| Oracle® Enterprise Manager Policy Reference Manual 10g Release 5 (10.2.0.5) Part Number B16231-02 |
|
|
PDF · Mobi · ePub |
| Oracle® Enterprise Manager Policy Reference Manual 10g Release 5 (10.2.0.5) Part Number B16231-02 |
|
|
PDF · Mobi · ePub |
This chapter provides the following information for each of the Listener policies:
Brief description of the policy
Summary of the policy's main properties
Default values for the policy: parameters with their default values and objects excluded by default
Impact of the policy violation
Action to perform when the violation occurs
The Listener policies are categorized as follows:
The security policies for the Listener target on UNIX are:
This policy ensures that the server allows logon from clients with a matching version or higher only.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The SQLNET.ALLOWED_LOGON_VERSION parameter is set to %version%. |
Footnote 1 The policy rule is evaluated each time its underlying sqlnetAllowedLogonVersionRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
None
Setting the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to a version lower than the server version will force the server to use a less secure authentication protocol.
Set the parameter SQLNET.ALLOWED_LOGON_VERSION in sqlnet.ora to the server's major version. Setting this value to older versions could expose vulnerabilities that may have existed in the authentication protocols.
This policy ensures that the default name of the listener is not used.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The listener is addressed by the default name. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrDefaultNameMetricRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
Having a listener with the default name increases the risk of unauthorized access and denial of service attacks.
Avoid having a listener with the default name (LISTENER).
This policy ensures that no runtime modifications to the listener configuration is allowed.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. Direct administration is enabled. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrDirectAdminMetricRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
A malicious user who has access to a running listener can perform runtime modifications (for example, SET operations) using the lsnrctl program.
All listeners must have direct administration disabled. Set ADMIN_RESTRICTIONS_<listener_name> to ON in listener.ora.
This policy ensures that the listener log file is owned by the Oracle software owner.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The listener log file %file_name% is owned by %file_owner%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrLogFileOwnerMetricRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
The information in the log file can reveal important network and database connection details. Having a log file not owned by the Oracle software owner can expose them to public scrutiny with possible security implications.
The listener log file must be owned by Oracle software owner.
This policy ensures that the listener log file cannot be read by or written to by public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The listener log file %file_name% has permission %file_permission%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrLogFilePermMetricRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
The information in the log file can reveal important network and database connection details. Allowing access to the log file can expose them to public scrutiny with possible security implications.
The listener log file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.
This policy ensures that listener logging is enabled.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. Logging is not enabled. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrLogStatusMetricRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
Without listener logging attacks on the listener can go unnoticed.
Enable listener logging by setting the LOG_STATUS parameter to ON.
This policy ensures that access to listener is password protected.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. Listener %listener% is running without password protection. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrPasswdMetricRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
Without password protection, a user can gain access to the listener. Once someone has access to the listener, he or she can stop the listener. He or she can also set a password and prevent others from managing the listener.
All listeners should be protected by a non-trivial password using the CHANGE_PASSWORD command.
This policy ensures that the listener trace directory is a valid directory owned by Oracle software owner.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The listener trace directory %dir_name% is owned by %dir_owner%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceDirOwnMetricRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Having a trace directory not owned by the Oracle software owner can expose the trace files to public scrutiny with possible security implications.
The listener trace directory must be owned by the Oracle software owner.
This policy ensures that the listener trace directory does not have public read or write permissions.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The listener trace directory %dir_name% has permission %dir_permission%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceDirPermMetricRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Allowing access to the trace directory can expose them to public scrutiny with possible security implications.
The listener trace directory must not allow public to read or write to it. Restrict the directory permission to Oracle software owner and DBA group.
This policy ensures that the listener trace file owner is the same as the Oracle software owner.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The listener trace file %file_name% is owned by %file_owner%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceFileOwnMetricRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Having trace files not owned by the Oracle software owner can expose them to public scrutiny with possible security implications.
The listener trace file must be owned by Oracle software owner.
This policy ensures that the listener trace file is not accessible to public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The listener trace file %file_name% has permission %file_permission%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceFilePermMetricRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Allowing access to the trace files can expose them to public scrutiny with possible security implications.
The listener trace file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.
This policy ensures that the file permissions for listener.ora are restricted to the owner of Oracle software.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. Permissions of listener.ora are not restricted to the Oracle set. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrOraPermRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
If the listener.ora file is public readable, passwords may be extracted from this file. This can also lead to exposure of detailed information on the Listener, database, and application configuration. Also, if public has write permissions, a malicious user can remove any password that has been set on the listener.
Listener.ora permissions should be restricted to the owner of Oracle software installation and DBA group.
This policy ensures that all incomplete inbound connections to Oracle Listener has a limited lifetime. The INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file specifies the maximum amount of time the Oracle Connection Manager listener will wait for a valid connection request from the client before timing out.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Database is in an insecure state. lsnr.inbound_connect_timeout parameter is set to %value%. |
Footnote 1 The policy rule is evaluated each time its underlying Lsnr_Inbound_Connect_Timeout_Rep metric is collected.
Parameters and Their Default Values
Parameter name: DFLT_VAL
Default value: 20
Objects Excluded by Default
Not Applicable
The limit imposed by the INBOUND_CONNECT_TIMEOUT_listener_name parameter protects the listener from consuming and holding resources for client connection requests that do not complete. A malicious user could use this to flood the listener with requests that result in a denial of service to authorized users.
Set the lowest possible value for the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file. Ensure that the value of this parameter is lower than the value of the SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file
This policy ensures that the client log directory is a valid directory owned by Oracle set with no permissions to the PUBLIC role.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The client log directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying clientLogDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The client log directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the client log directory is a valid directory owned by Oracle set with no permissions to the PUBLIC role.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The client log directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying clientLogDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The client log directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to the public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The client trace directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying clientTrcDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The client trace directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to the public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The client trace directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying clientTrcDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The client trace directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that all incomplete inbound connections to Oracle Net have a limited lifetime. The SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file specifies the maximum amount of time the Oracle Net will wait for a valid connection request from the client before timing out.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Database is in an insecure state. sqlnet.inbound_connect_timeout parameter is set to %value%.. |
Footnote 1 The policy rule is evaluated each time its underlying Sqlnet_Inbound_Connect_Timeout_Rep metric is collected.
Parameters and Their Default Values
Parameter name: DFLT_VAL
Default value: 30
Objects Excluded by Default
Not Applicable
Without the SQLNET.INBOUNT_CONNECT_TIMEOUT parameter or assigning it with a higher value, a client connection to the database server can stay open indefinitely or for the specified duration without authentication.
Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.
Set the lowest possible value for the SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file. Ensure that the value of this parameter is higher than the value of INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file.
This policy ensures that the server log directory is a valid directory owned by Oracle set with no permissions to the public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The server log directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying svrLogDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The server log directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the server log directory is a valid directory owned by Oracle set with no permissions to the public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The server log directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying svrLogDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The server log directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to the public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The server trace directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying svrTrcDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The server trace directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to the public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The server trace directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying svrTrcDirRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The server trace directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures the SSL_SERVER_DN_MATCH parameter is enabled in the sqlnet.ora file and in turn SSL ensures that the certificate is from the server.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours | Yes | Database is in an insecure state. ssl_server_dn_match parameter is set to %value% |
Footnote 1 The policy rule is evaluated each time its underlying Sql_Server_DN_Match_Rep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
If the SSL_SERVER_DN_MATCH parameter is disabled, then SSL performs the check but allows the connection, regardless if there is a match or not. Not enforcing the match allows the server to potentially fake its identity.
Enable the SSL_SERVER_DN_MATCH parameter in the sqlnet.ora file.
This policy ensures that the sqlnet.ora file is not accessible to the public.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The sqlnet.ora file has permission %permission%. |
Footnote 1 The policy rule is evaluated each time its underlying sqlnetOraPermRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
If the sqlnet.ora file is public readable, a malicious user may attempt to read this file which could lead to sensitive information being exposed. For example, log and trace destination information of the client and server could be exposed.
Public should not be given any permissions on the sqlnet.ora file.
This policy ensures a frequent check for dead connections on Oracle Net. The sqlnet.expire_time parameter in sqlnet.ora specify the interval for checking dead connection.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in insecure state. The sqlnet.expirt_time is set to %expiretime%.. |
Footnote 1 The policy rule is evaluated each time its underlying sqlnetExpireTimeRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
If sqlnet.expire_time is not set or set to 0, then the database never checks for dead connection and it keeps consuming database server resources.
Set sqlnet.expire_time to a recommended value which should be greater than zero. Oracle recommends 10.
This policy ensures that tcp.validnode_checking parameter is set to yes in sqlnet.ora.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in insecure state. The tcp.validnode_checking is set to %validnode%The database is in an insecure state. The client trace directory %dir_name% has permission %permissions%. |
Footnote 1 The policy rule is evaluated each time its underlying validnodeCheckRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
Not setting valid node check can potentially allow anyone to connect to the server, including a malicious user.
