STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-238460r667554_rule
V-238460
SRG-APP-000516-DB-000363
O112-C2-013800
CAT II
10
For accounts managed by Oracle, create a script or store procedure that runs once a day.
Write a SQL statement to determine accounts that have not logged in within 35 days:
Example:
select username from dba_audit_trail where action_name = 'LOGON'
group by username having max(timestamp) < sysdate - 36
And then disable all accounts that have not logged in within 35 days.
If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.
For accounts managed by Oracle, check DBMS settings to determine if accounts can be automatically disabled by the system after 35 days of inactivity. Also, ask the DBA if an alternative method, such as a stored procedure run daily, to disable Oracle-managed accounts inactive for more than 35 days, has been deployed.
If the ability to disable accounts after 35 days of inactivity, by either of these means, does not exist, this is a finding.
V-238460
False
O112-C2-013800
If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.
For accounts managed by Oracle, check DBMS settings to determine if accounts can be automatically disabled by the system after 35 days of inactivity. Also, ask the DBA if an alternative method, such as a stored procedure run daily, to disable Oracle-managed accounts inactive for more than 35 days, has been deployed.
If the ability to disable accounts after 35 days of inactivity, by either of these means, does not exist, this is a finding.
M
4057