4 Database Instance Policies

4.1.1 Disabled Automatic Statistics Collection

This policy checks if the STATISTICS_LEVEL initialization parameter is set to BASIC.

The STATISTICS_LEVEL initialization parameter has three valid settings, TYPICAL, ALL, and BASIC.

• The default setting of TYPICAL ensures collection of all major statistics required for database self-management and functionality and provides best overall performance. The default value should be adequate for most environments.

• Setting the parameter to ALL collects all the same statistics that are collected with the TYPICAL setting, plus timed OS and plan execution statistics.

• Setting the parameter to BASIC disables the collection of many important statistics that are required by Oracle Database features and functionality.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

STATISTICS_LEVEL: TYPICAL

Objects Excluded by Default

Not Applicable

Impact of Violation

Automatic statistics collection allows the optimizer to generate accurate execution plans and is essential for identifying and correcting performance problems. By default, STATISTICS_LEVEL is set to TYPICAL. If the STATISTICS_LEVEL initialization parameter is set to BASIC, the collection of many important statistics, required by Oracle database features and functionality, are disabled.

Action

Set the STATISTICS_LEVEL initialization parameter to TYPICAL.

4.1.2 Force Logging Disabled

When Data Guard Broker is being used, this policy checks the primary database for disabled force logging.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params and ha_info metrics are collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The primary database is not in force logging mode. As a result, unlogged direct writes in the primary database cannot be propagated to the standby database.

Action

The primary database should be put in force logging mode using the ALTER DATABASE FORCE LOGGING parameter.

4.1.3 Insufficient Number of Control Files

This policy checks for use of a single control file.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_controlfiles metric are collected.

Defaults

Parameters and Their Default Values

Parameter default values are dependent on the version of the Oracle Database target. Refer to the Oracle Database documentation for that version of the database target to learn about the parameters and their default values.

Objects Excluded by Default

Not Applicable

Impact of Violation

The control file is one of the most important files in an Oracle database. It maintains many physical characteristics and important recovery information about the database. If you lose the only copy of the control file due to a media error, there will be unnecessary down time and other risks.

Action

Use at least two control files that are multiplexed on different disks.

4.1.4 Insufficient Number of Redo Logs

This policy checks for use of less than three redo logs.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_redoLogs metric is collected.

Defaults

Parameters and Their Default Values

Parameter default values are dependent on the version of the Oracle Database target. Refer to the Oracle Database documentation for that version of the database target to learn about the parameters and their default values.

Objects Excluded by Default

Not Applicable

Impact of Violation

The online redo log files are used to record changes in the database for the purposes of recoverability. When archiving is enabled, these online redo logs need to be archived before they can be reused. Every database requires at least two online redo log groups to be up and running. When the size and number of online redo logs are inadequate, LGWR will wait for ARCH to complete its writing to the archived log destination, before it overwrites that log. This can cause severe performance slowdowns during peak activity periods.

Action

Oracle recommends having at least three online redo log groups with at least two members in each group. For obvious reasons, members of the same group must be on different disk drives.

4.1.5 Not Using Automatic PGA Management

This policy checks if the PGA_AGGREGATE_TARGET initialization parameter has a value of 0 or if WORKAREA_SIZE_POLICY has value of MANUAL.

This parameter automatically controls the amount of memory allocated for sorts and hash joins. Larger amounts of memory allocated for sorts or hash joins reduce the optimizer cost of these operations.

• For OLTP systems, the PGA memory typically accounts for a small fraction of the total memory available (for example, 20%), leaving 80% for the SGA.

• For DSS systems running large, memory-intensive queries, PGA memory can typically use up to 70% of that total (up to 2.2 GB in this example).

Good initial values for the parameter PGA_AGGREGATE_TARGET might be:

• For OLTP: PGA_AGGREGATE_TARGET = (total_mem * 80%) * 20%

• For DSS: PGA_AGGREGATE_TARGET = (total_mem * 80%) * 50% where total_mem is the total amount of physical memory available on the system.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

PGA_AGGREGATE_TARGET: 0

WORKAREA_SIZE_POLICY: MANUAL

Objects Excluded by Default

Not Applicable

Impact of Violation

Automatic PGA memory management simplifies and improves the way PGA memory is allocated. When enabled, Oracle can dynamically adjust the portion of the PGA memory dedicated to work areas while honoring the PGA_AGGREGATE_TARGET limit set by the DBA.

Action

Enable Automatic PGA Memory Management and set the PGA_AGGREGATE_TARGET initialization parameter to a non-zero number. Use Oracle PGA advice to help set PGA_AGGREGATE_TARGET to the best size.

4.1.6 Not Using Automatic Undo Management

This policy checks for automatic undo space management not being used.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

Parameter default values are dependent on the version of the Oracle Database target. Refer to the Oracle Database documentation for that version of the database target to learn about the parameters and their default values.

Objects Excluded by Default

None

Impact of Violation

Not using automatic undo management can cause unnecessary contention and performance issues in your database. This may include among other issues, contention for the rollback segment header blocks, in the form of buffer busy waits and increased probability of ORA-1555s (Snapshot Too Old).

Action

Use automatic undo space management instead of manual undo or rollback segments.

4.1.7 Not Using Spfile

This policy checks for spfile not being used.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

Parameter default values are dependent on the version of the Oracle Database target. Refer to the Oracle Database documentation for that version of the database target to learn about the parameters and their default values.

Objects Excluded by Default

Not Applicable

Impact of Violation

The SPFILE (server parameter file) enables you to persist any dynamic changes to the Oracle initialization parameters using ALTER SYSTEM commands. This persistence is provided across database shutdowns. When a database has an SPFILE configured, you do not have to remember to make the corresponding changes to the Oracle initialization file. In addition, any changes that are made using the ALTER SYSTEM commands are not lost after a shutdown and restart.

Action

Use the server side parameter file to update changes dynamically.

4.1.8 Recovery Area Location Not Set

This policy checks if the DB_RECOVERY_FILE_DEST initialization parameter is set.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Not setting the recovery area location results in a divided storage location for all recovery components.

Action

Set the recovery area location to provide a unified storage location for all recovery components.

4.1.9 STATISTICS_LEVEL Parameter Set to ALL

This policy checks if the STATISTICS_LEVEL initialization parameter is set to ALL.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

Parameter default values are dependent on the version of the Oracle Database target. Refer to the Oracle Database documentation for that version of the database target to learn about the parameters and their default values.

Objects Excluded by Default

Not Applicable

Impact of Violation

When the database collects more statistics than are actually needed, this creates additional overhead on the system.

Action

Collect only those statistics that are needed.

4.1.10 TIMED_STATISTICS Set to FALSE

This policy ensures that the TIMED_STATISTICS initialization parameter is set to TRUE.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying DB_INIT_PARAMS metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Setting the TIMED_STATISTICS parameter to FALSE prevents time related statistics, for example, execution time for various internal operations, from being collected. These statistics are useful for diagnostic and performance tuning. Setting TIMED_STATISTICS to TRUE allows time-related statistics to be collected, and also provides more value to the trace file and generates more accurate statistics for long-running operations.

Action

Set the TIMED_STATISTICS Initialization Parameter to TRUE in the “All Initialization Parameters” page.

4.1.11 Use of Non-Standard Initialization Parameters

This policy checks for use of non-standard initialization parameters.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

Parameter default values are dependent on the version of the Oracle Database target. Refer to the Oracle Database documentation for that version of the database target to learn about the parameters and their default values.

Objects Excluded by Default

Parameters starting with two underscore characters (__). These parameters are special and are reserved for the Oracle Database.

Impact of Violation

Non-standard initialization parameters are being used. These may have been implemented based on poor advice or incorrect assumptions. In particular, parameters associated with SPIN_COUNT on latches and undocumented optimizer features can cause a great deal of problems that can require considerable investigation.

Action

Avoid use of non-standard initialization parameters.

4.2.1 Access to %_CATALOG_%

This policy ensures that the grant of %_CATALOG_% is restricted.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying catalogRolesRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

%_CATALOG_% Roles have critical access to database objects that can lead to exposure of vital information in a database system.

Action

Do not assign any _CATALOG_ Role to any user.

4.2.2 Access to ALL_SOURCE View

This policy ensures restricted access to ALL_SOURCE view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying allSourceRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

ALL_SOURCE view contains the source of all the stored packages in the database.

Action

Revoke access to the ALL_SOURCE view from the non-SYS database users.

4.2.3 Access to DBA_* Views

This policy ensures SELECT privilege is never granted to any DBA_ view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying select_privilegeRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The DBA_* views provide access to privileges and policy settings of the database. Some of these views also allow viewing of sensitive PL/SQL code that can be used to understand the security policies.

Action

None of the DBA_ views should be granted SELECT privileges. If there are users with the SELECT privilege, ensure all access to the DBA_ view is audited.

4.2.4 Access to DBA_ROLE_PRIVS View

This policy ensures restricted access to DBA_ROLE_PRIVS view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbaRolePrivsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The DBA_ROLE_PRIVS view lists the roles granted to users and other roles. Knowledge of the structure of roles in the database can be exploited by a malicious user.

Action

Restrict access to DBA_ROLE_PRIVS view.

4.2.5 Access to DBA_ROLES View

This policy ensures restricted access to DBA_ROLES view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbaRoleRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

DBA_ROLES view contains details of all roles in the database. Knowledge of the structure of roles in the database can be exploited by a malicious user. For example, a public select privilege might increase the likelihood of Denial of Service attacks.

Action

Restrict access to DBA_ROLES view.

4.2.6 Access to DBA_SYS_PRIVS View

This policy ensures restricted access to DBA_SYS_PRIVS view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbaSysPrivsRec metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

DBA_SYS_PRIVS view can be queried to find system privileges granted to roles and users. Knowledge of the structure of roles in the database can be exploited by a malicious user.

Action

Restrict access to DBA_SYS_PRIVS view.

4.2.7 Access to DBA_TAB_PRIVS View

This policy ensures restricted access to DBA_TAB_PRIVS view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbaTabPrivsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Lists privileges granted to users or roles on objects in the database. Knowledge of the structure of roles in the database can be exploited by a malicious user.

Action

Restrict access to DBA_TAB_PRIVS view.

4.2.8 Access to DBA_USERS View

This policy ensures restricted access to DBA_USERS view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbaUsersRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Contains user name and password hashes and other account information. Access to this information can be used to mount brute-force attacks against the database.

Action

Restrict access to DBA_USERS view.

4.2.9 Access to ROLE_ROLE_PRIVS View

This policy ensures restricted access to ROLE_ROLE_PRIVS view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying rolerolePrivsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Lists roles granted to other roles. Knowledge of the structure of roles in the database can be exploited by a malicious user.

Action

Restrict access to ROLE_ROLE_PRIVS view.

4.2.10 Access to STATS$SQLTEXT Table

This policy ensures restricted access to the STATS$SQLTEXT table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying sqlTextRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The STATS$SQLTEXT table provides the full text of the recently-executed SQL statements. The SQL statements can reveal sensitive information.

Action

Restrict access to the STATS$SQLTEXT table.

4.2.11 Access to STATS$SQL_SUMMARY Table

This policy ensures restricted access to the STATS$SQL_SUMMARY table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying sqlSummaryRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Contains first few lines of SQL text of the most resource intensive commands given to the server. SQL statements executed without bind variables can appear and expose privileged information.

Action

Restrict access to the STATS$SQL_SUMMARY table.

4.2.12 Access to SYS.AUD$ Table

This policy ensures restricted access to the SYS.AUD$ table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying audTabRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The SYS.AUD$ table is the system audit table. If you set the parameter AUDIT_TRAIL to DB, all audited activity will be written to the SYS.AUD$ table. Thus a malicious user can gain access to the sensitive audit information.

Action

Revoke access to the SYS.AUD$ table from the non-DBA/SYS database users.

4.2.13 Access to SYS.LINK$ Table

This policy ensures restricted access to the SYS.LINK$ table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying linkTabRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to user names and passwords from the SYS.LINK$ table.

Action

Revoke access to SYS.LINK$ table.

4.2.14 Access to SYS.SOURCE$ Table

This policy ensures restricted access to the SYS.SOURCE$ table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying sourceTabRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to the source of all stored packages in the database.

Action

Revoke access to the SYS.SOURCE$ table from the non-SYS/DBA database users.

4.2.15 Access to SYS.USER$ Table

This policy ensures restricted access to the SYS.USER$ table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying userTabRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

User name and password hash may be read from the SYS.USER$ table, enabling a malicious user to launch a brute-force attack against the database.

Action

Restrict access to SYS.USER$ table.

4.2.16 Access to SYS.USER_HISTORY$ Table

This policy ensures restricted access to the SYS.USER_HISTORY$ table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying userHistRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

User name and password hash may be read from the SYS.USER_HISTORY$ table, enabling a malicious user to launch a brute-force attack.

Action

Revoke access to SYS.USER_HISTORY$ table from the non-DBA/SYS database users.

4.2.17 Access to USER_ROLE_PRIVS View

This policy ensures restricted to the USER_ROLE_PRIVS view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying userRolePrivsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Lists the roles granted to the current user. Knowledge of the structure of roles in the database can be exploited by a malicious user.

Action

Restrict access to the USER_ROLE_PRIVS view.

4.2.18 Access to USER_TAB_PRIVS View

This policy ensures restricted access to the USER_TAB_PRIVS table.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying userTabPrivsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Lists the grants on objects for which the user is the owner, grantor, or grantee. Knowledge of the grants in the database can be exploited by a malicious user.

Action

Restrict access to the USER_TAB_PRIVS view.

4.2.19 Access to X_$ Views

This policy ensures that on X$ views is restricted.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying xviewRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

This can lead to the revealing of internal database structure information.

Action

Revoke access to X_$ views.

4.2.20 Audit File Destination

This policy ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying auditFileDestRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.

Action

Restrict permissions to the Audit File directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.2.21 Audit Insert Failure

This policy ensures that insert failures are audited for critical data objects.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying backgrdDumpDestRep metric is collected.

Defaults

Parameters and Their Default Values

Parameter name: CRITICAL_OBJECT_LIST

Default value: None

Objects Excluded by Default

Not Applicable

Impact of Violation

Not auditing insert failures for critical data objects may allow a malicious user to infiltrate system security.

Action

Audit insert failures for critical data objects.

4.2.22 Auditing of SYS Operations Enabled

This policy ensures that sessions for users who connect as SYS are fully audited.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The AUDIT_SYS_OPERATIONS parameter enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges.

Action

Set the AUDIT_SYS_OPERATIONS parameter to TRUE.

4.2.23 Background Dump Destination

This policy ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying backgrdDumpDestRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.

Action

Restrict permissions to the Background Dump directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.2.24 Control File Permission

This policy ensures that access to the control files directory is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbControlFilesPermRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Control files are binary configuration files that control access to data files. Control files are stored in the directory specified by the CONTROL_FILES initialization parameter. A public write privilege on this directory could pose a serious security risk.

Action

Restrict permission to the control files to:

• Owner of the Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.2.25 Core Dump Destination

This policy ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying coreDumpDestRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.

Action

Restrict permissions to the Core Dump directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.2.26 Data Dictionary Protected

This policy ensures that data dictionary protection is enabled.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_init_params metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The 07_DICTIONARY_ACCESSIBILITY parameter controls access to the data dictionary. Setting the 07_DICTIONARY_ACCESSIBILITY to TRUE allows users with ANY system privileges to access the data dictionary. As a result, these user accounts can be exploited to gain unauthorized access to data.

Action

Set the 07_DICTIONARY_ACCESSIBILITY parameter to FALSE.

4.2.27 Default Passwords

This policy ensures there are no default passwords for known accounts.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying defaultAccountPasswordsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to the database using default passwords.

Action

Change all default passwords.

4.2.28 Enable Database Auditing

This policy ensures that database auditing is enabled.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying auditTrailRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The AUDIT_TRAIL parameter enables or disables database auditing. Auditing enhances security because it enforces accountability, provides evidence of misuse, and is frequently required for regulatory compliance. Auditing also enables system administrators to implement enhanced protections, early detection of suspicious activities, and finely-tuned security responses.

Action

Set AUDIT_TRAIL to either DB, default, or OS. Database-stored audit records can be easier to review and manage than OS-stored audit records. However, audit records stored in operating system files can be protected from DBAs by using appropriate file permissions, and will remain available even if the database is temporarily inaccessible.

4.2.29 Execute Privilege on SYS.DBMS_EXPORT_EXTENSION to PUBLIC

This policy ensures PUBLIC does not have execute privileges on the SYS.DBMS_EXPORT_EXTENSION package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbmsPkgsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Privileges granted to the PUBLIC role automatically apply to all users. DBMS_EXPORT_EXTENSION can allow sql injection. Thus a malicious user will be able to take advantage.

Action

Revoke EXECUTE privilege on SYS.DBMS_EXPORT_EXTENSION to PUBLIC.

4.2.30 Execute Privilege on SYS.DBMS_RANDOM Public

This policy ensures that PUBLIC does not have execute privileges on the SYS.DBMS_RANDOM package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbmsPkgsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Privileges granted to the PUBLIC role automatically apply to all users. DBMS_RANDOM can allow sql injection. Thus a malicious user will be able to take advantage.

Action

Revoke EXECUTE privilege on SYS.DBMS_RANDOM to PUBLIC.

4.2.31 Execute Privileges on DBMS_JOB to PUBLIC

This policy ensures PUBLIC is not granted EXECUTE privileges on DBMS_JOB package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbmsJobPrivsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Granting EXECUTE privilege to PUBLIC on DBMS_JOB package allows all users to schedule jobs on the database.

Action

PUBLIC must not be granted EXECUTE privileges on DBMS_JOB package.

4.2.32 Execute Privileges on DBMS_LOB to PUBLIC

This policy ensures PUBLIC is not granted EXECUTE privileges on DBMS_LOB package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbmsJobPrivsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The DBMS_LOB package can be used to access any file on the system as the owner of the Oracle software installation.

Action

Revoke the EXECUTE privileges on DBMS_LOB package from the PUBLIC group.

4.2.33 Execute Privileges on DBMS_SYS_SQL to PUBLIC

This policy ensures PUBLIC is not granted EXECUTE privileges on DBMS_SYS_SQL package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbmsSysSqlRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The DBMS_SYS_SQL package can be used to run PL/SQL and SQL as the owner of the procedure rather than the caller.

Action

Revoke the EXECUTE privileges on DBMS_SYS_SQL package from the PUBLIC group.

4.2.34 Execute Privileges on UTL_FILE to PUBLIC

This policy ensures the PUBLIC role does not have EXECUTE privilege on the UTL_FILE package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying pubexecutePrivilegesRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can read and write arbitrary files in the system when granted the UTL_FILE privilege.

Action

Revoke EXECUTE privileges granted to UTL_FILE package from PUBLIC.

4.2.35 Granting SELECT ANY TABLE Privilege

This policy ensures SELECT ANY TABLE privilege is never granted to any user or role.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying select_any_tableRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The SELECT ANY TABLE privilege can be used to grant users or roles with the ability to view data in tables that are not owned by them. A malicious user with access to any user account that has this privilege can use this to gain access to sensitive data.

Action

Revoke SELECT ANY TABLE privilege.

4.2.36 IFILE Referenced File Permission

This policy ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying iFileRefFilesPermRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.

Action

Restrict access to the files referenced by the IFILE initialization parameter to:

• Owner of Oracle software installation

• DBA group

Do not give read, write, and execute permissions to public.

4.2.37 Initialization Parameter File Permission

This policy ensures that access to the initialization parameter file is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying initoraPermRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Oracle traditionally stored initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.

Action

Restrict access to the initialization parameter file to:

• Owner of Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.2.38 Limit OS Authentication

This policy ensures that database accounts do not rely on OS authentication.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying userExtPassRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If the host operating system has a required userid for a database account for which password is set EXTERNAL, then Oracle does not check its credentials anymore. It simply assumes the host must have done its authentication and lets the user into the database without any further checking.

Action

Do not use OS authentication. Never create accounts identified externally.

4.2.39 Log Archive Destination Owner

This policy ensures that the server's archive logs directory is a valid directory owned by the Oracle software owner and that there are no permissions to public.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying logArchiveDestRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in the init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.

In other words, if the path or device name specified by the LOG_ARCHIVE_DEST initialization parameter is not owned by the owner of the Oracle software installation, anyone can use LogMiner to extract database information from the archive logs.

Action

Directory specified by LOG_ARCHIVE_DEST parameter should be owned by the Oracle software set.

Do not grant public read permission to the LOG_ARCHIVE_DEST initialization parameter. Restrict access to the path or device name referenced by the LOG_ARCHIVE_DEST initialization parameter to the owner of the Oracle software installation.

4.2.40 Log Archive Destination Permission

This policy ensures that the server's archive logs are not accessible to public.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying logArchiveDestRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in the init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.

Action

Permissions of the directory specified by LOG_ARCHIVE_DEST parameter should be restricted to the owner of the Oracle software set and DBA group with no permissions to public.

4.2.41 Log Archive Duplex Destination Owner

This policy ensures that the server's archive logs directory is a valid directory owned by the Oracle software owner and that there are no permissions to public.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying logArchiveDupDestRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.

In other words, if the path or device name specified by the LOG_ARCHIVE_DUPLIEX_DEST initialization parameter is not owned by the owner of the Oracle software installation, anyone can use LogMiner to extract database information from the archive logs.

Action

Directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter should be owned by the Oracle software set.

4.2.42 Log Archive Duplex Destination Permission

This policy ensures that the server's archive logs are not accessible to public.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying logArchiveDupDestRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.

Action

Permissions of the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter should be restricted to the owner of the Oracle software set and DBA group with no permissions to public.

4.2.43 Naming Database Links

This policy ensures that the name of a database link is the same as that of the remote database.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbLinkGBLNameRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Database link names that do not match the global names of the databases to which they are connecting can cause an administrator to inadvertently give access to a production server from a test or development server. Knowledge of this can be used by a malicious user to gain access to the target database.

Action

If you use or plan to use distributed processing, Oracle recommends that you set the GLOBAL_NAMES initialization parameter to TRUE to ensure the use of consistent naming conventions for databases and links in a networked environment.

4.2.44 Oracle Agent SNMP Read-Only Configuration File Owner

This policy ensures Oracle Management Agent SNMP read-only configuration file (snmp_ro.ora) is owned by Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying snmp_roRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle Management Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the Management Agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data, for example, the tracing directory location and dbsnmp addresss.

Action

Restrict permissions of Oracle Agent SNMP read-only configuration file (snmp_ro.ora) access to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.45 Oracle Agent SNMP Read-Only Configuration File Permission

This policy ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying snmp_roRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the Management Agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data, for example, the tracing directory location and dbsnmp address.

Action

Restrict Oracle Agent SNMP read-only configuration file (snmp_ro.ora) access to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.46 Oracle Agent SNMP Read-Write Configuration File Owner

This policy ensures Oracle Management Agent SNMP read-write configuration file (snmp_ro.ora) is owned by Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying snmp_roOwnerRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle Management Agent SNMP read-write configuration file (snmp_ro.ora) contains the listening address of the Management Agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data, for example, the tracing directory location and dbsnmp address.

Action

Restrict permissions of Oracle Agent SNMP read-write configuration file (snmp_ro.ora) access to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.47 Oracle Agent SNMP Read-Write Configuration File Permission

This policy ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying snmp_rwRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the Management Agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data, for example, the tracing directory location and the dbsnmp address.

Action

Restrict Oracle Agent SNMP read-write configuration file (snmp_rw.ora) access to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.48 Oracle Home Datafile Permission

This policy ensures that access to the datafiles is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbDataFilesPermRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The datafiles contain all the database data. If datafiles are made readable to public, they can be read by a user who has no database privileges on the data.

Action

Restrict permissions to the datafiles to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.49 Oracle Home Executable Files Owner

This policy ensures that the ownership of all files and directories in the ORACLE_HOME/bin folder is the same as the Oracle software installation owner.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying ohBinFilesOwnerRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Incorrect file permissions on some of the Oracle files can cause major security issues. For example, SQL*Plus could be replaced with a malicious script which the user might run inadvertently.

Action

For files and directories in the ORACLE_HOME/bin folder that do not have the same owner as the Oracle software installation, change their owner to the installation owner.

4.2.50 Oracle Home Executable Files Permission

This policy ensures that all files in the ORACLE_HOME/bin folder have permissions set to 0751 or less.

For Oracle9i Release 2, permissions should be set to 0755. This means that Group and Others have only read and execute permissions; no write permission.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying ohExeBinFilesPermRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Incorrect file permissions on some of the Oracle files can cause major security issues.

Action

For files in the ORACLE_HOME/bin folder that do not have permissions set to 0751 or less, change their file permissions to 0751 or less.

For Oracle9i Release 2, set permissions to 0755.

4.2.51 Oracle Home File Permission

This policy ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) have permission set to 0750 or less.

Normally, only the owner and DBA group members must be allowed to work with non-executable files in the Oracle Home.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying ohFilesPermissionRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Incorrect file permissions on some of the Oracle files can cause major security issues.

Action

All files in $ORACLE_HOME directories (except for $ORACLE_HOME/bin) must have permission set to 0750 or less.

4.2.52 Oracle HTTP Server Distributed Configuration File Owner

This policy ensures Oracle HTTP Server distributed configuration file ownership is restricted to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying htaccessOwnerRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.

Action

Restrict Oracle HTTP Server distributed configuration file ownership to.

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.53 Oracle HTTP Server Distributed Configuration Files Permission

This policy ensures Oracle HTTP Server Distributed Configuration Files permissions are limited to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying htaccessRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.

Action

Restrict Oracle HTTP Server distributed configuration files access to.

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.54 Oracle HTTP Server mod_plsql Configuration File Owner

This policy ensures Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) is owned by Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying wdbsvrRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) contains the Database Access Descriptors used for authentication. A publicly accessible mod_plsql configuration file can allow a malicious user to modify the Database Access Descriptor settings to gain access to PL/SQL applications or launch a Denial Of Service attack.

Action

Restrict permissions of Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) to.

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.55 Oracle HTTP Server mod_plsql Configuration File Permission

This policy ensures Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying wdbsvrRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) contains the Database Access Descriptors used for authentication. A publicly accessible mod_plsql configuration file can allow a malicious user to modify the Database Access Descriptor settings to gain access to PL/SQL applications or launch a Denial Of Service attack.

Action

Restrict Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) access to.

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.56 Oracle XSQL Configuration File Owner

This policy ensures Oracle XSQL configuration file (XSQLConfig.xml) is owned by Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying xsqlOwnerRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used to access sensitive data or to launch further attacks.

Action

Restrict permissions of Oracle XSQL configuration file (XSQLConfig.xml) to.

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.57 Oracle XSQL Configuration File Permission

This policy ensures Oracle XSQL configuration file (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying xsqlRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used to access sensitive data or to launch further attacks.

Action

Restrict Oracle XSQL configuration file (XSQLConfig.xml) access to.

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.58 OS Roles

This policy ensures that roles are stored, managed, and protected in the database rather than files external to the DBMS.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying DB_INIT_PARAMS metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If Roles are managed by OS, this can cause serious security issues..

Action

Set initialization parameter OS_ROLES to False.

4.2.59 Otrace Data Files

This policy ensures that the negative impact on database performance and disk space usage, caused by data collected by otrace, is avoided.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying otraceRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Performance and resource utilization data collection can have a negative impact on database performance and disk space usage.

Action

Otrace should be disabled.

4.2.60 Password Complexity Verification Function Usage

This policy ensures that the PASSWORD_VERIFY_FUNCTION resource for the profile is set.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying pwdComplixityFnRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Having passwords that do not meet minimum complexity requirements offer substantially less protection than complex passwords.

Action

Set the PASSWORD_VERIFY_FUNCTION resource of the profile.

4.2.61 Password Grace Time

This policy ensures that all profiles have PASSWORD_GRACE_TIME set to a reasonable number of days.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying pwdGraceRep metric is collected.

Defaults

Parameters and Their Default Values

MAX_PASSWORD_GRACE_TIME = 3

Objects Excluded by Default

Not Applicable

Impact of Violation

A high value for the PASSWORD_GRACE_TIME parameter may cause serious database security issues by allowing the user to keep the same password for a long time.

Action

Set the PASSWORD_GRACE_TIME parameter to no more than 3 days for all profiles.

4.2.62 Password Life Time

This policy ensures that all profiles have PASSWORD_LIFE_TIME set to a reasonable number of days.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying pwdLifeRep metric is collected.

Defaults

Parameters and Their Default Values

MAX_PASSWORD_LIFE_TIME = 90

Objects Excluded by Default

Not Applicable

Impact of Violation

A long password life time gives malicious users a long time to decipher the password. May cause serious database security issues.

Action

Set the PASSWORD_LIFE_TIME parameter to no more than 90 days for all profiles.

4.2.63 Password Locking Time

This policy ensures that PASSWORD_LOCK_TIME is set to a reasonable number of days for all profiles.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying pwdLockRep metric is collected.

