STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-238448r667518_rule
V-238448
SRG-APP-000516-DB-000363
O112-C2-004900
CAT II
10
Configure the DBMS settings to specify indefinite lockout duration:
ALTER PROFILE '&PROFILE_NAME' LIMIT PASSWORD_LOCK_TIME UNLIMITED;
The account lockout duration is defined in the profile assigned to a user.
To see what profile is assigned to a user, enter the query:
SELECT profile FROM dba_users WHERE username = '&USERNAME'
This will return the profile name assigned to that user.
Now check the values assigned to the profile returned from the query above:
SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE PROFILE LIKE '&PROFILE_NAME'
Check the settings for password_lock_time - this specifies how long to lock the account after the number of consecutive failed logon attempts reaches the limit. If the value is not UNLIMITED, this is a finding.
V-238448
False
O112-C2-004900
The account lockout duration is defined in the profile assigned to a user.
To see what profile is assigned to a user, enter the query:
SELECT profile FROM dba_users WHERE username = '&USERNAME'
This will return the profile name assigned to that user.
Now check the values assigned to the profile returned from the query above:
SELECT PROFILE, RESOURCE_NAME, LIMIT FROM DBA_PROFILES WHERE PROFILE LIKE '&PROFILE_NAME'
Check the settings for password_lock_time - this specifies how long to lock the account after the number of consecutive failed logon attempts reaches the limit. If the value is not UNLIMITED, this is a finding.
M
4057