STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The Oracle Listener ADMIN_RESTRICTIONS parameter if present should be set to ON.

DISA Rule

SV-24949r1_rule

Vulnerability Number

V-3497

Group Title

Oracle listener ADMIN_RESTRICTIONS parameter

Rule Version

DO6740-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the listener.ora file and add the following line for each listener in use on the system:

ADMIN_RESTRICTIONS_[listener-name] = ON

Restart the listener to activate the setting.

Check Contents

If a listener is not running on the local database host server, this check is Not a Finding.

Use the LSNRCTL utility and issue the STATUS [listener-name] command to locate the listener.ora file.

Open the listener.ora file in a text editor or viewer.

Locate the line with ADMIN_RESTRICTIONS_[listener-name] = ON where listener-name is the alias of the listener supplied by the DBA.

If no such line is found, this is a Finding.

Repeat for each listener listed in the LISTENER.ORA file.

Vulnerability Number

V-3497

Documentable

False

Rule Version

DO6740-ORACLE11

Severity Override Guidance

If a listener is not running on the local database host server, this check is Not a Finding.

Use the LSNRCTL utility and issue the STATUS [listener-name] command to locate the listener.ora file.

Open the listener.ora file in a text editor or viewer.

Locate the line with ADMIN_RESTRICTIONS_[listener-name] = ON where listener-name is the alias of the listener supplied by the DBA.

If no such line is found, this is a Finding.

Repeat for each listener listed in the LISTENER.ORA file.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments