Detections
Analytics

CIS Oracle Server 18c DB Unified Auditing v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle Server 18c DB Unified Auditing v1.0.0

Updated: 9/13/2023

Authority: CIS

Plugin: OracleDB

Revision: 1.2

Estimated Item Count: 86

File Details

Filename: CIS_Oracle_Server_18c_v1.0.0_L1_Database_Unified.audit

Size: 141 kB

MD5: bc435e36b1873d430bf4fc81defc318d
SHA256: bbb6aa7a2124cb5fc446bbd73b33cb4ed52ee3cd25f14dd346f4a10b30054b45

Audit Items

DescriptionCategories
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed
2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'
2.2.4 Ensure 'O7_DICTIONARY_ACCESSIBILITY' Is Set to 'FALSE'
2.2.5 Ensure 'OS_ROLES' Is Set to 'FALSE'
2.2.6 Ensure 'REMOTE_LISTENER' Is Empty
2.2.7 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'
2.2.8 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'
2.2.9 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'
2.2.10 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'
2.2.11 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less
2.2.12 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'
2.2.13 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'
2.2.14 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'
2.2.15 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'
2.2.16 Ensure '_trace_files_public' Is Set to 'FALSE'
2.2.17 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'
3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'
3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'
4.1 Ensure All Default Passwords Are Changed
4.2 Ensure All Sample Data And Users Have Been Removed
4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any User
4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile
4.5 Ensure 'SYS.USER$MIG' Has Been Dropped
5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Network' Packages - Network Packages
5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'File System' Packages - File System Packages
5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Encryption' Packages - Encryption Packages
5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' Packages - Java Packages
5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Job Scheduler' Packages - Job Scheduler Packages
5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'SQL Injection Helper' Packages - SQL Injection Helper Packages
5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' Packages - Non-default Packages
5.1.3.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$'
5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%'
5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables
5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'
5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES'
5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN'
5.2.4 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP'
5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE'
5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'
5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'
5.2.8 Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE'
5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE'
5.2.10 Ensure 'CREATE PROCEDURE' Is Revoked from Unauthorized 'GRANTEE'