STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE.

DISA Rule

SV-219722r401224_rule

Vulnerability Number

V-219722

Group Title

SRG-APP-000516-DB-000363

Rule Version

O112-BP-023900

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From SQL*Plus (shutdown database instance):

shutdown immediate

From SQL*Plus (create a pfile from spfile):

create pfile='[PATH]init[SID].ora' from spfile;

Edit the init[SID].ora file and remove the following line:

*._trace_files_public=TRUE

From SQL*Plus (update the spfile using the pfile):

create spfile from pfile='[PATH]init[SID].ora';

From SQL*Plus (start the database instance):

startup

NOTE: [PATH] depends on the platform (Windows or UNIX).

Ensure the file is directed to a writable location.

[SID] is equal to the oracle SID or database instance ID.

Check Contents

From SQL*Plus:

select value from v$parameter where name = '_trace_files_public';

If the value returned is TRUE, this is a Finding.

If the parameter does not exist or is set to FALSE, this is Not a Finding.

Vulnerability Number

V-219722

Documentable

False

Rule Version

O112-BP-023900

Severity Override Guidance

From SQL*Plus:

select value from v$parameter where name = '_trace_files_public';

If the value returned is TRUE, this is a Finding.

If the parameter does not exist or is set to FALSE, this is Not a Finding.

Check Content Reference

M

Target Key

4057

Comments