STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS audit logs should be included in backup operations.

DISA Rule

SV-24825r1_rule

Vulnerability Number

V-15117

Group Title

DBMS audit log backups

Rule Version

DG0176-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Document and implement locations of trace, log and alert locations in the System Security Plan.

Include all trace, log and alert files in regular backups.

Check Contents

Oracle audit events are logged to error logs, trace files, host system logs and may be stored in database tables.

For each Oracle database on the host, determine the location of the database audit trail.

From SQL*Plus:

select value from v$parameter where name = 'audit_trail';

If the audit trail is directed to database tables (DB*), ensure the audit table data is included in the database backups.

Backups of host system log files are covered in host system security reviews and are not covered here.

Other Oracle log files include:

- Listener trace file (specified in the listener.ora file)
- SQLNet trace file (specified in the sqlnet.ora file)
- Oracle database alert and trace files (specified in Oracle parameters):
-- audit_file_dest
-- db_recovery_file_dest
-- diagnostic_dest – 11.1 and higher
-- log_archive_dest
-- log_archive_dest_n

If evidence of inclusion of all audit log files in regular DBMS or host backups does not exist, this is a Finding.

Vulnerability Number

V-15117

Documentable

False

Rule Version

DG0176-ORACLE11

Severity Override Guidance

Oracle audit events are logged to error logs, trace files, host system logs and may be stored in database tables.

For each Oracle database on the host, determine the location of the database audit trail.

From SQL*Plus:

select value from v$parameter where name = 'audit_trail';

If the audit trail is directed to database tables (DB*), ensure the audit table data is included in the database backups.

Backups of host system log files are covered in host system security reviews and are not covered here.

Other Oracle log files include:

- Listener trace file (specified in the listener.ora file)
- SQLNet trace file (specified in the sqlnet.ora file)
- Oracle database alert and trace files (specified in Oracle parameters):
-- audit_file_dest
-- db_recovery_file_dest
-- diagnostic_dest – 11.1 and higher
-- log_archive_dest
-- log_archive_dest_n

If evidence of inclusion of all audit log files in regular DBMS or host backups does not exist, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments