STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24597r1_rule
V-2420
DBMS software monitoring
DG0010-ORACLE11
CAT III
10
Develop, document and implement procedures to monitor changes made to the DBMS software.
Identify all database files and directories to be included in the host system or database backups and provide these to the person responsible for backups.
For Windows systems, you can use the dir /s > filename.txt run weekly to store and compare file modification/creation dates and file sizes using the DOS fc command.
For UNIX systems, you can use the ls –as >filename.txt command to store and compare (diff command) file statistics for comparison.
These are not as comprehensive as some tools available, but may be enhanced by including checks for checksums or file hashes.
Ask the DBA to describe/demonstrate any software modification detection procedures in place and request documents of these procedures for review.
Verify by reviewing reports for inclusion of the DBMS executable and configuration files.
If documented procedures and proof of implementation does not exist that includes review of the database software directories and database application directories, this is a Finding.
V-2420
False
DG0010-ORACLE11
Ask the DBA to describe/demonstrate any software modification detection procedures in place and request documents of these procedures for review.
Verify by reviewing reports for inclusion of the DBMS executable and configuration files.
If documented procedures and proof of implementation does not exist that includes review of the database software directories and database application directories, this is a Finding.
I
Information Assurance Officer
1368