STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Fixed user and public database links must be authorized for use.

DISA Rule

SV-219826r533019_rule

Vulnerability Number

V-219826

Group Title

SRG-APP-000516-DB-000363

Rule Version

O121-BP-021400

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Document all authorized connections from the database to remote databases in the System Security Plan.

Remove all unauthorized remote database connection definitions from the database.

From SQL*Plus:

drop database link [link name];
OR
drop public database link [link name];

Review remote database connection definitions periodically and confirm their use is still required and authorized.

Check Contents

From SQL*Plus:

select owner||': '||db_link from dba_db_links;

If no records are returned from the first SQL statement, this check is not a finding.

Confirm the public and fixed user database links listed are documented in the System Security Plan, are authorized by the ISSO, and are used for replication or operational system requirements.

If any are not, this is a finding.

Vulnerability Number

V-219826

Documentable

False

Rule Version

O121-BP-021400

Severity Override Guidance

From SQL*Plus:

select owner||': '||db_link from dba_db_links;

If no records are returned from the first SQL statement, this check is not a finding.

Confirm the public and fixed user database links listed are documented in the System Security Plan, are authorized by the ISSO, and are used for replication or operational system requirements.

If any are not, this is a finding.

Check Content Reference

M

Target Key

4059

Comments