6.1.1 Ensure the 'USER' Audit Option Is Enabled

Information

The USER object allows for creating accounts that can interact with the database according to the roles and privileges allotted to the account. It may also own database objects. Enabling the audit option causes auditing of all activities and requests to create, drop or alter a user, including a user changing their own password. (The latter is not audited by audit ALTER USER.)

Rationale:

Any unauthorized attempts to create, drop or alter a user should cause concern, whether successful or not. Auditing can also be useful in forensics if an account is compromised, and auditing is mandated by many common security initiatives. An abnormally high number of these activities in a given period might be worth investigation. Any failed attempt to drop a user or create a user may be worth further review.

Solution

To remediate this setting, execute the following SQL statement in either the non multi-tenant or container database, it does NOT need run in the pluggable.

AUDIT USER;

See Also

https://workbench.cisecurity.org/files/2741