5.2.7 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'

Information

The Oracle database AUDIT SYSTEM privilege allows changes to auditing activities on the system. Unauthorized grantees should not have that privilege.

Rationale:

The AUDIT SYSTEM privilege can allow the unauthorized alteration of system audit activities, such as disabling the creation of audit trails.

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE AUDIT SYSTEM FROM <grantee>;

See Also

https://workbench.cisecurity.org/benchmarks/13413