CIS Oracle Server 19c DB Traditional Auditing v1.2.0

Audit Details

Name: CIS Oracle Server 19c DB Traditional Auditing v1.2.0

Updated: 7/15/2024

Authority: CIS

Plugin: OracleDB

Revision: 1.2

Estimated Item Count: 82

File Details

Filename: CIS_Oracle_Server_19c_v1.2.0_L1_Database_Traditional.audit

Size: 372 kB

MD5: 6a41102f9e2544c2c510e50439060e77
SHA256: 508f0d6cdd46752ce2620a0c60b9b33b37a0ef29a6c0051b705da2396d6aee0b

Audit Items

DescriptionCategories
1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed

SYSTEM AND SERVICES ACQUISITION

2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'

AUDIT AND ACCOUNTABILITY

2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED'

AUDIT AND ACCOUNTABILITY

2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'

ACCESS CONTROL, MEDIA PROTECTION

2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE'

ACCESS CONTROL, MEDIA PROTECTION

2.2.5 Ensure 'REMOTE_LISTENER' Is Empty

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'

ACCESS CONTROL

2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'

ACCESS CONTROL

2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'

ACCESS CONTROL

2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'

IDENTIFICATION AND AUTHENTICATION

2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less

ACCESS CONTROL

2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'

AUDIT AND ACCOUNTABILITY

2.2.13 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'

ACCESS CONTROL, MEDIA PROTECTION

2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'

ACCESS CONTROL, MEDIA PROTECTION

2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE'

ACCESS CONTROL, MEDIA PROTECTION

2.2.16 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'

ACCESS CONTROL, MEDIA PROTECTION

2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null

ACCESS CONTROL

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'

ACCESS CONTROL

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'

ACCESS CONTROL

3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'

ACCESS CONTROL

3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'

IDENTIFICATION AND AUTHENTICATION

3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'

IDENTIFICATION AND AUTHENTICATION

3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'

ACCESS CONTROL

3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles

IDENTIFICATION AND AUTHENTICATION

3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'

ACCESS CONTROL

3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'

ACCESS CONTROL

4.1 Ensure All Default Passwords Are Changed

IDENTIFICATION AND AUTHENTICATION

4.2 Ensure All Sample Data And Users Have Been Removed

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any User

ACCESS CONTROL

4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile

ACCESS CONTROL

4.5 Ensure 'SYS.USER$MIG' Has Been Dropped

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.6 Ensure No Public Database Links Exist

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Network" Packages

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "File System" Packages

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Encryption" Packages

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Java" Packages

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Job Scheduler" Packages

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "SQL Injection Helper" Packages

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "DBMS_CREDENTIAL" Package

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on "Non-default" Packages

ACCESS CONTROL, MEDIA PROTECTION

5.1.3.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$'

ACCESS CONTROL, MEDIA PROTECTION

5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%'

ACCESS CONTROL, MEDIA PROTECTION

5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables

ACCESS CONTROL, MEDIA PROTECTION

5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL, MEDIA PROTECTION

5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES'

ACCESS CONTROL, MEDIA PROTECTION

5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN'

ACCESS CONTROL, MEDIA PROTECTION

5.2.4 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP'

ACCESS CONTROL, MEDIA PROTECTION

5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL, MEDIA PROTECTION

5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'

ACCESS CONTROL, MEDIA PROTECTION