| 2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 11g' | |
| 2.02 Version/Patches - 'Ensure the latest version of Oracle software is being used, and the latest patches are from Metalink are applied' | |
| 2.03 Minimal Install - 'Ensure that only the Oracle components necessary to your environment are selected for installation' | |
| 2.04 tkprof - 'Remove from system' | |
| 2.05 listener.ora - 'Change default name of listener' | CONFIGURATION MANAGEMENT |
| 2.07 otrace - 'Disable' | CONFIGURATION MANAGEMENT |
| 2.08 Listener password - 'Use OS Authentication' | IDENTIFICATION AND AUTHENTICATION |
| 2.13 Service or SID name - 'Non-default' | CONFIGURATION MANAGEMENT |
| 3.01 Files in $ORACLE_HOME/bin - 'Verify and set ownership' | |
| 3.02 Files in $ORACLE_HOME/bin - '0755 or less' | |
| 3.03 Files in $ORACLE_HOME (not including $ORACLE_HOME/bin) - 'Permissions set to 0750 or less on Unix Systems' | CONFIGURATION MANAGEMENT |
| 3.04 Oracle account .profile file - 'Unix systems umask 022' | ACCESS CONTROL |
| 3.05 init.ora - 'Verify and restrict permissions' | |
| 3.06 spfile.ora - 'Verify and restrict permissions' | |
| 3.07 Database datafiles - 'Verify and restrict permissions' | |
| 3.08 init.ora - 'Verify permissions of file referenced by ifile parameter' | |
| 3.09 init.ora - 'audit_file_dest parameter settings' | |
| 3.10 init.ora - 'diagonostic_dest parameter settings' | |
| 3.11 init.ora - 'control_files parameter settings' | |
| 3.12 init.ora - 'log_archive_dest_n parameter settings' | |
| 3.13 Files in $ORACLE_HOME/network/admin directory - 'Verify and set permissions' | |
| 3.14 sqlnet.ora - 'Verify and set permissions with read permissions for everyone' | |
| 3.15 sqlnet.ora - 'log_directory_client parameter settings' | |
| 3.16 sqlnet.ora - 'log_directory_server parameter settings' | |
| 3.17 sqlnet.ora - 'trace_directory_client parameter settings' | |
| 3.18 sqlnet.ora - 'trace_directory_server parameter settings' | |
| 3.19 listener.ora - 'Verify and set permissions' | |
| 3.20 listener.ora - 'log_file_listener parameter settings' | |
| 3.21 listener.ora - 'trace_directory_listener_name parameter settings' | |
| 3.22 listener.ora - 'trace_file_listener_name parameter settings' | |
| 3.23 sqlplus - 'Verify and set permissions' | |
| 3.24 .htaccess - 'Verify and set permissions' | |
| 3.25 dads.conf - 'Verify and set permissions' | |
| 3.26 xsqlconfig.xml - 'Verify and set permissions' | |
| 4.01 init.ora - '_trace_files_public = FALSE' | ACCESS CONTROL |
| 4.02 init.ora - 'global_names = TRUE' | CONFIGURATION MANAGEMENT |
| 4.03 init.ora - 'remote_os_authent = FALSE' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.04 init.ora - 'remote_os_roles = FALSE' | ACCESS CONTROL |
| 4.05 init.ora - 'remote_listener = NULL String' | CONFIGURATION MANAGEMENT |
| 4.06 init.ora - 'audit_trail parameter set to OS, DB, DB_EXTENDED, XML, or XML, EXTENDED' | AUDIT AND ACCOUNTABILITY |
| 4.07 init.ora - 'os_authent_prefix = NULL String' | ACCESS CONTROL |
| 4.08 init.ora - 'os_roles = FALSE' | ACCESS CONTROL |
| 4.09 init.ora - 'Avoid using utl_file_dir parameters' | CONFIGURATION MANAGEMENT |
| 4.10 init.ora - 'Establish redundant physically separate locations for redo log files.' | AUDIT AND ACCOUNTABILITY |
| 4.11 init.ora - 'Specify redo logging must be successful.' | AUDIT AND ACCOUNTABILITY |
| 4.14 listener.ora - 'logging_listener = ON' | AUDIT AND ACCOUNTABILITY |
| 4.15 Database object definition NOLOGGING clause - 'Do not leave database objects in NOLOGGING mode in production environments.' | |
| 4.33 init.ora - 'sec_case_sensitive_logon = TRUE' | IDENTIFICATION AND AUTHENTICATION |
| 4.34 init.ora - 'sec_max_failed_login_attempts = 3' | ACCESS CONTROL |
| 4.35 init.ora - 'sec_protocol_error_further_action = DELAY <seconds> or DROP <seconds>' | SYSTEM AND COMMUNICATIONS PROTECTION |
