CIS Oracle 9/10 OS Audit L1 v2.01

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle 9/10 OS Audit L1 v2.01

Updated: 7/30/2020

Authority: CIS

Plugin: Unix

Revision: 1.22

Estimated Item Count: 108

Audit Changelog


Revision 1.22 Jul 30, 2020 Miscellaneous Audit deprecated. Metadata updated.
Revision 1.21 Apr 22, 2020 Miscellaneous Metadata updated. References updated.
Revision 1.20 Aug 5, 2019 Miscellaneous Metadata updated. See also link updated.
Revision 1.19 Feb 8, 2019 Miscellaneous Metadata updated. References updated.
Revision 1.18 Dec 14, 2018 Informational Update 10.01 Enterprise Management studio mode - 'Access to the enterprise management in studio must be limited' 10.02 Enterprise Manager Agent File uploads - 'Monitor the size of file uploads from the enterprise agent' 10.03 Enterprise Manager Framework Security - 'Where possible, utilize Enterprise Manager Framework Security Functionality' 10.05 Enterprise Manager Framework Security - 'In command line mode, avoid using commands that contain passwords in the arguments.' 11.01 ADDM - 'Verify ADDM suggestions' 11.02 AMM - 'Monitor AMM' 11.03 AWR - 'Implement AWR to record all database performance statistics over a defined time period.' 12.01 Oracle alert log file - 'Review contents' 12.02 Database creation scripts on host - 'Remove or secure' 12.05 Sensitive information in process list on host - 'Avoid or encrypt' 12.06 Sensitive information in cron jobs on host - 'Avoid or encrypt' 12.07 Sensitive information in at jobs (or jobs in Windows scheduler) on host - 'Avoid or encrypt' 12.08 Sensitive information in environment variables on host - 'Avoid or encrypt' 12.09 Sensitive information in batch files on host - 'Avoid or encrypt' 12.10 Oracle file locations - 'Separate for performance' 12.11 File systems - 'Separate Oracle files from non-Oracle Files' 12.12 Optimal Flexible Architecture - 'Implement' 12.13 Checksum PL/SQL code - 'Implement' 12.14 All database objects - 'Monitor' 12.15 Ad-hoc queries on production databases - 'Avoid' 12.16 Media integrity - 'Verify' 12.17 Remote shell access on host - 'Encrypt session' 12.18 Applications with database access - 'Review' 12.19 Location of development database - 'Separate server from production database' 12.20 Network location of production and development databases - 'Separate' 12.21 Monitor for development on production databases - 'Prevent development on production databases' 12.22 Access to production databases - 'Avoid access from development or test databases' 12.23 Developer access to production databases - 'Disallow' 12.24 Developer accounts on production databases - 'Remove' 12.25 Databases created from production exports - 'Change passwords' 12.26 Databases created from production systems - 'Remove sensitive data' 12.27 Account Management - 'Document and enforce account management procedures' 12.28 Change Control - 'Document and enforce change control procedures' 12.29 Disaster recovery procedures - 'Review' 12.30 Backdoors - 'Eliminate' 12.31 Public dissemination of database information - 'Disallow' 12.32 Screen saver - 'Set screen saver/lock with password protection of 15 minutes' 12.33 Distribution of tnsnames.ora files to clients - 'Include only tnsnames.ora when distributing to clients' 12.34 Put database in archivelog mode (if appropriate to database function). - 'Start the database in mount mode' 12.35 Event and System Logs - 'Monitor' 12.36 Access to database objects by a fixed user link - 'Disallow' 2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 10g' 2.02 Version/Patches - 'Ensure the latest version of Oracle software is being used, and the latest patches from Metalink have been applied' 2.07 Listener password - 'Encrypt the Listener Password' 2.07 Listener password - 'Use Integrated Authentication' 2.08 Default Accounts (created by Oracle) - '1.Drop the user 2.Lock the user account 3.Change the default password' 4.16 Data logs - 'Use ARCHIVELOG mode for data logs by the command ALTER DATABASE ARCHIVELOG.' 4.17 SQL key word NOLOGGING - 'Be aware of the potential for malicious code that can be performed without an audit trail using NOLOGGING.' 6.01 Advanced queuing in asynchronous messaging - 'Empty queue at shutdown of Oracle' 6.02 Cache - 'Cache must be emptied at shutdown of Oracle' 7.01 Redo logs - 'Mirror' 7.02 Control files - 'Multiplex control files to multiple physical disks' 7.03 Control files - 'Mirror' 7.04 Archive logs - 'Ensure there is sufficient space for the archive logging process' Miscellaneous Metadata updated. References updated.