Defaults

Parameters and Their Default Values

MIN_PASSWORD_LOCK_TIME = 1

Objects Excluded by Default

Not Applicable

Impact of Violation

The PASSWORD_LOCK_TIME resource relates to the number of days an account is locked after a user tries unsuccessfully to login for more than FAILED_LOGIN_ATTEMPTS (another related resource) times. Having a low value for this resource increases the likelihood of Denial of Service attacks.

Action

Set the PASSWORD_LOCK_TIME parameter to no less than 1 for all the profiles.

4.2.64 Password Reuse Max

This policy ensures that all profiles have PASSWORD_REUSE_MAX set to a reasonable number of times.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying reuseMaxRep metric is collected.

Defaults

Parameters and Their Default Values

MAX_PASSWORD_REUSE_MAX = UNLIMITED

Objects Excluded by Default

Not Applicable

Impact of Violation

Old passwords are usually the best guesses for the current password. A low value for the PASSWORD_REUSE_MAX parameter may cause serious database security issues by allowing users to reuse their old passwords more often.

Action

Set the PASSWORD_REUSE_MAX parameter to UNLIMITED for all profiles.

4.2.65 Password Reuse Time

This policy ensures that all profiles have PASSWORD_REUSE_TIME set to a reasonable number of days.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying passwdReuseTimeRep metric is collected.

Defaults

Parameters and Their Default Values

MAX_PASSWORD_REUSE_TIME = 2147483647

Objects Excluded by Default

Not Applicable

Impact of Violation

The PASSWORD_REUSE_TIME parameter defines the number of days before a password can be reused. A low value for the password reuse time can increase the danger of an already leaked password to cause serious database security issues.

Ensuring a reasonable value for this resource will discourage users from reusing their passwords resulting in more secure password usage.

Action

Set the PASSWORD_REUSE_TIME parameter to UNLIMITED for all profiles.

4.2.66 Profiles with Excessive Allowed Failed Login Attempts

This policy ensures that the number of allowed failed login attempts is no more than 10.

The FAILED_LOGIN_ATTEMPTS parameter defines the number of successive failed login attempts that can be performed before an account's status is changed to locked. This protects against malicious users attempting to guess a password for an account.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying loginserver_failed_logins metric is collected.

Defaults

Parameters and Their Default Values

Maximum FAILED_LOGIN_ATTEMPTS: 10 failed attempts

Objects Excluded by Default

Not Applicable

Impact of Violation

Permits manual and automated password guessing by a malicious user.

By setting the parameter to UNLIMITED, a malicious user can attempt an unlimited amount of guesses of the password for all accounts granted the specified profile. However, setting the value too low may result in valid users locking their accounts when mistyping a password.

Action

In user profiles, set the value for the FAILED_LOGIN_ATTEMPTS setting to no more than 10.

4.2.67 Proxy Account

This policy ensures that the proxy accounts have limited privileges.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Not Available

Action

Not Available

4.2.68 Public Trace Files

This policy ensures database trace files are not public readable.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying trcFilePublicRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If trace files are readable by the PUBLIC group, a malicious user may attempt to read the trace files. This could lead to sensitive information being exposed, for example, creation or deletion of tablespace information.

Action

Set the initialization parameter _TRACE_FILES_PUBLIC to FALSE.

4.2.69 Remote OS Authentication

This policy ensures REMOTE_OS_AUTHENT initialization parameter is set to FALSE.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying remoteAuthenticationRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to the database if remote OS authentication is allowed. This feature allows external users (authenticated by the remote OS) to connect to the database without having password authentication done by the database.

Action

Disable this feature by setting the REMOTE_OS_AUTHENT initialization parameter to FALSE.

4.2.70 Remote OS Role

This policy ensures REMOTE_OS_ROLES initialization parameter is set to FALSE.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying remoteRolesRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to the database if remote users can be granted privileged roles.

Action

Disable this feature by setting the REMOTE_OS_ROLES initialization parameter to FALSE.

4.2.71 Remote Password File

This policy ensures that the REMOTE_LOGIN_PASSWORDFILE initialization parameter is set to EXCLUSIVE.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying remoteLoginPasswordFileRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to the database if remote password files are allowed.

Action

For non-RAC configurations, set the REMOTE_LOGIN_PASSWORDFILE setting to EXCLUSIVE mode, thereby assigning specific users the SYSDBA/SYSOPER privilege to manage the database.

4.2.72 Restricted Privilege to Execute UTL_HTTP

This policy ensures that PUBLIC does not have execute privileges on the UTL_HTTP package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying executePrivilegesRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to e-mail, network and http modules using the EXECUTE privilege.

Action

Revoke EXECUTE privileges on the UTL_HTTP package.

4.2.73 Restricted Privilege to Execute UTL_SMTP

This policy ensures that PUBLIC does not have execute privileges on the UTL_SMTP package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying executePrivilegesRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to e-mail, network and http modules using the EXECUTE privilege.

Action

Revoke EXECUTE privileges on the UTL_SMTP package.

4.2.74 Restricted Privilege to Execute UTL_TCP

This policy ensures that PUBLIC does not have execute privileges on the UTL_TCP package.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying executePrivilegesRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Privileges granted to the PUBLIC role automatically apply to all users. A malicious user can gain access to e-mail, network and http modules using the EXECUTE privilege.

Action

Revoke EXECUTE privileges on the UTL_TCP package.

4.2.75 Secure OS Audit Level

This policy ensures that AUDIT_SYSLOG_LEVEL is set to a non-default value when OS-level auditing is enabled, on UNIX systems.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying secureOSAuditLevelRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

Setting the AUDIT_SYSLOG_LEVEL initialization parameter to the default value (NONE) will result in DBAs gaining access to the OS audit records.

Action

When operating system auditing is enabled, set the AUDIT_SYSLOG_LEVEL initialization parameter to a valid value and configure /etc/syslog.conf so that Oracle OS audit records are written to a separate file.

4.2.76 Server Parameter File Permission

This policy ensures that access to the server parameter file (SPFILE) is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying spfilePermRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.

Action

Restrict permission to the server parameter file (SPFILE) to:

• Oracle software owner

• Oracle group

Do not give read and write permissions to public.

4.2.77 SQL*Plus Executable Owner

This policy ensures SQL*Plus ownership is restricted to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying sqlplusRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

SQL*Plus allows a user to execute any SQL query on the database provided the user has an account with appropriate privileges. Not restricting ownership of SQL*Plus to the Oracle software set and DBA group may cause security issues by exposing sensitive data to malicious users.

Action

Restrict file permissions for SQL*Plus executable to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.78 SQL*Plus Executable Permission

This policy ensures restricted access to DBA_ROLES view.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying sqlplusRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

SQL*Plus allows a user to execute any SQL query on the database provided the user has an account with appropriate privileges. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.

Action

Restrict file permissions for SQL*Plus executable to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.79 System Privileges to Public

This policy ensures system privileges are not granted to PUBLIC.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying systemPrivilegesRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Privileges granted to the PUBLIC role automatically apply to all users. There are security risks when granting SYSTEM privileges to all users.

Action

Revoke SYSTEM privileges from the PUBLIC role.

4.2.80 Tkprof Executable Owner

This policy ensures the tkprof executable file is owned by the Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying tkprofOwnerRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Not restricting ownership of tkprof to the Oracle software set and DBA group may cause exposure to sensitive information.

