to each user

  • Auditing information, such as who has accessed or updated various schema objects

  • Other general database information

The data dictionary tables and views for a given database are stored in the SYSTEM tablespace for that database. The data dictionary is structured in tables and views, just like other database data. All the data dictionary tables and views for a given database are owned by the user SYS. Connecting to the database with the SYSDBA privilege gives full access to the data dictionary. Oracle strongly recommends limiting access to the SYSDBA privilege to only those operations necessary such as patching and other administrative operations. The data dictionary central to every Oracle database.

You can use SQL statements to access the data dictionary. Because the data dictionary is read only if you do not connect with the SYSDBA privilege, you can issue only queries (SELECT statements) against its tables and views. Be aware that not all objects in the data dictionary are exposed to users. A subset of data dictionary objects, such as those beginning with USER_% are exposed as read only to all database users.Oracle Database Reference provides a list of database views that you can query to find information about the data dictionary.

Example 2-1 shows how you can find a list of database views specific to the data dictionary by querying the DICTIONARY view.

Example 2-1 Finding Views That Pertain to the Data Dictionary

SQLPLUS SYSTEM
Enter password: password
Connected.

SQL> SELECT TABLE_NAME FROM DICTIONARY;

Enabling Data Dictionary Protection

You can protect the data dictionary by enabling the O7_DICTIONARY_ACCESSIBILITY initialization parameter. This parameter prevents users who have the ANY system privilege from using those privileges on the data dictionary, that is, on objects in the SYS schema.

Oracle Database provides highly granular privileges. One such privilege, commonly referred to as the ANY privilege, is typically granted to only application owners and individual database administrators. For example, you could grant the DROP ANY TABLE privilege to an application owner. You can protect the Oracle data dictionary from accidental or malicious use of the ANY privilege by turning on the 07_DICTIONARY_ACCESSIBILITY initialization parameter.

To enable data dictionary protection:

  1. Start Oracle Enterprise Manager Database Control (Database Control).

    See Oracle Database 2 Day DBA for instructions about how to start Database Control.

  2. Log in as SYS and connect with the SYSDBA privilege.

    • User Name: Enter the name of a user has administrative privileges. In this case, you enter SYS.

    • Password: Enter the user's password.

    • Connect As: From the list, select either SYSDBA, SYSOPER, or Normal. In this case, you select SYSDBA.

    The Oracle Enterprise Manager Database Home page (Database Home page) appears.

  3. Click Server to display the Server subpage.

  4. In the Database Configuration section, click Initialization Parameters.

    The Initialization Parameters page appears.

  5. In the list, search for O7_DICTIONARY_ACCESSIBILITY.

    In the Name field, enter O7_ (the letter O), and then click Go. You can enter the first few characters of a parameter name. In this case, O7_ displays the O7_DICTIONARY_ACCESSIBILTY parameter.

    Depending on the parameter, you may have to modify the value from the SPFile subpage. Click the SFFile tab to display the SPFile subpage.

  6. Set the value for O7_DICTIONARY_ACCESSIBILTY to FALSE.

  7. Click Apply.

  8. Restart the Oracle Database instance.

    1. Click the Database Instance link.

    2. Click Home to display the Database Control home page.

    3. Under General, click Shutdown.

    4. In the Startup/Shutdown Credentials page, enter your credentials.

      See Oracle Database 2 Day DBA for more information.

    5. After the shutdown completes, click Startup.

After you set the O7_DICTIONARY_ACCESSIBILTY parameter to FALSE, only users who have the SELECT ANY DICTIONARY privilege and those users authorized to make DBA-privileged (for example CONNECT / AS SYSDBA) connections can use the ANY system privilege on the data dictionary. If the O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE, then any user with a DROP ANY TABLE (for example) system privilege can drop parts of the data dictionary.

Note:

Guidelines for Securing Operating System Access to Oracle Database

You can secure access to Oracle Database on the operating system level by following these guidelines:

  • Limit the number of operating system users.

  • Limit the privileges of the operating system accounts (administrative, root-privileged, or DBA) on the Oracle Database host (physical computer). Only grant the user the least number of privileges needed to perform his or her tasks.

  • Restrict the ability to modify the default file and directory permissions for the Oracle Database home (installation) directory or its contents. Even privileged operating system users and the Oracle owner should not modify these permissions, unless instructed otherwise by Oracle.

  • Restrict symbolic links. Ensure that when you provide a path or file to the database, neither the file nor any part of the path is modifiable by an untrusted user. The file and all components of the path should be owned by the database administrator or some trusted account, such as root.

    This recommendation applies to all types of files: data files, log files, trace files, external tables, BFILEs, and so on.

Guideline for Granting Permissions to Run-Time Facilities

Many Oracle Database products use run-time facilities such as Oracle Java Virtual Machine (OJVM). Do not assign all permissions to a database run-time facility. Instead, grant specific permissions to the explicit document root file paths for facilities that might run files and packages outside the database.

Here is an example of a vulnerable run-time call, in which individual files are specified:

call dbms_java.grant_permission('wsmith',
 'SYS:java.io.FilePermission','filename','read');

The following example is a better (more secure) run-time call, which specifies a directory path (in bold typeface) instead.

call dbms_java.grant_permission('wsmith', 
 'SYS:java.io.FilePermission','directory_path','read');

Initialization Parameters Used for Installation and Configuration Security

Table 2-2 lists initialization parameters that you can set to better secure your Oracle Database installation and configuration.

Table 2-2 Initialization Parameters Used for Installation and Configuration Security

Initialization Parameter Default Setting Description

SEC_RETURN_SERVER_RELEASE_BANNER

FALSE

Controls the display of the product version information, such as the release number, in a client connection. An intruder could use the database release number to find information about security vulnerabilities that may be present in the database software. You can enable or disable the detailed product version display by setting this parameter.

See Oracle Database Security Guide for more information about this and similar parameters. Oracle Database Reference describes this parameter in detail.

O7_DICTIONARY_ACCESSIBILITY

FALSE

Controls restrictions on SYSTEM privileges. See "Enabling Data Dictionary Protection" for more information about this parameter. Oracle Database Reference describes this parameter in detail.


See Also:

Oracle Database Reference for more information about initialization parameters

Modifying the Value of an Initialization Parameter

This section explains how to use Database Control to modify the value of an initialization parameter. To find detailed information about the initialization parameters available, see Oracle Database Reference.

To modify the value of an initialization parameter:

  1. Start Database Control.

  2. Log in as user SYS with the SYSDBA privilege.

    • User Name: SYS

    • Password: Enter your password.

    • Connect As: SYSDBA

  3. Click Server to display the Server subpage.

  4. In the Database Configuration section, click Initialization Parameters.

    The Initialization Parameters page appears.

  5. In the Name field, enter the name of the parameter to change, and then click Go.

    You can enter the first few letters of the parameter, for example, SEC_RETURN if you are searching for the SEC_RETURN_SERVER_RELEASE_NUMBER parameter. Alternatively, you can scroll down the list of parameters to find the parameter you want to change.

    Depending on the parameter, you might have to modify the value from the SPFile subpage. Click the SFFile tab to display the SPFile subpage.

  6. In the Value field, either enter the new value or if a list is presented, select from the list.

  7. Click Apply.

  8. If the parameter is static, restart the Oracle Database instance.

    To find out if an initialization parameter is static, check its description in Oracle Database Reference. If the Modifiable setting in its summary table shows No, then you must restart the database instance.

    1. Click the Database Instance link.

    2. Click Home to display the Database Control home page.

    3. Under General, click Shutdown.

    4. In the Startup/Shutdown Credentials page, enter your credentials.

      See Oracle Database 2 Day DBA for more information.

    5. After the shutdown completes, click Startup.