2.1.2 Ensure 'ADMIN_RESTRICTIONS_' Is Set to 'ON'

Information

The admin_restrictions_<listener_name> setting in the listener.ora file can require that any attempted real-time alteration of the parameters in the listener via the set command file be refused unless the listener.ora file is manually altered, then restarted by a privileged user.

Rationale:

Blocking unprivileged users from making alterations of the listener.ora file, where remote data/service settings are specified, will help protect data confidentiality.

Solution

To remediate this recommendation:

Use a text editor such as vi to set the admin_restrictions_<listener_name> to the value ON.

Default Value:

Not set.

See Also

https://workbench.cisecurity.org/benchmarks/11760