6.2.14 Ensure the 'DROP DATABASE LINK' Action Audit Is Enabled

Information

Oracle database links are used to establish database-to-database connections to other databases. These connections are always available without further authentication once the link is established. Enabling this unified action audit causes logging of all DROP DATABASE and DROP PUBLIC DATABASE whether successful or unsuccessful, statements issued by the users regardless of the privileges held by the users to issue such statements.

Logging and monitoring of all attempts to drop database links, whether successful or unsuccessful, may provide forensic evidence about potential suspicious/unauthorized activities. Any such activities may be a cause for further investigation. In addition, organization security policies and industry/government regulations may require logging of all user activities involving dropping database links.

Solution

Execute the following SQL statement to remediate this setting.

ALTER AUDIT POLICY CIS_UNIFIED_AUDIT_POLICY
ADD
ACTIONS
DROP DATABASE LINK;

Note: If you do not have CIS_UNIFIED_AUDIT_POLICY please create one using the CREATE AUDIT POLICY statement.

See Also

https://workbench.cisecurity.org/benchmarks/11760