6.1.10 Ensure the 'SELECT ANY DICTIONARY' Audit Option Is Enabled

Information

The SELECT ANY DICTIONARY capability allows the user to view the definitions of all schema objects in the database. Enabling the audit option causes all user activities involving this capability to be audited.

Rationale:

As the logging of user activities involving the capability to access the description of all schema objects in the database can provide forensic evidence about a pattern of unauthorized activities, the audit capability should be enabled.

Solution

To remediate this setting, execute the following SQL statement in either the non multi-tenant or container database, it does NOT need run in the pluggable.

AUDIT SELECT ANY DICTIONARY;

References:

http://docs.oracle.com/database/121/DBSEG/guidelines.htm#DBSEG500

See Also

https://workbench.cisecurity.org/files/2741