STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The Oracle REMOTE_LOGIN_PASSWORDFILE parameter should be set to EXCLUSIVE or NONE.

DISA Rule

SV-24922r2_rule

Vulnerability Number

V-2558

Group Title

Oracle REMOTE_LOGIN_PASSWORDFILE parameter

Rule Version

DO3546-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Disable use of the remote_login_passwordfile where remote administration is not authorized by specifying a value of NONE.

If authorized, restrict use of a password file to exclusive use by each database by specifying a value of EXCLUSIVE.

From SQL*Plus:

alter system set remote_login_passwordfile = 'EXCLUSIVE' scope = spfile;

OR

alter system set remote_login_passwordfile = 'NONE' scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

Check Contents

From SQL*Plus:

select value from v$parameter where name = 'remote_login_passwordfile';

If the value returned does not equal 'EXCLUSIVE' or 'NONE', this is a Finding.

Vulnerability Number

V-2558

Documentable

False

Rule Version

DO3546-ORACLE11

Severity Override Guidance

From SQL*Plus:

select value from v$parameter where name = 'remote_login_passwordfile';

If the value returned does not equal 'EXCLUSIVE' or 'NONE', this is a Finding.

The Oracle REMOTE_LOGIN_PASSWORDFILE parameter should be set to EXCLUSIVE or NONE.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments