STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

DBMS service identification should be unique and clearly identifies the service.

DISA Rule

SV-24415r1_rule

Vulnerability Number

V-15622

Group Title

DBMS service identification

Rule Version

DG0104-ORACLE11

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Follow the instructions in Oracle Doc ID: 15390.1 to change the SID without re-creating the database.

Set the value so that it does not identify the Oracle version and clearly identifies its purpose.

Check Contents

Review the Oracle instance names on the DBMS host:

On UNIX platforms:
Solaris: cat /var/opt/oracle/oratab
Other UNIX: cat /etc/oratab

The format of lines in the oratab file is:
sid:oracle_home_directory:Y or N

The instance name is the sid.

On Windows platforms:
Go to Start / Administrative Tools / Services

View service names that begin with "OracleService".

The remainder of the service name is the instance name.
Example: OracleServicesalesDB -- where salesDB is the instance name

If instance names are listed and do not clearly identify the use of the instance or clearly differentiate individual instances, this is a Finding.

An example of instance naming that meets the requirement: prdinv01 (Production Inventory Database #1), dvsales02 (Development Sales Database #2), orfindb1 (Oracle Financials Database #1).

Examples of instance naming that do not meet the requirement: Instance1, MyInstance, orcl, 10gdb1

Interview the DBA to get an understanding of the naming scheme used to determine if the names are clear differentiations.

Vulnerability Number

V-15622

Documentable

False

Rule Version

DG0104-ORACLE11

Severity Override Guidance

Review the Oracle instance names on the DBMS host:

On UNIX platforms:
Solaris: cat /var/opt/oracle/oratab
Other UNIX: cat /etc/oratab

The format of lines in the oratab file is:
sid:oracle_home_directory:Y or N

The instance name is the sid.

On Windows platforms:
Go to Start / Administrative Tools / Services

View service names that begin with "OracleService".

The remainder of the service name is the instance name.
Example: OracleServicesalesDB -- where salesDB is the instance name

If instance names are listed and do not clearly identify the use of the instance or clearly differentiate individual instances, this is a Finding.

An example of instance naming that meets the requirement: prdinv01 (Production Inventory Database #1), dvsales02 (Development Sales Database #2), orfindb1 (Oracle Financials Database #1).

Examples of instance naming that do not meet the requirement: Instance1, MyInstance, orcl, 10gdb1

Interview the DBA to get an understanding of the naming scheme used to determine if the names are clear differentiations.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments