STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24374r2_rule
V-2422
DBMS software owner account access
DG0040-ORACLE11
CAT II
10
Develop, document and implement procedures to restrict use of the Oracle DBMS software installation account.
Unix environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use, except in cases where this would interfere with required functionality. In such cases, prevent direct logon as the Oracle DBMS software installation account by locking its password; authorize the appropriate administrative users to operate as the Oracle DBMS software installation account via the "su" or "sudo" command.
Other environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use.
Review documented and implemented procedures for controlling and granting access to the Oracle DBMS software installation account.
If access or use of this account is not restricted to the minimum number of personnel required, or unauthorized access to the account has been granted, this is a Finding.
On UNIX systems:
If the account is not disabled when not in use, and not configured to prevent direct logon, this is a Finding.
On Windows systems:
The Oracle DBMS software is usually installed using an account with administrator privileges. Ownership is assigned to the account used to install the DBMS software.
The creation of a dedicated Oracle OS account and change of ownership of all files in the %ORACLE_HOME% and %ORACLE_BASE% directories and subdirectories should be performed prior to placing the DBMS system into production. See checks DG0019, DO0120 and DG0102 for details on establishing a dedicated OS account for Oracle services on Windows platforms.
V-2422
True
DG0040-ORACLE11
Review documented and implemented procedures for controlling and granting access to the Oracle DBMS software installation account.
If access or use of this account is not restricted to the minimum number of personnel required, or unauthorized access to the account has been granted, this is a Finding.
On UNIX systems:
If the account is not disabled when not in use, and not configured to prevent direct logon, this is a Finding.
On Windows systems:
The Oracle DBMS software is usually installed using an account with administrator privileges. Ownership is assigned to the account used to install the DBMS software.
The creation of a dedicated Oracle OS account and change of ownership of all files in the %ORACLE_HOME% and %ORACLE_BASE% directories and subdirectories should be performed prior to placing the DBMS system into production. See checks DG0019, DO0120 and DG0102 for details on establishing a dedicated OS account for Oracle services on Windows platforms.
I
Information Assurance Officer
1368