Detections
Analytics

DISA STIG Oracle 11.2g v2r4 Database

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Oracle 11.2g v2r4 Database

Updated: 8/26/2024

Authority: DISA STIG

Plugin: OracleDB

Revision: 1.3

Estimated Item Count: 121

File Details

Filename: DISA_STIG_Oracle_Database_11.2g_v2r4_Database.audit

Size: 330 kB

MD5: 6ea1ffaeb6a087c5894143a2c2d22e33
SHA256: 58bdf966991d64c2dc08ca4f46ff0e487e71b8258e4f4898cf1d14c323ba9663

Audit Items

DescriptionCategories
DISA_STIG_Oracle_Database_11.2g_v2r4_Database.audit from DISA Oracle Database 11.2g v2r4 STIG
O112-BP-021200 - Access to default accounts used to support replication must be restricted to authorized DBAs.
O112-BP-021300 - Oracle instance names must not contain Oracle version numbers.
O112-BP-021400 - Fixed user and public database links must be authorized for use.
O112-BP-021500 - A minimum of two Oracle control files must be defined and configured to be stored on separate, archived disks (physical or virtual) or archived partitions on a RAID device.
O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.
O112-BP-021700 - The Oracle WITH GRANT OPTION privilege must not be granted to non-DBA or non-Application administrator user accounts.
O112-BP-021800 - Execute permission must be revoked from PUBLIC for restricted Oracle packages.
O112-BP-021900 - The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE.
O112-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE.
O112-BP-022100 - The Oracle SQL92_SECURITY parameter must be set to TRUE.
O112-BP-022200 - The Oracle password file ownership and permissions should be limited and the REMOTE_LOGIN_PASSWORDFILE parameter must be set to EXCLUSIVE or NONE.
O112-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts.
O112-BP-022400 - System Privileges must not be granted to PUBLIC.
O112-BP-022500 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts.
O112-BP-022600 - Object permissions granted to PUBLIC must be restricted.
O112-BP-022800 - Application role permissions must not be assigned to the Oracle PUBLIC role.
O112-BP-022900 - Oracle application administration roles must be disabled if not required and authorized.
O112-BP-023000 - Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.
O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions.
O112-BP-023200 - Unauthorized database links must not be defined and active.
O112-BP-023300 - Sensitive information from production database exports must be modified before being imported into a development database.
O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace.
O112-BP-023700 - Application owner accounts must have a dedicated application tablespace.
O112-BP-023800 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.
O112-BP-023900 - The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE.
O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions.
O112-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems.
O112-BP-024200 - Use of the DBMS installation account must be logged.
O112-BP-024750 - Oracle database products must be a version supported by the vendor.
O112-BP-025101 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files.
O112-BP-025500 - Replication accounts must not be granted DBA privileges.
O112-BP-025800 - Changes to configuration options must be audited.
O112-BP-026200 - Changes to DBMS security labels must be audited.
O112-BP-026300 - Remote database or other external access must use fully-qualified names.
O112-C1-015000 - DBMS default accounts must be assigned custom passwords.
O112-C2-000100 - The DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions.
O112-C2-001800 - The system must employ automated mechanisms for supporting Oracle user account management.
O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts.
O112-C2-002000 - The DBMS must provide a mechanism to automatically terminate accounts designated as temporary or emergency accounts after an organization-defined time period.
O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy.
O112-C2-003000 - The DBMS must enforce Discretionary Access Control (DAC) policy allowing users to specify and control sharing by named individuals, groups of individuals, or by both, limiting propagation of access rights and includes or excludes access to the granularity of a single user.
O112-C2-003500 - The DBMS must restrict grants to sensitive information to authorized user roles.
O112-C2-003600 - A single database connection configuration file must not be used to configure all database clients.
O112-C2-003700 - The DBMS must be protected from unauthorized access by developers.
O112-C2-003800 - The DBMS must be protected from unauthorized access by developers on shared production/development host systems.
O112-C2-003900 - The DBMS must restrict access to system tables and other configuration information or metadata to DBAs or other authorized users.
O112-C2-004000 - Administrative privileges must be assigned to database accounts via database roles.
O112-C2-004100 - Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information.
O112-C2-004300 - The DBA role must not be assigned excessive or unauthorized privileges.