3.3 Default Security Settings Implemented by OEDA

Oracle Exadata Deployment Assistant (OEDA) includes a step to implement default security settings on Oracle Exadata.

The last OEDA configuration step, Secure Oracle Exadata Database Machine, implements the following security settings:

• The following password rules apply by default for all operating system users on the database servers and storage servers:

  • Non-root users must change their password during first login.

  • The password complexity rules depend on the Oracle Linux version in use.

    For systems with Oracle Linux 7 or later:

    • The minimum password length is 8 characters,

    • The password must contain at least one digit, one uppercase character, one lowercase character, and one other character.

    • The password must not contain the same character consecutively more than 3 times.

    • The password must not contain more than 4 consecutive characters from the same class (digits, lowercase letters, uppercase letters, or other characters).

    • For password changes, the new password must contain a minimum of 8 character changes.

    For systems with Oracle Linux 6 or earlier, the minimum password length is 5 characters with no additional complexity requirements.

  • The maximum password age is 60 days.

  • The minimum amount of time between password changes is 1 day.

  • Warning alerts are generated 7 days before password expiry.

  • When changing a user password, the new password cannot match any of the 10 previous passwords.

• An operating system user account is locked for 15 minutes after three failed login attempts within a 15-minute period.

• Login sessions automatically terminate after 14400 seconds of no input.

• SSH sessions automatically terminate after 600 seconds of inactivity.

• For the root user, SSH equivalency is removed for all database servers and storage servers.