Jul 15, 2024 Functional Update- 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed
- 2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less
- 2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'
- 2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'
- 2.2.13 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'
- 2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'
- 2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE'
- 2.2.16 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'
- 2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null
- 2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'
- 2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE'
- 2.2.5 Ensure 'REMOTE_LISTENER' Is Empty
- 2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'
- 2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'
- 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'
- 2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'
- 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'
- 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'
- 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'
- 3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'
- 3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'
- 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'
- 3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles
- 3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'
- 3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'
- 4.2 Ensure All Sample Data And Users Have Been Removed
- 4.5 Ensure 'SYS.USER$MIG' Has Been Dropped
- 5.2.10 Ensure 'CREATE PROCEDURE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.11 Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.12 Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.13 Ensure 'CREATE LIBRARY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.15 Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.8 Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.1 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.2 Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.3 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.4 Ensure AUDIT_ADMIN' Is Revoked from Unauthorized 'GRANTEE'
- 6.2.1 Ensure the 'CREATE USER' Action Audit Is Enabled
- 6.2.10 Ensure the 'ALTER PROFILE' Action Audit Is Enabled
- 6.2.11 Ensure the 'DROP PROFILE' Action Audit Is Enabled
- 6.2.12 Ensure the 'CREATE DATABASE LINK' Action Audit Is Enabled
- 6.2.13 Ensure the 'ALTER DATABASE LINK' Action Audit Is Enabled
- 6.2.14 Ensure the 'DROP DATABASE LINK' Action Audit Is Enabled
- 6.2.15 Ensure the 'CREATE SYNONYM' Action Audit Is Enabled
- 6.2.16 Ensure the 'ALTER SYNONYM' Action Audit Is Enabled
- 6.2.17 Ensure the 'DROP SYNONYM' Action Audit Is Enabled
- 6.2.18 Ensure the 'SELECT ANY DICTIONARY' Privilege Audit Is Enabled
- 6.2.19 Ensure the 'AUDSYS.AUD$UNIFIED' Access Audit Is Enabled
- 6.2.2 Ensure the 'ALTER USER' Action Audit Is Enabled
- 6.2.20 Ensure the 'CREATE PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled
- 6.2.21 Ensure the 'ALTER PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled
- 6.2.22 Ensure the 'DROP PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled
- 6.2.23 Ensure the 'ALTER SYSTEM' Action Audit is Enabled
- 6.2.24 Ensure the 'CREATE TRIGGER' Action Audit Is Enabled
- 6.2.25 Ensure the 'ALTER TRIGGER' Action Audit IS Enabled
- 6.2.26 Ensure the 'DROP TRIGGER' Action Audit Is Enabled
- 6.2.27 Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is Enabled
- 6.2.3 Ensure the 'DROP USER' Audit Option Is Enabled
- 6.2.4 Ensure the 'CREATE ROLE' Action Audit Is Enabled
- 6.2.5 Ensure the 'ALTER ROLE' Action Audit Is Enabled
- 6.2.6 Ensure the 'DROP ROLE' Action Audit Is Enabled
- 6.2.7 Ensure the 'GRANT' Action Audit Is Enabled
- 6.2.8 Ensure the 'REVOKE' Action Audit Is Enabled
- 6.2.9 Ensure the 'CREATE PROFILE' Action Audit Is Enabled
Informational Update- 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed
- 2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less
- 2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'
- 2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'
- 2.2.13 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'
- 2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'
- 2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE'
- 2.2.16 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'
- 2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null
- 2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'
- 2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE'
- 2.2.5 Ensure 'REMOTE_LISTENER' Is Empty
- 2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'
- 2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'
- 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'
- 2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'
- 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'
- 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'
- 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'
- 3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'
- 3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'
- 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'
- 3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles
- 3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'
- 3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'
- 4.1 Ensure All Default Passwords Are Changed
- 4.2 Ensure All Sample Data And Users Have Been Removed
- 4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any User
- 4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile
- 4.5 Ensure 'SYS.USER$MIG' Has Been Dropped
- 5.1.3.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$'
- 5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%'
- 5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables
- 5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.10 Ensure 'CREATE PROCEDURE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.11 Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.12 Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.13 Ensure 'CREATE LIBRARY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.15 Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES'
- 5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN'
- 5.2.4 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP'
- 5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.8 Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE'
- 5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.1 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.2 Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.3 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE'
- 5.3.4 Ensure AUDIT_ADMIN' Is Revoked from Unauthorized 'GRANTEE'
- 6.2.1 Ensure the 'CREATE USER' Action Audit Is Enabled
- 6.2.10 Ensure the 'ALTER PROFILE' Action Audit Is Enabled
- 6.2.11 Ensure the 'DROP PROFILE' Action Audit Is Enabled
- 6.2.12 Ensure the 'CREATE DATABASE LINK' Action Audit Is Enabled
- 6.2.13 Ensure the 'ALTER DATABASE LINK' Action Audit Is Enabled
- 6.2.14 Ensure the 'DROP DATABASE LINK' Action Audit Is Enabled
- 6.2.15 Ensure the 'CREATE SYNONYM' Action Audit Is Enabled
- 6.2.16 Ensure the 'ALTER SYNONYM' Action Audit Is Enabled
- 6.2.17 Ensure the 'DROP SYNONYM' Action Audit Is Enabled
- 6.2.18 Ensure the 'SELECT ANY DICTIONARY' Privilege Audit Is Enabled
- 6.2.19 Ensure the 'AUDSYS.AUD$UNIFIED' Access Audit Is Enabled
- 6.2.2 Ensure the 'ALTER USER' Action Audit Is Enabled
- 6.2.20 Ensure the 'CREATE PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled
- 6.2.21 Ensure the 'ALTER PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled
- 6.2.22 Ensure the 'DROP PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled
- 6.2.23 Ensure the 'ALTER SYSTEM' Action Audit is Enabled
- 6.2.24 Ensure the 'CREATE TRIGGER' Action Audit Is Enabled
- 6.2.25 Ensure the 'ALTER TRIGGER' Action Audit IS Enabled
- 6.2.26 Ensure the 'DROP TRIGGER' Action Audit Is Enabled
- 6.2.27 Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is Enabled
- 6.2.3 Ensure the 'DROP USER' Audit Option Is Enabled
- 6.2.4 Ensure the 'CREATE ROLE' Action Audit Is Enabled
- 6.2.5 Ensure the 'ALTER ROLE' Action Audit Is Enabled
- 6.2.6 Ensure the 'DROP ROLE' Action Audit Is Enabled
- 6.2.7 Ensure the 'GRANT' Action Audit Is Enabled
- 6.2.8 Ensure the 'REVOKE' Action Audit Is Enabled
- 6.2.9 Ensure the 'CREATE PROFILE' Action Audit Is Enabled
Miscellaneous- Metadata updated.
- Platform check updated.
- References updated.
Added- 5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on \"Network\" Packages
- 5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on \"File System\" Packages
- 5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on \"Encryption\" Packages
- 5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on \"Java\" Packages
- 5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on \"Job Scheduler\" Packages
- 5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on \"SQL Injection Helper\" Packages
- 5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on \"DBMS_CREDENTIAL\" Package
- 5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on \"Non-default\" Packages
Removed- 5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Network' Packages
- 5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'File System' Packages
- 5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Encryption' Packages
- 5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' Packages
- 5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Job Scheduler' Packages
- 5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'SQL Injection Helper' Packages
- 5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_CREDENTIAL' Package
- 5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' Packages
|
Jun 17, 2024 |