cis oracle database 11g r2 benchmark v2.2.0 - · pdf fileto further clarify the creative...

CISOracleDatabase11gR2Benchmark

v2.2.0-05-31-2016

1|P a g e

ThisworkislicensedunderaCreativeCommonsAttribution-NonCommercial-ShareAlike4.0InternationalPublicLicense.Thelinktothelicensetermscanbefoundathttps://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.

TofurtherclarifytheCreativeCommonslicenserelatedtoCISBenchmarkcontent,youareauthorizedtocopyandredistributethecontentforusebyyou,withinyourorganizationandoutsideyourorganizationfornon-commercialpurposesonly,providedthat(i)appropriatecreditisgiventoCIS,(ii)alinktothelicenseisprovided.Additionally,ifyouremix,transformorbuildupontheCISBenchmark(s),youmayonlydistributethemodifiedmaterialsiftheyaresubjecttothesamelicensetermsastheoriginalBenchmarklicenseandyourderivativewillnolongerbeaCISBenchmark.CommercialuseofCISBenchmarksissubjecttothepriorapprovaloftheCenterforInternetSecurity.

2|P a g e

TableofContents

Overview......................................................................................................................................................................8

IntendedAudience..............................................................................................................................................8

ConsensusGuidance...........................................................................................................................................8

TypographicalConventions............................................................................................................................9

ScoringInformation............................................................................................................................................9

ProfileDefinitions.............................................................................................................................................10

Acknowledgements..........................................................................................................................................11

Recommendations.................................................................................................................................................12

1OracleDatabaseInstallationandPatchingRequirements..........................................................12

1.1EnsuretheAppropriateVersion/PatchesforOracleSoftwareIsInstalled(Scored).......................................................................................................................................................12

1.2EnsureAllDefaultPasswordsAreChanged(Scored).....................................................14

1.3EnsureAllSampleDataAndUsersHaveBeenRemoved(Scored)............................16

2OracleParameterSettings.........................................................................................................................17

2.1ListenerSettings...................................................................................................................................18

2.1.1Ensure'SECURE_CONTROL_<listener_name>'IsSetIn'listener.ora'(Scored)18

2.1.2Ensure'extproc'IsNotPresentin'listener.ora'(Scored)..........................................20

2.1.3Ensure'ADMIN_RESTRICTIONS_<listener_name>'IsSetto'ON'(Scored)........21

2.1.4Ensure'SECURE_REGISTER_<listener_name>'IsSetto'TCPS'or'IPC'(Scored).........................................................................................................................................................................23

2.2Databasesettings..................................................................................................................................25

2.2.1Ensure'AUDIT_SYS_OPERATIONS'IsSetto'TRUE'(Scored)..................................25

2.2.2Ensure'AUDIT_TRAIL'IsSetto'OS','DB','XML','DB,EXTENDED',or'XML,EXTENDED'(Scored).................................................................................................................27

2.2.3Ensure'GLOBAL_NAMES'IsSetto'TRUE'(Scored).....................................................28

2.2.4Ensure'LOCAL_LISTENER'IsSetAppropriately(Scored)........................................29

2.2.5Ensure'O7_DICTIONARY_ACCESSIBILITY'IsSetto'FALSE'(Scored).................31

2.2.6Ensure'OS_ROLES'IsSetto'FALSE'(Scored).................................................................32

2.2.7Ensure'REMOTE_LISTENER'IsEmpty(Scored)...........................................................33

2.2.8Ensure'REMOTE_LOGIN_PASSWORDFILE'IsSetto'NONE'(Scored).................34

3|P a g e

2.2.9Ensure'REMOTE_OS_AUTHENT'IsSetto'FALSE'(Scored).....................................35

2.2.10Ensure'REMOTE_OS_ROLES'IsSetto'FALSE'(Scored).........................................36

2.2.11Ensure'UTIL_FILE_DIR'IsEmpty(Scored)...................................................................37

2.2.12Ensure'SEC_CASE_SENSITIVE_LOGON'IsSetto'TRUE'(Scored).......................38

2.2.13Ensure'SEC_MAX_FAILED_LOGIN_ATTEMPTS'IsSetto'10'(Scored).............40

2.2.14Ensure'SEC_PROTOCOL_ERROR_FURTHER_ACTION'IsSetto'DELAY,3'or'DROP,3'(Scored)....................................................................................................................................41

2.2.15Ensure'SEC_PROTOCOL_ERROR_TRACE_ACTION'IsSetto'LOG'(Scored)...42

2.2.16Ensure'SEC_RETURN_SERVER_RELEASE_BANNER'IsSetto'FALSE'(Scored).........................................................................................................................................................................43

2.2.17Ensure'SQL92_SECURITY'IsSetto'TRUE'(Scored)................................................44

2.2.18Ensure'_TRACE_FILES_PUBLIC'IsSetto'FALSE'(Scored)....................................45

2.2.19Ensure'RESOURCE_LIMIT'IsSetto'TRUE'(Scored)...............................................46

3OracleConnectionandLoginRestrictions.........................................................................................47

3.1Ensure'FAILED_LOGIN_ATTEMPTS'IsLessthanorEqualto'5'(Scored)............47

3.2Ensure'PASSWORD_LOCK_TIME'IsGreaterthanorEqualto'1'(Scored)...........49

3.3Ensure'PASSWORD_LIFE_TIME'IsLessthanorEqualto'90'(Scored).................50

3.4Ensure'PASSWORD_REUSE_MAX'IsGreaterthanorEqualto'20'(Scored).......51

3.5Ensure'PASSWORD_REUSE_TIME'IsGreaterthanorEqualto'365'(Scored)...52

3.6Ensure'PASSWORD_GRACE_TIME'IsLessthanorEqualto'5'(Scored)...............53

3.7Ensure'DBA_USERS.PASSWORD'IsNotSetto'EXTERNAL'forAnyUser(Scored).........................................................................................................................................................................54

3.8Ensure'PASSWORD_VERIFY_FUNCTION'IsSetforAllProfiles(Scored)..............55

3.9Ensure'SESSIONS_PER_USER'IsLessthanorEqualto'10'(Scored)......................56

3.10EnsureNoUsersAreAssignedthe'DEFAULT'Profile(Scored)..............................57

4OracleUserAccessandAuthorizationRestrictions.......................................................................58

4.1DefaultPublicPrivilegesforPackagesandObjectTypes...................................................59

4.1.1Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_ADVISOR'(Scored)...59

4.1.2Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_CRYPTO'(Scored).....60

4.1.3Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JAVA'(Scored)............61

4|P a g e

4.1.4Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JAVA_TEST'(Scored).........................................................................................................................................................................62

4.1.5Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JOB'(Scored)..............63

4.1.6Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_LDAP'(Scored)..........64

4.1.7Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_LOB'(Scored).............65

4.1.8Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_OBFUSCATION_TOOLKIT'(Scored).................................................................................67

4.1.9Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_RANDOM'(Scored)..69

4.1.10Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_SCHEDULER'(Scored).......................................................................................................................................................70

4.1.11Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_SQL'(Scored)...........71

4.1.12Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_XMLGEN'(Scored).72

4.1.13Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_XMLQUERY'(Scored).........................................................................................................................................................................73

4.1.14Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_FILE'(Scored)..............74

4.1.15Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_INADDR'(Scored)......75

4.1.16Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_TCP'(Scored)...............76

4.1.17Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_MAIL'(Scored)............77

4.1.18Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_SMTP'(Scored)...........78

4.1.19Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_DBWS'(Scored)..........79

4.1.20Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_ORAMTS'(Scored).....80

4.1.21Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_HTTP'(Scored)...........81

4.1.22Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'HTTPURITYPE'(Scored)...82

4.2RevokeNon-DefaultPrivilegesforPackagesandObjectTypes.......................................83

4.2.1Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_SYS_SQL'(Scored)....83

4.2.2Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_BACKUP_RESTORE'(Scored).......................................................................................................................................................84

4.2.3Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_AQADM_SYSCALLS'(Scored).......................................................................................................................................................85

4.2.4Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_REPCAT_SQL_UTL'(Scored).......................................................................................................................................................86

4.2.5Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'INITJVMAUX'(Scored)..........87

5|P a g e

4.2.6Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_STREAMS_ADM_UTL'(Scored).......................................................................................................................................................88

4.2.7Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_AQADM_SYS'(Scored).........................................................................................................................................................................89

4.2.8Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_STREAMS_RPC'(Scored).......................................................................................................................................................90

4.2.9Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_PRVTAQIM'(Scored).........................................................................................................................................................................91

4.2.10Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'LTADM'(Scored)..................92

4.2.11Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'WWV_DBMS_SQL'(Scored).........................................................................................................................................................................93

4.2.12Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'WWV_EXECUTE_IMMEDIATE'(Scored)......................................................................................94

4.2.13Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_IJOB'(Scored)..........95

4.2.14Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_FILE_TRANSFER'(Scored).......................................................................................................................................................96

4.3RevokeExcessiveSystemPrivileges............................................................................................97

4.3.1Ensure'SELECT_ANY_DICTIONARY'IsRevokedfromUnauthorized'GRANTEE'(Scored).......................................................................................................................................................97

4.3.2Ensure'SELECTANYTABLE'IsRevokedfromUnauthorized'GRANTEE'(Scored).......................................................................................................................................................98

4.3.3Ensure'AUDITSYSTEM'IsRevokedfromUnauthorized'GRANTEE'(Scored)99

4.3.4Ensure'EXEMPTACCESSPOLICY'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................100

4.3.5Ensure'BECOMEUSER'IsRevokedfromUnauthorized'GRANTEE'(Scored)......................................................................................................................................................................101

4.3.6Ensure'CREATE_PROCEDURE'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................102

4.3.7Ensure'ALTERSYSTEM'IsRevokedfromUnauthorized'GRANTEE'(Scored)......................................................................................................................................................................103

4.3.8Ensure'CREATEANYLIBRARY'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................104

4.3.9Ensure'CREATELIBRARY'IsRevokedfromUnauthorized'GRANTEE'(Scored)......................................................................................................................................................................105

6|P a g e

4.3.10Ensure'GRANTANYOBJECTPRIVILEGE'IsRevokedfromUnauthorized'GRANTEE'(Scored)............................................................................................................................106

4.3.11Ensure'GRANTANYROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................107

4.3.12Ensure'GRANTANYPRIVILEGE'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................108

4.4RevokeRolePrivileges....................................................................................................................109

4.4.1Ensure'DELETE_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................109

4.4.2Ensure'SELECT_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................110

4.4.3Ensure'EXECUTE_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)....................................................................................................................................................111

4.4.4Ensure'DBA'IsRevokedfromUnauthorized'GRANTEE'(Scored)...................112

4.5RevokeExcessiveTableandViewPrivileges........................................................................113

4.5.1Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'AUD$'(Scored)113

4.5.2Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'USER_HISTORY$'(Scored)....................................................................................................................................................114

4.5.3Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'LINK$'(Scored)......................................................................................................................................................................115

4.5.4Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'SYS.USER$'(Scored)....................................................................................................................................................116

4.5.5Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'DBA_%'(Scored)......................................................................................................................................................................117

4.5.6Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'SYS.SCHEDULER$_CREDENTIAL'(Scored).............................................................................118

4.5.7Ensure'SYS.USER$MIG'HasBeenDropped(Scored)...............................................119

4.6Ensure'%ANY%'IsRevokedfromUnauthorized'GRANTEE'(Scored)..............120

4.7Ensure'DBA_SYS_PRIVS.%'IsRevokedfromUnauthorized'GRANTEE'with'ADMIN_OPTION'Setto'YES'(Scored)......................................................................................121

4.8EnsureProxyUsersHaveOnly'CONNECT'Privilege(Scored)................................122

4.9Ensure'EXECUTEANYPROCEDURE'IsRevokedfrom'OUTLN'(Scored)..........123

4.10Ensure'EXECUTEANYPROCEDURE'IsRevokedfrom'DBSNMP'(Scored)...124

7|P a g e

5Audit/LoggingPoliciesandProcedures...........................................................................................125

5.1Enable'USER'AuditOption(Scored)..................................................................................126

5.2Enable'ALTERUSER'AuditOption(Scored)...................................................................128

5.3Enable'DROPUSER'AuditOption(Scored).....................................................................129

5.4Enable'ROLE'AuditOption(Scored)..................................................................................130

5.5Enable'SYSTEMGRANT'AuditOption(Scored)............................................................131

5.6Enable'PROFILE'AuditOption(Scored)...........................................................................132

5.7Enable'ALTERPROFILE'AuditOption(Scored)............................................................133

5.8Enable'DROPPROFILE'AuditOption(Scored)..............................................................134

5.9Enable'DATABASELINK'AuditOption(Scored)...........................................................135

5.10Enable'PUBLICDATABASELINK'AuditOption(Scored).......................................136

5.11Enable'PUBLICSYNONYM'AuditOption(Scored)....................................................137

5.12Enable'SYNONYM'AuditOption(Scored).....................................................................138

5.13Enable'GRANTDIRECTORY'AuditOption(Scored)..................................................139

5.14Enable'SELECTANYDICTIONARY'AuditOption(Scored)....................................140

5.15Enable'GRANTANYOBJECTPRIVILEGE'AuditOption(Scored)........................141

5.16Enable'GRANTANYPRIVILEGE'AuditOption(Scored)..........................................143

5.17Enable'DROPANYPROCEDURE'AuditOption(Scored).........................................144

5.18Enable'ALL'AuditOptionon'SYS.AUD$'(Scored).....................................................145

5.19Enable'PROCEDURE'AuditOption(Scored)................................................................146

5.20Enable'ALTERSYSTEM'AuditOption(Scored)..........................................................147

5.21Enable'TRIGGER'AuditOption(Scored)........................................................................148

5.22Enable'CREATESESSION'AuditOption(Scored).......................................................150

6Appendix:EstablishinganAudit/ScanUser..................................................................................152

Appendix:ChangeHistory..............................................................................................................................159

8|P a g e

OverviewThisdocumentisintendedtoaddresstherecommendedsecuritysettingsforOracleDatabase11gR2.ThisguidewastestedagainstOracleDatabase11gR2(11.2.0.4)runningonaWindowsServer2012R2instanceasastand-alonesystem,andrunningonanOracleLinux6.5instancealsoasastand-alonesystem.FutureOracleDatabase11gR2criticalpatchupdates(CPUs)mayimpacttherecommendationsincludedinthisdocument.

Toobtainthelatestversionofthisguide,pleasevisithttp://benchmarks.cisecurity.org.Ifyouhavequestions,comments,orhaveidentifiedwaystoimprovethisguide,[email protected].

IntendedAudience

Thisbenchmarkisintendedforsystemandapplicationadministrators,securityspecialists,auditors,helpdesk,andplatformdeploymentpersonnelwhoplantodevelop,deploy,assess,orsecuresolutionsthatincorporateOracleDatabase11gR2onOracleLinuxorMicrosoftWindowsServer.

ConsensusGuidance

Thisbenchmarkwascreatedusingaconsensusreviewprocesscomprisedofsubjectmatterexperts.Consensusparticipantsprovideperspectivefromadiversesetofbackgroundsincludingconsulting,softwaredevelopment,auditandcompliance,securityresearch,operations,government,andlegal.

EachCISbenchmarkundergoestwophasesofconsensusreview.Thefirstphaseoccursduringinitialbenchmarkdevelopment.Duringthisphase,subjectmatterexpertsconvenetodiscuss,create,andtestworkingdraftsofthebenchmark.Thisdiscussionoccursuntilconsensushasbeenreachedonbenchmarkrecommendations.Thesecondphasebeginsafterthebenchmarkhasbeenpublished.Duringthisphase,allfeedbackprovidedbytheInternetcommunityisreviewedbytheconsensusteamforincorporationinthebenchmark.Ifyouareinterestedinparticipatingintheconsensusprocess,pleasevisithttps://community.cisecurity.org.

9|P a g e

TypographicalConventions

Thefollowingtypographicalconventionsareusedthroughoutthisguide:

Convention Meaning

Stylized Monospace font Usedforblocksofcode,command,andscriptexamples.Textshouldbeinterpretedexactlyaspresented.

Monospacefont Usedforinlinecode,commands,orexamples.Textshouldbeinterpretedexactlyaspresented.

<italicfontinbrackets> Italictextssetinanglebracketsdenoteavariablerequiringsubstitutionforarealvalue.

Italicfont Usedtodenotethetitleofabook,article,orotherpublication.

Note Additionalinformationorcaveats

ScoringInformation

Ascoringstatusindicateswhethercompliancewiththegivenrecommendationimpactstheassessedtarget'sbenchmarkscore.Thefollowingscoringstatusesareusedinthisbenchmark:

Scored

Failuretocomplywith"Scored"recommendationswilldecreasethefinalbenchmarkscore.Compliancewith"Scored"recommendationswillincreasethefinalbenchmarkscore.

NotScored

Failuretocomplywith"NotScored"recommendationswillnotdecreasethefinalbenchmarkscore.Compliancewith"NotScored"recommendationswillnotincreasethefinalbenchmarkscore.

10|P a g e

ProfileDefinitions

ThefollowingconfigurationprofilesaredefinedbythisBenchmark:

• Level1-RDBMS

ItemsinthisprofileapplytoOracleDatabase11gR2andintendto:

o Bepracticalandprudent;o Provideaclearsecuritybenefit;ando Notinhibittheutilityofthetechnologybeyondacceptablemeans.

• Level1-LinuxHostOS

ItemsinthisprofileapplytoLinuxHostoperatingsystemsandintendto:


• Level1-WindowsServerHostOS

ItemsinthisprofileapplytoWindowsServeroperatingsystemsandintendto:


11|P a g e

Acknowledgements

Thisbenchmarkexemplifiesthegreatthingsacommunityofusers,vendors,andsubjectmatterexpertscanaccomplishthroughconsensuscollaboration.TheCIScommunitythankstheentireconsensusteamwithspecialrecognitiontothefollowingindividualswhocontributedgreatlytothecreationofthisguide:

ContributorArmanRawlsAdamMontvilleAlexeyAristovDeanLackeyJayMehtaSamirSayedScottRotondoThanThiChamTimothyHarrisonEditorAngeloMarcotullio

12|P a g e

Recommendations1OracleDatabaseInstallationandPatchingRequirements

OneofthebestwaystoensuresecureOraclesecurityistoimplementCriticalPatchUpdates(CPUs)astheycomeout,alongwithanyapplicableOSpatchesthatwillnotinterferewithsystemoperations.ItisadditionallyprudenttoremoveOraclesampledatafromproductionenvironments.

1.1EnsuretheAppropriateVersion/PatchesforOracleSoftwareIsInstalled(Scored)

ProfileApplicability:

•Level1-RDBMS

Description:

TheOracleinstallationshouldbesupportedwithsecuritypatchesandthelatestCriticalPatchUpdatesshouldbeappliedquarterly.

Rationale:

AsusingthemostrecentOracledatabasesoftware,alongwithallapplicablepatchescanhelplimitthepossibilitiesforvulnerabilitiesinthesoftware,theinstallationversionand/orpatchesappliedduringsetupshouldbeestablishedaccordingtotheneedsoftheorganization.EnsureyouareusingareleasethatiscoveredbyalevelofsupportthatincludesthegenerationofCriticalPatchUpdates.

Audit:

Toassessthisrecommendation,executethefollowingSQLstatements.

TocheckforasupportedversionofOracleDatabase11gR2:

SELECT PRODUCT, VERSION FROM PRODUCT_COMPONENT_VERSION WHERE PRODUCT LIKE '%Database%' AND VERSION LIKE '11.2.0.4%';

13|P a g e

TocheckforapplicationofquarterlyCriticalPatchUpdates:

SELECT ACTION, VERSION,ID FROM DBA_REGISTRY_HISTORY WHERE TO_DATE(TRIM(TO_CHAR(ID)), 'YYMMDD') > SYSDATE-90 AND ID > 160000;

ArowreturnedbyeachSQLstatementwouldbeapassfortherecommendation.

Remediation:

DownloadandapplythelatestquarterlyCriticalPatchUpdatepatches.

References:

1. http://www.oracle.com/us/support/assurance/fixing-policies/index.html2. http://www.oracle.com/technetwork/topics/security/alerts-086861.html3. http://www.oracle.com/us/support/library/lifetime-support-technology-

069183.pdf4. http://docs.oracle.com/cd/E11882_01/server.112/e40402/statviews_4212.htm#R

EFRN23549

14|P a g e

1.2EnsureAllDefaultPasswordsAreChanged(Scored)


•Level1-RDBMS

Description:

TheOracleinstallationhasaviewcalledDBA_USERS_WITH_DEFPWD,whichkeepsalistofalldatabaseusersmakinguseofdefaultpasswords.

Rationale:

Defaultpasswordsshouldbeconsidered"wellknown"toattackers.Consequently,ifdefaultpasswordsremaininplaceanyattackerwithaccesstothedatabasethenhastheabilitytoauthenticateastheuserwiththatdefaultpassword.Whendefaultpasswordsarealtered,thiscircumstanceismitigated.

Audit:

Toassessthisrecommendation,executethefollowingSQLstatement.

SELECT USERNAME FROM DBA_USERS_WITH_DEFPWD WHERE USERNAME NOT LIKE '%XS$NULL%';

Theassessmentfailsifresultsarereturned.

Remediation:

Toremediatethisrecommendation,youmayperformeitherofthefollowingactions.

• ManuallyissuethefollowingSQLstatementforeachUSERNAMEreturnedintheAuditProcedure:

PASSWORD <username>

15|P a g e

• ExecutethefollowingSQLscripttorandomlyassignpasswords:

begin for r_user in (select username from dba_users_with_defpwd where username not like '%XS$NULL%') loop DBMS_OUTPUT.PUT_LINE('Password for user '||r_user.username||' will be changed.'); execute immediate 'alter user "'||r_user.username||'" identified by "'||DBMS_RANDOM.string('a',16)||'"account lock password expire'; end loop; end; /

References:

1. http://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_user_accounts.htm#TDPSG20000

16|P a g e

1.3EnsureAllSampleDataAndUsersHaveBeenRemoved(Scored)


•Level1-RDBMS

Description:

Oraclesampleschemasarenotneededfortheoperationofthedatabase.Theseinclude,amongothers,informationpertainingtoasampleschemaspertainingtoHumanResources,BusinessIntelligence,OrderEntry,andthelike.Thesesamplescreatesampleusers(BI,HR,OE,PM,IX,SH,SCOTT),inadditiontotablesandfictitiousdata.

Rationale:

Thesampledataistypicallynotrequiredforproductionoperationsofthedatabaseandprovidesuserswithwell-knowndefaultpasswords,particularviews,andprocedures/functions.Suchusers,views,and/orprocedures/functionscouldbeusedtolaunchexploitsagainstproductionenvironments.

Audit:

Toassessthisrecommendation,checkforthepresenceofOraclesampleusersbyexecutingthefollowingSQLstatement.

SELECT USERNAME FROM ALL_USERS WHERE USERNAME IN ('BI','HR','IX','OE','PM','SCOTT','SH');

Remediation:

Toremediatethissetting,itisrecommendedthatyouexecutethefollowingSQLscript.

$ORACLE_HOME/demo/schema/drop_sch.sql

NOTE:Therecyclebin isnotsettoOFF withinthedefaultdropscript,whichmeansthatthedatawillstillbepresentinyourenvironmentuntiltherecyclebin isemptied.

Impact:

TheOraclesampleusernamesmaybeinuseonaproductionbasis.ItisimportantthatyoufirstverifythatBI,HR,IX,OE,PM,SCOTT,and/orSH arenotvalidproductionusernamesbeforeexecutingthedroppingSQLscripts.ThismaybeparticularlytruewiththeHR andBI users.Ifanyoftheseusersarepresent,itisimportanttobecautiousandconfirmtheschemaspresentare,infact,Oraclesampleschemasandnotproductionschemasbeingrelieduponbybusinessoperations.

17|P a g e

References:

1. http://docs.oracle.com/cd/E11882_01/server.112/e10831/toc.htm

2OracleParameterSettings

TheoperationoftheOracledatabaseinstanceisgovernedbynumerousparametersthataresetinspecificconfigurationfilesandareinstance-specificinscope.Asalterationsoftheseparameterscancauseproblemsrangingfromdenial-of-servicetotheftofproprietaryinformation,theseconfigurationsshouldbecarefullyconsideredandmaintained.

Note:

ForallfilesthathaveparametersthatcanbemodifiedwiththeOSand/orSQLcommands/scripts,thesewillbothbelistedwhereappropriate.

18|P a g e

2.1ListenerSettings

SettingsfortheTNSListenerlistener.orafile.

2.1.1Ensure'SECURE_CONTROL_<listener_name>'IsSetIn'listener.ora'(Scored)


•Level1-LinuxHostOS

•Level1-WindowsServerHostOS

Description:

TheSECURE_CONTROL_<listener_name>settingdeterminesthetypeofcontrolconnectiontheOracleserverrequiresforremoteconfigurationofthelistener.

Rationale:

Aslistenerconfigurationchangesviaunencryptedremoteconnectionscanresultinunauthorizeduserssniffingthecontrolconfigurationinformationfromthenetwork,thesecontrolvaluesshouldbesetaccordingtotheneedsoftheorganization.

Audit:

Toauditthisrecommendationfollowthesesteps:

• Openthe $ORACLE_HOME/network/admin/listener.orafile(or%ORACLE_HOME%\network\admin\listener.oraonWindows)

• EnsurethateachdefinedlistenerasanassociatedSECURE_CONTROL_<listener_name>directive.

Forexample:

LISTENER1 = (DESCRIPTION= (ADDRESS=(PROTOCOL=TCP) (HOST=sales-server)(PORT=1521)) (ADDRESS=(PROTOCOL=IPC) (KEY=REGISTER)) (ADDRESS=(PROTOCOL=TCPS) (HOST=sales-server)(PORT=1522))) SECURE_CONTROL_LISTENER1=TCPS

19|P a g e

Remediation:

SettheSECURE_CONTROL_<listener_name>foreachdefinedlistenerinthelistener.orafile,accordingtotheneedsoftheorganization.

References:

1. http://docs.oracle.com/cd/E11882_01/network.112/e10835/listener.htm#NETRF327

20|P a g e

2.1.2Ensure'extproc'IsNotPresentin'listener.ora'(Scored)




Description:

Oracleextprocallowsthedatabasetorunproceduresfromoperatingsystemlibraries.Theselibrarycallscan,inturn,runanyoperatingsystemcommand.

Rationale:

extprocshouldberemovedfromthelistener.oratomitigatetheriskthatOSlibrariescanbeinvokedbytheOracleinstance.

Audit:

ToauditthisrecommendationexecutethefollowingshellcommandsasappropriateforyourUnix/Windowsenvironment.

Unixenvironment:

grep -i extproc $ORACLE_HOME/network/admin/listener.ora

Windowsenvironment:

find /I extproc %ORACLE_HOME%\network\admin\listener.ora

Ensureextprocdoesnotexist.

Remediation:

Removeextprocfromthelistener.orafile.

References:

1. http://docs.oracle.com/cd/E11882_01/network.112/e10836/advcfg.htm#NETAG0132

21|P a g e

2.1.3Ensure'ADMIN_RESTRICTIONS_<listener_name>'IsSetto'ON'(Scored)




Description:

Theadmin_restrictions_<listener_name>settinginthelistener.orafilecanrequirethatanyattemptedreal-timealterationoftheparametersinthelistenerviathesetcommandfileberefusedunlessthelistener.orafileismanuallyalteredthenrestartedbyaprivilegeduser.

Rationale:

Asblockingunprivilegedusersfrommakingalterationsofthelistener.orafile,whereremotedata/servicesarespecified,willhelpprotectdataconfidentiality,thisvalueshouldbesettotheneedsoftheorganization.

Audit:


Unixenvironment:

grep -i admin_restrictions $ORACLE_HOME/network/admin/listener.ora

Windowsenvironment:

find /I admin_restrictions %ORACLE_HOME%|\network\admin\listener.ora

EnsureADMIN_RESTRICTIONS_<listener_name>issettoONforalllisteners.

Remediation:

UseatexteditorsuchasvitosettheADMIN_RESTRICTIONS_<listener_name>tothevalueON.

DefaultValue:

Notset.

22|P a g e

References:


23|P a g e

2.1.4Ensure'SECURE_REGISTER_<listener_name>'IsSetto'TCPS'or'IPC'(Scored)




Description:

TheSECURE_REGISTER_<listener_name>settingspecifiestheprotocolswhichareusedtoconnecttotheTNSlistener.

Rationale:

Aslistenerconfigurationchangesviaunencryptedremoteconnectionscanresultinunauthorizeduserssniffingthecontrolconfigurationinformationfromthenetwork,thesecontrolvaluesshouldbesetaccordingtotheneedsoftheorganization.

Audit:


Unixenvironment:

grep -i SECURE_REGISTER $ORACLE_HOME/network/admin/listener.ora

Windowsenvironment:

find /I SECURE_REGISTER %ORACLE_HOME%\network\admin\listener.ora

EnsureSECURE_REGISTER_<listener_name>issettoTCPS orIPC.

Remediation:

UseatexteditorsuchasvitosettheSECURE_REGISTER_<listener_name>=TCPSorSECURE_REGISTER_<listener_name>=IPCforeachlistenerfoundin$ORACLE_HOME/network/admin/listener.ora.

References:


2. https://support.oracle.com/epmos/faces/ui/km/DocumentDisplay.jspx?id=1453883.1

24|P a g e


4. http://www.joxeankoret.com/download/tnspoison.pdf

25|P a g e

2.2Databasesettings

Thissectiondefinesrecommendationscoveringthegeneralsecurityconfigurationofthedatabaseinstance.Thelistedrecommendationsensureauditingisenabled,listenersareappropriatelyconfined,andauthenticationisappropriatelyconfigured.

NOTE:Theremediationproceduresassumetheuseofaserverparameterfile,whichisoftenapreferredmethodofstoringserverinitializationparameters.

ALTER SYSTEM SET <configuration_item> = <value> SCOPE = SPFILE;

Foryourenvironment,leavingofftheSCOPE = SPFILEdirectiveorsubstitutingthatwithSCOPE = BOTHmightbepreferreddependingontherecommendation.

2.2.1Ensure'AUDIT_SYS_OPERATIONS'IsSetto'TRUE'(Scored)


•Level1-RDBMS

Description:

TheAUDIT_SYS_OPERATIONSsettingprovidesfortheauditingofalluseractivitiesconductedundertheSYSOPERandSYSDBAaccounts.

Rationale:

IftheparameterAUDIT_SYS_OPERATIONSisFALSEallstatementsexceptofStartup/ShutdownandLogonbySYSDBA/SYSOPERusersarenotaudited.

Audit:

ToassessthisrecommendationexecutethefollowingSQLstatement.

SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME) = 'AUDIT_SYS_OPERATIONS';

EnsureVALUE issettoTRUE.

Remediation:

ToremediatethissettingexecutethefollowingSQLstatement.

ALTER SYSTEM SET AUDIT_SYS_OPERATIONS = TRUE SCOPE=SPFILE;

26|P a g e

References:

1. http://docs.oracle.com/cd/E11882_01/server.112/e25513/initparams015.htm#REFRN10005

27|P a g e

2.2.2Ensure'AUDIT_TRAIL'IsSetto'OS','DB','XML','DB,EXTENDED',or'XML,EXTENDED'(Scored)


•Level1-RDBMS

Description:

Theaudit_trail settingdetermineswhetherornotOracle'sbasicauditfeaturesareenabled.Thesecanbesetto"OperatingSystem"(OS),"DB","DB,EXTENDED","XML"or"XML,EXTENDED".

Rationale:

AsenablingthebasicauditingfeaturesfortheOracleinstancepermitsthecollectionofdatatotroubleshootproblems,aswellasprovidingvalueforensiclogsinthecaseofasystembreach,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='AUDIT_TRAIL';

EnsureVALUE issettoOS orDBorDB,EXTENDEDorXMLorXML,EXTENDED.

Remediation:

ToremediatethissettingexecuteoneofthefollowingSQLstatements.

ALTER SYSTEM SET AUDIT_TRAIL = DB SCOPE = SPFILE; ALTER SYSTEM SET AUDIT_TRAIL = DB, EXTENDED SCOPE = SPFILE; ALTER SYSTEM SET AUDIT_TRAIL = OS SCOPE = SPFILE; ALTER SYSTEM SET AUDIT_TRAIL = XML SCOPE = SPFILE; ALTER SYSTEM SET AUDIT_TRAIL = XML, EXTENDED SCOPE = SPFILE;

References:

1. https://docs.oracle.com/cd/E11882_01/server.112/e40402/initparams017.htm#REFRN10006

2. http://www.oracle.com/technetwork/products/audit-vault/learnmore/twp-security-auditperformance-166655.pdf

28|P a g e

2.2.3Ensure'GLOBAL_NAMES'IsSetto'TRUE'(Scored)


•Level1-RDBMS

Description:

Theglobal_names settingrequiresthatthenameofadatabaselinkmatchesthatoftheremotedatabaseitwillconnectto.

Rationale:

Asnotrequiringdatabaseconnectionstomatchthedomainthatisbeingcalledremotelycouldallowunauthorizeddomainsourcestopotentiallyconnectviabrute-forcetactics,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='GLOBAL_NAMES';


Remediation:


ALTER SYSTEM SET GLOBAL_NAMES = TRUE SCOPE = SPFILE;

References:


29|P a g e

2.2.4Ensure'LOCAL_LISTENER'IsSetAppropriately(Scored)


•Level1-RDBMS

Description:

Thelocal_listenersettingspecifiesanetworknamethatresolvestoanaddressoftheOracleTNSlistener.

Rationale:

TheTNSpoisoningattackallowstoredirectTNSnetworktraffictoanothersystembyregisteringalistenertotheTNSlistener.Thisattackcanbeperformedbyunauthorizeduserswithnetworkaccess.ByspecifyingtheIPCprotocolitisnolongerpossibletoregisterlistenersviaTCP/IP.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='LOCAL_LISTENER';

EnsureVALUEissetto(DESCRIPTION=(ADDRESS= (PROTOCOL=IPC)(KEY=REGISTER))).

