Information
The ALTER SYSTEM privilege allows the user to change instance settings which could impact security posture, performance or normal operation of the database. Additionally, the ALTER SYSTEM privilege may be used to run operating system commands using undocumented Oracle functionality. Enabling this unified audit action causes logging of activities that involve the exercise of this privilege, whether successful or unsuccessful, issued by the users regardless of the privileges held by the users to issue such statements.
Rationale:
Logging and monitoring of all attempts to execute ALTER SYSTEM statements, whether successful or unsuccessful, may provide forensic evidence about potential suspicious/unauthorized activities. Any such activities may be a cause for further investigation. In addition, organization security policies and industry/government regulations may require logging of all user activities that involve ALTER SYSTEM statements.
Solution
Execute the following SQL statement to remediate this setting.
ALTER AUDIT POLICY CIS_UNIFIED_AUDIT_POLICY
ADD
ACTIONS
ALTER SYSTEM;
Note: If you do not have CIS_UNIFIED_AUDIT_POLICY, please create one using the CREATE AUDIT POLICY statement.