The compliance rules for the Basic Security Configuration For Oracle Cluster Database Instance standard follow.
Description: Ensures that the server allows logon from clients with a matching version or higher only.
Severity: Warning
Rationale: Setting the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to a version lower than the server version will force the server to use a less secure authentication protocol
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures sessions for users who connect as SYS are fully audited
Severity: Warning
Rationale: The AUDIT_SYS_OPERATIONS parameter enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the crypto_checksum_server parameter is set to recommended value in sqlnet.ora.
Severity: Warning
Rationale: This option ensures the integrity check for communication to prevent data modification.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures data dictionary protection is enabled
Severity: Critical
Rationale: The 07_DICTIONARY_ACCESSIBILITY parameter controls access to the data dictionary. Setting the 07_DICTIONARY_ACCESSIBILITY to TRUE allows users with ANY system privileges to access the data dictionary. As a result, these user accounts can be exploited to gain unauthorized access to data.
Description: Ensures database auditing is enabled
Severity: Minor Warning
Rationale: The AUDIT_TRAIL parameter enables or disables database auditing. For database version 12c and above Unified Auditing can be used. Auditing enhances security because it enforces accountability, provides evidence of misuse, and is frequently required for regulatory compliance. Auditing also enables system administrators to implement enhanced protections, early detection of suspicious activities, and finely-tuned security responses.
Description: Ensures that the encryption_server parameter is set to recommended value in sqlnet.ora
Severity: Warning
Rationale: This option ensures that regardless of the settings on the user, if communication takes place it must be encrypted
Description: Ensures that the ssl_client_authentication parameter is set to TRUE
Severity: Warning
Rationale: If TRUE Both the client and server authenticate to each other using certificates.It is preferable to have mutually authenticated SSL connections verifying the identity of both parties. If possible use client and server certificates for SSL connections. If client certificates are not supported in the enterprise, then set to FALSE.
Description: Ensures that access to the initialization paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the initialization paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that the ownership of all files and directories in the ORACLE_HOME/bin folder is the same as the Oracle software installation owner
Severity: Critical
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write and execute permissions
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write and execute permissions
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter is set to either DROP or DELAY
Severity: Critical
Rationale: If default value CONTINUE is used, the server process continues execution even if bad packets are received. The database server may be subject to a Denial of Service (DoS) if bad packets continue to be sent by a malicious client
Description: Ensures that the sec_protocol_error_trace_action parameter is set to either LOG or ALERT
Severity: Critical
Rationale: SEC_PROTOCOL_ERROR_TRACE_ACTION specifies the action that the database should take when bad packets are received from a possibly malicious client. NONE should not be used as the database server ignores the bad packets and does not generate any trace files or log messages. If default value TRACE is used then the database server generates a detailed trace file and should only be used when debugging
Description: Ensures database trace files are not public readable
Severity: Critical
Rationale: If trace files are readable by the PUBLIC group, a malicious user may attempt to read the trace files that could lead to sensitive information being exposed.
Description: Ensure REMOTE_OS_AUTHENT initialization parameter is set to FALSE
Severity: Critical
Rationale: A malicious user can gain access to the database if remote OS authentication is allowed.
Description: Ensure REMOTE_OS_ROLES initialization parameter is set to FALSE
Severity: Critical
Rationale: A malicious user can gain access to the database if remote users can be granted privileged roles.
Description: Ensures that the ssl_cipher_suites parameter is set to recommended value in sqlnet.ora
Severity: Warning
Rationale: This option is used to specify a cipher suite that will be used by the SSL connection. If the recommended cipher suite is not used, the SSL connection could be compromised.
Description: Ensures that the ssl_version parameter is set to latest version .
Severity: Warning
Rationale: Usage of the most current version of SSL is recommended older versions of the SSL protocol are prone to attack or roll back. Do not set this parameter with Any.
Description: Ensures that access to the server paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the server paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: On UNIX systems, ensure that the owner of the Oracle software has an appropriate umask value of 022 set
Severity: Warning
Rationale: If umask is not set to an appropriate value (like 022), log or trace files might become accessible to public exposing sensitive information.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the OS authentication prefix is set to a value other than OPS$
Severity: Warning
Rationale: The OS_AUTHENT_PREFIX parameter specifies a prefix used to authenticate users attempting to connect to the server. When a connection request is attempted, Oracle compares the prefixed username with usernames in the database. Using a prefix, especially OPS$, tends to result in an insecure configuration as an account can be authenticated either as an operating system user or with the password used in the IDENTIFIED BY clause. Attackers are aware of this and will attack these accounts.
Description: Ensures that the Utility File Directory (UTL_FILE_DIR) initialization parameter is not set to one of '*', '.', core dump trace file locations
Severity: Critical
Rationale: Specifies the directories which the UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories, could expose them to all users having execute privilege on the UTL_FILE package.
The compliance rules for the Basic Security Configuration For Oracle Database standard follow.
Description: Ensures restricted access to DBA_ROLES view
Severity: Minor Warning
Rationale: DBA_ROLES view contains details of all roles in the database. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures restricted access to DBA_ROLE_PRIVS view
Severity: Minor Warning
Rationale: The DBA_ROLE_PRIVS view lists the roles granted to users and other roles. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures restricted access to DBA_SYS_PRIVS view
Severity: Minor Warning
Rationale: DBA_SYS_PRIVS view can be queried to find system privileges granted to roles and users. Knowledge of the structure of roles in the database can be taken advantage of bya malicious user.
Description: Ensures restricted access to DBA_TAB_PRIVS view
Severity: Minor Warning
Rationale: Lists privileges granted to users or roles on objects in the database. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures restricted access to DBA_USERS view
Severity: Minor Warning
Rationale: Contains user password hashes and other account information. Access to this information can be used to mount brute-force attacks.
