STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The system must protect audit information from any type of unauthorized access.

DISA Rule

SV-220277r395820_rule

Vulnerability Number

V-220277

Group Title

SRG-APP-000118-DB-000059

Rule Version

O121-C2-009300

Severity

CAT II

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.

Weight

10

Fix Recommendation

Add controls and modify permissions to protect database audit log data from unauthorized access, whether stored in the database itself or at the OS level.

Check Contents

Review locations of audit logs, both internal to the database and database audit logs located at the operating system-level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized access.

If appropriate controls and permissions do not exist, this is a finding.

- - - - -
If Standard Auditing is used:
DBA_TAB_PRIVS describes all object grants in the database. Check to see who has permissions on the AUD$ table.

Related View

DBA_TAB_PRIVS describes the object grants for which the current user is the object owner, grantor, or grantee.
Column Datatype NULL Description
GRANTEE VARCHAR2(30) NOT NULL Name of the user to whom access was granted
OWNER VARCHAR2(30) NOT NULL Owner of the object
TABLE_NAME VARCHAR2(30) NOT NULL Name of the object
GRANTOR VARCHAR2(30) NOT NULL Name of the user who performed the grant
PRIVILEGE VARCHAR2(40) NOT NULL Privilege on the object
GRANTABLE VARCHAR2(3) Indicates whether the privilege was granted with the GRANT OPTION (YES) or not (NO)
HIERARCHY VARCHAR2(3) Indicates whether the privilege was granted with the HIERARCHY OPTION (YES) or not (NO)
COMMON VARCHAR2(3)
TYPE VARCHAR2(24)

sqlplus connect as sysdba;

SQL> SELECT GRANTEE, TABLE_NAME, PRIVILEGE
FROM DBA_TAB_PRIVS where table_name = 'AUD$';

If Unified Auditing is used:
DBA_TAB_PRIVS describes all object grants in the database. Check to see who has permissions on the AUDSYS tables.

Related View

DBA_TAB_PRIVS describes the object grants for which the current user is the object owner, grantor, or grantee.
Column Datatype NULL Description
GRANTEE VARCHAR2(30) NOT NULL Name of the user to whom access was granted
OWNER VARCHAR2(30) NOT NULL Owner of the object
TABLE_NAME VARCHAR2(30) NOT NULL Name of the object
GRANTOR VARCHAR2(30) NOT NULL Name of the user who performed the grant
PRIVILEGE VARCHAR2(40) NOT NULL Privilege on the object
GRANTABLE VARCHAR2(3) Indicates whether the privilege was granted with the GRANT OPTION (YES) or not (NO)
HIERARCHY VARCHAR2(3) Indicates whether the privilege was granted with the HIERARCHY OPTION (YES) or not (NO)
COMMON VARCHAR2(3)
TYPE VARCHAR2(24)

sqlplus connect as sysdba;

SQL> SELECT GRANTEE, TABLE_NAME, PRIVILEGE
FROM DBA_TAB_PRIVS where owner='AUDSYS';

Vulnerability Number

V-220277

Documentable

False

Rule Version

O121-C2-009300

Severity Override Guidance

Review locations of audit logs, both internal to the database and database audit logs located at the operating system-level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized access.

If appropriate controls and permissions do not exist, this is a finding.

- - - - -
If Standard Auditing is used:
DBA_TAB_PRIVS describes all object grants in the database. Check to see who has permissions on the AUD$ table.

Related View

DBA_TAB_PRIVS describes the object grants for which the current user is the object owner, grantor, or grantee.
Column Datatype NULL Description
GRANTEE VARCHAR2(30) NOT NULL Name of the user to whom access was granted
OWNER VARCHAR2(30) NOT NULL Owner of the object
TABLE_NAME VARCHAR2(30) NOT NULL Name of the object
GRANTOR VARCHAR2(30) NOT NULL Name of the user who performed the grant
PRIVILEGE VARCHAR2(40) NOT NULL Privilege on the object
GRANTABLE VARCHAR2(3) Indicates whether the privilege was granted with the GRANT OPTION (YES) or not (NO)
HIERARCHY VARCHAR2(3) Indicates whether the privilege was granted with the HIERARCHY OPTION (YES) or not (NO)
COMMON VARCHAR2(3)
TYPE VARCHAR2(24)

sqlplus connect as sysdba;

SQL> SELECT GRANTEE, TABLE_NAME, PRIVILEGE
FROM DBA_TAB_PRIVS where table_name = 'AUD$';

If Unified Auditing is used:
DBA_TAB_PRIVS describes all object grants in the database. Check to see who has permissions on the AUDSYS tables.

Related View

DBA_TAB_PRIVS describes the object grants for which the current user is the object owner, grantor, or grantee.
Column Datatype NULL Description
GRANTEE VARCHAR2(30) NOT NULL Name of the user to whom access was granted
OWNER VARCHAR2(30) NOT NULL Owner of the object
TABLE_NAME VARCHAR2(30) NOT NULL Name of the object
GRANTOR VARCHAR2(30) NOT NULL Name of the user who performed the grant
PRIVILEGE VARCHAR2(40) NOT NULL Privilege on the object
GRANTABLE VARCHAR2(3) Indicates whether the privilege was granted with the GRANT OPTION (YES) or not (NO)
HIERARCHY VARCHAR2(3) Indicates whether the privilege was granted with the HIERARCHY OPTION (YES) or not (NO)
COMMON VARCHAR2(3)
TYPE VARCHAR2(24)

sqlplus connect as sysdba;

SQL> SELECT GRANTEE, TABLE_NAME, PRIVILEGE
FROM DBA_TAB_PRIVS where owner='AUDSYS';

Check Content Reference

M

Target Key

4059

Comments