Action

Remove the tkprof executable if it is not required. Otherwise, restrict permissions of the tkprof executable to the owner of the Oracle software set and the DBA group.

4.2.81 Tkprof Executable Permission

This policy ensures tkprof executable file permissions are restricted to read and execute permissions for the group, and inaccessible to public.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying tkprofRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Excessive permission for tkprof leaves information unprotected.

Action

Remove tkprof executable if not required. Otherwise, file permissions for tkprof executable should be restricted to read and execute permissions for the group, and inaccessible to public.

4.2.82 Unlimited Tablespace Quota

This policy ensures that database users are allocated a limited tablespace quota.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying tableSpaceQuotaRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Granting unlimited tablespace quotas can cause the filling up of the allocated disk space. This can lead to an unresponsive database.

Action

For users with an unlimited tablespace quota, reallocate their tablespace quotas to a specific limit.

4.2.83 Use of Appropriate umask on UNIX Systems

On UNIX systems, this policy ensures that log and trace files do not become accessible to the public.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying umaskSettingRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If umask is not set to an appropriate value (such as 022), log or trace files might become accessible to the public, thus exposing sensitive information.

Action

Set umask to 022 for the owner of Oracle software.

4.2.84 Use of Automatic Log Archival Features

This policy ensures that archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. Only applicable if database is in archivelog mode.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying logArchiveStartRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Setting the LOG_ARCHIEVE_START initialization parameter to TRUE ensures that the archiving of redo logs is done automatically and prevents suspension of instance operations when redo logs fill. This feature is only applicable if the database is in archivelog mode.

If the LOG_ARCHIVE_START initialization parameter is set to FALSE, redo log files are not automatically archived and instance operations are suspended when the redo logs are full.

Action

Set the value of the LOG_ARCHIVE_START initialization parameter to TRUE.

4.2.85 Use of Database Links with Cleartext Password

Ensures database links with clear text passwords are not used, that is, the password is hashed or encrypted.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbLinkPwdRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The table SYS.LINK$ contains the clear text password used by the database link. A malicious user can read clear text password from SYS.LINK$ table that can lead to undesirable consequences.

Action

Avoid creating fixed user database links.

4.2.86 Use of Remote Listener Instances

This policy ensures listener instances on a remote machine separate from the database instance are not used.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying rmtLsnrRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The REMOTE_LISTENER initialization parameter can be used to allow a listener on a remote machine to access the database. This parameter is not applicable in a multi-master replication or RAC environment where this setting provides a load balancing mechanism for the listener.

Action

REMOTE_LISTENER should be set to the null string (""). This parameter is not applicable in a multi-master replication or RAC environment where this setting provides a load balancing mechanism for the listener.

4.2.87 Use of SQL92 Security Features

This policy ensures the use of the SQL92 security features.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying sql92Rep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If SQL92 security features are not enabled, a user might be able to execute an UPDATE or DELETE statement using a WHERE clause without having select privilege on a table.

Action

Enable SQL92 security features by setting the initialization parameter SQL92_SECURITY to TRUE.

4.2.88 User Dump Destination

This policy ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying userDumpDestRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.

Action

Restrict permissions to the User Dump directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.2.89 Users with Excessive Allowed Failed Login Attempts

This policy ensures that the number of allowed failed login attempts is no more than 10.

The FAILED_LOGIN_ATTEMPTS parameter defines the number of successive failed login attempts that can be performed before an account's status is changed to locked. This protects against malicious users attempting to guess a password for an account

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying unlimited FailedLoginAttempts10gR1RepsAuthRep metric is collected.

Defaults

Parameters and Their Default Values

None

Objects Excluded by Default

None

Impact of Violation

Permits manual and automated password guessing by a malicious user.

By setting the parameter to UNLIMITED, a malicious user can attempt an unlimited amount of guesses of the password for all accounts granted the specified profile. However, setting the value too low may result in valid users locking their accounts when mistyping a password.

Action

In user profiles, set the value for the FAILED_LOGIN_ATTEMPTS setting to no more than 10.

4.2.90 Using Externally Identified Accounts

This policy ensures that the OS_AUTHENT_PREFIX is set to a value other than OPS$ or null string ("").

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying osAuthRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Setting this parameter ensures that the only way an account can be used externally is by specifying IDENTIFIED EXTERNALLY when creating a user.

Action

The identified externally approach should only be used on development and test databases. On a production system, ensure that the user cannot access the operating system level.

4.2.91 Utility File Directory Initialization Parameter Setting

This policy ensures that the Utility File Directory (UTL_FILE_DIR) initialization parameter is not set to one of the following: asterisk (*), period (.), or core dump trace file locations.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying utlFileDirSettingRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Specifies the directories which the UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories, could expose them to all users having execute privilege on the UTL_FILE package.

Action

Change the UTL_FILE_DIR initialization parameter to a value other than asterisk (*), period (.), or to core dump trace locations.

4.2.92 Utility File Directory Initialization Parameter Setting for Oracle9i Release 1 and Later

This policy ensures that the UTL_FILE_DIR initialization parameter is not used in Oracle9i Release 1 and later.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying utlSetting9IplusRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Specifies the directories which UTL_FILE package can access. Having the parameter set to asterisk (*), period (.), or to sensitive directories could expose them to all users having execute privilege on UTL_FILE package.

Using the UTL_FILE package it is possible to write programs to access the directories set by utl_file_dir (assuming the user has execute privilege on this package). There is a possibility that the program is used to read files and data that should not be otherwise possible.

Action

For Oracle 9i Release 1 and later, remove the UTL_FILE_DIR initialization parameter. Instead, use the CREATE DIRECTORY feature.

4.2.93 Web Cache Initialization File Owner

This policy ensures Web Cache initialization file (webcache.xml) is owned by Oracle software owner.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying webcacheOwnerRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Web Cache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Web Cache initialization file can be used to extract sensitive data like the administrator password hash.

Action

Restrict Web Cache initialization file (webcache.xml) executable to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.94 Web Cache Initialization File Permission

This policy ensures the Web Cache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying webcacheRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Web Cache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Web Cache initialization file can be used to extract sensitive data like the administrator password hash.

Action

Restrict Web Cache initialization file (webcache.xml) executable to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.2.95 Well Known Accounts

This policy ensures well-known accounts are expired and locked.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying installAndDemoAcccountsRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to the database using a well-known account.

Action

Expire and lock well-known accounts.

4.2.96 Well Known Accounts (Status)

This policy ensures well-known accounts are expired and locked.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying installAndDemoAccountsRepmetric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A malicious user can gain access to the database using a well-known account.

Action

Expire and lock well-known accounts.

4.3.1 Audit File Destination (Windows)

This policy ensures that access to the audit files directory is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying auditFileDestNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The AUDIT_FILE_DEST initialization parameter specifies the directory where the Oracle auditing facility creates the audit files. Giving public read permission to this directory may reveal important information such as logging information of startup, shutdown, and privileged connections.

Action

Restrict permissions to the Audit File directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.3.2 Background Dump Destination (Windows)

This policy ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying backgrdDumpDestNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Background processes such as the log writer process and the database writer process use trace files to record occurrences and exceptions of database operations, as well as errors. The trace files are stored in the directory specified by the BACKGROUND_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.