Description: Ensures restricted access to STATS$SQLTEXT table
Severity: Minor Warning
Rationale: This table provides full text of the recently-executed SQL statements. The SQL statements can reveal sensitive information.
Description: Ensures restricted access to STATS$SQL_SUMMARY table
Severity: Minor Warning
Rationale: Contains first few lines of SQL text of the most resource intensive commands given to the server. Sql statements executed without bind variables can show up here exposing privileged information.
Description: Ensures restricted access to SYS.AUD$ table
Severity: Minor Warning
Rationale: A knowlegeable and malicious user can gain access to sensitive audit information.
Description: Ensures restricted access to SYS.SOURCE$ table
Severity: Minor Warning
Rationale: Contains source of all stored packages units in the database.
Description: Ensures restricted access to SYS.USER$ table
Severity: Minor Warning
Rationale: Username and password hash may be read from the SYS.USER$ table, enabling a hacker to launch a brute-force attack.
Description: Ensures restricted access to SYS.USER_HISTORY$ table
Severity: Minor Warning
Rationale: Username and password hash may be read from the SYS.USER_HISTORY$ table, enabling a hacker to launch a brute-force attack.
Description: Ensures that the server allows logon from clients with a matching version or higher only.
Severity: Warning
Rationale: Setting the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to a version lower than the server version will force the server to use a less secure authentication protocol
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.
Severity: Critical
Rationale: The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.
Description: Ensures sessions for users who connect as SYS are fully audited
Severity: Warning
Rationale: The AUDIT_SYS_OPERATIONS parameter enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the crypto_checksum_server parameter is set to recommended value in sqlnet.ora.
Severity: Warning
Rationale: This option ensures the integrity check for communication to prevent data modification.
Description: Ensures that access to the control files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Control files are binary configuration files that control access to data files. Control files are stored in the directory specified by the CONTROL_FILES initialization parameter. A public write privilege on this directory could pose a serious security risk.
Description: Ensures that access to the control files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Control files are binary configuration files that control access to data files. Control files are stored in the directory specified by the CONTROL_FILES initialization parameter. A public write privilege on this directory could pose a serious security risk.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.
Description: Ensures data dictionary protection is enabled
Severity: Critical
Rationale: The 07_DICTIONARY_ACCESSIBILITY parameter controls access to the data dictionary. Setting the 07_DICTIONARY_ACCESSIBILITY to TRUE allows users with ANY system privileges to access the data dictionary. As a result, these user accounts can be exploited to gain unauthorized access to data.
Description: Ensure there are no default passwords for known accounts
Severity: Warning
Rationale: A malicious user can gain access to the database using default passwords.
Description: Ensures database auditing is enabled
Severity: Minor Warning
Rationale: The AUDIT_TRAIL parameter enables or disables database auditing. For database version 12c and above Unified Auditing can be used. Auditing enhances security because it enforces accountability, provides evidence of misuse, and is frequently required for regulatory compliance. Auditing also enables system administrators to implement enhanced protections, early detection of suspicious activities, and finely-tuned security responses.
Description: Ensures that the encryption_server parameter is set to recommended value in sqlnet.ora
Severity: Warning
Rationale: This option ensures that regardless of the settings on the user, if communication takes place it must be encrypted
Description: Ensures PUBLIC is not granted EXECUTE privileges on DBMS_JOB package
Severity: Critical
Rationale: Granting EXECUTE privilege to PUBLIC on DBMS_JOB package allows users to schedule jobs on the database.
Description: Ensures PUBLIC is not granted EXECUTE privileges on DBMS_SYS_SQL package
Severity: Critical
Rationale: The DBMS_SYS_SQL package can be used to run PL/SQL and SQL as the owner of the procedure rather than the caller.
Description: Ensures that the ssl_client_authentication parameter is set to TRUE
Severity: Warning
Rationale: If TRUE Both the client and server authenticate to each other using certificates.It is preferable to have mutually authenticated SSL connections verifying the identity of both parties. If possible use client and server certificates for SSL connections. If client certificates are not supported in the enterprise, then set to FALSE.
Description: Ensures that access to the initialization paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the initialization paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Warning
Rationale: Oracle traditionally stores initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the datafiles is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The datafiles contain all the database data. If datafiles are readable to public, they can be read by a user who has no database privileges on the data.
Description: Ensures that access to the datafiles is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The datafiles contain all the database data. If datafiles are readable to public, they can be read by a user who has no database privileges on the data.
Description: Ensures that the ownership of all files and directories in the ORACLE_HOME/bin folder is the same as the Oracle software installation owner
Severity: Critical
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write and execute permissions
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) do not have public read, write and execute permissions
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server log directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to public
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter is set to either DROP or DELAY
Severity: Critical
Rationale: If default value CONTINUE is used, the server process continues execution even if bad packets are received. The database server may be subject to a Denial of Service (DoS) if bad packets continue to be sent by a malicious client
Description: Ensures that the sec_protocol_error_trace_action parameter is set to either LOG or ALERT
Severity: Critical
Rationale: SEC_PROTOCOL_ERROR_TRACE_ACTION specifies the action that the database should take when bad packets are received from a possibly malicious client. NONE should not be used as the database server ignores the bad packets and does not generate any trace files or log messages. If default value TRACE is used then the database server generates a detailed trace file and should only be used when debugging
Description: Ensures PASSWORD_VERIFY_FUNCTION resource for the profile is set
Severity: Critical
Rationale: Having passwords that do not meet minimum complexity requirements offer substantially less protection than complex passwords.
Description: Ensures that all profiles have PASSWORD_GRACE_TIME set to a reasonable number of days
Severity: Critical
Rationale: A high value for the PASSWORD_GRACE_TIME parameter may cause serious database security issues by allowing the user to keep the same password for a long time.
