STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24764r1_rule
V-15630
Sensitive data access
DG0122-ORACLE11
CAT II
10
Set UNIX permissions on critical files to 640 or more restrictive.
Check group membership of the group assigned access permissions to the database software to verify all members are authorized to have the assigned access.
Set Windows permissions to Full Control assigned to the Administrators, the Oracle service account and DBAs.
Remove any unauthorized account access.
Review file permissions defined for critical files.
Review the file permissions on the Binary initialization parameter file (the default name is spfile[SID].ora).
Binary initialization parameter files are by default located in the $ORACLE_HOME/dbs directory (UNIX) or %ORACLE_HOME%\database directory (Windows).
From SQL*Plus:
select value from v$parameter where name = 'spfile';
select member from v$logfile;
select name from v$datafile;
select name from v$controlfile;
Check directory and file permissions for the files returned by the SQL commands above, for the files located in the $ORACLE_HOME/network/admin directory (UNIX) or %ORACLE_HOME%\network\admin directory (Windows) and the directory specified by the TNS_ADMIN environment variable, if defined.
On UNIX systems:
ls –ld [pathname]
If permissions are granted for world access, this is a Finding.
If any groups that include members other than the Oracle process and software owner accounts, DBAs, auditors, or backup accounts are listed, this is a Finding.
On Windows Systems (From Windows Explorer):
Browse to the directory specified.
Select and right-click on the directory, select Properties, select the Security tab.
If permissions are granted to everyone, this is a Finding.
If any accounts other than the Oracle process and software owner accounts, Administrators, DBAs, System groups, auditors, or backup accounts are listed, this is a Finding.
V-15630
False
DG0122-ORACLE11
Review file permissions defined for critical files.
Review the file permissions on the Binary initialization parameter file (the default name is spfile[SID].ora).
Binary initialization parameter files are by default located in the $ORACLE_HOME/dbs directory (UNIX) or %ORACLE_HOME%\database directory (Windows).
From SQL*Plus:
select value from v$parameter where name = 'spfile';
select member from v$logfile;
select name from v$datafile;
select name from v$controlfile;
Check directory and file permissions for the files returned by the SQL commands above, for the files located in the $ORACLE_HOME/network/admin directory (UNIX) or %ORACLE_HOME%\network\admin directory (Windows) and the directory specified by the TNS_ADMIN environment variable, if defined.
On UNIX systems:
ls –ld [pathname]
If permissions are granted for world access, this is a Finding.
If any groups that include members other than the Oracle process and software owner accounts, DBAs, auditors, or backup accounts are listed, this is a Finding.
On Windows Systems (From Windows Explorer):
Browse to the directory specified.
Select and right-click on the directory, select Properties, select the Security tab.
If permissions are granted to everyone, this is a Finding.
If any accounts other than the Oracle process and software owner accounts, Administrators, DBAs, System groups, auditors, or backup accounts are listed, this is a Finding.
M
Database Administrator
1367