6.1.9 Ensure the 'DIRECTORY' Audit Option Is Enabled

Information

The DIRECTORY object allows for the creation of a directory object that specifies an alias for a directory on the server file system, where the external binary file LOBs (BFILEs)/ table data are located. Enabling this audit option causes all user activities involving the creation or dropping of a directory alias to be audited.

Rationale:

As the logging of user activities involving the creation or dropping of a DIRECTORY can provide forensic evidence about a pattern of unauthorized activities, the audit capability should be enabled.

Solution

To remediate this setting, execute the following SQL statement in either the non multi-tenant or container database, it does NOT need run in the pluggable.

AUDIT DIRECTORY;

References:

http://docs.oracle.com/database/121/SQLRF/statements_4007.htm#SQLRF01107

See Also

https://workbench.cisecurity.org/files/2741