Remediation:


ALTER SYSTEM SET LOCAL_LISTENER='[description]' SCOPE = BOTH;

Replace[description]withtheappropriatedescriptionfromyourlistener.orafile,wherethatdescriptionsetsthePROTOCOLparametertoIPC.Forexample:

ALTER SYSTEM SET LOCAL_LISTENER='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=REGISTER)))' SCOPE=BOTH;

References:



30|P a g e


4. http://www.joxeankoret.com/download/tnspoison.pdf

31|P a g e

2.2.5Ensure'O7_DICTIONARY_ACCESSIBILITY'IsSetto'FALSE'(Scored)


•Level1-RDBMS

Description:

TheO7_dictionary_accessibility settingisadatabaseinitializationsparameterthatallows/disallowswiththeEXECUTEANYPROCEDUREandSELECTANYDICTIONARYaccesstoobjectsintheSYSschema;thisfunctionalitywascreatedfortheeaseofmigrationfromOracle7databasestolaterversions.

Rationale:

AsleavingtheSYSschemasoopentoconnectioncouldpermitunauthorizedaccesstocriticaldatastructures,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='O7_DICTIONARY_ACCESSIBILITY';

EnsureVALUE issettoFALSE.

Remediation:


ALTER SYSTEM SET O7_DICTIONARY_ACCESSIBILITY=FALSE SCOPE = SPFILE;

References:


32|P a g e

2.2.6Ensure'OS_ROLES'IsSetto'FALSE'(Scored)


•Level1-RDBMS

Description:

Theos_roles settingpermitsexternallycreatedgroupstobeappliedtodatabasemanagement.

Rationale:

AsallowingtheOSuseexternalgroupsfordatabasemanagementcouldcauseprivilegeoverlapsandgenerallyweakensecurity,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='OS_ROLES';


Remediation:


ALTER SYSTEM SET OS_ROLES = FALSE SCOPE = SPFILE;

References:


33|P a g e

2.2.7Ensure'REMOTE_LISTENER'IsEmpty(Scored)


•Level1-RDBMS

Description:

Theremote_listenersettingdetermineswhetherornotavalidlistenercanbeestablishedonasystemseparatefromthedatabaseinstance.

Rationale:

Aspermittingaremotelistenerforconnectionstothedatabaseinstancecanallowforthepotentialspoofingofconnectionsandthatcouldcompromisedataconfidentialityandintegrity,thisvalueshouldbedisabled/restrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='REMOTE_LISTENER';

EnsureVALUE isempty.

Remediation:


ALTER SYSTEM SET REMOTE_LISTENER = '' SCOPE = SPFILE;

References:


34|P a g e

2.2.8Ensure'REMOTE_LOGIN_PASSWORDFILE'IsSetto'NONE'(Scored)


•Level1-RDBMS

Description:

Theremote_login_passwordfile settingspecifieswhetherornotOraclechecksforapasswordfileduringloginandhowmanydatabasescanusethepasswordfile.

Rationale:

Astheuseofthissortofpasswordloginfilecouldpermitunsecured,privilegedconnectionstothedatabase,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='REMOTE_LOGIN_PASSWORDFILE';

EnsureVALUE issettoNONE.

Remediation:


ALTER SYSTEM SET REMOTE_LOGIN_PASSWORDFILE = 'NONE' SCOPE = SPFILE;

References:


2. http://docs.oracle.com/cd/B28359_01/server.111/b28320/initparams198.htm#REFRN10184

35|P a g e

2.2.9Ensure'REMOTE_OS_AUTHENT'IsSetto'FALSE'(Scored)


•Level1-RDBMS

Description:

Theremote_os_authentsettingdetermineswhetherornotOS'roles'withtheattendantprivilegesareallowedforremoteclientconnections.

Rationale:

AspermittingOSrolesfordatabaseconnectionstocanallowthespoofingofconnectionsandpermitgrantingtheprivilegesofanOSroletounauthorizeduserstomakeconnections,thisvalueshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='REMOTE_OS_AUTHENT';


Remediation:


ALTER SYSTEM SET REMOTE_OS_AUTHENT = FALSE SCOPE = SPFILE;

References:


36|P a g e

2.2.10Ensure'REMOTE_OS_ROLES'IsSetto'FALSE'(Scored)


•Level1-RDBMS

Description:

Theremote_os_rolessettingpermitsremoteusers'OSrolestobeappliedtodatabasemanagement.

Rationale:

AsallowingremoteclientsOSrolestohavepermissionsfordatabasemanagementcouldcauseprivilegeoverlapsandgenerallyweakensecurity,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='REMOTE_OS_ROLES';


Remediation:


ALTER SYSTEM SET REMOTE_OS_ROLES = FALSE SCOPE = SPFILE;

References:


37|P a g e

2.2.11Ensure'UTIL_FILE_DIR'IsEmpty(Scored)


•Level1-RDBMS

Description:

Theutl_file_dirsettingallowspackageslikeutl_filetoaccess(read/write/modify/delete)filesspecifiedinutl_file_dir.(Thisisdeprecatedbutusablein11g.)

Rationale:

Asusingtheutl_file_dirtocreatedirectoriesallowsthemanipulationoffilesinthesedirectories.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='UTIL_FILE_DIR';

EnsureVALUE isempty.

Remediation:


ALTER SYSTEM SET UTIL_FILE_DIR = '' SCOPE = SPFILE;

References:


38|P a g e

2.2.12Ensure'SEC_CASE_SENSITIVE_LOGON'IsSetto'TRUE'(Scored)


•Level1-RDBMS

Description:

TheSEC_CASE_SENSITIVE_LOGON informationdetermineswhetherornotcase-sensitivityisrequiredforpasswordsduringlogin.

DuetothesecuritybugCVE-2012-3137itisrecommendedtosetthisparametertoTRUEiftheOctober2012CPU/PSUorlaterwasapplied.

IfthepatchwasnotapplieditisrecommendedtosetthisparametertoFALSEtoavoidthatthevulnerabilitycouldbeabused.

Rationale:

Oracle11gdatabaseswithoutCPUOctober2012patchorlaterarevulnerabletoCVE-2012-3137ifcase-sensitiveSHA-1passwordhashesareused.ToavoidthiskindofattacktheoldDES-hasheshavetobeused.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='SEC_CASE_SENSITIVE_LOGON';


Remediation:


ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE SCOPE = SPFILE;

Impact:

IfSEC_CASE_SENSITIVE_LOGONisFALSE,alluserwithSHA-1hashesonly("select name,password,spare4 from sys.user$ where password is null and spare4 is not

null")arenolongerabletoconnecttothedatabase.InthiscasethepasswordforalluserswithoutDEShashhavetosetagain.

39|P a g e

References:


2. https://support.oracle.com/epmos/faces/DocumentDisplay?id=1492721.13. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3137

40|P a g e

2.2.13Ensure'SEC_MAX_FAILED_LOGIN_ATTEMPTS'IsSetto'10'(Scored)


•Level1-RDBMS

Description:

TheSEC_MAX_FAILED_LOGIN_ATTEMPTS parameterdetermineshowmanyfailedloginattemptsareallowedbeforeOracleclosestheloginconnection.

Rationale:

Asallowinganunlimitednumberofloginattemptsforauserconnectioncanfacilitatebothbrute-forceloginattacksandtheoccurrenceofDenial-of-Service,thisvalue(10)shouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='SEC_MAX_FAILED_LOGIN_ATTEMPTS';

EnsureVALUE issetto10.

Remediation:


ALTER SYSTEM SET SEC_MAX_FAILED_LOGIN_ATTEMPTS = 10 SCOPE = SPFILE;

References:


41|P a g e

2.2.14Ensure'SEC_PROTOCOL_ERROR_FURTHER_ACTION'IsSetto'DELAY,3'or'DROP,3'(Scored)


•Level1-RDBMS

Description:

TheSEC_PROTOCOL_ERROR_FURTHER_ACTION settingdeterminestheOracle'sserver'sresponsetobad/malformedpacketsreceivedfromtheclient.

Rationale:

Asbadpacketsreceivedfromtheclientcanpotentiallyindicatepacket-basedattacksonthesystem,suchas"TCPSYNFlood"or"Smurf"attacks,whichcouldresultinaDenial-of-Servicecondition,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='SEC_PROTOCOL_ERROR_FURTHER_ACTION';

EnsureVALUE issettoDELAY,3orDROP,3.

Remediation:

ToremediatethissettingexecuteoneofthefollowingSQLstatements.

ALTER SYSTEM SET SEC_PROTOCOL_ERROR_FURTHER_ACTION = 'DELAY,3' SCOPE = SPFILE; ALTER SYSTEM SET SEC_PROTOCOL_ERROR_FURTHER_ACTION = 'DROP,3' SCOPE = SPFILE;

References:


42|P a g e

2.2.15Ensure'SEC_PROTOCOL_ERROR_TRACE_ACTION'IsSetto'LOG'(Scored)


•Level1-RDBMS

Description:

TheSEC_PROTOCOL_ERROR_TRACE_ACTION settingdeterminestheOracle'sserver'sloggingresponseleveltobad/malformedpacketsreceivedfromtheclient,bygeneratingALERT,LOG,orTRACE levelsofdetailinthelogfiles.

Rationale:

Asbadpacketsreceivedfromtheclientcanpotentiallyindicatepacket-basedattacksonthesystem,suchas"TCPSYNFlood"or"Smurf"attacks,whichcouldresultinaDenial-of-Servicecondition,thisdiagnostic/loggingvalueforALERT,LOG,orTRACE conditionsshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='SEC_PROTOCOL_ERROR_TRACE_ACTION';

EnsureVALUE issettoLOG.

Remediation:


ALTER SYSTEM SET SEC_PROTOCOL_ERROR_TRACE_ACTION=LOG SCOPE = SPFILE;

References:

1. http://docs.oracle.com/cd/B28359_01/server.111/b28320/initparams214.htm

43|P a g e

2.2.16Ensure'SEC_RETURN_SERVER_RELEASE_BANNER'IsSetto'FALSE'(Scored)


•Level1-RDBMS

Description:

Theinformationaboutpatch/updatereleasenumberprovidesinformationabouttheexactpatch/updatereleasethatiscurrentlyrunningonthedatabase.

Rationale:

Asallowingthedatabasetoreturninformationaboutthepatch/updatereleasenumbercouldfacilitateunauthorizedusers'attemptstogainaccessbaseduponknownpatchweaknesses,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='SEC_RETURN_SERVER_RELEASE_BANNER';

EnsureVALUEissettoFALSE.

Remediation:


ALTER SYSTEM SET SEC_RETURN_SERVER_RELEASE_BANNER = FALSE SCOPE = SPFILE;

References:


44|P a g e

2.2.17Ensure'SQL92_SECURITY'IsSetto'TRUE'(Scored)


•Level1-RDBMS

Description:

Thesql92_securityparametersettingTRUErequiresausertohaveSELECTprivilegeonacolumninordertoreferenceitintheWHEREclauseofaDELETEorUPDATEstatementorontherighthandsideofaSETclauseinanUPDATEstatement.

Rationale:

AuserwithoutSELECTprivilegecanstillinferthevaluestoredinacolumnbyreferringtothatcolumninaDELETEorUPDATEstatement.ThissettingpreventsinadvertentinformationdisclosurebyensuringthatonlyuserswhoalreadyhaveSELECTprivilegecanexecutethestatementsthatwouldallowthemtoinferthestoredvalues.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='SQL92_SECURITY';


Remediation:


ALTER SYSTEM SET SQL92_SECURITY = TRUE SCOPE = SPFILE;

References:


45|P a g e

2.2.18Ensure'_TRACE_FILES_PUBLIC'IsSetto'FALSE'(Scored)


•Level1-RDBMS

Description:

The_trace_files_publicsettingdetermineswhetherornotthesystem'stracefileisworldreadable.

Rationale:

Aspermittingthereadpermissiontootheranyonecanreadtheinstance'stracefilesfilewhichcouldcontainsensitiveinformationaboutinstanceoperations,thisvalueshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT VALUE FROM V$PARAMETER WHERE NAME='_trace_files_public';

AVALUE equaltoFALSE orlackofresultsimpliescompliance.

Remediation:


ALTER SYSTEM SET "_trace_files_public" = FALSE SCOPE = SPFILE;

References:

1. http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:4295521746131

46|P a g e

2.2.19Ensure'RESOURCE_LIMIT'IsSetto'TRUE'(Scored)


•Level1-RDBMS

Description:

RESOURCE_LIMITdetermineswhetherresourcelimitsareenforcedindatabaseprofiles

Rationale:

Ifresource_limitissettoFALSE,noneofthesystemresourcelimitsthataresetinanydatabaseprofilesareenforced.Ifresource_limitissettoTRUE,thenthelimitssetindatabaseprofilesareenforced.

Audit:


SELECT UPPER(VALUE) FROM V$PARAMETER WHERE UPPER(NAME)='RESOURCE_LIMIT';


Remediation:


ALTER SYSTEM SET RESOURCE_LIMIT = TRUE SCOPE = SPFILE;

DefaultValue:

FALSE

References:


47|P a g e

3OracleConnectionandLoginRestrictions

TherestrictionsonClient/UserconnectionstotheOracledatabasehelpblockunauthorizedaccesstodataandservicesbysettingaccessrules.Thesesecuritymeasureshelptoensurethatsuccessfulloginscannotbeeasilymadethroughbrute-forcepasswordattacksorintuitedbycleversocialengineeringexploits.SettingsaregenerallyrecommendedtobeappliedtoalldefinedprofilesratherthanbyusingonlytheDEFAULTprofile.Allvaluesassignedbelowaretherecommendedminimumsormaximums;higher,morerestrictivevaluescanbeappliedatthediscretionoftheorganizationbycreatingaseparateprofiletoassigntoadifferentusergroup.

3.1Ensure'FAILED_LOGIN_ATTEMPTS'IsLessthanorEqualto'5'(Scored)


•Level1-RDBMS

Description:

Thefailed_login_attemptssettingdetermineshowmanyfailedloginattemptsarepermittedbeforethesystemlockstheuser'saccount.Whiledifferentprofilescanhavedifferentandmorerestrictivesettings,suchasUSERSandAPPS,theminimum(s)recommendedhereshouldbesetontheDEFAULTprofile.

Rationale:

Asrepeatedfailedloginattemptscanindicatetheinitiationofabrute-forceloginattack,thisvalueshouldbesetaccordingtotheneedsoftheorganization(seewarningbelowonaknownbugthatcanmakethissecuritymeasurebackfire).

Audit:


SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE RESOURCE_NAME='FAILED_LOGIN_ATTEMPTS' AND ( LIMIT = 'DEFAULT' OR LIMIT = 'UNLIMITED' OR LIMIT > 5 );

Lackofresultsimpliescompliance.

48|P a g e

Remediation:

RemediatethissettingbyexecutingthefollowingSQLstatement.

ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 5;

49|P a g e

3.2Ensure'PASSWORD_LOCK_TIME'IsGreaterthanorEqualto'1'(Scored)


•Level1-RDBMS

Description:

ThePASSWORD_LOCK_TIME settingdetermineshowmanydaysmustpassfortheuser'saccounttobeunlockedafterthesetnumberoffailedloginattemptshasoccurred.

Rationale:

Aslockingtheuseraccountafterrepeatedfailedloginattemptscanblockfurtherbrute-forceloginattacks,butcancreateadministrativeheadachesasthisaccountunlockingprocessalwaysrequiresDBAintervention,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE RESOURCE_NAME='PASSWORD_LOCK_TIME' AND ( LIMIT = 'DEFAULT' OR LIMIT = 'UNLIMITED' OR LIMIT < 1 );


Remediation:


ALTER PROFILE DEFAULT LIMIT PASSWORD_LOCK_TIME 1;

50|P a g e

3.3Ensure'PASSWORD_LIFE_TIME'IsLessthanorEqualto'90'(Scored)


•Level1-RDBMS

Description:

Thepassword_life_timesettingdetermineshowlongapasswordmaybeusedbeforetheuserisrequiredtobechangeit.

Rationale:

Asallowingpasswordstoremainunchangedforlongperiodsmakesthesuccessofbrute-forceloginattacksmorelikely,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE RESOURCE_NAME='PASSWORD_LIFE_TIME' AND ( LIMIT = 'DEFAULT' OR LIMIT = 'UNLIMITED' OR LIMIT > 90 );


Remediation:


ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 90;

51|P a g e

3.4Ensure'PASSWORD_REUSE_MAX'IsGreaterthanorEqualto'20'(Scored)


•Level1-RDBMS

Description:

Thepassword_reuse_max settingdetermineshowmanydifferentpasswordsmustbeusedbeforetheuserisallowedtoreuseapriorpassword.

Rationale:

Asallowingreuseofapasswordwithinashortperiodoftimeafterthepassword'sinitialusecanmakethesuccessofbothsocial-engineeringandbrute-forcepassword-basedattacksmorelikely,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE RESOURCE_NAME='PASSWORD_REUSE_MAX' AND ( LIMIT = 'DEFAULT' OR LIMIT = 'UNLIMITED' OR LIMIT < 20 );


Remediation:


ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_MAX 20;

52|P a g e

3.5Ensure'PASSWORD_REUSE_TIME'IsGreaterthanorEqualto'365'(Scored)


•Level1-RDBMS

Description:

Thepassword_reuse_time settingdeterminestheamountoftimeindaysthatmustpassbeforethesamepasswordmaybereused.

Rationale:

Asreusingthesamepasswordafteronlyashortperiodoftimehaspassedmakesthesuccessofbrute-forceloginattacksmorelikely,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE RESOURCE_NAME='PASSWORD_REUSE_TIME' AND ( LIMIT = 'DEFAULT' OR LIMIT = 'UNLIMITED' OR LIMIT < 365 );


Remediation:


ALTER PROFILE DEFAULT LIMIT PASSWORD_REUSE_TIME 365;

53|P a g e

3.6Ensure'PASSWORD_GRACE_TIME'IsLessthanorEqualto'5'(Scored)


•Level1-RDBMS

Description:

Thepassword_grace_time settingdetermineshowmanydayscanpassaftertheuser'spasswordexpiresbeforetheuser'slogincapabilityisautomaticallylockedout.

Rationale:

Aslockingtheuseraccountaftertheexpirationofthepasswordchangerequirement'sgraceperiodcanhelppreventpassword-basedattackagainstaforgottenordisusedaccounts,whilestillallowingtheaccountanditsinformationtobeaccessiblebyDBAintervention,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE RESOURCE_NAME='PASSWORD_GRACE_TIME' AND ( LIMIT = 'DEFAULT' OR LIMIT = 'UNLIMITED' OR LIMIT > 5 );


Remediation:


ALTER PROFILE DEFAULT LIMIT PASSWORD_GRACE_TIME 5;

54|P a g e

3.7Ensure'DBA_USERS.PASSWORD'IsNotSetto'EXTERNAL'forAnyUser(Scored)


•Level1-RDBMS

Description:

Thepassword='EXTERNAL' settingdetermineswhetherornotausercanbeauthenticatedbyaremoteOStoallowaccesstothedatabasewithfullauthorization.

Rationale:

AsallowingremoteOSauthenticationofausertothedatabasecanpotentiallyallowsupposed"privilegedusers"toconnectas"authenticated,"evenwhentheremotesystemiscompromised,theseloginsshouldbedisabled/restrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT USERNAME FROM DBA_USERS WHERE PASSWORD='EXTERNAL';


Remediation:


ALTER USER <username> IDENTIFIED BY <password>;

55|P a g e

3.8Ensure'PASSWORD_VERIFY_FUNCTION'IsSetforAllProfiles(Scored)


•Level1-RDBMS

Description:

Thepassword_verify_function determinespasswordsettingsrequirementswhenauserpasswordischangedattheSQLcommandprompt.ThissettingdoesnotapplyforusersmanagedbytheOraclepasswordfile.

Rationale:

Asrequiringuserstoapplythe11gr2securityfeaturesinpasswordcreation,suchasforcingmixed-casecomplexity,theblockingofsimplecombinations,andchange/historysettingscanpotentiallythwartloginsbyunauthorizedusers,thisfunctionshouldbeapplied/enabledaccordingtotheneedsoftheorganization.

Audit:


SELECT PROFILE, RESOURCE_NAME FROM DBA_PROFILES WHERE RESOURCE_NAME='PASSWORD_VERIFY_FUNCTION' AND (LIMIT = 'DEFAULT' OR LIMIT = 'NULL');


Remediation:

Createacustompasswordverificationfunctionwhichfulfillsthepasswordrequirementsoftheorganization.FromOracledocumentation:OracleDatabaseprovidesasamplepasswordverificationfunctioninthePL/SQLscriptUTLPWDMG.SQL(locatedinORACLE_BASE/ORACLE_HOME/RDBMS/ADMIN)that,whenenabled,checkswhetherusersarecorrectlycreatingormodifyingtheirpasswords.TheUTLPWDMG.SQLscriptprovidestwopasswordverificationfunctions:oneforpreviousreleasesofOracleDatabaseandanupdatedversionforOracleDatabaseRelease11g.http://docs.oracle.com/cd/E25054_01/network.1111/e16543/authentication.htm

56|P a g e

3.9Ensure'SESSIONS_PER_USER'IsLessthanorEqualto'10'(Scored)


•Level1-RDBMS

Description:

TheSESSIONS_PER_USER (Numberofsessionsallowed)determinesthemaximumnumberofusersessionsthatareallowedtobeopenconcurrently.

Rationale:

AslimitingthenumberoftheSESSIONS_PER_USER canhelppreventmemoryresourceexhaustionbypoorlyformedrequestsorintentionalDenial-of-Serviceattacks,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE RESOURCE_NAME='SESSIONS_PER_USER' AND ( LIMIT = 'DEFAULT' OR LIMIT = 'UNLIMITED' OR LIMIT > 10 );


Remediation:


ALTER PROFILE DEFAULT LIMIT SESSIONS_PER_USER 10;

57|P a g e

3.10EnsureNoUsersAreAssignedthe'DEFAULT'Profile(Scored)


•Level1-RDBMS

Description:

UponcreationdatabaseusersareassignedtotheDEFAULTprofileunlessotherwisespecified.

Rationale:

Itisrecommendedthatusersbecreatedwithfunction-appropriateprofiles.TheDEFAULTprofile,beingdefinedbyOracle,issubjecttochangeatanytime(e.g.bypatchorversionupdate).TheDEFAULTprofilehasunlimitedsettingsthatareoftenrequiredbytheSYSuserwhenpatching;suchunlimitedsettingsshouldbetightlyreservedandnotappliedtounnecessaryusers.

Audit:


SELECT USERNAME FROM DBA_USERS WHERE PROFILE='DEFAULT' AND ACCOUNT_STATUS='OPEN' AND USERNAME NOT IN ('ANONYMOUS', 'CTXSYS', 'DBSNMP', 'EXFSYS', 'LBACSYS', 'MDSYS', 'MGMT_VIEW','OLAPSYS','OWBSYS', 'ORDPLUGINS', 'ORDSYS', 'OUTLN', 'SI_INFORMTN_SCHEMA','SYS', 'SYSMAN', 'SYSTEM', 'TSMSYS', 'WK_TEST', 'WKSYS', 'WKPROXY', 'WMSYS', 'XDB', 'CISSCAN');


Remediation:

ToremediatethisrecommendationexecutethefollowingSQLstatementforeachuserreturnedbytheauditqueryusingafunctional-appropriateprofile.

ALTER USER <username> PROFILE <appropriate_profile>

58|P a g e

4OracleUserAccessandAuthorizationRestrictions

Thecapabilitytousedatabaseresourcesatagivenlevel,oruserauthorizationrules,allowsforusermanipulationofthevariouspartsoftheOracledatabase.Theseauthorizationsmustbestructuredtoblockunauthorizeduseand/orcorruptionofvitaldataandservicesbysettingrestrictionsonusercapabilities,particularlythoseoftheuserPUBLIC.Suchsecuritymeasureshelptoensurethatsuccessfulloginscannotbeeasilyredirected.IMPORTANT:UsecautionwhenrevokingprivilegesfromPUBLIC.Oracleandthird-partyproductsexplicitlyrequiredefaultgrantstoPUBLICforcommonlyusedfunctions,objects,andinviewdefinitions.AfterrevokinganyprivilegefromPUBLIC,verifythatapplicationskeeprunningproperly.AfterrevokingprivilegesfromPUBLIC,recompileinvaliddatabaseobjects.Specificgrantstousersandrolesmaybeneededtomakeallobjectsvalid.PleaseseethefollowingOraclesupportdocumentwhichprovidesfurtherinformationandSQLstatementsthatcanbeusedtodeterminedependenciesthatrequireexplicitgrants.BeCautiousWhenRevokingPrivilegesGrantedtoPUBLIC(DocID247093.1)AlwaystestdatabasechangesinDevelopmentandTestenvironmentsbeforemakingchangestoProductiondatabases.

59|P a g e

4.1DefaultPublicPrivilegesforPackagesandObjectTypes

Revokedefaultpublicexecuteprivilegesfrompowerfulpackagesandobjecttypes.

4.1.1Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_ADVISOR'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_ADVISORpackagecanbeusedtowritefileslocatedontheserverwheretheOracleinstanceisinstalled.

Rationale:

AsuseoftheDBMS_ADVISORpackagecouldallowanunauthorizedusertocorruptoperatingsystemfilesontheinstance'shost,useofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_ADVISOR';


Remediation:


REVOKE EXECUTE ON DBMS_ADVISOR FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_advis.htm

60|P a g e

4.1.2Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_CRYPTO'(Scored)


•Level1-RDBMS

Description:

TheDBMS_CRYPTOsettingsprovideatoolsetthatdeterminesthestrengthoftheencryptionalgorithmusedtoencryptapplicationdataandispartoftheSYSschema.TheDES(56-bitkey),3DES(168-bitkey),3DES-2KEY(112-bitkey),AES(128/192/256-bitkeys),andRC4areavailable.

Rationale:

AsexecutionofthesecryptographyproceduresbytheuserPUBLICcanpotentiallyendangerportionsoforallofthedatastorage,thisvalueshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND TABLE_NAME='DBMS_CRYPTO';


Remediation:


REVOKE EXECUTE ON DBMS_CRYPTO FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_crypto.htm#ARPLS664

61|P a g e

4.1.3Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JAVA'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_JAVApackagecanrunJavaclasses(e.g.OScommands)orgrantJavaprivileges.

Rationale:

The DBMS_JAVApackagecouldallowanattackertorunoperatingsystemcommandsfromthedatabase.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_JAVA';


Remediation:


REVOKE EXECUTE ON DBMS_JAVA FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/java.112/e10588/appendixa.htm#JJDEV13000

62|P a g e

4.1.4Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JAVA_TEST'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_JAVA_TESTpackagecanrunJavaclasses(e.g.OScommands)orgrantJavaprivileges.

Rationale:

TheDBMS_JAVA_TESTpackagecouldallowanattackertorunoperatingsystemcommandsfromthedatabase.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_JAVA_TEST'


Remediation:


REVOKE EXECUTE ON DBMS_JAVA_TEST FROM PUBLIC;

References:

1. http://www.databasesecurity.com/HackingAurora.pdf

63|P a g e

4.1.5Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JOB'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_JOBpackageschedulesandmanagesthejobssenttothejobqueueandhasbeensupersededbytheDBMS_SCHEDULERpackage,eventhoughDBMS_JOBhasbeenretainedforbackwardscompatibility.

Rationale:

AsuseoftheDBMS_JOBpackagecouldallowanunauthorizedusertodisableoroverloadthejobqueueandhasbeensupersededbytheDBMS_SCHEDULERpackage,thispackageshouldbedisabledorrestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_JOB';


Remediation:


REVOKE EXECUTE ON DBMS_JOB FROM PUBLIC;

Impact:

UsecautionwhenrevokingprivilegesfromPUBLIC.AfterrevokingprivilegesfromPUBLIC,recompileanyinvaliddatabaseobjects.Specificgrantstousersandrolesmaybeneededtomakeobjectsvalid.SeeIMPORTANTinformationatthestartofthissectionformoredetails.

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_job.htm

64|P a g e

4.1.6Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_LDAP'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_LDAPpackagecontainsfunctionsandproceduresthatenableprogrammerstoaccessdatafromLDAPservers.

Rationale:

AsuseoftheDBMS_LDAPpackagecanbeusedtocreatespeciallycraftederrormessagesorsendinformationviaDNStotheoutside.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_LDAP';


Remediation:


REVOKE EXECUTE ON DBMS_LDAP FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E23943_01/oid.1111/e10186/dbmsldap_ref.htm#OIMAD009

65|P a g e

4.1.7Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_LOB'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_LOBpackageprovidessubprogramsthatcanmanipulateandread/writeonBLOBs,CLOBs,NCLOBs,BFILEs,andtemporaryLOBs.

Rationale:

AsuseoftheDBMS_LOBpackagecouldallowanunauthorizedusertomanipulateBLOBs,CLOBs,NCLOBs,BFILEs,andtemporaryLOBsontheinstance,eitherdestroyingdataorcausingaDenial-of-Serviceconditionduetocorruptionofdiskspace,useofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_LOB';


Remediation:


REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC;

Impact:


66|P a g e

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_lob.htm

67|P a g e

4.1.8Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_OBFUSCATION_TOOLKIT'(Scored)


•Level1-RDBMS

Description:

TheDBMS_OBFUSCATION_TOOLKITsettingsprovideoneofthetoolsthatdeterminethestrengthoftheencryptionalgorithmusedtoencryptapplicationdataandispartoftheSYSschema.TheDES(56-bitkey)and3DES(168-bitkey)aretheonlytwotypesavailable.

Rationale:

AsallowingthePUBLICuserprivilegestoaccessthiscapabilitycanbepotentiallyharmthedatastorage,thisaccessshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_OBFUSCATION_TOOLKIT';


Remediation:


REVOKE EXECUTE ON DBMS_OBFUSCATION_TOOLKIT FROM PUBLIC;

Impact:


68|P a g e

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_obtool.htm#ARPLS028

69|P a g e

4.1.9Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_RANDOM'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_RANDOMpackageisusedforgeneratingrandomnumbersbutshouldnotbeusedforcryptographicpurposes.

Rationale:

AsassignmentofuseoftheDBMS_RANDOMpackagecanallowtheunauthorizedapplicationoftherandomnumber-generatingfunction,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_RANDOM';


Remediation:


REVOKE EXECUTE ON DBMS_RANDOM FROM PUBLIC;

Impact:


References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_random.htm

70|P a g e

4.1.10Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_SCHEDULER'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_SCHEDULERpackageschedulesandmanagesthedatabaseandoperatingsystemjobs.

Rationale:

AsuseoftheDBMS_SCHEDULERpackagecouldallowanunauthorizedusertorundatabaseoroperatingsystemjobs.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_SCHEDULER';


Remediation:


REVOKE EXECUTE ON DBMS_SCHEDULER FROM PUBLIC;

Impact:


References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_sched.htm

71|P a g e

4.1.11Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_SQL'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_SQLpackageisusedforrunningdynamicSQLstatements.

Rationale:

TheDBMS_SQLpackagecouldallowprivilegeescalationiftheinputvalidationisnotdoneproperly.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_SQL';


Remediation:


REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC;

Impact:


References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_sql.htm

72|P a g e

4.1.12Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_XMLGEN'(Scored)


•Level1-RDBMS

Description:

TheDBMS_XMLGENpackagetakesanarbitrarySQLqueryasinput,convertsittoXMLformat,andreturnstheresultasaCLOB.

Rationale:

ThepackageDBMS_XMLGEN canbeusedtosearchtheentiredatabaseforcriticalinformationlikecreditcardnumbers,andothersensitiveinformation.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_XMLGEN';


Remediation:


REVOKE EXECUTE ON DBMS_XMLGEN FROM PUBLIC;

Impact:


References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_xmlgen.htm2. http://www.red-database-security.com/wp/confidence2009.pdf

73|P a g e

4.1.13Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_XMLQUERY'(Scored)


•Level1-RDBMS

Description:

TheOraclepackageDBMS_XMLQUERYtakesanarbitrarySQLquery,convertsittoXMLformat,andreturnstheresult.ThispackageissimilartoDBMS_XMLGEN.

Rationale:

ThepackageDBMS_XMLQUERYcanbeusedtosearchtheentiredatabaseforcriticalinformationlikecreditcardnumbersandothersensitiveinformation.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_XMLQUERY';


Remediation:


REVOKE EXECUTE ON DBMS_XMLQUERY FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_xmlque.htm

74|P a g e

4.1.14Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_FILE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_FILEpackagecanbeusedtoread/writefileslocatedontheserverwheretheOracleinstanceisinstalled.

Rationale:

AsuseoftheUTL_FILEpackagecouldallowausertoreadfilesattheoperatingsystem.Thesefilescouldcontainsensitiveinformation(e.g.passwordsin.bash_history).

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_FILE';


Remediation:


REVOKE EXECUTE ON UTL_FILE FROM PUBLIC;

Impact:


References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/u_file.htm#ARPLS70896

75|P a g e

4.1.15Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_INADDR'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_INADDRpackagecanbeusedtocreatespeciallycraftederrormessagesorsendinformationviaDNStotheoutside.

Rationale:

AsuseoftheUTL_INADDRpackageisoftenusedinSQLInjectionattacksfromthewebitshouldberevokedfrompublic.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_INADDR';


Remediation:


REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/u_inaddr.htm

76|P a g e

4.1.16Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_TCP'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_TCPpackagecanbeusedtoread/writefiletoTCPsocketsontheserverwheretheOracleinstanceisinstalled.

Rationale:

AsuseoftheUTL_TCPpackagecouldallowanunauthorizedusertocorrupttheTCPstreamusedforcarrytheprotocolsthatcommunicatewiththeinstance'sexternalcommunications,useofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_TCP';


Remediation:


REVOKE EXECUTE ON UTL_TCP FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/u_tcp.htm#ARPLS71533

77|P a g e

4.1.17Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_MAIL'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_MAILpackagecanbeusedtosendemailfromtheserverwheretheOracleinstanceisinstalled.

Rationale:

AsuseoftheUTL_MAILpackagecouldallowanunauthorizedusertocorrupttheSMTPfunctiontoacceptorgeneratejunkmailthatcanresultinaDenial-of-Serviceconditionduetonetworksaturation,useofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_MAIL';


Remediation:


REVOKE EXECUTE ON UTL_MAIL FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/u_mail.htm

78|P a g e

4.1.18Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_SMTP'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_SMTPpackagecanbeusedtosendemailfromtheserverwheretheOracleinstanceisinstalled.

Rationale:

AsuseoftheUTL_SMTPpackagecouldallowanunauthorizedusertocorrupttheSMTPfunctiontoacceptorgeneratejunkmailthatcanresultinaDenial-of-Serviceconditionduetonetworksaturation,useofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_SMTP';


Remediation:


REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/u_smtp.htm

79|P a g e

4.1.19Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_DBWS'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_DBWSpackagecanbeusedtoread/writefiletoweb-basedapplicationsontheserverwheretheOracleinstanceisinstalled.

Rationale:

AsuseoftheUTL_DBWSpackagecouldallowanunauthorizedusertocorrupttheHTTPstreamusedforcarrytheprotocolsthatcommunicatewiththeinstance'sweb-basedexternalcommunications,useofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_DBWS';


Remediation:


REVOKE EXECUTE ON UTL_DBWS FROM 'PUBLIC';

References:

1. http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/u_dbws.htm

80|P a g e

4.1.20Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_ORAMTS'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_ORAMTSpackagecanbeusedtoperformHTTP-requests.Thiscouldbeusedtosendinformationtotheoutside.

Rationale:

AsuseoftheUTL_ORAMTSpackagecouldbeusedtosend(sensitive)informationtoexternalwebsites.Theuseofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_ORAMTS';


Remediation:


REVOKE EXECUTE ON UTL_ORAMTS FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/win.112/e26104/recovery.htm#NTMTS139

81|P a g e

4.1.21Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_HTTP'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseUTL_HTTPpackagecanbeusedtoperformHTTP-requests.Thiscouldbeusedtosendinformationtotheoutside.

Rationale:

AsuseoftheUTL_HTTPpackagecouldbeusedtosend(sensitive)informationtoexternalwebsites.Theuseofthispackageshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='UTL_HTTP';


Remediation:


REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC;

Impact:


References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/u_http.htm

82|P a g e

4.1.22Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'HTTPURITYPE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseHTTPURITYPEobjecttypecanbeusedtoperformHTTP-requests.

Rationale:

TheabilitytoperformHTTPrequestscouldbeusedtoleakinformationfromthedatabasetoanexternaldestination.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='HTTPURITYPE';


Remediation:


REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/t_dburi.htm#ARPLS71705

83|P a g e

4.2RevokeNon-DefaultPrivilegesforPackagesandObjectTypes

Therecommendationswithinthissectionrevokeexcessiveprivilegesforpackagesandobjecttypes.

4.2.1Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_SYS_SQL'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_SYS_SQLpackageisshippedasundocumented.

Rationale:

AsuseoftheDBMS_SYS_SQLpackagecouldallowausertoruncodeasadifferentuserwithoutenteringusercredentials.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_SYS_SQL';


Remediation:


REVOKE EXECUTE ON DBMS_SYS_SQL FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/network.112/e16543/guidelines.htm#DBSEG499

2. http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1325202421535

84|P a g e

4.2.2Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_BACKUP_RESTORE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_BACKUP_RESTOREpackageisusedforapplyingPL/SQLcommandstothenativeRMANsequences.

Rationale:

AsassignmentofuseoftheDBMS_BACKUP_RESTOREpackagecanallowtoaccessfilepermissionsonoperatingsystemlevel.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_BACKUP_RESTORE';


Remediation:


REVOKE EXECUTE ON DBMS_BACKUP_RESTORE FROM PUBLIC;

References:

1. http://psoug.org/reference/dbms_backup_restore.html2. http://davidalejomarcos.wordpress.com/2011/09/13/how-to-list-files-on-a-

directory-from-oracle-database/

85|P a g e

4.2.3Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_AQADM_SYSCALLS'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_AQADM_SYSCALLSpackageisshippedasundocumentedandallowstorunSQLcommandsasuserSYS.

Rationale:

AsuseoftheDBMS_AQADM_SYSCALLSpackagecouldallowanunauthorizedusertorunSQLcommandsasuserSYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_AQADM_SYSCALLS';


Remediation:


REVOKE EXECUTE ON DBMS_AQADM_SYSCALLS FROM PUBLIC;

References:

1. http://www.databasesecurity.com/dbsec/ohh-indirect-privilege-escalation.pdf

86|P a g e

4.2.4Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_REPCAT_SQL_UTL'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_REPCAT_SQL_UTLpackageisshippedasundocumentedandallowstorunSQLcommandsasuserSYS.

Rationale:

As use of the DBMS_REPCAT_SQL_UTL package could allow an unauthorized user to run SQL commands as user SYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_REPCAT_SQL_UTL';


Remediation:


revoke execute on DBMS_REPCAT_SQL_UTL FROM PUBLIC;

References:


87|P a g e

4.2.5Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'INITJVMAUX'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseINITJVMAUXpackageisshippedasundocumentedandallowstorunSQLcommandsasuserSYS.

Rationale:

As use of the INITJVMAUX package could allow an unauthorized user to run SQL commands as user SYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='INITJVMAUX';


Remediation:


REVOKE EXECUTE ON INITJVMAUX FROM PUBLIC;

References:


88|P a g e

4.2.6Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_STREAMS_ADM_UTL'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_STREAMS_ADM_UTLpackageisshippedasundocumentedandallowstorunSQLcommandsasuserSYS.

Rationale:

As use of the DBMS_STREAMS_ADM_UTL package could allow an unauthorized user to run SQL commands as user SYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_STREAMS_ADM_UTL';


Remediation:


REVOKE EXECUTE ON DBMS_STREAMS_ADM_UTL FROM PUBLIC;

References:


89|P a g e

4.2.7Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_AQADM_SYS'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_AQADM_SYSpackageisshippedasundocumentedandallowstorunSQLcommandsasuserSYS.

Rationale:

As use of the DBMS_AQADM_SYS package could allow an unauthorized user to run SQL commands as user SYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_AQADM_SYS';


Remediation:


REVOKE EXECUTE ON DBMS_AQADM_SYS FROM PUBLIC;

References:

1. http://www.google.de/#hl=de&safe=off&sclient=psy-ab&q=DBMS_STREAMS_ADM_UTL&oq=DBMS_STREAMS_ADM_UTL&gs_l=serp.3..0i10i30.38260.38260.0.38463.1.1.0.0.0.0.105.105.0j1.1.0...0.0...1c.2.1-46wqcQeow&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&fp=2569366ac9a6532d&bpc

90|P a g e

4.2.8Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_STREAMS_RPC'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_STREAMS_RPCpackageisshippedasundocumentedandallowstorunSQLcommandsasuserSYS.

Rationale:

As use of the DBMS_STREAMS_RPC package could allow an unauthorized user to run SQL commands as user SYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_STREAMS_RPC';


Remediation:


REVOKE EXECUTE ON DBMS_STREAMS_RPC FROM PUBLIC;

References:


91|P a g e

4.2.9Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_PRVTAQIM'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_PRVTAQIMpackageisshippedasundocumentedandallowstorunSQLcommandsasuserSYS.

Rationale:

As use of the DBMS_PRVTAQIM package could allow an unauthorized user to escalate privileges because any SQL statements could be executed as user SYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_PRVTAQIM';


Remediation:


REVOKE EXECUTE ON DBMS_PRVTAQIM FROM PUBLIC;

References:


92|P a g e

4.2.10Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'LTADM'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseLTADMpackageisshippedasundocumentedandallowsprivilegeescalationifgrantedtounprivilegedusers.

Rationale:

As use of the LTADM package could allow an unauthorized user to run any SQL command as user SYS.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='LTADM';


Remediation:


REVOKE EXECUTE ON LTADM FROM PUBLIC;

References:


93|P a g e

4.2.11Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'WWV_DBMS_SQL'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseWWV_DBMS_SQLpackageisshippedasundocumentedandallowsOracleApplicationExpresstorundynamicSQLstatements.

Rationale:

As use of the WWV_DBMS_SQL package could allow an unauthorized user to run SQL statements as Application Express (APEX) user.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='WWV_DBMS_SQL';


Remediation:


REVOKE EXECUTE ON WWV_DBMS_SQL FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/install.112/e12196/trouble.htm#HTMIG267

94|P a g e

4.2.12Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'WWV_EXECUTE_IMMEDIATE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseWWV_EXECUTE_IMMEDIATEpackageisshippedasundocumentedandallowsOracleApplicationExpresstorundynamicSQLstatements.

Rationale:

As use of the WWV_EXECUTE_IMMEDIATE package could allow an unauthorized user to run SQL statements as Application Express (APEX) user.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='WWV_EXECUTE_IMMEDIATE';


Remediation:


REVOKE EXECUTE ON WWV_EXECUTE_IMMEDIATE FROM PUBLIC;

References:

1. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-18112. https://forums.oracle.com/forums/thread.jspa?threadID=953790

95|P a g e

4.2.13Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_IJOB'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_IJOBpackageisshippedasundocumentedandallowstorundatabasejobsinthecontextofanotheruser.

Rationale:

As use of the DBMS_IJOB package could allow an attacker to change identities by using a different username to execute a database job.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_IJOB';


Remediation:


REVOKE EXECUTE ON DBMS_IJOB FROM PUBLIC;

96|P a g e

4.2.14Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_FILE_TRANSFER'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBMS_FILE_TRANSFERpackageallowstotransferfilesfromonedatabaseservertoanother.

Rationale:

As use of the DBMS_FILE_TRANSFER package could allow to transfer files from one database server to another.

Audit:


SELECT PRIVILEGE FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND TABLE_NAME='DBMS_FILE_TRANSFER';


Remediation:


REVOKE EXECUTE ON DBMS_FILE_TRANSFER FROM PUBLIC;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_ftran.htm#ARPLS095

97|P a g e

4.3RevokeExcessiveSystemPrivileges

Therecommendationswithinthissectionrevokeexcessivesystemprivileges.

4.3.1Ensure'SELECT_ANY_DICTIONARY'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSELECT ANY DICTIONARYprivilegeallowsthedesignatedusertoaccessSYSschemaobjects.

Rationale:

TheOracledatabaseSELECT ANY DICTIONARYprivilegeallowsthedesignatedusertoaccessSYSschemaobjects.TheOraclepasswordhashesarepartoftheSYSschemaandcanbeselectedusingSELECTANYDICTIONARYprivileges.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='SELECT ANY DICTIONARY' AND GRANTEE NOT IN ('DBA','DBSNMP','OEM_MONITOR', 'OLAPSYS','ORACLE_OCM','SYSMAN','WMSYS');


Remediation:


REVOKE SELECT_ANY_DICTIONARY FROM <grantee>;

References:

1. http://docs.oracle.com/cd/E11882_01/network.112/e16543/authorization.htm#BABHFJFJ


3. http://arup.blogspot.de/2011/07/difference-between-select-any.html

98|P a g e

4.3.2Ensure'SELECTANYTABLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSELECT ANY TABLEprivilegeallowsthedesignatedusertoopenanytable,exceptofSYS,toviewit.

Rationale:

AsassignmentoftheSELECT ANY TABLEprivilegecanallowtheunauthorizedviewingofsensitivedata,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='SELECT ANY TABLE' AND GRANTEE NOT IN ('DBA', 'MDSYS', 'SYS', 'IMP_FULL_DATABASE', 'EXP_FULL_DATABASE', 'DATAPUMP_IMP_FULL_DATABASE', 'WMSYS', 'SYSTEM','OLAP_DBA','OLAPSYS');


Remediation:


REVOKE SELECT ANY TABLE FROM <grantee>;

References:

1. http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_10002.htm#SQLRF01702

99|P a g e

4.3.3Ensure'AUDITSYSTEM'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseAUDIT SYSTEMprivilegeallowsthechangeauditingactivitiesonthesystem.

Rationale:

AsassignmentoftheAUDIT SYSTEMprivilegecanallowtheunauthorizedalterationofsystemauditactivities,disablingthecreationofaudittrails,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:

ToassesthisrecommendationexecutethefollowingSQLstatement.

SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='AUDIT SYSTEM' AND GRANTEE NOT IN ('DBA','DATAPUMP_IMP_FULL_DATABASE','IMP_FULL_DATABASE','SYS');


Remediation:


REVOKE AUDIT SYSTEM FROM <grantee>;

References:


100|P a g e

4.3.4Ensure'EXEMPTACCESSPOLICY'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseEXEMPT ACCESS POLICYkeywordprovidestheuserthecapabilitytoaccessallthetablerowsregardlessofrow-levelsecuritylockouts.

Rationale:

AsassignmentoftheEXEMPT ACCESS POLICYprivilegecanallowanunauthorizedusertopotentiallyaccess/changeconfidentialdata,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='EXEMPT ACCESS POLICY';


Remediation:


REVOKE EXEMPT ACCESS POLICY FROM <grantee>;

References:

1. http://docs.oracle.com/cd/E11882_01/network.112/e16543/auditing.htm#DBSEG419

2. http://docs.oracle.com/cd/E11882_01/network.112/e16543/vpd.htm#DBSEG309

101|P a g e

4.3.5Ensure'BECOMEUSER'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseBECOME USERprivilegeallowsthedesignatedusertoinherittherightsofanotheruser.

Rationale:

AsassignmentoftheBECOME USERprivilegecanallowtheunauthorizeduseofanotheruser'sprivileges,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='BECOME USER' AND GRANTEE NOT IN ('DBA','SYS','IMP_FULL_DATABASE');


Remediation:


REVOKE BECOME USER FROM <grantee>;

References:

1. http://docs.oracle.com/cd/B19306_01/network.102/b14266/cfgaudit.htm

102|P a g e

4.3.6Ensure'CREATE_PROCEDURE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseCREATE PROCEDUREprivilegeallowsthedesignatedusertocreateastoredprocedurethatwillfirewhengiventhecorrectcommandsequence.

Rationale:

AsassignmentoftheCREATE PROCEDUREprivilegecanleadtosevereproblemsinunauthorizedhands,suchasrogueproceduresfacilitatingdatatheftorDenial-of-Servicebycorruptingdatatables,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='CREATE PROCEDURE' AND GRANTEE NOT IN ( 'DBA','DBSNMP','MDSYS','OLAPSYS','OWB$CLIENT', 'OWBSYS','RECOVERY_CATALOG_OWNER','SPATIAL_CSW_ADMIN_USR', 'SPATIAL_WFS_ADMIN_USR','SYS','APEX_030200','APEX_040000', 'APEX_040100','APEX_040200','RESOURCE');


Remediation:


REVOKE CREATE PROCEDURE FROM <grantee>;

References:


103|P a g e

4.3.7Ensure'ALTERSYSTEM'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseALTER SYSTEMprivilegeallowsthedesignatedusertodynamicallyaltertheinstance'srunningoperations.

Rationale:

AsassignmentoftheALTER SYSTEMprivilegecanleadtosevereproblems,suchastheinstance'ssessionbeingkilledorthestoppingofredologrecording,whichwouldmaketransactionsunrecoverable,thiscapabilityshouldbeseverelyrestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='ALTER SYSTEM' AND GRANTEE NOT IN ('SYS','SYSTEM','APEX_030200','APEX_040000', 'APEX_040100','APEX_040200','DBA');


Remediation:


REVOKE ALTER SYSTEM FROM <grantee>;

References:


104|P a g e

4.3.8Ensure'CREATEANYLIBRARY'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseCREATE ANY LIBRARYprivilegeallowsthedesignatedusertocreateobjectsthatareassociatedtothesharedlibraries.

Rationale:

AsassignmentoftheCREATE ANY LIBRARYprivilegecanallowthecreationofnumerouslibrary-associatedobjectsandpotentiallycorruptthelibraries'integrity,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='CREATE ANY LIBRARY' AND GRANTEE NOT IN ('SYS','SYSTEM','DBA','IMP_FULL_DATABASE');


Remediation:


REVOKE CREATE ANY LIBRARY FROM <grantee>;

References:


2. http://docs.oracle.com/cd/E18283_01/server.112/e17120/manproc007.htm

105|P a g e

4.3.9Ensure'CREATELIBRARY'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseCREATE LIBRARYprivilegeallowsthedesignatedusertocreateobjectsthatareassociatedtothesharedlibraries.

Rationale:

AsassignmentoftheCREATE LIBRARYprivilegecanallowthecreationofnumerouslibrary-associatedobjectsandpotentiallycorruptthelibraries'integrity,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='CREATE LIBRARY' AND GRANTEE NOT IN ('SYS','SYSTEM','DBA','SPATIAL_CSW_ADMIN_USR','XDB','EXFSYS','MDSYS','SPATIAL_WFS_ADMIN_USR');


Remediation:


REVOKE CREATE LIBRARY FROM <grantee>;

References:


2. http://docs.oracle.com/cd/E18283_01/server.112/e17120/manproc007.htm

106|P a g e

4.3.10Ensure'GRANTANYOBJECTPRIVILEGE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseGRANT ANY OBJECT PRIVILEGEkeywordprovidesthegranteethecapabilitytograntaccesstoanysingleormultiplecombinationsofobjectstoanygranteeinthecatalogofthedatabase.

Rationale:

AsauthorizationtousetheGRANT ANY OBJECT PRIVILEGEcapabilitycanallowanunauthorizedusertopotentiallyaccess/changeconfidentialdataordamagethedatacatalogduetopotentialcompleteinstanceaccess,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='GRANT ANY OBJECT PRIVILEGE' AND GRANTEE NOT IN ('DBA','SYS','IMP_FULL_DATABASE','DATAPUMP_IMP_FULL_DATABASE');


Remediation:


REVOKE GRANT ANY OBJECT PRIVILEGE FROM <grantee>;

References:

1. http://docs.oracle.com/cd/E11882_01/network.112/e16543/authorization.htm#DBSEG99914

107|P a g e

4.3.11Ensure'GRANTANYROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseGRANT ANY ROLEkeywordprovidesthegranteethecapabilitytograntanysingleroletoanygranteeinthecatalogofthedatabase.