Action

Restrict permissions to the Background Dump directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.3.3 Control File Permission (Windows)

This policy ensures that access to the control files directory is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbControlFilesPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Control files are binary configuration files that control access to data files. Control files are stored in the directory specified by the CONTROL_FILES initialization parameter. A public write privilege on this directory could pose a serious security risk.

Action

Restrict permission to the control files to:

• Owner of the Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.3.4 Core Dump Destination (Windows)

This policy ensures that access to the core dump files directory is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying coreDumpDestNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Core dump files are stored in the directory specified by the CORE_DUMP_DEST initialization parameter. A public read privilege on this directory could expose sensitive information from the core dump files.

Action

Restrict permissions to the Core Dump directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.3.5 Domain Users Group Member of Local Users Group

This policy ensures domain server local Users group does not have access to the Domain Users group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying domainUserGrpNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Including Domain Users group in local Users group of a domain server can cause serious security issues.

Action

Remove Domain Users group form local Users group.

4.3.6 IFILE Referenced File Permission (Windows)

This policy ensures that access to the files referenced by the IFILE parameter is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying iFileRefFilesPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The IFILE initialization parameter can be used to embed the contents of another initialization parameter file into the current initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The initialization parameter file can also be searched for the weaknesses of the Oracle database configuration setting.

Action

Restrict access to the files referenced by the IFILE initialization parameter to:

• Owner of Oracle software installation

• DBA group

Do not give read, write, and execute permissions to public.

4.3.7 Initialization Parameter File Permission (Windows)

This policy ensures that access to the initialization parameter file is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying initoraPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Oracle traditionally stored initialization parameters in a text initialization parameter file. A publicly accessible initialization parameter file can be scanned for sensitive initialization parameters exposing the security policies of the database. The IFILE can also be searched for the weaknesses of the Oracle database configuration setting.

Action

Restrict access to the initialization parameter file to:

• Owner of Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.3.8 Installation on Domain Controller

This policy ensures that Oracle is not installed on a domain controller.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying winPlatformNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Installing Oracle on a domain controller can cause serious security issues.

Action

Oracle must only be installed on a domain member server or a standalone server.

4.3.9 Installed Oracle Home Drive Permissions

This policy ensures that the installed Oracle Home drive is not accessible to Everyone Group on Windows.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying driverPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Apploicable

Impact of Violation

Giving permission of Oracle installed drive to everyone can cause serious security issues.

Action

The installed Oracle Home drive should not be accessible to Everyone Group.

4.3.10 Log Archive Destination Permission (Windows)

This policy ensures that the server's archive logs are not accessible to public.The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying logArchiveDestNTRep metric is collected.

Defaults

Parameters and Their Default Values

Database may be in insecure state as the directory (%file_name%) specified by the LOG_ARCHIVE_DEST parameter has an inappropriate permission or owner: %permission%.

Objects Excluded by Default

Database may be in insecure state as the directory (%file_name%) specified by the LOG_ARCHIVE_DEST parameter has an inappropriate permission or owner: %permission%.

Impact of Violation

LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DEST parameter (in the init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.

Action

Permissions of the directory specified by LOG_ARCHIVE_DEST parameter should be restricted to the owner of the Oracle software set and DBA group with no permissions to public.

4.3.11 Log Archive Duplex Destination Permission (Windows)

This policy ensures that the server's archive logs are not accessible to public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying logArchiveDupDestNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

LogMiner can be used to extract database information from the archive logs if the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter (in init.ora file) is not owned by the owner of the Oracle software installation or has permissions for others.

Action

Permissions of the directory specified by LOG_ARCHIVE_DUPLEX_DEST parameter should be restricted to the owner of the Oracle software set and DBA group with no permissions to public.

4.3.12 Oracle Agent SNMP Read-Only Configuration File Permission (Windows)

This policy ensures Oracle Agent SNMP read-only configuration file (snmp_ro.ora) permissions are limited to the Oracle software set and DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD and FULL.

The policy gives the number of users or user groups, which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying snmp_roRepNT metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle Agent SNMP read-only configuration file (snmp_ro.ora) contains the listening address of the Management Agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-only configuration file can be used to extract sensitive data, for example, the tracing directory location and dbsnmp address.

Action

Restrict Oracle Agent SNMP read-only configuration file (snmp_ro.ora) access to:

• Owner of the Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.3.13 Oracle Agent SNMP Read-Write Configuration File Permission (Windows)

This policy ensures Oracle Agent SNMP read-write configuration file (snmp_rw.ora) permissions are limited to the Oracle software set and DBA group.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying snmp_rwRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle Agent SNMP read-write configuration file (snmp_rw.ora) contains the listening address of the Management Agent, the names of SQL*Net listener and Oracle database services it knows about, plus tracing parameters. A publicly accessible SNMP read-write configuration file can be used to extract sensitive data, for example, the tracing directory location and the dbsnmp address.

Action

Restrict Oracle Agent SNMP read-write configuration file (snmp_rw.ora) access to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.3.14 Oracle Home Datafile Permission (Windows)

This policy ensures that access to the datafiles is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying dbDataFilesPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The datafiles contain all the database data. If datafiles are made readable to public, they can be read by a user who has no database privileges on the data.

Action

Restrict permissions to the datafiles to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.3.15 Oracle Home Executable Files Permission (Windows)

This policy ensures that all files in the ORACLE_HOME/bin folder have appropriate permissions. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying ohExeBinFilesPermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Incorrect file permissions on some of the Oracle files can cause major security issues.

Action

For files in the ORACLE_HOME/bin folder, revoke unnecessary right given to users or user groups.

4.3.16 Oracle Home File Permission (Windows)

This policy ensures that all files in the ORACLE_HOME directories (except for ORACLE_HOME/bin) have permission set appropriately. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Normally, only the owner and DBA group members must be allowed to work with non-executable files in the Oracle Home.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying ohFilesPermissionNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Incorrect file permissions on some of the Oracle files can cause major security issues.

Action

All files in $ORACLE_HOME directories must have permission set appropriately.

4.3.17 Oracle HTTP Server Distributed Configuration Files Permission (Windows)

This policy ensures Oracle HTTP Server Distributed Configuration Files permissions are limited to the Oracle software set and DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD and FULL.

The policy gives the number of users or user groups, which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying htaccessRepNT metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle HTTP Server distributed configuration file (usually .htaccess) is used for access control and authentication of web folders. This file can be modified to gain access to pages containing sensitive information.

Action

Restrict Oracle HTTP Server Distributed configuration files access to.

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.3.18 Oracle HTTP Server mod_psql Configuration File Permission (Windows)

This policy ensures Oracle HTTP Server mod_plsql Configuration file (wdbsvr.app) permissions are limited to the Oracle software set and DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD and FULL.

The policy gives the number of users or user groups, which have been granted such permissions, and lists the users and user groups in parentheses

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying wdbsvrRepNT metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) contains the Database Access Descriptors used for authentication. A publicly accessible mod_plsql configuration file can allow a malicious user to modify the Database Access Descriptor settings to gain access to PL/SQL applications or launch a Denial Of Service attack.

Action

Restrict Oracle HTTP Server mod_plsql configuration file (wdbsvr.app) access to.

• Owner of the Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.3.19 Oracle XSQL Configuration File Permission (Windows)

This policy ensures Oracle XSQL Configuration File (XSQLConfig.xml) permissions are limited to the Oracle software set and DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD and FULL.

