5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' Packages - Non-default Packages

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Oracle database SYS.AUD$ table contains all the audit records for the database of the non-Data Manipulation Language (DML) events, such as ALTER, DROP, and CREATE, and so forth. (DML changes need trigger-based audit events to record data alterations.) Unauthorized grantees should not have full access to that table.

Rationale:

Permitting non-privileged users the authorization to manipulate the SYS.AUD$ table can allow distortion of the audit records, hiding unauthorized activities.

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE ALL ON AUD$ FROM <grantee>;

See Also

https://workbench.cisecurity.org/files/4252