6.1.4 Ensure the 'PROFILE' Audit Option Is Enabled

Information

The PROFILE object allows for the creation of a set of database resource limits that can be assigned to a user, so that that user cannot exceed those resource limitations. Enabling the audit option causes auditing of all attempts, successful or not, to create, drop or alter any profile.

Rationale:

As profiles are part of the database security infrastructure, auditing the creation, modification, and deletion of profiles is recommended.

Solution

To remediate this setting, execute the following SQL statement in either the non multi-tenant or container database, it does NOT need run in the pluggable.

AUDIT PROFILE;

Notes:

The statement auditing option audit PROFILE audits everything that the three privilege audits audit CREATE PROFILE, audit DROP PROFILE and audit ALTER PROFILE do, but also audits:

Attempts to create a profile by a user without the CREATE PROFILE system privilege.

Attempts to drop a profile by a user without the DROP PROFILE system privilege

Attempts to alter a profile by a user without the ALTER PROFILE system privilege.

See Also

https://workbench.cisecurity.org/benchmarks/13413