Rationale:

AsauthorizationtousetheGRANT ANY ROLEcapabilitycanallowanunauthorizedusertopotentiallyaccess/changeconfidentialdataordamagethedatacatalogduetopotentialcompleteinstanceaccess,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='GRANT ANY ROLE' AND GRANTEE NOT IN ('DBA','SYS','DATAPUMP_IMP_FULL_DATABASE','IMP_FULL_DATABASE', 'SPATIAL_WFS_ADMIN_USR','SPATIAL_CSW_ADMIN_USR');


Remediation:


REVOKE GRANT ANY ROLE FROM <grantee>;

References:


108|P a g e

4.3.12Ensure'GRANTANYPRIVILEGE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseGRANT ANY PRIVILEGEkeywordprovidesthegranteethecapabilitytograntanysingleprivilegetoanyiteminthecatalogofthedatabase.

Rationale:

AsauthorizationtousetheGRANT ANY PRIVILEGEcapabilitycanallowanunauthorizedusertopotentiallyaccess/changeconfidentialdataordamagethedatacatalogduetopotentialcompleteinstanceaccess,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='GRANT ANY PRIVILEGE' AND GRANTEE NOT IN ('DBA','SYS','IMP_FULL_DATABASE','DATAPUMP_IMP_FULL_DATABASE');


Remediation:


REVOKE GRANT ANY PRIVILEGE FROM <grantee>;

References:


109|P a g e

4.4RevokeRolePrivileges

Therecommendationswithinthissectionintendtorevokepowerfulroleswheretheyarelikelynotneeded.

4.4.1Ensure'DELETE_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDELETE_CATALOG_ROLEprovidesDELETEprivilegesfortherecordsinthesystem'saudittable(AUD$).

Rationale:

AspermittingunauthorizedaccesstotheDELETE_CATALOG_ROLEcanallowthedestructionofauditrecordsvitaltotheforensicinvestigationofunauthorizedactivities,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE granted_role='DELETE_CATALOG_ROLE' AND GRANTEE NOT IN ('DBA','SYS');


Remediation:


REVOKE DELETE_CATALOG_ROLE FROM <grantee>;

References:



110|P a g e

4.4.2Ensure'SELECT_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSELECT_CATALOG_ROLEprovidesSELECTprivilegesonalldatadictionaryviewsheldintheSYSschema.

Rationale:

AspermittingunauthorizedaccesstotheSELECT_CATALOG_ROLEcanallowthedisclosureofalldictionarydata,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE granted_role='SELECT_CATALOG_ROLE' AND grantee not in ('DBA','SYS','IMP_FULL_DATABASE','EXP_FULL_DATABASE','OEM_MONITOR','SYSMAN');


Remediation:


REVOKE SELECT_CATALOG_ROLE FROM <grantee>;

References:



111|P a g e

4.4.3Ensure'EXECUTE_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseEXECUTE_CATALOG_ROLEprovidesEXECUTEprivilegesforanumberofpackagesandproceduresinthedatadictionaryintheSYSschema.

Rationale:

AspermittingunauthorizedaccesstotheEXECUTE_CATALOG_ROLEcanallowthedisruptionofoperationsbyinitializationofrogueprocedures,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE granted_role='EXECUTE_CATALOG_ROLE' AND grantee not in ('DBA','SYS','IMP_FULL_DATABASE','EXP_FULL_DATABASE');


Remediation:


REVOKE EXECUTE_CATALOG_ROLE FROM <grantee>;

References:



112|P a g e

4.4.4Ensure'DBA'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBAroleisthedefaultdatabaseadministratorroleprovidedfortheallocationofadministrativeprivileges.

Rationale:

AsassignmentoftheDBAroletoanordinaryusercanprovideagreatnumberofunnecessaryprivilegestothatuserandopensthedoortodatabreaches,integrityviolations,andDenial-of-Serviceconditions,applicationofthisroleshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTED_ROLE='DBA' AND GRANTEE NOT IN ('SYS','SYSTEM');


Remediation:


REVOKE DBA FROM <grantee>;

References:


113|P a g e

4.5RevokeExcessiveTableandViewPrivileges

Therecommendationswithinthissectionintendtorevokeexcessivetableandviewprivileges.

4.5.1Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'AUD$'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSYS.AUD$tablecontainsalltheauditrecordsforthedatabaseofthenon-DataManipulationLanguage(DML)events,suchasALTER, DROP, CREATE,andsoforth.(DMLchangesneedtrigger-basedauditeventstorecorddataalterations.)

Rationale:

Aspermittingnon-privilegeduserstheauthorizationtomanipulatetheSYS_AUD$tablecanallowdistortionoftheauditrecords,hidingunauthorizedactivities,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WHERE TABLE_NAME='AUD$' AND GRANTEE NOT IN ('DELETE_CATALOG_ROLE');


Remediation:


REVOKE ALL ON AUD$ FROM <grantee>;

References:

1. http://docs.oracle.com/cd/E11882_01/network.112/e16543/auditing.htm#CEGDGIAF

114|P a g e

4.5.2Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'USER_HISTORY$'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSYS.USER_HISTORY$tablecontainsalltheauditrecordsfortheuser'spasswordchangehistory.(Thistablegetsupdatedbypasswordchangesiftheuserhasanassignedprofilethathaspasswordreuselimitset,e.g.,PASSWORD_REUSE_TIMEsettootherthanUNLIMITED.)

Rationale:

Aspermittingnon-privilegeduserstheauthorizationtomanipulatetherecordsintheSYS.USER_HISTORY$tablecanallowdistortionoftheaudittrail,potentiallyhidingunauthorizeddataconfidentialityattacksorintegritychanges,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WHERE TABLE_NAME='USER_HISTORY$';


Remediation:


REVOKE ALL ON USER_HISTORY$ FROM <grantee>;

References:

1. http://marcel.vandewaters.nl/oracle/database-oracle/password-history-reusing-a-password

115|P a g e

4.5.3Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'LINK$'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSYS.LINK$tablecontainsalltheuser'spasswordinformationanddatatablelinkinformation.

Rationale:

Aspermittingnon-privilegeduserstomanipulateorviewtheSYS.LINK$tablecanallowcaptureofpasswordinformationand/orcorrupttheprimarydatabaselinkages,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WHERE TABLE_NAME='LINK$';


Remediation:


REVOKE ALL ON LINK$ FROM <grantee>;

116|P a g e

4.5.4Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'SYS.USER$'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSYS.USER$tablecontainstheusers'hashedpasswordinformation.

Rationale:

Aspermittingnon-privilegeduserstheauthorizationtoopentheSYS.USER$tablecanallowthecaptureofpasswordhashesforthelaterapplicationofpasswordcrackingalgorithmstobreachconfidentiality,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WHERE TABLE_NAME='USER$' AND GRANTEE NOT IN ('CTXSYS','XDB','APEX_030200', 'APEX_040000','APEX_040100','APEX_040200','ORACLE_OCM');


Remediation:


REVOKE ALL ON SYS.USER$ FROM <username>;

References:

1. http://dba.stackexchange.com/questions/17513/what-do-the-columns-in-sys-user-represent

117|P a g e

4.5.5Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'DBA_%'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseDBA_viewsshowallinformationwhichisrelevanttoadministrativeaccounts.

Rationale:

AspermittinguserstheauthorizationtomanipulatetheDBA_viewscanexposesensitivedata.

Audit:


SELECT * FROM DBA_TAB_PRIVS WHERE TABLE_NAME LIKE 'DBA_%' AND GRANTEE NOT IN ('APPQOSSYS','AQ_ADMINISTRATOR_ROLE','CTXSYS', 'EXFSYS','MDSYS','OLAP_XS_ADMIN','OLAPSYS','ORDSYS','OWB$CLIENT','OWBSYS', 'SELECT_CATALOG_ROLE','WM_ADMIN_ROLE','WMSYS','XDBADMIN','LBACSYS', 'ADM_PARALLEL_EXECUTE_TASK','CISSCANROLE') AND NOT REGEXP_LIKE(grantee,'^APEX_0[3-9][0-9][0-9][0-9][0-9]$');


Remediation:

Replace <non-DBA/SYS grantee>, in the query below, with the Oracle login(s) or role(s) returned from the associated audit procedure and execute:

REVOKE ALL ON DBA_ FROM <Non-DBA/SYS grantee>;

References:

1. http://docs.oracle.com/cd/E11882_01/server.112/e25789/datadict.htm#autoId2

118|P a g e

4.5.6Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'SYS.SCHEDULER$_CREDENTIAL'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseSCHEDULER$_CREDENTIALtablecontainsthedatabaseschedulercredentialinformation.

Rationale:

Aspermittingnon-privilegeduserstheauthorizationtoopentheSYS.SCHEDULER$_CREDENTIALtable.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WHERE TABLE_NAME='SCHEDULER$_CREDENTIAL';


Remediation:


REVOKE ALL ON SYS.SCHEDULER$_CREDENTIAL FROM <username>;

References:

1. http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_sched.htm#ARPLS72292

2. http://berxblog.blogspot.de/2012/02/restore-dbmsschedulercreatecredential.html

119|P a g e

4.5.7Ensure'SYS.USER$MIG'HasBeenDropped(Scored)


•Level1-RDBMS

Description:

Thetablesys.user$migiscreatedduringmigrationandcontainstheOraclepasswordhashesbeforethemigrationstarts.

Rationale:

Thetablesys.user$migisnotdeletedafterthemigration.AnattackercouldaccessthetablecontainingtheOraclepasswordhashes.

Audit:


SELECT OWNER, TABLE_NAME FROM ALL_TABLES WHERE OWNER='SYS' AND TABLE_NAME='USER$MIG';


Remediation:


DROP TABLE SYS.USER$MIG;

120|P a g e

4.6Ensure'%ANY%'IsRevokedfromUnauthorized'GRANTEE'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseANYkeywordprovidestheuserthecapabilitytoalteranyiteminthecatalogofthedatabase.

Rationale:

AsauthorizationtousetheANY expansionofaprivilegecanallowanunauthorizedusertopotentiallychangeconfidentialdataordamagethedatacatalog,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE LIKE '%ANY%' AND GRANTEE NOT IN ('AQ_ADMINISTRATOR_ROLE','DBA','DBSNMP','EXFSYS', 'EXP_FULL_DATABASE','IMP_FULL_DATABASE','DATAPUMP_IMP_FULL_DATABASE', 'JAVADEBUGPRIV','MDSYS','OEM_MONITOR','OLAPSYS','OLAP_DBA','ORACLE_OCM', 'OWB$CLIENT','OWBSYS','SCHEDULER_ADMIN','SPATIAL_CSW_ADMIN_USR', 'SPATIAL_WFS_ADMIN_USR','SYS','SYSMAN','SYSTEM','WMSYS','APEX_030200', 'APEX_040000','APEX_040100','APEX_040200','LBACSYS','OUTLN');


Remediation:


REVOKE '<ANY Privilege>' FROM <grantee>;

References:


121|P a g e

4.7Ensure'DBA_SYS_PRIVS.%'IsRevokedfromUnauthorized'GRANTEE'with'ADMIN_OPTION'Setto'YES'(Scored)


•Level1-RDBMS

Description:

TheOracledatabaseWITH_ADMINprivilegeallowsthedesignatedusertograntanotheruserthesameprivileges.

Rationale:

AsassignmentoftheWITH_ADMINprivilegecanallowthegrantingofarestrictedprivilegetoanunauthorizeduser,thiscapabilityshouldberestrictedaccordingtotheneedsoftheorganization.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE ADMIN_OPTION='YES' AND GRANTEE not in ('AQ_ADMINISTRATOR_ROLE','DBA','OWBSYS', 'SCHEDULER_ADMIN','SYS','SYSTEM','WMSYS', 'APEX_030200','APEX_040000','APEX_040100','APEX_040200');


Remediation:


REVOKE <privilege> FROM <grantee>;

122|P a g e

4.8EnsureProxyUsersHaveOnly'CONNECT'Privilege(Scored)


•Level1-RDBMS

Description:

Donotgrantprivilegesdirectlytoproxyusers

Rationale:

Aproxyusershouldonlyhavetheabilitytoconnecttothedatabase.

Audit:


SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE IN ( SELECT PROXY FROM DBA_PROXIES ) AND GRANTED_ROLE NOT IN ('CONNECT');


Remediation:


REVOKE [PRIVILEGE] FROM <proxy_user>;

123|P a g e

4.9Ensure'EXECUTEANYPROCEDURE'IsRevokedfrom'OUTLN'(Scored)


•Level1-RDBMS

Description:

RemoveunneededprivilegesfromOUTLN

Rationale:

MigratedOUTLNusershavemoreprivilegesthanrequired.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='EXECUTE ANY PROCEDURE' AND GRANTEE='OUTLN';


Remediation:


REVOKE EXECUTE ANY PROCEDURE FROM OUTLN;

124|P a g e

4.10Ensure'EXECUTEANYPROCEDURE'IsRevokedfrom'DBSNMP'(Scored)


•Level1-RDBMS

Description:

RemoveunneededprivilegesfromDBSNMP

Rationale:

MigratedDBSNMPusershavemoreprivilegesthanrequired.

Audit:


SELECT GRANTEE, PRIVILEGE FROM DBA_SYS_PRIVS WHERE PRIVILEGE='EXECUTE ANY PROCEDURE' AND GRANTEE='DBSNMP';


Remediation:


REVOKE EXECUTE ANY PROCEDURE FROM DBSNMP;

125|P a g e

5Audit/LoggingPoliciesandProcedures

Theabilitytoauditdatabaseactivitiesisamongthemostimportantofalldatabasesecurityfeatures.Decisionsmustbemaderegardingthescopeofauditingsinceauditinghascosts-instoragefortheaudittrailandinperformanceimpactonauditedoperations-andperhapseventhedatabaseorsystemingeneral.Thereisalsotheadditionalcosttomanage(store,backup,secure)andreviewthedatainaudittrail.

Measuresmustbetakentoprotecttheaudittrailitself,foritmaybetargetedforalterationordestructiontohideunauthorizedactivity.Foranauditdestinationoutsidethedatabase,therecommendationsareelsewhereinthisdocument.Auditingrecommendationsforpotentialdatabaseauditdestinationsisbelow.

Auditing"bysession"typicallycreatesfewer(until11g)andslightlysmallerauditrecords,butisdiscouragedinmostsituationssincethereissomelossoffidelity(e.g.objectprivilegeGRANTEE).Moredetailedauditingcreateslargerauditrecords.TheAUDIT_TRAILinitializationparameter(forDB|XML,extended-ornot)isthemaindeterminingfactorforthesizeofagivenauditrecord-andanotablefactorintheperformancecost,althoughthelargestofthelatterisDBversusOSorXML.

ThissectiondealswithstandardOracleauditingsinceauditingofprivilegedconnections(assysdbaorsysoper)isconfiguredviatheAUDIT_SYS_OPERATIONSinitializationparameterandisotherwisenotconfigurable.Thebasictypesofstandardauditingareobjectauditing,statementauditingandprivilegeauditingandeachbehavesdifferently.

Objectauditingappliestospecificobjectsforwhichitisinvokedandalwaysappliestoallusers.Thistypeofauditingisusuallyemployedtoauditapplication-specificsensitiveobjects,butcanbeusedtoprotecttheaudittrailinthedatabase.

Privilegeauditingauditstheuseofspecificsystemprivileges,buttypicallyonlyiftheuseractuallypossessestheauditedprivilege.Attemptsthatfailforlackoftheauditedprivilegearetypicallynotaudited.Thisisthemainweaknessofprivilegeauditingandwhystatementauditingisusuallypreferred,iftheoptionexists.

Statementauditingauditstheissuanceofcertaintypesofstatements,usuallywithoutregardtoprivilegeorlackthereof.Bothprivilegeandstatementauditsmaybespecifiedforspecificusersorallusers(thedefault).

126|P a g e

5.1Enable'USER'AuditOption(Scored)


•Level1-RDBMS

Description:

TheUSERobjectintheOracledatabaseanaccountthroughwhichaconnectionmaybemadetointeractwiththedatabaseaccordingtotherolesandprivilegesallottedtoaccount.Itisalsoaschemawithmayowndatabaseobjects.Thisauditsallactivitiesandrequeststocreate,droporalterauser,includingauserchangingtheirownpassword.(Thelatterisnotauditedby'auditALTERUSER'.)

Rationale:

Anyunauthorizedattemptstocreate,droporalterausershouldcauseconcern,whethersuccessfulornot.Itcanalsobeusefulinforensicsifanaccountiscompromisedandismandatedbymanycommonsecurityinitiatives.Anabnormallyhighnumberoftheseactivitiesinagivenperiodmightbeworthinvestigation.Anyfailedattempttodropauserorcreateausermaybeworthfurtherreview.

Audit:

ToassessthisrecommendationexecutethefollowingSQLStatement.

SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='USER' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS'

Lackofresultsimpliesafinding.

Remediation:

ExecutethefollowingSQLstatementtoremediatethissetting.

AUDIT USER;

127|P a g e

Impact:

Thiswouldthecurrent5.2(auditCREATEUSER),5.3(auditALTERUSER),and5.4(auditDROPUSER)privilegeauditswiththesinglestatementauditingoption"auditUSER".Anyactionauditedbythosethreeprivilegeauditswouldalsobeauditedbythis.Inaddition,thiswouldaudit:1)AttemptstocreateuserbyanyonewithouttheCREATEUSERsystemprivilege2)AttemptstodropuserbyanyonewithouttheDROPUSERsystemprivilege3)AttemptstoalteruserbyanyonewithouttheALTERUSERsystemprivilege4)Userschangingorattemptingtochangetheirownpasswords(whichisnotdonebyauditingALTERUSER).