Description: Ensures that all profiles have PASSWORD_LIFE_TIME set to a reasonable number of days
Severity: Warning
Rationale: A long password life time gives hackers a long time to try and cook the password. May cause serious database security issues.
Description: Ensures PASSWORD_LOCK_TIME is set to a reasonable number of days for all profiles
Severity: Warning
Rationale: Having a low value increases the likelihood of Denial of Service attacks.
Description: Ensures database trace files are not public readable
Severity: Critical
Rationale: If trace files are readable by the PUBLIC group, a malicious user may attempt to read the trace files that could lead to sensitive information being exposed.
Description: Ensure REMOTE_OS_AUTHENT initialization parameter is set to FALSE
Severity: Critical
Rationale: A malicious user can gain access to the database if remote OS authentication is allowed.
Description: Ensure REMOTE_OS_ROLES initialization parameter is set to FALSE
Severity: Critical
Rationale: A malicious user can gain access to the database if remote users can be granted privileged roles.
Description: Ensure PUBLIC does not have execute privileges on the UTL_HTTP package
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to email, network and http modules using the EXECUTE privilege.
Description: Ensure PUBLIC does not have execute privileges on the UTL_SMTP package
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to email, network and http modules using the EXECUTE privilege.
Description: Ensure PUBLIC does not have execute privileges on the UTL_TCP package
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to email, network and http modules using the EXECUTE privilege.
Description: Ensures that the ssl_cipher_suites parameter is set to recommended value in sqlnet.ora
Severity: Warning
Rationale: This option is used to specify a cipher suite that will be used by the SSL connection. If the recommended cipher suite is not used, the SSL connection could be compromised.
Description: Ensures that the ssl_version parameter is set to latest version .
Severity: Warning
Rationale: Usage of the most current version of SSL is recommended older versions of the SSL protocol are prone to attack or roll back. Do not set this parameter with Any.
Description: Ensures that access to the server paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the server paramater file is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.
Description: On UNIX systems, ensure that the owner of the Oracle software has an appropriate umask value of 022 set
Severity: Warning
Rationale: If umask is not set to an appropriate value (like 022), log or trace files might become accessible to public exposing sensitive information.
Description: Ensures database links with clear text passwords are not used
Severity: Warning
Rationale: The table SYS.LINK$ contains the clear text password used by the database link. A malicious user can read clear text password from SYS.LINK$ table that can lead to undesirable consequences.
Description: Ensures listener instances on a remote machine separate from the database instance are not used
Severity: Warning
Rationale: The REMOTE_LISTENER initialization parameter can be used to allow a listener on a remote machine to access the database. This parameter is not applicable in a multi-master replication or RAC environment where this setting provides a load balancing mechanism for the listener.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the OS authentication prefix is set to a value other than OPS$
Severity: Warning
Rationale: The OS_AUTHENT_PREFIX parameter specifies a prefix used to authenticate users attempting to connect to the server. When a connection request is attempted, Oracle compares the prefixed username with usernames in the database. Using a prefix, especially OPS$, tends to result in an insecure configuration as an account can be authenticated either as an operating system user or with the password used in the IDENTIFIED BY clause. Attackers are aware of this and will attack these accounts.
Description: Ensures that the Utility File Directory (UTL_FILE_DIR) initialization parameter is not set to one of '*', '.', core dump trace file locations
Severity: Critical
Rationale: Specifies the directories which the UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories, could expose them to all users having execute privilege on the UTL_FILE package.
The compliance rules for the Configuration Best Practices For Oracle Database standard follow.
Description: Checks if the STATISTICS_LEVEL initialization parameter is set to BASIC
Severity: Critical
Rationale: Automatic statistics collection allows the optimizer to generate accurate execution plans and is essential for identifying and correcting performance problems. By default, STATISTICS_LEVEL is set to TYPICAL. If the STATISTICS_LEVEL initialization parameter is set to BASIC the collection of many important statistics, required by Oracle database features and functionality, are disabled.
Description: Checks whether recovery area is set
Severity: Warning
Rationale: NO_RECOVERY_AREA_IMPACT
Description: Checks the database for disabled force logging.
Severity: Warning
Rationale: The database is not in force logging mode. If the database is a Data Guard primary database, unlogged direct writes will not be propagated to the standby database.
Description: Checks for use of a single control file
Severity: Critical
Rationale: The control file is one of the most important files in an Oracle database. It maintains many physical characteristics and important recovery information about the database. If youlose the only copy of the control file due to a media error, there will be unnecessary down time and other risks.
Description: Checks if the PGA_AGGREGATE_TARGET initialization parameter has a value of 0 or if WORKAREA_SIZE_POLICY has value of MANUAL.
Severity: Warning
Rationale: Automatic PGA memory management simplifies and improves the way PGA memory is allocated. When enabled, Oracle can dynamically adjust the portion of the PGA memory dedicated to work areas while honoring the PGA_AGGREGATE_TARGET limit set by the DBA.'
Description: Checks for automatic undo space management not being used
Severity: Minor Warning
Rationale: Not using automatic undo management can cause unnecessary contention and performance issues in your database. This may include among other issues, contention for the rollback segment header blocks, in the form of buffer busy waits and increased probability of ORA-1555s (Snapshot Too Old).
Description: Checks for spfile not being used
Severity: Minor Warning
Rationale: The SPFILE (server parameter file) enables you persist any dynamic changes to the Oracle initialization parameters using ALTER SYSTEM commands. This persistence is provided acrossdatabase shutdowns. When a database has an SPFILE configured, you do not have to remember to make the corresponding changes to the Oracle init.ora file. Plus, any changes that are made via ALTER SYSTEM commands are not lost after an shutdown and restart.
