STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24549r2_rule
V-2527
Oracle DBA role assignment
DO3440-ORACLE11
CAT II
10
Authorize and document all DBA role authorizations in the System Security Plan.
Revoke DBA role membership from unauthorized accounts.
Revoke DBA role membership from any accounts assigned to a developer job function on a shared production / development database.
From SQL*Plus (NOTE: The owner list below is a short list of all possible default Oracle accounts):
select grantee from dba_role_privs
where granted_role='DBA'
and grantee not in
('SYS', 'SYSTEM', 'SYSMAN', 'CTXSYS', 'WKSYS');
If any accounts are listed, review against the list of DBA accounts authorized by the IAO in the System Security Plan.
If any accounts are assigned the DBA role and are not authorized by the IAO, this is a Finding.
If any DBA roles are assigned to developer accounts and this is a production database, this is a Finding.
If any DBA roles are assigned to shared accounts, this is a Finding.
V-2527
True
DO3440-ORACLE11
From SQL*Plus (NOTE: The owner list below is a short list of all possible default Oracle accounts):
select grantee from dba_role_privs
where granted_role='DBA'
and grantee not in
('SYS', 'SYSTEM', 'SYSMAN', 'CTXSYS', 'WKSYS');
If any accounts are listed, review against the list of DBA accounts authorized by the IAO in the System Security Plan.
If any accounts are assigned the DBA role and are not authorized by the IAO, this is a Finding.
If any DBA roles are assigned to developer accounts and this is a production database, this is a Finding.
If any DBA roles are assigned to shared accounts, this is a Finding.
M
Information Assurance Officer
1367