STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Administrative privileges should be assigned to database accounts via database roles.

DISA Rule

SV-24422r2_rule

Vulnerability Number

V-15627

Group Title

DBMS administrative privilege assignment

Rule Version

DG0117-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Revoke assigned administrative privileges from database accounts and assign to accounts via roles.

Document roles and assignments in the System Security Plan.

Check Contents

From SQL*Plus (NOTE: The owner list below is a short list of all possible default Oracle accounts):

select grantee||': '||privilege
from dba_sys_privs
where grantee not in
('SYS', 'SYSTEM', 'SYSMAN', 'CTXSYS', 'MDSYS', 'WKSYS')
and grantee not in
(select distinct granted_role from dba_role_privs)
and privilege <> 'UNLIMITED TABLESPACE'
order by grantee;

NOTE: Disregard any default database component account privilege assignments that may be returned.

If administrative privileges have been assigned directly to an account, this is a Finding.

Vulnerability Number

V-15627

Documentable

False

Rule Version

DG0117-ORACLE11

Severity Override Guidance

From SQL*Plus (NOTE: The owner list below is a short list of all possible default Oracle accounts):

select grantee||': '||privilege
from dba_sys_privs
where grantee not in
('SYS', 'SYSTEM', 'SYSMAN', 'CTXSYS', 'MDSYS', 'WKSYS')
and grantee not in
(select distinct granted_role from dba_role_privs)
and privilege <> 'UNLIMITED TABLESPACE'
order by grantee;

NOTE: Disregard any default database component account privilege assignments that may be returned.

If administrative privileges have been assigned directly to an account, this is a Finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1367

Comments