CIS v1.1.0 Oracle 11g OS L1

Audit Details

Name: CIS v1.1.0 Oracle 11g OS L1

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.33

Estimated Item Count: 110

File Details

Filename: CIS_v1.1.0_Oracle_11g_OS_Unix_Linux_Level_1.audit

Size: 108 kB

MD5: 43c80fd604754e31cb29cf7d82978346
SHA256: e348e58433c0029fd69264c3474dee2a7430b3412b53d0c8e00dfdd1cda048c7

Audit Items

DescriptionCategories
2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 11g'
2.02 Version/Patches - 'Ensure the latest version of Oracle software is being used, and the latest patches are from Metalink are applied'
2.03 Minimal Install - 'Ensure that only the Oracle components necessary to your environment are selected for installation'
2.04 tkprof - 'Remove from system'
2.05 listener.ora - 'Change default name of listener'

CONFIGURATION MANAGEMENT

2.07 otrace - 'Disable'

CONFIGURATION MANAGEMENT

2.08 Listener password - 'Use OS Authentication'

IDENTIFICATION AND AUTHENTICATION

2.13 Service or SID name - 'Non-default'

CONFIGURATION MANAGEMENT

3.01 Files in $ORACLE_HOME/bin - 'Verify and set ownership'
3.02 Files in $ORACLE_HOME/bin - '0755 or less'
3.03 Files in $ORACLE_HOME (not including $ORACLE_HOME/bin) - 'Permissions set to 0750 or less on Unix Systems'

CONFIGURATION MANAGEMENT

3.04 Oracle account .profile file - 'Unix systems umask 022'

ACCESS CONTROL

3.05 init.ora - 'Verify and restrict permissions'
3.06 spfile.ora - 'Verify and restrict permissions'
3.07 Database datafiles - 'Verify and restrict permissions'
3.08 init.ora - 'Verify permissions of file referenced by ifile parameter'
3.09 init.ora - 'audit_file_dest parameter settings'
3.10 init.ora - 'diagonostic_dest parameter settings'
3.11 init.ora - 'control_files parameter settings'
3.12 init.ora - 'log_archive_dest_n parameter settings'
3.13 Files in $ORACLE_HOME/network/admin directory - 'Verify and set permissions'
3.14 sqlnet.ora - 'Verify and set permissions with read permissions for everyone'
3.15 sqlnet.ora - 'log_directory_client parameter settings'
3.16 sqlnet.ora - 'log_directory_server parameter settings'
3.17 sqlnet.ora - 'trace_directory_client parameter settings'
3.18 sqlnet.ora - 'trace_directory_server parameter settings'
3.19 listener.ora - 'Verify and set permissions'
3.20 listener.ora - 'log_file_listener parameter settings'
3.21 listener.ora - 'trace_directory_listener_name parameter settings'
3.22 listener.ora - 'trace_file_listener_name parameter settings'
3.23 sqlplus - 'Verify and set permissions'
3.24 .htaccess - 'Verify and set permissions'
3.25 dads.conf - 'Verify and set permissions'
3.26 xsqlconfig.xml - 'Verify and set permissions'
4.01 init.ora - '_trace_files_public = FALSE'

ACCESS CONTROL

4.02 init.ora - 'global_names = TRUE'

CONFIGURATION MANAGEMENT

4.03 init.ora - 'remote_os_authent = FALSE'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

4.04 init.ora - 'remote_os_roles = FALSE'

ACCESS CONTROL

4.05 init.ora - 'remote_listener = NULL String'

CONFIGURATION MANAGEMENT

4.06 init.ora - 'audit_trail parameter set to OS, DB, DB_EXTENDED, XML, or XML, EXTENDED'

AUDIT AND ACCOUNTABILITY

4.07 init.ora - 'os_authent_prefix = NULL String'

ACCESS CONTROL

4.08 init.ora - 'os_roles = FALSE'

ACCESS CONTROL

4.09 init.ora - 'Avoid using utl_file_dir parameters'

CONFIGURATION MANAGEMENT

4.10 init.ora - 'Establish redundant physically separate locations for redo log files.'

AUDIT AND ACCOUNTABILITY

4.11 init.ora - 'Specify redo logging must be successful.'

AUDIT AND ACCOUNTABILITY

4.14 listener.ora - 'logging_listener = ON'

AUDIT AND ACCOUNTABILITY

4.15 Database object definition NOLOGGING clause - 'Do not leave database objects in NOLOGGING mode in production environments.'
4.33 init.ora - 'sec_case_sensitive_logon = TRUE'

IDENTIFICATION AND AUTHENTICATION

4.34 init.ora - 'sec_max_failed_login_attempts = 3'

ACCESS CONTROL

4.35 init.ora - 'sec_protocol_error_further_action = DELAY <seconds> or DROP <seconds>'

SYSTEM AND COMMUNICATIONS PROTECTION