STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-72019r1_rule
V-57609
Dedicated directory for DBMS audit files
DG7001-ORACLE11
CAT II
10
Alter host system permissions to the AUDIT_FILE_DEST directory to the Oracle process and software owner accounts, DBAs, backup accounts, SAs (if required), and auditors.
Authorize and document user access requirements to the directory outside of the Oracle, DBA, and SA account list in the System Security Plan.
From SQL*Plus:
select value from v$parameter where name = 'audit_trail';
select value from v$parameter where name = 'audit_file_dest';
If audit_trail is NOT set to TRUE, OS, XML, or XML, EXTENDED per MetaLink Note 30690.1, this is not a finding.
On UNIX Systems:
ls -ld [pathname]
Replace [pathname] with the directory path listed from the above SQL command for audit_file_dest.
If permissions are granted for world access, this is a finding.
If any groups that include members other than the Oracle process and software owner accounts, DBAs, auditors, or backup accounts are listed, this is a finding.
Compare path to $ORACLE_HOME. If audit_file_dest is a subdirectory of $ORACLE_HOME, this is a finding.
On Windows Systems (from Windows Explorer):
Browse to the directory specified. Select and right-click on the directory, select Properties, select the Security tab. On Windows hosts, records are also written to the Windows application event
log. The location of the application event log is listed under Properties for the log under the Windows console. The default location is C:\WINDOWS\system32\config\EventLogs\AppEvent.Evt.
If permissions are granted to everyone, this is a Finding. If any accounts other than the Administrators, DBAs, System group, auditors, or backup operators are listed, this is a finding.
Compare path to %ORACLE_HOME%. If audit_file_dest is a subdirectory of %ORACLE_HOME%, this is a finding.
V-57609
True
DG7001-ORACLE11
From SQL*Plus:
select value from v$parameter where name = 'audit_trail';
select value from v$parameter where name = 'audit_file_dest';
If audit_trail is NOT set to TRUE, OS, XML, or XML, EXTENDED per MetaLink Note 30690.1, this is not a finding.
On UNIX Systems:
ls -ld [pathname]
Replace [pathname] with the directory path listed from the above SQL command for audit_file_dest.
If permissions are granted for world access, this is a finding.
If any groups that include members other than the Oracle process and software owner accounts, DBAs, auditors, or backup accounts are listed, this is a finding.
Compare path to $ORACLE_HOME. If audit_file_dest is a subdirectory of $ORACLE_HOME, this is a finding.
On Windows Systems (from Windows Explorer):
Browse to the directory specified. Select and right-click on the directory, select Properties, select the Security tab. On Windows hosts, records are also written to the Windows application event
log. The location of the application event log is listed under Properties for the log under the Windows console. The default location is C:\WINDOWS\system32\config\EventLogs\AppEvent.Evt.
If permissions are granted to everyone, this is a Finding. If any accounts other than the Administrators, DBAs, System group, auditors, or backup operators are listed, this is a finding.
Compare path to %ORACLE_HOME%. If audit_file_dest is a subdirectory of %ORACLE_HOME%, this is a finding.
M
1368