Description: Checks if the STATISTICS_LEVEL initialization parameter is set to ALL
Severity: Minor Warning
Rationale: Automatic statistics collection allows the optimizer to generate accurate execution plans and is essential for identifying and correcting performance problems. The STATISTICS_LEVEL initialization parameter is currently set to ALL, meaning additional timed OS and plan execution statistics are being collected. These statistics are not necessary and create additional overhead on the system.
Description: Checks if the TIMED_STATISTICS initialization parameter is set to FALSE.
Severity: Critical
Rationale: Setting TIMED_STATISTICS to FALSE prevents time related statistics, e.g. execution time for various internal operations, from being collected. These statistics are useful for diagnosing and performance tuning. Setting TIMED_STATISTICS to TRUE will allow time related statistics to be collected, and will also provide more value to the trace file and generates more accurate statistics for long-running operations.
Description: Checks for use of non-standard initialization parameters
Severity: Minor Warning
Rationale: Non-standard initialization parameters are being used. These may have been implemented based on poor advice or incorrect assumptions. In particular, parameters associated with SPIN_COUNT on latches and undocumented optimizer features can cause a great deal of problems that can require considerable investigation.
The compliance rules for the High Security Configuration For Oracle Cluster Database Instance standard follow.
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users
Description: Ensures that the crypto_checksum_type_server parameter is set to SHA1 in sqlnet.ora
Severity: Warning
Rationale: This option ensures the integrity check for communication is done using SHA1 Algorithm
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the sec_case_sensitive_logon parameter is set to true
Severity: Critical
Rationale: This increases the complexity of passwords and helps defend against brute force password attacks
Description: Ensure that all LOB files created by Oracle are created as SecureFiles
Severity: Critical
Rationale: For LOBs to get treated as SecureFiles, set COMPATIBILE Initialization Param to 11.1 or higher. If there is a LOB column with two partitions (one that has a tablespace for which ASSM is enabled and one that has a tablespace for which ASSM is not enabled), then LOBs in the partition with the ASSM-enabled tablespace will be treated as SecureFiles and LOBs in the other partition will be treated as BasicFile LOBs. Setting db_securefile to ALWAYS makes sure that any LOB file created is a secure file
Description: Ensures that the DISPATCHERS parameter is not set
Severity: Critical
Rationale: This will disable default ports ftp: 2100 and http: 8080. Removing the XDB ports will reduce the attack surface of the Oracle server. It is recommended to disable these ports if production usage is not required
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the name of a database link is the same as that of the remote database
Severity: Warning
Rationale: Database link names that do not match the global names of the databases to which they are connecting can cause an administrator to inadvertently give access to a production server from a test or development server. Knowledge of this can be used by a malicious user to gain access to the target database.
Description: Ensures $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set and DBA group
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users
Description: Ensure roles are stored, managed, and protected in the database rather than files external to the DBMS.
Severity: Warning
Rationale: If Roles are managed by OS, it can cause serious security issues.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database servicesit knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database servicesit knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database servicesit knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle HTTP Server distributed configuration file ownership is restricted to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures Oracle HTTP Server Distributed Configuration Files permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) contains the Database Access Descriptors used for authentication. A publicly accessible mod_plsql configuration file can allow a malicious user to modify the Database Access Descriptor settings to gain access to PL/SQL applications or launch a Denial Of Service attack.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the client log directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that all incomplete inbound connections to Oracle Net has a limited lifetime
Severity: Warning
Rationale: Without this parameter or assigning it with a higher value , a client connection to the database server can stay open indefinitely or for the specified duration without authentication. Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.
Description: Ensures that the ssl_cert_revocation parameter is set to recommended value in sqlnet.ora
Severity: Warning
Rationale: This option Ensures revocation is required for checking CRLs for client certificate authentication. Revoked certificates can pose a threat to the integrity of the SSL channel and should not be trusted
Description: Ensures ssl_server_dn_match is enabled in sqlnet.ora and in turn SSL ensures that the certificate is from the server
Severity: Warning
Rationale: If ssl_server_dn_match parameter is disabled, then SSL performs the check but allows the connection, regardless if there is a match. Not enforcing the match allows the server to potentially fake its identity.
Description: Ensures that the server log directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that sqlnet.expire_time parameter is set to recommended value.
Severity: Warning
Rationale: if sqlnet.expire_time is not set or set to 0, then database never checks for dead connection and they keeps consuming database server resources.
Description: Ensures that tcp.validnode_checking parameter is set to yes.
Severity: Minor Warning
Rationale: Not setting valid node check can potentially allow anyone to connect to the sever, including a malicious user.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database username and password that can be used access sensitive data or to launch further attacks.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database username and password that can be used access sensitive data or to launch further attacks.
Description: Ensures Oracle XSQL Configuration File (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database username and password that can be used access sensitive data or to launch further attacks.
Description: Avoids negative impact on database performance and disk space usage, caused by data collected by otrace
Severity: Warning
Rationale: Performance and resource utilization data collection can have a negative impact on database performance and disk space usage.
Description: Ensures that value of parameter SEC_RETURN_SERVER_RELEASE_BANNER is FALSE
Severity: Critical
Rationale: If the Parameter SEC_RETURN_SERVER_RELEASE_BANNER is TRUE oracle database returns complete database version information to clients. Knowing the exact patch set can aid an attacker
Description: Ensures privileged users are authenticated by the operating system; that is, Oracle ignores any password file
Severity: Minor Warning
Rationale: The REMOTE_LOGIN_PASSWORDFILE parameter specifies whether or not Oracle checks for a password file. Because password files contain the passwords for users, including SYS, the most secure way of preventing an attacker from connecting through brute-force password-related attacks is to require privileged users be authenticated by the operating system.
Description: Ensures that the sqlnet.ora file is not accessible to public
Severity: Critical
Rationale: If sqlnet.ora is public readable a malicious user may attempt to read this hence could lead to sensitive information getting exposed .For example, log and trace destination information of the client and server.
Description: Ensures that the sqlnet.ora file is not accessible to public
Severity: Critical
Rationale: If sqlnet.ora is public readable a malicious user may attempt to read this hence could lead to sensitive information getting exposed .For example, log and trace destination information of the client and server.
Description: Ensures SQL*Plus ownership is restricted to the Oracle software set and DBA group
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Not restricting ownership of SQL*Plus to the Oracle software set and DBA group may cause security issues by exposing sensitive data to malicious users.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: On UNIX systems, ensures that AUDIT_SYSLOG_LEVEL is set to a non-default value when OS-level auditing is enabled.
Severity: Warning
Rationale: Setting the AUDIT_SYSLOG_LEVEL initialization parameter to the default value (NONE) will result in DBAs gaining access to the OS audit records
Description: Ensures tkprof executable file is owned by Oracle software owner
Severity: Warning
Rationale: Not restricting ownership of tkprof to the Oracle software set and DBA group may cause information leak.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures that archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. Only applicable if database is in archivelog mode
Severity: Critical
Rationale: Setting the LOG_ARCHIVE_START initialization parameter to TRUE ensures that the archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. This feature is only applicable if the database is in archivelog mode.
Description: Ensures use of SQL92 security features
Severity: Warning
Rationale: If SQL92 security features are not enabled, a user might be able to execute an UPDATE or DELETE statement using a WHERE clause without having select privilege on a table.
Description: Ensure that the UTL_FILE_DIR initialization parameter is not used in Oracle9i Release 1 and later
Severity: Critical
Rationale: Specifies the directories which UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories could expose them to all users having execute privilege on UTL_FILE package.
Description: Ensures Webcache initialization file (webcache.xml) is owned by Oracle software owner
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures that tcp.excludeded_nodes parameter is set.
Severity: Warning
Rationale: Not setting valid node check can potentially allow anyone to connect to the sever, including a malicious user.
The compliance rules for the High Security Configuration For Oracle Database standard follow.
Description: Ensures domain server local Users group does not have Domain Users group
Severity: Warning
Rationale: Including Domain Users group in local Users group of a domain server can cause serious security issues.
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users
Description: Ensures the files in $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set, group is restricted to DBA group and Public does not have write permission
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users
Description: Ensure grant of *_CATALOG_* is restricted
Severity: Critical
Rationale: *_CATALOG_* Roles have critical access to database objects, that can lead to exposure of vital information in database system.
Description: Ensures restricted access to ALL_SOURCE view
Severity: Minor Warning
Rationale: ALL_SOURCE view contains source of all stored packages in the database.
Description: Ensures SELECT privilege is never granted to any DBA_ view
Severity: Warning
Rationale: The DBA_* views provide access to privileges and policy settings of the database. Some of these views also allow viewing of sensitive PL/SQL code that can be used to understand the security policies.
Description: Ensures restricted access to ROLE_ROLE_PRIVS view
Severity: Minor Warning
Rationale: Lists roles granted to other roles. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures restricted access to LINK$ table
Severity: Minor Warning
Rationale: A knowlegeable and malicious user can gain access to user passwords from the SYS.LINK$ table.
Description: Ensures restricted access to USER_ROLE_PRIVS view
Severity: Minor Warning
Rationale: Lists the roles granted to the current user. Knowledge of the structure of roles in the database can be taken advantage of by a malicious user.
Description: Ensures restricted access to USER_TAB_PRIVS view
Severity: Minor Warning
Rationale: Lists the grants on objects for which the user is the owner, grantor or grantee. Knowledge of the grants in the database can be taken advantage of by a malicious user.
Description: Ensures SELECT privilege is not granted to any V$ synonyms
Severity: Critical
Rationale: V$ tables contain sensitive information about Oracle database and should only be accessible by system administrators. Check for any user that has access and revoke where possible
Description: Ensures SELECT privilege is not granted to any V$ Views
Severity: Critical
Rationale: V$ tables contain sensitive information about Oracle database and should only be accessible by system administrators. Check for any user that has access and revoke where possible
Description: Ensure access on X$ views is restricted
Severity: Critical
Rationale: This can lead to revealing of internal database structure information.
Description: Ensures that the crypto_checksum_type_server parameter is set to SHA1 in sqlnet.ora
Severity: Warning
Rationale: This option ensures the integrity check for communication is done using SHA1 Algorithm
Description: Ensures ALTER ANY TABLE Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing ALTER ANY TABLE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures ALTER USER Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing ALTER USER will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures AUD$ is being audited by access for all users
Severity: Critical
Rationale: Auditing AUD$ will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures CREATE ANY LIBRARY is being audited by access for all users
Severity: Critical
Rationale: Auditing CREATE ANY LIBRARY will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures CREATE LIBRARY Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing CREATE LIBRARY will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures CREATE ROLE Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing the creation of roles will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures CREATE SESSION Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing CREATE SESSION will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures CREATE USER Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing CREATE USER will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures DROP ANY PROCEDURE Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing DROP ANY PROCEDURE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures DROP ANY ROLE Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing the creation of roles will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures DROP ANY TABLE Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing DROP ANY TABLE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures EXECUTE ANY PROCEDURE Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing the creation of roles will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures every use of GRANT ANY OBJECT privilege is being audited for non-Administrative (SYSDBA) users.
Severity: Critical
Rationale: Auditing GRANT ANY OBJECT privilege will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures GRANT ANY PRIVILEGE is being audited by access for all users
Severity: Critical
Rationale: Auditing GRANT ANY PRIVILEGE will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures that insert failures are audited for critical data objects
Severity: Warning
Rationale: Not auditing insert failures for critical data objects may allow a malicious user to infiltrate system security..
Description: Ensures SELECT ANY DICTIONARY Privilege is being audited by access for all users
Severity: Critical
Rationale: Auditing SELECT ANY DICTIONARY will provide a record to ensure the appropriate use of account administration privileges. This information is also useful when investigating certain security events
Description: Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.
Description: Ensures that the sec_case_sensitive_logon parameter is set to true
Severity: Critical
Rationale: This increases the complexity of passwords and helps defend against brute force password attacks
Description: Ensure that users profile settings CONNECT_TIME have appropriate value set for the particular database and application
Severity: Critical
Rationale: Sessions held open for excessive periods of time can consume system resources and cause a denial of service for other users of the Oracle database. The CONNECT_TIME parameter limits the upper bound on how long a session can be held open. This parameter is specified in minutes. Sessions that have exceeded their connect time are aborted and rolled back
Description: Ensures that all profiles have CPU_PER_SESSION set to a reasonable number of CPU cycles
Severity: Critical
Rationale: Allowing a single application or user to consume excessive CPU resources will result in a denial of service to the Oracle database
Description: Ensure that all LOB files created by Oracle are created as SecureFiles
Severity: Critical
Rationale: For LOBs to get treated as SecureFiles, set COMPATIBILE Initialization Param to 11.1 or higher. If there is a LOB column with two partitions (one that has a tablespace for which ASSM is enabled and one that has a tablespace for which ASSM is not enabled), then LOBs in the partition with the ASSM-enabled tablespace will be treated as SecureFiles and LOBs in the other partition will be treated as BasicFile LOBs. Setting db_securefile to ALWAYS makes sure that any LOB file created is a secure file
Description: Ensures that the DISPATCHERS parameter is not set
Severity: Critical
Rationale: This will disable default ports ftp: 2100 and http: 8080. Removing the XDB ports will reduce the attack surface of the Oracle server. It is recommended to disable these ports if production usage is not required
Description: Ensures PUBLIC group is not granted EXECUTE privileges to the DBMS_LOB package
Severity: Critical
Rationale: The DBMS_LOB package can be used to access any file on the system as the owner of the Oracle software installation.
Description: Ensure PUBLIC does not have EXECUTE privilege on the UTL_FILE package
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can read and write arbitrary files in the system when granted the UTL_FILE privilege.
Description: Ensure PUBLIC does not have execute privileges on the SYS.DBMS_EXPORT_EXTENSION package
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. DBMS_EXPORT_EXTENSION can allow sql injection. Thus a malicious will be able to take advantage.
Description: Ensure PUBLIC does not have execute privileges on the SYS.DBMS_RANDOM package
Severity: Critical
Rationale: Privileges granted to the PUBLIC role automatically apply to all users. DBMS_RANDOM can allow sql injection. Thus a malicious will be able to take advantage.
Description: Ensures SELECT ANY PRIVILEGE is never granted to any user or role
Severity: Warning
Rationale: The SELECT ANY TABLE privilege can be used to grant users or roles with the ability to view data in tables that are not owned by them. A malicious user with access to any user account that has this privilege can use this to gain access to sensitive data.
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group
Severity: Critical
Rationale: The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. Initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.
Description: Ensures that Oracle is not installed on a domain controller
Severity: Warning
Rationale: Installing Oracle on a domain controller can cause serious security issues.
Description: On Windows, ensures that the installed Oracle Home drive is not accessible to Everyone Group
Severity: Warning
Rationale: Giving permission of Oracle installed drive to everyone can cause serious security issues.
Description: Ensure that users profile settings LOGICAL_READS_ PER_SESSION have appropriate value set for the particular database and application
Severity: Critical
Rationale: Allowing a single application or user to perform excessive amounts of reads to disk will result in a denial of service to the Oracle database
Description: Ensures database accounts does not rely on OS authentication
Severity: Critical
Rationale: If the host operating system has a required userid for database account for which password is set EXTERNAL, then Oracle does not check its credentials anymore. It simplyassumes the host must have done its authentication and lets the user into the database without any further checking.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs directory is a valid directory owned by Oracle software owner
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the server's archive logs are not accessible to public
Severity: Critical
Rationale: LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.
Description: Ensures that the name of a database link is the same as that of the remote database
Severity: Warning
Rationale: Database link names that do not match the global names of the databases to which they are connecting can cause an administrator to inadvertently give access to a production server from a test or development server. Knowledge of this can be used by a malicious user to gain access to the target database.
Description: Ensures $ORACLE_HOME/network/admin ownership is restricted to the Oracle software set and DBA group
Severity: Warning
Rationale: Not restricting ownership of network/admin to the Oracle software set and DBA group may cause security issues by exposing net configuration data to malicious users
Description: Ensure roles are stored, managed, and protected in the database rather than files external to the DBMS.
Severity: Warning
Rationale: If Roles are managed by OS, it can cause serious security issues.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database servicesit knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database servicesit knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database servicesit knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle HTTP Server distributed configuration file ownership is restricted to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures Oracle HTTP Server Distributed Configuration Files permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.
Description: Ensures Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Ensures Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data like the tracing directory location, dbsnmp address, etc.
Description: Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) contains the Database Access Descriptors used for authentication. A publicly accessible mod_plsql configuration file can allow a malicious user to modify the Database Access Descriptor settings to gain access to PL/SQL applications or launch a Denial Of Service attack.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that all files in the ORACLE_HOME/bin folder do not have public write permission
Severity: Warning
Rationale: Incorrect file permissions on some of the Oracle files can cause major security issues.
Description: Ensures that the client log directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the client trace directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that all incomplete inbound connections to Oracle Net has a limited lifetime
Severity: Warning
Rationale: Without this parameter or assigning it with a higher value , a client connection to the database server can stay open indefinitely or for the specified duration without authentication. Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.
Description: Ensures that the ssl_cert_revocation parameter is set to recommended value in sqlnet.ora
Severity: Warning
Rationale: This option Ensures revocation is required for checking CRLs for client certificate authentication. Revoked certificates can pose a threat to the integrity of the SSL channel and should not be trusted
Description: Ensures ssl_server_dn_match is enabled in sqlnet.ora and in turn SSL ensures that the certificate is from the server
Severity: Warning
Rationale: If ssl_server_dn_match parameter is disabled, then SSL performs the check but allows the connection, regardless if there is a match. Not enforcing the match allows the server to potentially fake its identity.
Description: Ensures that the server log directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that the server trace directory is a valid directory owned by Oracle set
Severity: Critical
Rationale: Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
Description: Ensures that sqlnet.expire_time parameter is set to recommended value.
Severity: Warning
Rationale: if sqlnet.expire_time is not set or set to 0, then database never checks for dead connection and they keeps consuming database server resources.
Description: Ensures that tcp.validnode_checking parameter is set to yes.
Severity: Minor Warning
Rationale: Not setting valid node check can potentially allow anyone to connect to the sever, including a malicious user.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) is owned by Oracle software owner
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database username and password that can be used access sensitive data or to launch further attacks.
Description: Ensures Oracle XSQL configuration file (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database username and password that can be used access sensitive data or to launch further attacks.
Description: Ensures Oracle XSQL Configuration File (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database username and password that can be used access sensitive data or to launch further attacks.
Description: Avoids negative impact on database performance and disk space usage, caused by data collected by otrace
Severity: Warning
Rationale: Performance and resource utilization data collection can have a negative impact on database performance and disk space usage.
Description: Ensure that users PRIVATE_SGA profile settings have appropriate values set for the particular database and application
Severity: Critical
Rationale: Allowing a single application or user to consume the excessive amounts of the System Global Area will result in a denial of service to the Oracle database
Description: Ensures that all profiles have PASSWORD_REUSE_MAX set to a reasonable number of times
Severity: Warning
Rationale: Old passwords are usually the best guesses for the current password. A low value for the PASSWORD_REUSE_MAX parameter may cause serious database security issues by allowing users to reuse their old passwords more often.
Description: Ensures that all profiles have PASSWORD_REUSE_TIME set to a reasonable number of days
Severity: Critical
Rationale: A low value for the PASSWORD_REUSE_TIME parameter may cause serious database security issues by allowing users to reuse their old passwords more often.
Description: Ensures that the proxy accounts have limited privileges
Severity: Warning
Rationale: The proxy user only needs to connect to the database. Once connected it will use the privileges of the user it is connecting on behalf of. Granting any other privilege than the CREATE SESSION privilege to the proxy user is unnecessary and open to misuse.
Description: Ensures that value of parameter SEC_RETURN_SERVER_RELEASE_BANNER is FALSE
Severity: Critical
Rationale: If the Parameter SEC_RETURN_SERVER_RELEASE_BANNER is TRUE oracle database returns complete database version information to clients. Knowing the exact patch set can aid an attacker
Description: Ensures privileged users are authenticated by the operating system; that is, Oracle ignores any password file
Severity: Minor Warning
Rationale: The REMOTE_LOGIN_PASSWORDFILE parameter specifies whether or not Oracle checks for a password file. Because password files contain the passwords for users, including SYS, the most secure way of preventing an attacker from connecting through brute-force password-related attacks is to require privileged users be authenticated by the operating system.
Description: Ensures that the sqlnet.ora file is not accessible to public
Severity: Critical
Rationale: If sqlnet.ora is public readable a malicious user may attempt to read this hence could lead to sensitive information getting exposed .For example, log and trace destination information of the client and server.
Description: Ensures that the sqlnet.ora file is not accessible to public
Severity: Critical
Rationale: If sqlnet.ora is public readable a malicious user may attempt to read this hence could lead to sensitive information getting exposed .For example, log and trace destination information of the client and server.
Description: Ensures that all profiles have SESSIONS_PER_USER set to a reasonable number
Severity: Critical
Rationale: Allowing an unlimited amount of sessions per user can consume Oracle resources and cause a denial of service. Limit the number of session for each individual user
Description: Ensures SQL*Plus ownership is restricted to the Oracle software set and DBA group
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Not restricting ownership of SQL*Plus to the Oracle software set and DBA group may cause security issues by exposing sensitive data to malicious users.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: Ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: SQL*Plus allows a user to execute any SQL on the database. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.
Description: On UNIX systems, ensures that AUDIT_SYSLOG_LEVEL is set to a non-default value when OS-level auditing is enabled.
Severity: Warning
Rationale: Setting the AUDIT_SYSLOG_LEVEL initialization parameter to the default value (NONE) will result in DBAs gaining access to the OS audit records
Description: Ensure system privileges are not granted to PUBLIC
Severity: Critical
Rationale: Privileges granted to the public role automatically apply to all users. There are security risks granting SYSTEM privileges to all users.
Description: Ensures tkprof executable file is owned by Oracle software owner
Severity: Warning
Rationale: Not restricting ownership of tkprof to the Oracle software set and DBA group may cause information leak.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures tkprof executable file permissions are restricted to read and execute for the group, and inaccessible to public
Severity: Warning
Rationale: Excessive permission for tkprof leaves information within, unprotected.
Description: Ensures database users are allocated a limited tablespace quota
Severity: Warning
Rationale: Granting unlimited tablespace quotas can cause the filling up of the allocated disk space. This can lead to an unresponsive database.
Description: Ensures that archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. Only applicable if database is in archivelog mode
Severity: Critical
Rationale: Setting the LOG_ARCHIVE_START initialization parameter to TRUE ensures that the archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. This feature is only applicable if the database is in archivelog mode.
Description: Ensures use of SQL92 security features
Severity: Warning
Rationale: If SQL92 security features are not enabled, a user might be able to execute an UPDATE or DELETE statement using a WHERE clause without having select privilege on a table.
