Detections
Analytics

DISA STIG Oracle 11.2g v2r4 Database

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Oracle 11.2g v2r4 Database

Updated: 8/26/2024

Authority: DISA STIG

Plugin: OracleDB

Revision: 1.3

Estimated Item Count: 189

File Details

Filename: DISA_STIG_Oracle_Database_11.2g_v2r4_Database.audit

Size: 330 kB

MD5: 6ea1ffaeb6a087c5894143a2c2d22e33
SHA256: 58bdf966991d64c2dc08ca4f46ff0e487e71b8258e4f4898cf1d14c323ba9663

Audit Items

DescriptionCategories
DISA_STIG_Oracle_Database_11.2g_v2r4_Database.audit from DISA Oracle Database 11.2g v2r4 STIG
DISA_STIG_Oracle_Database_11.2g_v2r4_Database.audit from DISA Oracle Database 11.2g v2r4 STIG
O112-BP-021200 - Access to default accounts used to support replication must be restricted to authorized DBAs.
O112-BP-021300 - Oracle instance names must not contain Oracle version numbers.
O112-BP-021400 - Fixed user and public database links must be authorized for use.
O112-BP-021400 - Fixed user and public database links must be authorized for use.
O112-BP-021500 - A minimum of two Oracle control files must be defined and configured to be stored on separate, archived disks (physical or virtual) or archived partitions on a RAID device.
O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.
O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.
O112-BP-021700 - The Oracle WITH GRANT OPTION privilege must not be granted to non-DBA or non-Application administrator user accounts.
O112-BP-021800 - Execute permission must be revoked from PUBLIC for restricted Oracle packages.
O112-BP-021900 - The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE.
O112-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE.
O112-BP-022100 - The Oracle SQL92_SECURITY parameter must be set to TRUE.
O112-BP-022200 - The Oracle password file ownership and permissions should be limited and the REMOTE_LOGIN_PASSWORDFILE parameter must be set to EXCLUSIVE or NONE.
O112-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts.
O112-BP-022400 - System Privileges must not be granted to PUBLIC.
O112-BP-022500 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts.
O112-BP-022600 - Object permissions granted to PUBLIC must be restricted.
O112-BP-022800 - Application role permissions must not be assigned to the Oracle PUBLIC role.
O112-BP-022900 - Oracle application administration roles must be disabled if not required and authorized.
O112-BP-023000 - Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.
O112-BP-023000 - Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.
O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions.
O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions.
O112-BP-023200 - Unauthorized database links must not be defined and active.
O112-BP-023300 - Sensitive information from production database exports must be modified before being imported into a development database.
O112-BP-023300 - Sensitive information from production database exports must be modified before being imported into a development database.
O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace.
O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace.
O112-BP-023700 - Application owner accounts must have a dedicated application tablespace.
O112-BP-023800 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.
O112-BP-023800 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.
O112-BP-023900 - The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE.
O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions.
O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions.
O112-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems.
O112-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems.
O112-BP-024200 - Use of the DBMS installation account must be logged.
O112-BP-024200 - Use of the DBMS installation account must be logged.
O112-BP-024750 - Oracle database products must be a version supported by the vendor.
O112-BP-025101 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files.
O112-BP-025101 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files.
O112-BP-025500 - Replication accounts must not be granted DBA privileges.
O112-BP-025800 - Changes to configuration options must be audited.
O112-BP-026200 - Changes to DBMS security labels must be audited.
O112-BP-026200 - Changes to DBMS security labels must be audited.
O112-BP-026300 - Remote database or other external access must use fully-qualified names.
O112-C1-015000 - DBMS default accounts must be assigned custom passwords.
O112-C2-000100 - The DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions.