2.1.3 Ensure 'ADMIN_RESTRICTIONS_' Is Set to 'ON'

Information

The admin_restrictions_<listener_name> setting in the listener.ora file can require that any attempted real-time alteration of the parameters in the listener via the set command file be refused unless the listener.ora file is manually altered, then restarted by a privileged user.

Rationale:

Blocking unprivileged users from making alterations of the listener.ora file, where remote data/service settings are specified, will help protect data confidentiality.

Solution

To remediate this recommendation:
Use a text editor such as vi to set the admin_restrictions_<listener_name> to the value ON.

Default Value:

Not set.

References:

http://docs.oracle.com/database/121/NETRF/listener.htm#NETRF310

See Also

https://workbench.cisecurity.org/files/2741

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(9), CSCv6|5.1, CSCv7|4.3

Plugin: Unix

Control ID: cd6dcac6cd70771f4294f2737273d6d134ecae65187a47dc03628adc0fb5f06d