6.1.7 Ensure the 'PUBLIC SYNONYM' Audit Option Is Enabled

Information

The PUBLIC SYNONYM object allows for the creation of an alternate description of an object. Public synonyms are accessible by all users that have the appropriate privileges to the underlying object. Enabling the audit option causes all user activities involving the creation or dropping of public synonyms to be audited.

Rationale:

As the logging of user activities involving the creation or dropping of a PUBLIC SYNONYM can provide forensic evidence about a pattern of unauthorized activities, the audit capability should be enabled.

Solution

To remediate this setting, execute the following SQL statement in either the non multi-tenant or container database, it does NOT need run in the pluggable.

AUDIT PUBLIC SYNONYM;

See Also

https://workbench.cisecurity.org/benchmarks/13413