6.1.8 Ensure the 'SYNONYM' Audit Option Is Enabled

Information

The SYNONYM operation allows for the creation of an alternative name for a database object such as a Java class schema object, materialized view, operator, package, procedure, sequence, stored function, table, view, user-defined object type, or even another synonym. This synonym puts a dependency on its target and is rendered invalid if the target object is changed/dropped. Enabling the audit option causes all user activities involving the creation or dropping of synonyms to be audited.

As the logging of user activities involving the creation or dropping of a SYNONYM can provide forensic evidence about a pattern of suspect/unauthorized activities, the audit capability should be enabled.

Solution

To remediate this setting, execute the following SQL statement in either the non multi-tenant or container database, it does NOT need run in the pluggable.

AUDIT SYNONYM;

See Also

https://workbench.cisecurity.org/benchmarks/11760