CIS Oracle Server 12c DB Unified Auditing v3.0.0

Audit Details

Name: CIS Oracle Server 12c DB Unified Auditing v3.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: OracleDB

Revision: 1.4

Estimated Item Count: 88

File Details

Filename: CIS_Oracle_Server_12c_v3.0.0_L1_Database_Unified.audit

Size: 295 kB

MD5: 61f94704f240bae322c525736353ef87
SHA256: 6d49a926746a15b7aebdd9ab36e18752fb0250e3780276fee7da5f5a055a023c

Audit Items

DescriptionCategories
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed

CONFIGURATION MANAGEMENT

2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'

ACCESS CONTROL

2.2.4 Ensure 'O7_DICTIONARY_ACCESSIBILITY' Is Set to 'FALSE'

SYSTEM AND INFORMATION INTEGRITY

2.2.5 Ensure 'OS_ROLES' Is Set to 'FALSE'

ACCESS CONTROL

2.2.6 Ensure 'REMOTE_LISTENER' Is Empty

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

2.2.7 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'

ACCESS CONTROL

2.2.8 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'

IDENTIFICATION AND AUTHENTICATION

2.2.9 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'

IDENTIFICATION AND AUTHENTICATION

2.2.10 Ensure 'UTL_FILE_DIR' Is Empty

ACCESS CONTROL

2.2.11 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'

IDENTIFICATION AND AUTHENTICATION

2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less

ACCESS CONTROL

2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3'

ACCESS CONTROL

2.2.14 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'

AUDIT AND ACCOUNTABILITY

2.2.15 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'

ACCESS CONTROL

2.2.16 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'

ACCESS CONTROL

2.2.17 Ensure '_trace_files_public' Is Set to 'FALSE'

ACCESS CONTROL

2.2.18 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'

ACCESS CONTROL

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'

ACCESS CONTROL

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'

ACCESS CONTROL

3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'

ACCESS CONTROL

3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'

IDENTIFICATION AND AUTHENTICATION

3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'

IDENTIFICATION AND AUTHENTICATION

3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'

ACCESS CONTROL

3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles

IDENTIFICATION AND AUTHENTICATION

3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'

ACCESS CONTROL

3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'

ACCESS CONTROL

4.1 Ensure All Default Passwords Are Changed

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

4.2 Ensure All Sample Data And Users Have Been Removed

ACCESS CONTROL

4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any User

IDENTIFICATION AND AUTHENTICATION

4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile

ACCESS CONTROL

4.5 Ensure 'SYS.USER$MIG' Has Been Dropped

IDENTIFICATION AND AUTHENTICATION

5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Network' Packages

ACCESS CONTROL

5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'File System' Packages

ACCESS CONTROL

5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Encryption' Packages

ACCESS CONTROL

5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' Packages

ACCESS CONTROL

5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Job Scheduler' Packages

ACCESS CONTROL

5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'SQL Injection Helper' Packages

ACCESS CONTROL

5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' Packages

ACCESS CONTROL

5.1.3.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$'

ACCESS CONTROL

5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%'

ACCESS CONTROL

5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables

ACCESS CONTROL

5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL

5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES'

ACCESS CONTROL

5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN'

ACCESS CONTROL

5.2.4 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP'

ACCESS CONTROL

5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL

5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL

5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL

5.2.8 Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL

5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL