6.1.16 Ensure the 'ALTER SYSTEM' Audit Option Is Enabled

Information

ALTER SYSTEM allows one to change instance settings, including security settings and auditing options. Additionally, ALTER SYSTEM can be used to run operating system commands using undocumented Oracle functionality. Enabling the audit option will audit all attempts to perform ALTER SYSTEM, whether successful or not and regardless of whether or not the ALTER SYSTEM privilege is held by the user attempting the action.

Rationale:

Any unauthorized attempt to alter the system should be cause for concern. Alterations outside of some specified maintenance window may be of concern. In forensics, these audit records could be quite useful.

Solution

To remediate this setting, execute the following SQL statement in either the non multi-tenant or container database, it does NOT need run in the pluggable.

AUDIT ALTER SYSTEM;

See Also

https://workbench.cisecurity.org/benchmarks/13413