6.2.7 Ensure the 'GRANT' Action Audit Is Enabled

Information

GRANT statements are used to grant privileges to Oracle database users and roles, including the most powerful privileges and roles typically available to the database administrators. Enabling this unified action audit enables logging of all GRANT statements, whether successful or unsuccessful, issued by the users regardless of the privileges held by the users to issue such statements.

With unauthorized grants and permissions, a malicious user may be able to change the security of the database, access/update confidential data, or compromise the integrity of the database. Logging and monitoring of all attempts to grant system privileges, object privileges or roles, whether successful or unsuccessful, may provide forensic evidence about potential suspicious/unauthorized activities as well as privilege escalation activities. Any such activities may be a cause for further investigation. In addition, organization security policies and industry/government regulations may require logging of all user activities involving GRANT

Solution

Execute the following SQL statement to remediate this setting.

ALTER AUDIT POLICY CIS_UNIFIED_AUDIT_POLICY
ADD
ACTIONS
GRANT;

Note: If you do not have CIS_UNIFIED_AUDIT_POLICY please create one using the CREATE AUDIT POLICY statement.

See Also

https://workbench.cisecurity.org/benchmarks/11760