128|P a g e

5.2Enable'ALTERUSER'AuditOption(Scored)


•Level1-RDBMS

Description:

TheUSER objectfortheOracledatabaseisaspecificationofanobjectwhichisanaccountthroughwhicheitherahumanoranapplicationcanconnectto,viaaJDBCorloginto,viaaCLI,andinteractwiththedatabaseinstanceaccordingtotherolesandprivilegesallottedtoaccount.

Rationale:

Astheloggingofuseractivitiesinvolvingthecreation,alteration,ordroppingofaUSERcanprovideforensicevidenceaboutapatternofsuspect/unauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='ALTER USER' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT ALTER USER;

129|P a g e

5.3Enable'DROPUSER'AuditOption(Scored)


•Level1-RDBMS

Description:

TheUSER objectfortheOracledatabaseisaspecificationofanobjectwhichisanaccountthroughwhicheitherahumanoranapplicationcanconnectto,viaaJDBCorloginto,viaaCLI,andinteractwiththedatabaseinstanceaccordingtotherolesandprivilegesallottedtoaccount.

Rationale:

Astheloggingofuseractivitiesinvolvingthecreation,alteration,ordroppingofaUSERcanprovideforensicevidenceaboutapatternofsuspect/unauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='DROP USER' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT DROP USER;

130|P a g e

5.4Enable'ROLE'AuditOption(Scored)


•Level1-RDBMS

Description:

TheROLEobjectallowsforthecreationofasetofprivilegesthatcanbegrantedtousersorotherroles.Thisauditsallattempts,successfulornot,tocreate,drop,alterorsetroles.

Rationale:

Roles are a key database security infrastructure component. Any attempt to create, drop or alter a role should be audited. This statement auditing option also audits attempts, successful or not, to set a role in a session. Any unauthorized attempts to create, drop or alter a role may be worthy of investigation. Attempts to set a role by users without the role privilege may warrant investigation.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='ROLE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:

ExecutethefollowingSQLstatementtoremediatethissetting:

AUDIT ROLE;

Impact:

Thechangetotheaudit/checkistoensurethattheauditisineffectforallusers,regardlessofproxyorsuccess.

Thechangetothetitle,descriptionandrationalearetobetterclarifywhatitactuallydoes.(e.g.ItdoesNOTaudit"allROLEactivities/requests".Forexample,itdoesnotauditrolegrantsandrevokes.)

131|P a g e

5.5Enable'SYSTEMGRANT'AuditOption(Scored)


•Level1-RDBMS

Description:

Thiswillauditanyattempt,successfulornot,tograntorrevokeanysystemprivilegeorrole-regardlessofprivilegeheldbytheuserattemptingtheoperation.

Rationale:

Loggingofallgrantandrevokes(rolesandsystemprivileges)canprovideforensicevidenceaboutapatternofsuspect/unauthorizedactivities.Anyunauthorizedattemptmaybecauseforfurtherinvestigation.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='SYSTEM GRANT' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT SYSTEM GRANT;

132|P a g e

5.6Enable'PROFILE'AuditOption(Scored)


•Level1-RDBMS

Description:

ThePROFILEobjectallowsforthecreationofasetofdatabaseresourcelimitsthatcanbeassignedtoauser,sothatthatusercannotexceedthoseresourcelimitations.Thiswillauditallattempts,successfulornot,tocreate,droporalteranyprofile.

Rationale:

Asprofilesarepartofthedatabasesecurityinfrastructure,auditingthemodificationofprofilesisrecommended.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='PROFILE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT PROFILE;

Impact:

Thestatementauditingoption'auditPROFILE'auditseverythingthatthethreeprivilegeaudits'auditCREATEPROFILE','auditDROPPROFILE'and'auditALTERPROFILE'do,butalsoaudits:

1)AttemptstocreateaprofilebyauserwithouttheCREATEPROFILEsystemprivilege.

2)AttemptstodropaprofilebyauserwithouttheDROPPROFILEsystemprivilege

3)AttemptstoalteraprofilebyauserwithouttheALTERPROFILEsystemprivilege.

133|P a g e

5.7Enable'ALTERPROFILE'AuditOption(Scored)


•Level1-RDBMS

Description:

ThePROFILE objectallowsforthecreationofasetofdatabaseresourcelimitsthatcanbeassignedtoauser,sothatthatusercannotexceedthoseresourcelimitations.

Rationale:

Astheloggingofuseractivitiesinvolvingthecreation,alteration,ordroppingofaPROFILE canprovideforensicevidenceaboutapatternofunauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='ALTER PROFILE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT ALTER PROFILE;

134|P a g e

5.8Enable'DROPPROFILE'AuditOption(Scored)


•Level1-RDBMS

Description:

ThePROFILE objectallowsforthecreationofasetofdatabaseresourcelimitsthatcanbeassignedtoauser,sothatthatusercannotexceedthoseresourcelimitations.

Rationale:

Astheloggingofuseractivitiesinvolvingthecreation,alteration,ordroppingofaPROFILE canprovideforensicevidenceaboutapatternofunauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='DROP PROFILE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT DROP PROFILE;

135|P a g e

5.9Enable'DATABASELINK'AuditOption(Scored)


•Level1-RDBMS

Description:

Allactivitiesondatabaselinksshouldbeaudited.

Rationale:

AstheloggingofuseractivitiesinvolvingthecreationordroppingofaDATABASE LINKcanprovideforensicevidenceaboutapatternofunauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='DATABASE LINK' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT DATABASE LINK;

References:


136|P a g e

5.10Enable'PUBLICDATABASELINK'AuditOption(Scored)


•Level1-RDBMS

Description:

ThePUBLIC DATABASE LINKobjectallowsforthecreationofapubliclinkforanapplication-based"user"toaccessthedatabaseforconnections/sessioncreation.

Rationale:

Astheloggingofuseractivitiesinvolvingthecreation,alteration,ordroppingofaPUBLIC DATABASE LINKcanprovideforensicevidenceaboutapatternofunauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='PUBLIC DATABASE LINK' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT PUBLIC DATABASE LINK;

137|P a g e

5.11Enable'PUBLICSYNONYM'AuditOption(Scored)


•Level1-RDBMS

Description:

ThePUBLIC SYNONYMobjectallowsforthecreationofanalternatedescriptionofanobjectandpublicsynonymsareaccessiblebyallusersthathavetheappropriateprivilegestotheunderlyingobject.

Rationale:

AstheloggingofuseractivitiesinvolvingthecreationordroppingofaPUBLIC SYNONYMcanprovideforensicevidenceaboutapatternofunauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='PUBLIC SYNONYM' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT PUBLIC SYNONYM;

138|P a g e

5.12Enable'SYNONYM'AuditOption(Scored)


•Level1-RDBMS

Description:

TheSYNONYM operationallowsforthecreationofaanalternativenameforadatabaseobjectsuchasaJavaclassschemaobject,materializedview,operator,package,procedure,sequence,storedfunction,table,view,user-definedobjecttype,evenanothersynonym;thissynonymputsadependencyonitstargetandisrenderedinvalidifthetargetobjectischanged/dropped.

Rationale:

AstheloggingofuseractivitiesinvolvingthecreationordroppingofaSYNONYM canprovideforensicevidenceaboutapatternofsuspect/unauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='SYNONYM' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT SYNONYM;

References:


139|P a g e

5.13Enable'GRANTDIRECTORY'AuditOption(Scored)


•Level1-RDBMS

Description:

TheDIRECTORY objectallowsforthecreationofadirectoryobjectthatspecifiesanaliasforadirectoryontheserverfilesystem,wheretheexternalbinaryfileLOBs(BFILEs)/tabledataarelocated.

Rationale:

AstheloggingofuseractivitiesinvolvingthecreationordroppingofaDIRECTORYcanprovideforensicevidenceaboutapatternofunauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='GRANT DIRECTORY' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT GRANT DIRECTORY;

References:


140|P a g e

5.14Enable'SELECTANYDICTIONARY'AuditOption(Scored)


•Level1-RDBMS

Description:

TheSELECT ANY DICTIONARYcapabilityallowstheusertoviewthedefinitionsofallschemaobjectsinthedatabase.

Rationale:

Astheloggingofuseractivitiesinvolvingthecapabilitytoaccessthedescriptionofallschemaobjectsinthedatabasecanprovideforensicevidenceaboutapatternofunauthorizedactivities,theauditcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='SELECT ANY DICTIONARY' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT SELECT ANY DICTIONARY;

References:


141|P a g e

5.15Enable'GRANTANYOBJECTPRIVILEGE'AuditOption(Scored)


•Level1-RDBMS

Description:

GRANT ANY OBJECT PRIVILEGEallowstheusertograntorrevokeanyobjectprivilege,whichincludesprivilegesontables,directories,miningmodels,etc.Thisauditsallusesofthatprivilege.

Rationale:

Loggingofprivilegegrantsthatcanleadtothecreation,alteration,ordeletionofcriticaldata,themodificationofobjects,objectprivilegepropagationandothersuchactivitiescanbecriticaltoforensicinvestigations.

Audit:


SELECT PRIVILEGE, SUCCESS, FAILURE FROM DBA_PRIV_AUDIT_OPTS WHERE PRIVILEGE='GRANT ANY OBJECT PRIVILEGE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT GRANT ANY OBJECT PRIVILEGE;

142|P a g e

Impact:

Thechangetothecheck/auditinsuresthatitisineffectforallusersregardlessofproxyorsuccess.Thechangetothetitlemoreaccuratelyreflectswhatitactuallydoes.Thepreviousreferencetobeingabletodropormodify"usersandothercriticalsystemcomponents"isessentiallywrong.ThereisnoobjectprivilegeIknowofthatcanbeuseddirectlytodroporcreateauser.Theremaybesomeconfusionduetodocumentationbugs(seenotes),butthisallowsoneonlytograntobjectprivileges,notsystemprivilegeslikeDROPANYTABLE,DROPUSERorALTERPROFILE.(Ofcourse,onecouldconstructscenarioswheregrantingexecuteonsomethingmightenableonetodoso.)

143|P a g e

5.16Enable'GRANTANYPRIVILEGE'AuditOption(Scored)


•Level1-RDBMS

Description:

ThisauditsallusesofthesystemprivilegenamedGRANTANYPRIVILEGE.Actionsbyusersnotholdingthisprivilegearenotaudited.

Rationale:

GRANTANYPRIVILEGEallowsausertograntanysystemprivilege,includingthemostpowerfulprivilegestypicallyavailableonlytoadministrators-tochangethesecurityinfrastructure,todrop/add/modifyusersandmore.Auditingtheuseofthisprivilegeispartofacomprehensiveauditingpolicythatcanhelpindetectingissuesandcanbeusefulinforensics.

Audit:


SELECT PRIVILEGE, SUCCESS, FAILURE FROM DBA_PRIV_AUDIT_OPTS WHERE PRIVILEGE='GRANT ANY PRIVILEGE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT GRANT ANY PRIVILEGE;

References:


144|P a g e

5.17Enable'DROPANYPROCEDURE'AuditOption(Scored)


•Level1-RDBMS

Description:

TheAUDIT DROP ANY PROCEDUREcommandisauditingthecreationofproceduresinotherschema.

Rationale:

Droppingproceduresofanotherusercouldbepartofaprivilegeescalationexploitandshouldbeaudited.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='DROP ANY PROCEDURE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT DROP ANY PROCEDURE;

145|P a g e

5.18Enable'ALL'AuditOptionon'SYS.AUD$'(Scored)


•Level1-RDBMS

Description:

TheloggingofattemptstoaltertheaudittrailintheSYS.AUD$table(openforread/update/delete/view)willprovidearecordofanyactivitiesthatmayindicateunauthorizedattemptstoaccesstheaudittrail.

Rationale:

AstheloggingofattemptstoaltertheSYS.AUD$tablecanprovideforensicevidenceoftheinitiationofapatternofunauthorizedactivities,thisloggingcapabilityshouldbesetaccordingtotheneedsoftheorganization.

Audit:


SELECT * FROM DBA_OBJ_AUDIT_OPTS WHERE OBJECT_NAME='AUD$' AND ALT='A/A' AND AUD='A/A' AND COM='A/A' AND DEL='A/A' AND GRA='A/A' AND IND='A/A' AND INS='A/A' AND LOC='A/A' AND REN='A/A' AND SEL='A/A' AND UPD='A/A' AND FBK='A/A';


Remediation:


AUDIT ALL ON SYS.AUD$ BY ACCESS;

146|P a g e

5.19Enable'PROCEDURE'AuditOption(Scored)


•Level1-RDBMS

Description:

Inthisstatementaudit,"PROCEDURE"meansanyprocedure,function,packageorlibrary.Anyattempt,successfulornot,tocreateordropanyofthesetypesofobjectsisaudited,regardlessofprivilegeorlackthereof.Javaschemaobjects(sources,classes,andresources)areconsideredthesameasproceduresforpurposesofauditingSQLstatements.

Rationale:

Anyunauthorizedattemptstocreateordropaprocedureinanother'sschemashouldcauseconcern,whethersuccessfulornot.Changestocriticalstorecodecandramaticallychangethebehavioroftheapplicationandproduceserioussecurityconsequences,includingprivilegeescalationandintroducingSQLinjectionvulnerabilities.Auditrecordsofsuchchangescanbehelpfulinforensics.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='PROCEDURE' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT PROCEDURE;

147|P a g e

5.20Enable'ALTERSYSTEM'AuditOption(Scored)


•Level1-RDBMS

Description:

ThiswillauditallattemptstoALTERSYSTEM,whethersuccessfulornotandregardlessofwhetherornottheALTERSYSTEMprivilegeisheldbytheuserattemptingtheaction.

Rationale:

Altersystemallowsonetochangeinstancesettings,includingsecuritysettingsandauditingoptions.Additionally,altersystemcanbeusedtorunoperatingsystemcommandsusingundocumentedOraclefunctionality.Anyunauthorizedattempttoalterthesystemshouldbecauseforconcern.Alterationsoutsideofsomespecifiedmaintenancewindowmaybeofconcern.Inforensics,theseauditrecordscouldbequiteuseful.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='ALTER SYSTEM' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT ALTER SYSTEM;

Impact:

Thechangetothecheck/auditistoensurethattheauditisineffectforallusersregardlessofproxy,whethersuccessfulornot.

ThepreviousDescriptionwaswrong-itisnot"auditing"that"allowstomodifythedatabasesettings".

148|P a g e

5.21Enable'TRIGGER'AuditOption(Scored)


•Level1-RDBMS

Description:

ATRIGGERmaybeusedtomodifyDMLactionsorinvokeother(recursive)actionswhensometypesofuser-initiatedactionsoccur.Thiswillauditanyattempt,successfulornot,tocreate,drop,enableordisableanyschematriggerinanyschemaregardlessofprivilegeorlackthereof.Forenablinganddisablingatrigger,itcoversbothaltertriggerandaltertable.

Rationale:

Triggersareoftenpartofschemasecurity,datavalidationandothercriticalconstraintsuponactionsanddata.Atriggerinanotherschemamaybeusedtoescalateprivileges,redirectoperations,transformdataandperformothersortsofperhapsundesiredactions.Anyunauthorizedattempttocreate,droporalteratriggerinanotherschemamaybecauseforinvestigation.

Audit:


SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='TRIGGER' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';


Remediation:


AUDIT TRIGGER;

149|P a g e

Impact:

Thestatementauditingoption'auditTRIGGER'auditsalmosteverythingthatthethreeprivilegeaudits"auditCREATEANYTRIGGER","auditALTERANYTRIGGER"and"auditDROPANYTRIGGER"audit,butalsoaudits:

1. Statementstocreate,drop,enableordisableatriggerintheuser'sownschema.2. AttemptstocreateatriggerbyauserwithouttheCREATETRIGGERsystem

privilege.3. AttemptstocreateatriggerinanotherschemabyuserswithouttheCREATEANY

TRIGGERprivilege.4. AttemptstodropatriggerinanotherschemabyuserswithouttheDROPANY

TRIGGERprivilege.5. Attemptstodisableorenableatriggerinanotherschemabyuserswithoutthe

ALTERANYTRIGGERprivilege.

Theonethingisauditedbyanyofthethreeprivilegeauditsthatisnotauditedbythisis"altertrigger...compile"ifthetriggerisinanother'sschema,whichisauditedby"auditALTERANYTRIGGER"',butonlyiftheuserattemptingthealterationactuallyholdstheALTERANYTRIGGERsystemprivilege."AuditTRIGGER"onlyaudits"altertable"or"altertrigger"statementsusedtoenableordisabletriggers.Itdoesnotauditaltertriggeroraltertablestatementsusedonlywithcompileoptions.

150|P a g e

5.22Enable'CREATESESSION'AuditOption(Scored)


•Level1-RDBMS

Description:

Auditallattemptstoconnecttothedatabase,whethersuccessfulornot.Alsoauditssessiondisconnects/logoffs.ThecommandstoauditSESSION,CONNECTorCREATESESSIONallaccomplishexactlythesamething-theyinitiatestatementauditingoftheconnectstatementusedtocreateadatabasesession.

