Detections
Analytics

DISA STIG Oracle 11 Installation v9r1 Linux

Audit Details

Name: DISA STIG Oracle 11 Installation v9r1 Linux

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.5

Estimated Item Count: 114

File Details

Filename: DISA_Oracle_11g_Installation_v9r1_OS_Linux.audit

Size: 197 kB

MD5: 117b9c31e09490e58ccc22ecfa9ea921
SHA256: fb5cc49ddf5ee52cea64a433dc5e99ef839612331a6649aa7ce7a6ee8e77db2c

Audit Items

DescriptionCategories
DG0001-ORACLE11 - Vendor supported software is evaluated and patched against newly found vulnerabilities.
DG0003-ORACLE11 - The latest security patches should be installed.
DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'DBA user group members'

ACCESS CONTROL

DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'No dba account is a member of the root group'

ACCESS CONTROL

DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'root is not a member of dba groups'

ACCESS CONTROL

DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.
DG0009-ORACLE11 - Access to DBMS software files and directories should not be granted to unauthorized users - '/etc/profile umask < 022'

ACCESS CONTROL

DG0009-ORACLE11 - Access to DBMS software files and directories should not be granted to unauthorized users - 'umask < 0022'

ACCESS CONTROL

DG0010-ORACLE11 - Database executable and configuration files should be monitored for unauthorized modifications.
DG0011-ORACLE11 - Configuration management procedures should be defined and implemented for database software modifications.
DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'No unauthorized directories exist in $ORACLE_BASE'

CONFIGURATION MANAGEMENT

DG0013-ORACLE11 - Database backup procedures should be defined, documented and implemented.
DG0016-ORACLE11 - Unused database components, database application software, and database objects should be removed from the DBMS system.
DG0017-ORACLE11 - A production DBMS installation should not coexist on the same DBMS host with other, non-production DBMS installations.

CONFIGURATION MANAGEMENT

DG0019-ORACLE11 - Application software should be owned by a Software Application account.

CONFIGURATION MANAGEMENT

DG0020-ORACLE11 - Backup and recovery procedures should be developed, documented, implemented and periodically tested.
DG0021-ORACLE11 - A baseline of database application software should be documented and maintained.
DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.SSLFIPS_140 = true'

SYSTEM AND COMMUNICATIONS PROTECTION

DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '$ORACLE_HOME/network/admin/sqlnet.ora SSL_CIPHER_SUITES is configured'

SYSTEM AND COMMUNICATIONS PROTECTION

DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated.
DG0040-ORACLE11 - The DBMS software installation account should be restricted to authorized users - '$ORACLE_BASE owner, group and permissions are configured'

CONFIGURATION MANAGEMENT

DG0040-ORACLE11 - The DBMS software installation account should be restricted to authorized users - '$ORACLE_HOME owner, group and permissions are configured'

CONFIGURATION MANAGEMENT

DG0040-ORACLE11 - The DBMS software installation account should be restricted to authorized users - 'Oracle install account is disabled'

ACCESS CONTROL

DG0041-ORACLE11 - Use of the DBMS installation account should be logged.
DG0042-ORACLE11 - Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions.
DG0050-ORACLE11 - Database software, applications and configuration files should be monitored to discover unauthorized changes.
DG0052-ORACLE11 - All applications that access the database should be logged in the audit trail.
DG0053-ORACLE11 - A single database connection configuration file should not be used to configure all database clients.
DG0054-ORACLE11 - The audit logs should be periodically monitored to discover DBMS access using unauthorized applications.
DG0063-ORACLE11 - DBMS privileges to restore database data or other DBMS configurations, features, or objects should be restricted to authorized DBMS accounts.
DG0064-ORACLE11 - DBMS backup and restoration files should be protected from unauthorized access.
DG0066-ORACLE11 - Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented.
DG0067-ORACLE11 - Database account passwords should be stored in encoded or encrypted format whether stored in database objects, external host files, environment variables or any other storage locations.

IDENTIFICATION AND AUTHENTICATION

DG0068-ORACLE11 - DBMS tools or applications that echo or require a password entry in clear text should be protected from password display.
DG0069-ORACLE11 - Procedures and restrictions for import of production data to development databases should be documented, implemented and followed.
DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented.
DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.
DG0088-ORACLE11 - The DBMS should be periodically tested for vulnerability management and IA compliance.
DG0090-ORACLE11 - Sensitive information stored in the database should be protected by encryption.
DG0092-ORACLE11 - Database data files containing sensitive information should be encrypted.
DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - '$ORACLE_HOME/ldap/admin/fips.ora SSLFIPS_140 = true'

SYSTEM AND COMMUNICATIONS PROTECTION

DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - 'Remote admin connections are encrypted'

ACCESS CONTROL

DG0095-ORACLE11 - Audit trail data should be reviewed daily or more frequently.
DG0096-ORACLE11 - The DBMS IA policies and procedures should be reviewed annually or more frequently.
DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation.
DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/bin/extproc does not exist'

CONFIGURATION MANAGEMENT

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/listener.ora PROGRAM=EXTPROC does not exist'

CONFIGURATION MANAGEMENT

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/tnsnames.ora EXTPROC PROTOCOL=IPC'

CONFIGURATION MANAGEMENT

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/tnsnames.ora KEY=EXTPROC does not exist'

CONFIGURATION MANAGEMENT

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora run_group = nobody'

CONFIGURATION MANAGEMENT