Set tcp.validnode_checking to yes, hence server can allow/deny access using TCL.EXCLUDED_NODES and TCP.INVITED_NODES.
This policy ensures that the listener host is specified as IP address and not hostname in the listener.ora file.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Host is not specified as IP address in listener.ora. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrHostNameMetricRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
An insecure Domain Name System (DNS) Server can be taken advantage of for mounting a spoofing attack. Name server failure can result in the listener unable to resolved the host.
Host should be specified as IP address in listener.ora.
The security policies for the Listener target on Windows are:
This policy ensures that the listener log file cannot be read by or written to by public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state.The users %users% have critical permissions on the listener log file %file_name%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrLogFilePermMetricNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
The information in the log file can reveal important network and database connection details. Allowing access to the log file can expose them to public scrutiny with possible security implications.
The listener log file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.
This policy ensures that the listener trace directory does not have public read or write permissions. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The users %users% have critical permissions on the listener trace directory %dir_name%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceDirPermMetricNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Allowing access to the trace directory can expose them to public scrutiny with possible security implications.
The listener trace directory must not allow public to read or write to it. Restrict the directory permission to Oracle software owner and DBA group.
This policy ensures that the listener trace file is not accessible to public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Informational | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. The users %users% have critical permissions on the listener trace file %file_name%. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrTraceFilePermMetricNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Allowing access to the trace files can expose them to public scrutiny with possible security implications.
The listener trace file must not allow public to read or write to it. Restrict the file permission to Oracle software owner and DBA group.
This policy ensures that the file permissions for listener.ora are restricted to the owner of Oracle software. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Warning | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Listener is in an insecure state. Permissions of listener.ora are not restricted to the Oracle set. |
Footnote 1 The policy rule is evaluated each time its underlying lsnrOraPermNTRep metric is collected.
Parameters and Their Default Values
None
Objects Excluded by Default
Not Applicable
If the listener.ora file is public readable, passwords may be extracted from this file. This can also lead to exposure of detailed information on the Listener, database, and application configuration. Also, if public has write permissions, a malicious user can remove any password that has been set on the listener.
Listener.ora permissions should be restricted to the owner of Oracle software installation and DBA group.
This policy ensures that the client log directory is a valid directory owned by Oracle set with no permissions to the PUBLIC role. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state.The users %users% have critical permissions on the client log directory %dir_name%. |
Footnote 1 The policy rule is evaluated each time its underlying clientLogDirNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The client log directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the client trace directory is a valid directory owned by Oracle set with no permissions to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The users %users% have critical permissions on the client trace directory %dir_name%. |
Footnote 1 The policy rule is evaluated each time its underlying clientTrcDirNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The client trace directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the server log directory is a valid directory owned by Oracle set with no permissions to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The users %users% have critical permissions on the server log directory %dir_name%. |
Footnote 1 The policy rule is evaluated each time its underlying svrLogDirNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Log files provide information contained in an error stack. An error stack refers to the information that is produced by each layer in an Oracle communications stack as the result of a network error. The information in log files can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The server log directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the server trace directory is a valid directory owned by Oracle set with no permissions to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | The database is in an insecure state. The users %users% have critical permissions on the server trace directory %dir_name%. |
Footnote 1 The policy rule is evaluated each time its underlying svrTrcDirNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
Tracing produces a detailed sequence of statements that describe network events as they are executed. Tracing an operation enables you to obtain more information on the internal operations of the components of Oracle Net Services than is provided in a log file. The information in this file can reveal important network and database connection details. Allowing access to the log directory can expose the log files to public scrutiny.
The server trace directory must be a valid directory owned by the Oracle set with no permissions to public.
This policy ensures that the sqlnet.ora file is not accessible to the public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.
The following table lists the policy's main properties.
| Severity | Category | Target Type | Versions Affected | Policy Rule EvaluationFoot 1 | Automatically Enabled? | Alert Message |
|---|---|---|---|---|---|---|
| Critical | Security | Listener | Oracle Server 8 or later | The underlying metric has a collection frequency of once every 24 hours. | Yes | Database is in insecure state. The users %users% have critical permissions on the sqlnet.ora file. |
Footnote 1 The policy rule is evaluated each time its underlying sqlnetOraPermNTRep metric is collected.
Parameters and Their Default Values
Not Applicable
Objects Excluded by Default
Not Applicable
If the sqlnet.ora file is public readable, a malicious user may attempt to read this file which could lead to sensitive information being exposed. For example, log and trace destination information of the client and server could be exposed.
Public should not be given any permissions on the sqlnet.ora file.
|
 Copyright © 2005, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