Rationale:

Auditingattemptstoconnecttothedatabaseisbasicandmandatedbymostsecurityinitiatives.Anyattempttologontoalockedaccount,failedattemptstologontodefaultaccountsoranunusuallyhighnumberoffailedlogonattemptsofanysort,foranyuser,inaparticulartimeperiodmayindicateanintrusionattempt.Inforensics,thelogonrecordmaybefirstinachainofevidenceandcontainsinformationfoundinnoothertypeofauditrecordforthesession.Logonandlogoffintheaudittraildefinetheperiodanddurationofthesession.

Audit:

To assess this recommendation execute the following SQL statement.

SELECT AUDIT_OPTION, SUCCESS, FAILURE FROM DBA_STMT_AUDIT_OPTS WHERE AUDIT_OPTION='CREATE SESSION' AND USER_NAME IS NULL AND PROXY_NAME IS NULL AND SUCCESS = 'BY ACCESS' AND FAILURE = 'BY ACCESS';

Lack of results implies a finding.

Remediation:


AUDIT SESSION;

151|P a g e

Impact:

Thisisjustaclarification.Thereisnochangethewhatisactuallyaudited.Thecheckdoesnowincludedconditionstoinsurethatthisauditingappliesregardlessofuserorproxyandthatitmustincludeauditingbothsuccessandfailure.

152|P a g e

6Appendix:EstablishinganAudit/ScanUser

Thisdocumenthasbeenauthoredwiththeexpectationthatauserwithappropriatepermissionswillbeusedtoexecutethequeriesandperformotherassessmentactions.WhilethiscouldbeaccomplishedbygrantingDBAprivilegestoagivenuser,thepreferredapproachistocreateadedicateduserandgrantingonlythespecificpermissionsrequiredtoperformtheassessmentsexpressedherein.DoingthisavoidsthenecessityforanyuserassessingthesystemneedstobegrantedDBAprivileges.

TherecommendationsexpressedinthisdocumentassumethepresenceofarolenamedCISSCANROLEandausernamedCISSCAN.ThisroleandusershouldbecreatedbyexecutingthefollowingSQLstatements,beingcarefultosubstituteanappropriatepasswordfor<password>.

-- Create the role CREATE ROLE CISSCANROLE; -- Grant necessary privileges to the role GRANT CREATE SESSION TO CISSCANROLE; GRANT SELECT ON V_$PARAMETER TO CISSCANROLE; GRANT SELECT ON DBA_TAB_PRIVS TO CISSCANROLE; GRANT SELECT ON DBA_PROFILES TO CISSCANROLE; GRANT SELECT ON DBA_SYS_PRIVS TO CISSCANROLE; GRANT SELECT ON DBA_STMT_AUDIT_OPTS TO CISSCANROLE; GRANT SELECT ON DBA_ROLE_PRIVS TO CISSCANROLE; GRANT SELECT ON DBA_OBJ_AUDIT_OPTS TO CISSCANROLE; GRANT SELECT ON DBA_PRIV_AUDIT_OPTS TO CISSCANROLE; GRANT SELECT ON DBA_PROXIES TO CISSCANROLE; GRANT SELECT ON DBA_USERS TO CISSCANROLE; GRANT SELECT ON DBA_USERS_WITH_DEFPWD TO CISSCANROLE; -- Create the user and assign the user to the role CREATE USER CISSCAN IDENTIFIED BY C1ph3r00; GRANT CISSCANROLE TO CISSCAN;

Ifyourelyonsimilarrolesand/orusers,butwhicharenotnamedasCISSCANROLEorCISSCAN,orifyouhaverolesorusersnamedCISSCANROLEorCISSCANintendedtobeusedfordifferentpurposes,beawarethatsomerecommendationshereinexplicitlynameCISSCANROLEandCISSCAN.

Theseare:

• 3.10EnsureNoUsersAreAssignedthe'DEFAULT'Profile• 4.5.5Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'DBA_%'

153|P a g e

Control SetCorrectlyYes No

1 OracleDatabaseInstallationandPatchingRequirements1.1 EnsuretheAppropriateVersion/PatchesforOracleSoftware

IsInstalled(Scored) o o

1.2 EnsureAllDefaultPasswordsAreChanged(Scored) o o1.3 EnsureAllSampleDataAndUsersHaveBeenRemoved

(Scored) o o

2 OracleParameterSettings2.1 ListenerSettings2.1.1 Ensure'SECURE_CONTROL_<listener_name>'IsSetIn

'listener.ora'(Scored) o o

2.1.2 Ensure'extproc'IsNotPresentin'listener.ora'(Scored) o o2.1.3 Ensure'ADMIN_RESTRICTIONS_<listener_name>'IsSet

to'ON'(Scored) o o

2.1.4 Ensure'SECURE_REGISTER_<listener_name>'IsSetto'TCPS'or'IPC'(Scored) o o

2.2 Databasesettings2.2.1 Ensure'AUDIT_SYS_OPERATIONS'IsSetto'TRUE'(Scored) o o2.2.2 Ensure'AUDIT_TRAIL'IsSetto'OS','DB','XML',

'DB,EXTENDED',or'XML,EXTENDED'(Scored) o o

2.2.3 Ensure'GLOBAL_NAMES'IsSetto'TRUE'(Scored) o o2.2.4 Ensure'LOCAL_LISTENER'IsSetAppropriately(Scored) o o2.2.5 Ensure'O7_DICTIONARY_ACCESSIBILITY'IsSetto'FALSE'

(Scored) o o

2.2.6 Ensure'OS_ROLES'IsSetto'FALSE'(Scored) o o2.2.7 Ensure'REMOTE_LISTENER'IsEmpty(Scored) o o2.2.8 Ensure'REMOTE_LOGIN_PASSWORDFILE'IsSetto'NONE'

(Scored) o o

2.2.9 Ensure'REMOTE_OS_AUTHENT'IsSetto'FALSE'(Scored) o o2.2.10 Ensure'REMOTE_OS_ROLES'IsSetto'FALSE'(Scored) o o2.2.11 Ensure'UTIL_FILE_DIR'IsEmpty(Scored) o o2.2.12 Ensure'SEC_CASE_SENSITIVE_LOGON'IsSetto'TRUE'

(Scored) o o

2.2.13 Ensure'SEC_MAX_FAILED_LOGIN_ATTEMPTS'IsSetto'10'(Scored) o o

2.2.14 Ensure'SEC_PROTOCOL_ERROR_FURTHER_ACTION'IsSetto'DELAY,3'or'DROP,3'(Scored) o o

2.2.15 Ensure'SEC_PROTOCOL_ERROR_TRACE_ACTION'IsSetto'LOG'(Scored) o o

2.2.16 Ensure'SEC_RETURN_SERVER_RELEASE_BANNER'IsSetto'FALSE'(Scored) o o

154|P a g e

2.2.17 Ensure'SQL92_SECURITY'IsSetto'TRUE'(Scored) o o2.2.18 Ensure'_TRACE_FILES_PUBLIC'IsSetto'FALSE'(Scored) o o2.2.19 Ensure'RESOURCE_LIMIT'IsSetto'TRUE'(Scored) o o3 OracleConnectionandLoginRestrictions3.1 Ensure'FAILED_LOGIN_ATTEMPTS'IsLessthanorEqualto

'5'(Scored) o o

3.2 Ensure'PASSWORD_LOCK_TIME'IsGreaterthanorEqualto'1'(Scored) o o

3.3 Ensure'PASSWORD_LIFE_TIME'IsLessthanorEqualto'90'(Scored) o o

3.4 Ensure'PASSWORD_REUSE_MAX'IsGreaterthanorEqualto'20'(Scored) o o

3.5 Ensure'PASSWORD_REUSE_TIME'IsGreaterthanorEqualto'365'(Scored) o o

3.6 Ensure'PASSWORD_GRACE_TIME'IsLessthanorEqualto'5'(Scored) o o

3.7 Ensure'DBA_USERS.PASSWORD'IsNotSetto'EXTERNAL'forAnyUser(Scored) o o

3.8 Ensure'PASSWORD_VERIFY_FUNCTION'IsSetforAllProfiles(Scored) o o

3.9 Ensure'SESSIONS_PER_USER'IsLessthanorEqualto'10'(Scored) o o

3.10 EnsureNoUsersAreAssignedthe'DEFAULT'Profile(Scored) o o4 OracleUserAccessandAuthorizationRestrictions4.1 DefaultPublicPrivilegesforPackagesandObjectTypes4.1.1 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on

'DBMS_ADVISOR'(Scored) o o

4.1.2 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_CRYPTO'(Scored) o o

4.1.3 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JAVA'(Scored) o o

4.1.4 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JAVA_TEST'(Scored) o o

4.1.5 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_JOB'(Scored) o o

4.1.6 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_LDAP'(Scored) o o

4.1.7 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_LOB'(Scored) o o

4.1.8 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_OBFUSCATION_TOOLKIT'(Scored) o o

4.1.9 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_RANDOM'(Scored) o o

4.1.10 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on o o

155|P a g e

'DBMS_SCHEDULER'(Scored)4.1.11 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_SQL'

(Scored) o o

4.1.12 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_XMLGEN'(Scored) o o

4.1.13 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_XMLQUERY'(Scored) o o

4.1.14 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_FILE'(Scored) o o

4.1.15 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_INADDR'(Scored) o o

4.1.16 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_TCP'(Scored) o o

4.1.17 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_MAIL'(Scored) o o

4.1.18 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_SMTP'(Scored) o o

4.1.19 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_DBWS'(Scored) o o

4.1.20 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_ORAMTS'(Scored) o o

4.1.21 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'UTL_HTTP'(Scored) o o

4.1.22 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'HTTPURITYPE'(Scored) o o

4.2 RevokeNon-DefaultPrivilegesforPackagesandObjectTypes4.2.1 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on

'DBMS_SYS_SQL'(Scored) o o

4.2.2 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_BACKUP_RESTORE'(Scored) o o

4.2.3 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_AQADM_SYSCALLS'(Scored) o o

4.2.4 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_REPCAT_SQL_UTL'(Scored) o o

4.2.5 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'INITJVMAUX'(Scored) o o

4.2.6 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_STREAMS_ADM_UTL'(Scored) o o

4.2.7 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_AQADM_SYS'(Scored) o o

4.2.8 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_STREAMS_RPC'(Scored) o o

4.2.9 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_PRVTAQIM'(Scored) o o

156|P a g e

4.2.10 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'LTADM'(Scored) o o

4.2.11 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'WWV_DBMS_SQL'(Scored) o o

4.2.12 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'WWV_EXECUTE_IMMEDIATE'(Scored) o o

4.2.13 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_IJOB'(Scored) o o

4.2.14 Ensure'EXECUTE'IsRevokedfrom'PUBLIC'on'DBMS_FILE_TRANSFER'(Scored) o o

4.3 RevokeExcessiveSystemPrivileges4.3.1 Ensure'SELECT_ANY_DICTIONARY'IsRevokedfrom

Unauthorized'GRANTEE'(Scored) o o

4.3.2 Ensure'SELECTANYTABLE'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.3 Ensure'AUDITSYSTEM'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.4 Ensure'EXEMPTACCESSPOLICY'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.5 Ensure'BECOMEUSER'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.6 Ensure'CREATE_PROCEDURE'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.7 Ensure'ALTERSYSTEM'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.8 Ensure'CREATEANYLIBRARY'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.9 Ensure'CREATELIBRARY'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.10 Ensure'GRANTANYOBJECTPRIVILEGE'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.11 Ensure'GRANTANYROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.3.12 Ensure'GRANTANYPRIVILEGE'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.4 RevokeRolePrivileges4.4.1 Ensure'DELETE_CATALOG_ROLE'IsRevokedfrom

Unauthorized'GRANTEE'(Scored) o o

4.4.2 Ensure'SELECT_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.4.3 Ensure'EXECUTE_CATALOG_ROLE'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

4.4.4 Ensure'DBA'IsRevokedfromUnauthorized'GRANTEE'(Scored) o o

157|P a g e

4.5 RevokeExcessiveTableandViewPrivileges4.5.1 Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on

'AUD$'(Scored) o o

4.5.2 Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'USER_HISTORY$'(Scored) o o

4.5.3 Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'LINK$'(Scored) o o

4.5.4 Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'SYS.USER$'(Scored) o o

4.5.5 Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'DBA_%'(Scored) o o

4.5.6 Ensure'ALL'IsRevokedfromUnauthorized'GRANTEE'on'SYS.SCHEDULER$_CREDENTIAL'(Scored) o o

4.5.7 Ensure'SYS.USER$MIG'HasBeenDropped(Scored) o o4.6 Ensure'%ANY%'IsRevokedfromUnauthorized'GRANTEE'

(Scored) o o

4.7 Ensure'DBA_SYS_PRIVS.%'IsRevokedfromUnauthorized'GRANTEE'with'ADMIN_OPTION'Setto'YES'(Scored) o o

4.8 EnsureProxyUsersHaveOnly'CONNECT'Privilege(Scored) o o4.9 Ensure'EXECUTEANYPROCEDURE'IsRevokedfrom

'OUTLN'(Scored) o o

4.10 Ensure'EXECUTEANYPROCEDURE'IsRevokedfrom'DBSNMP'(Scored) o o

5 Audit/LoggingPoliciesandProcedures5.1 Enable'USER'AuditOption(Scored) o o5.2 Enable'ALTERUSER'AuditOption(Scored) o o5.3 Enable'DROPUSER'AuditOption(Scored) o o5.4 Enable'ROLE'AuditOption(Scored) o o5.5 Enable'SYSTEMGRANT'AuditOption(Scored) o o5.6 Enable'PROFILE'AuditOption(Scored) o o5.7 Enable'ALTERPROFILE'AuditOption(Scored) o o5.8 Enable'DROPPROFILE'AuditOption(Scored) o o5.9 Enable'DATABASELINK'AuditOption(Scored) o o5.10 Enable'PUBLICDATABASELINK'AuditOption(Scored) o o5.11 Enable'PUBLICSYNONYM'AuditOption(Scored) o o5.12 Enable'SYNONYM'AuditOption(Scored) o o5.13 Enable'GRANTDIRECTORY'AuditOption(Scored) o o5.14 Enable'SELECTANYDICTIONARY'AuditOption(Scored) o o5.15 Enable'GRANTANYOBJECTPRIVILEGE'AuditOption

(Scored) o o

5.16 Enable'GRANTANYPRIVILEGE'AuditOption(Scored) o o5.17 Enable'DROPANYPROCEDURE'AuditOption(Scored) o o5.18 Enable'ALL'AuditOptionon'SYS.AUD$'(Scored) o o

158|P a g e

5.19 Enable'PROCEDURE'AuditOption(Scored) o o5.20 Enable'ALTERSYSTEM'AuditOption(Scored) o o5.21 Enable'TRIGGER'AuditOption(Scored) o o5.22 Enable'CREATESESSION'AuditOption(Scored) o o6 Appendix:EstablishinganAudit/ScanUser

159|P a g e

Appendix:ChangeHistoryDate Version Changesforthisversion

02-27-2015 2.0.0 Initialrelease.

09-08-2015 2.1.0 Ticket#179:Corrected4.1.9toapplytoDBMS_RANDOM

09-08-2015 2.1.0 Ticket#219:Replaced"REPACT"with"REPCAT"

09-29-2015 2.1.0 Ticket#218:Updatedremediationprocedurein4.8

09-29-2015 2.1.0 Ticket#177:UpdatedauditSQLtouseREGEXP_LIKE

09-29-2015 2.1.0 Ticket#202:Included"RESOURCE"asvalidresultforaudit.

09-29-2015 2.1.0 Ticket#206:Updatedrecommendationtoset'SQL92_SECURITY'to'TRUE'

10-06-2015 2.1.0 Ticket#224:Updateddescriptionandrationalefor2.2.17

10-19-2015 2.1.0 Ticket#230:AddedDBAroletolistofauthorizedgrantees

10-19-2015 2.1.0 Ticket#228:Fixedtyposinremediation

10-19-2015 2.1.0 Ticket#239:AddedOLAP_DBA,OLAPSYStoaudit

10-19-2015 2.1.0 Ticket#238:AddedAPEXtolistofauthorizedgrantees

160|P a g e

10-19-2015 2.1.0 Ticket#237:AddedOUTLNtolistofauthorizedgrantees

10-19-2015 2.1.0 Ticket#229:Updatedremediationproceduretoincludeuseofutlpwdmg.sql

10-19-2015 2.1.0 Ticket#234:AddedSYSMANtolistofauthorizedgrantees

10-19-2015 2.1.0 Ticket#233:AddedSPATIAL_CSW_ADMIN_USR,XDB,EXFSYS,MDSYS,SPATIAL_WFS_ADMIN_USRtolistofauthorizedgrantees

10-19-2015 2.1.0 Ticket#232:AddedIMP_FULL_DATABASEroletoauthorizedgranteelist

10-19-2015 2.1.0 Ticket#235:AddedORACLE_OCMtolistofauthorizedgrantees

11-19-2015 2.1.0 Ticket#236:Fixedtypoinaudit

5-12-2016 2.2.0 Ticket#271audit_trailsettings-Added'DB'and'XML'asallowablesettings.

5-12-2016 2.2.0 Ticket#2742.2.2Ensure'AUDIT_TRAIL'-correctreferenceslinks

5-12-2016 2.2.0 #272AddedcheckforsupportedversionOracleDatabase

cis oracle database 11g r2 benchmark v2.2.0 - · pdf fileto further clarify the creative...

Documents