The policy gives the number of users or user groups, which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying spfilePermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The Oracle XSQL configuration file (XSQLConfig.xml) contains sensitive database connection information. A publicly accessible XSQL configuration file can expose the database user name and password that can be used to access sensitive data or to launch further attacks.

Action

Restrict Oracle XSQL configuration file (XSQLConfig.xml) access to:

• Owner of the Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.3.20 Server Parameter File Permission (Windows)

This policy ensures that access to the server parameter file (SPFILE) is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying spfilePermNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

A server parameter file (SPFILE) lets you store and manage your initialization parameters persistently in a server-side disk file. A publicly accessible SPFILE can be scanned for sensitive initialization parameters exposing the security policies of the database. The SPFILE can also be searched for the weaknesses of the Oracle database configuration setting.

Action

Restrict permission to the server parameter file (SPFILE) to:

• Oracle software owner

• Oracle group

Do not give read and write permissions to public.

4.3.21 SQL*Plus Executable Permission (Windows)

This policy ensures that SQL*Plus executable file permissions are limited to the Oracle software set and DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD and FULL.

The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying sqlplusRepNT metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

ESQL*Plus allows a user to execute any SQL query on the database provided the user has an account with appropriate privileges. Public execute permissions on SQL*Plus can cause security issues by exposing sensitive data to malicious users.

Action

Restrict file permissions for SQL*Plus executable to:

• Owner of the Oracle software set

• DBA group

Do not give read and write permissions to public.

4.3.22 Tkprof Executable Permission (Windows)

This policy ensures tkprof executable file permissions are restricted to read and execute permissions for the group, and inaccessible to public. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying tkprofRepNT metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Excessive permission for tkprof leaves information unprotected.

Action

Remove tkprof executable if not required. Otherwise, file permissions for tkprof executable should be restricted to read and execute permissions for the group, and inaccessible to public.

4.3.23 Use of Windows NT Domain Prefix (Windows)

This policy ensures externally identified users specify the domain while connecting.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying osauthPrefixDomainRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

If externally identified accounts are required, setting OSAUTH_PREFIX_DOMAIN to TRUE in the registry forces the account to specify the domain. This prevents spoofing of user access from an alternate domain or local system.

Action

For externally identified users from Windows systems, set the OSAUTH_PREFIX_DOMAIN initialization parameter to TRUE.

4.3.24 User Dump Destination (Windows)

This policy ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, and FULL. The policy gives the number of users or user groups which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying userDumpDestNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

The trace files for server processes are stored in the directory specified by the USER_DUMP_DEST initialization parameter. Giving public read permission to this directory may reveal important and sensitive internal details of the database and applications.

Action

Restrict permissions to the User Dump directory to:

• Owner of the Oracle software set

• DBA group

Do not give read, write, and execute permissions to public.

4.3.25 Web Cache Initialization File Permission (Windows)

This policy ensures the Web Cache initialization file (webcache.xml) permissions are limited to the Oracle software set and DBA group. The following permissions on Windows NT based platforms are considered critical: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD and FULL.

The policy gives the number of users or user groups, which have been granted such permissions, and lists the users and user groups in parentheses.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying webcacheRepNT metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Web Cache stores sensitive information in the initialization file (webcache.xml). A publicly accessible Web Cache initialization file can be used to extract sensitive data like the administrator password hash.

Action

Restrict Web Cache initialization file (webcache.xml) executable to:

• Owner of the Oracle software installation

• DBA group

Do not give read and write permissions to public.

4.3.26 Windows Tools Permission

This policy ensures Oracle service does not have permissions on Windows tools.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying coreDumpDestNTRep metric is collected.

Defaults

Parameters and Their Default Values

Not Applicable

Objects Excluded by Default

Not Applicable

Impact of Violation

Granting Oracle service the permissions of Windows tools may cause serious security issues.

Action

Remove Windows tools permission from Oracle service account.

4.4.1 Default Permanent Tablespace Set to a System Tablespace

This policy verifies that the DEFAULT_PERMANENT_TABLESPACE database property is set to a non-system tablespace. The default permanent tablespace for the database is used as the default permanent tablespace for any users who are not explicitly assigned a permanent tablespace. The default permanent tablespace is defaulted to the SYSTEM tablespace until it is changed by a DBA.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_recTablespaceSettings metric is collected.

Defaults

Parameters and Their Default Values

SYSTEM

Objects Excluded by Default

Not Applicable

Impact of Violation

If not specified explicitly, the DEFAULT_PERMANENT_TABLESPACE is defaulted to the SYSTEM tablespace. This is not the recommended setting. The default permanent tablespace for the database is used as the permanent tablespace for any non-SYSTEM users who are not explicitly assigned a permanent tablespace. If the database default permanent tablespace is set to a system tablespace, then any user who is not explicitly assigned a tablespace uses the system tablespace. Non-SYSTEM users should not be using a system tablespaces to store data. Doing so may result in performance degradation for the database.

Action

Set the DEFAULT_PERMANENT_TABLESPACE to a non-system tablespace. Create or edit a tablespace and set it to be the default permanent tablespace.

Clicking the DEFAULT_PERMANENT_TABLESPACE link will bring up the Tablespace Search page. From this page you can create or edit a tablespace and set it to be the default permanent tablespace.

On the Administration property page for the database instance, click Tablespaces under the Storage options. After providing your credentials, create or edit a permanent tablespace and set it to be the default permanent tablespace.

4.4.2 Default Temporary Tablespace Set to a System Tablespace

This policy verifies that the DEFAULT_TEMP_TABLESPACE database property is set to a non-system tablespace. The default temporary tablespace for the database is used as the temporary tablespace for any users that are not explicitly assigned a temporary tablespace. The temporary tablespace is defaulted to the SYSTEM tablespace until it is changed by a DBA.

Policy Summary

The following table lists the policy's main properties.

^Footnote 1 The policy rule is evaluated each time its underlying db_recTablespaceSettings metric is collected.

Defaults

Parameters and Their Default Values

Parameter default values are dependent on the version of the Oracle Database target. Refer to the Oracle Database documentation for that version of the database target to learn about the parameters and their default values.

Objects Excluded by Default

Not Applicable

Impact of Violation

If not specified explicitly, the DEFAULT_TEMP_TABLESPACE defaults to the SYSTEM tablespace. This is not the recommended setting. The default temporary tablespace is used as the temporary tablespace for any users who are not explicitly assigned a temporary tablespace. If the database default temporary tablespace is set to a system tablespace, then any user who is not explicitly assigned a temporary tablespace uses the system tablespace as their temporary tablespace. System tablespaces should not be used to store temporary data. Doing so can result in performance degradation for the database.

Action

Set the DEFAULT_TEMP_TABLESPACE to a non-system temporary tablespace. In Oracle Database 10g Release 1 or later, you can also set the DEFAULT_TEMP_TABLESPACE to a temporary tablespace group. Create or edit a temporary tablespace, or temporary tablespace group, and set it to be the default temporary tablespace.

Clicking the DEFAULT_TEMP_TABLESPACE link will bring up the Tablespace Search page. From this page the user can create or edit a temporary tablespace and set it to be the default temporary tablespace.

On the Administration property page for the database instance, click Tablespaces under the Storage options. After providing your credentials, create or edit a temporary tablespace and set it to be the default temporary tablespace.

4.4.3 Dictionary Managed Tablespaces

This policy determines whether dictionary managed tablespaces are being used. Use locally managed tablespaces.

Policy Summary

The following table lists the policy's main properties.