CIS Oracle Server 19c DB Traditional Auditing v1.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle Server 19c DB Traditional Auditing v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: OracleDB

Revision: 1.5

Estimated Item Count: 82

File Details

Filename: CIS_Oracle_Server_19c_v1.1.0_L1_Database_Traditional.audit

Size: 239 kB

MD5: 386b9d03a48b88b27984fb7d424806f6
SHA256: f9da89b3e7ec6412451912109e07c60b54a2a830bde33a413b038894437fbc73

Audit Items

DescriptionCategories
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed
2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'
2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED'
2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'
2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE'
2.2.5 Ensure 'REMOTE_LISTENER' Is Empty
2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'
2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'
2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'
2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less
2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'
2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'
2.2.13 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'
2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'
2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE'
2.2.16 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'
2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'
3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'
3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'
3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'
4.1 Ensure All Default Passwords Are Changed
4.2 Ensure All Sample Data And Users Have Been Removed
4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any User
4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile
4.5 Ensure 'SYS.USER$MIG' Has Been Dropped
4.6 Ensure No Public Database Links Exist
5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Network' Packages - Network Packages
5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'File System' Packages - File System Packages
5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Encryption' Packages - Encryption Packages
5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' Packages - Java Packages
5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Job Scheduler' Packages - Job Scheduler Packages
5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'SQL Injection Helper' Packages - SQL Injection Helper Packages
5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_CREDENTIAL' Package
5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' Packages - Non-default Packages
5.1.3.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$'
5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%'
5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables
5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'
5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES'
5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN'
5.2.4 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP'
5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE'
5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'