Description: Ensures externally identified users specify the domain while connecting
Severity: Critical
Rationale: This setting is only applicable to Windows systems. If externally identified accounts are required, setting OSAUTH_PREFIX_DOMAIN to TRUE in the registry forces the account to specify the domain. This prevents spoofing of user access from an alternate domain or local system.
Description: Ensure that the UTL_FILE_DIR initialization parameter is not used in Oracle9i Release 1 and later
Severity: Critical
Rationale: Specifies the directories which UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories could expose them to all users having execute privilege on UTL_FILE package.
Description: Ensures Webcache initialization file (webcache.xml) is owned by Oracle software owner
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures the Webcache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group
Severity: Warning
Rationale: Webcache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Webcache initialization file can be used to extract sensitive data like the administrator password hash.
Description: Ensures Oracle service does not have permissions on windows tools
Severity: Warning
Rationale: Granting Oracle service the permissions of windows tools may cause serious securty issues.
Description: Ensures that tcp.excludeded_nodes parameter is set.
Severity: Warning
Rationale: Not setting valid node check can potentially allow anyone to connect to the sever, including a malicious user.
The compliance rules for the Patchable Configuration For Oracle Database standard follow.
The compliance rules for the Storage Best Practices For Oracle Database standard follow.
Description: Checks if the DEFAULT_PERMANENT_TABLESPACE database property is set to a system tablespace
Severity: Warning
Rationale: If not specified explicitly, DEFAULT_PERMANENT_TABLESPACE is defaulted to the SYSTEM tablespace. This is not the recommended setting. With this setting, any user that is not explicitly assigned a tablespace uses the system tablespace. Doing so may result in performance degradation for the database. This is also a security issue. Non-system users may store data and consume all available space in the system tablespace, thus causing the database to stop working.
Description: Checks if the DEFAULT_TEMP_TABLESPACE database property is set to a system tablespace
Severity: Warning
Rationale: If not specified explicitly, DEFAULT_TEMP_TABLESPACE would default to SYSTEM tablespace and this is not a recommended setting. With this setting, any user that is not explicitly assigned a temporary tablespace uses the system tablespace as their temporary tablespace. System tablespaces should not be used to store temporary data. This is also a security issue. Non-system users may store data and consume all available space in the system tablespace, thus causing the database to stop working.
Description: Checks for dictionary managed tablespaces
Severity: Minor Warning
Rationale: These tablespaces are dictionary managed. Oracle recommends using locally managed tablespaces, with AUTO segment-space management, to enhance performance and ease of space management.
Description: Checks for use of less than three redo logs
Severity: Warning
Rationale: The online redo log files are used to record changes in the database. When archiving is enabled, these online redo logs need to be archived before they can be reused. Every database requires at least two online redo log groups to be up and running. When the size and number of online redo logs are inadequate, LGWR will wait for ARCH to complete its writing to the archived log destination, before it overwrites that log. This can cause severe performance slowdowns during peak activity periods.
Description: Checks for redo log files less than 1 Mb
Severity: Critical
Rationale: Small redo logs cause system checkpoints to continuously put a high load on the buffer cache and I/O system.
Description: Checks for data segments owned by non-system users located in tablespaces SYSTEM, SYSAUX and SYSEXT.
Severity: Minor Warning
Rationale: These segments belonging to non-system users are stored in system tablespaces SYSTEM or SYSAUX or SYSEXT. This violation makes it more difficult to manage these data segments and may result in performance degradation in the system tablespace. This is also a security issue. If non-system users are storing data in a system tablespace it is possible that all available space in the system tablespace may be consumed, thus causing the database to stop working.
Description: Checks for non-system users using SYSTEM or SYSAUX as the default tablespace
Severity: Minor Warning
Rationale: These non-system users use a system tablespace as the default tablespace. This violation will result in non-system data segments being added to the system tablespace, making it more difficult to manage these data segments and possibly resulting in performance degradation in the system tablespace. This is also a security issue. All Available space in the system tablespace may beconsumed, thus causing the database to stop working.
Description: Checks for dictionary managed or migrated locally managed tablespaces with non-uniform default extent size
Severity: Minor Warning
Rationale: Dictionary managed or migrated locally managed tablespaces using non-uniform default extent sizes have been found. This means that the extents in a single tablespace will vary insize leading to fragmentation, inefficient space usage and performance degradation.
Description: Checks for rollback segments in SYSTEM tablespace
Severity: Minor Warning
Rationale: The SYSTEM tablespace should be reserved only for the Oracle data dictionary and its associated objects. It should NOT be used to store any other types of objects such as user tables, user indexes, user views, rollback segments, undo segments or temporary segments.
Description: Checks for locally managed tablespaces that are using MANUAL segment space management
Severity: Minor Warning
Rationale: Automatic segment-space management is a simpler and more efficient way of managing space within a segment. It completely eliminates any need to specify and tune the PCTUSED, FREELISTS and FREELIST GROUPS storage parameters for schema objects created in the tablespace. In a RAC environment there is the additional benefit of avoiding the hard partitioning of space inherent with using free list groups.
Description: Checks for tablespaces containing both rollback and data segments
Severity: Minor Warning
Rationale: These tablespaces contain both rollback and data segments. Mixing segment types in this way makes it more difficult to manage space and may degrade performance in the tablespace. Use of a dedicated tablespace for rollback segments enhances availability and performance.
Description: Checks for users using a permanent tablespace as the temporary tablespace
Severity: Minor Warning
Rationale: These users use a permanent tablespace as the temporary tablespace. Using temporary tablespaces allows space management for sort operations to be more efficient. Using a permanent tablespace for these operations may result in performance degradation, especially for Real Application Clusters. There is an additional security concern. This makes it possible for users to use all available space in the system tablespace, causing the database to stop working.