DG0086-ORACLE11 - DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.

Information

Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. Monitoring assigned privileges assists in the detection of unauthorized privilege assignment. The DBA role is assigned privileges that allow DBAs to modify privileges assigned to them. Ensure that the DBA Role is monitored for any unauthorized changes.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Design, document and implement procedures for monitoring DBA role privilege assignments.

Grant the DBA role the minimum privileges required to perform administrative functions.

Establish monitoring of DBA role privileges monthly or more often.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24675r1_rule, STIG-ID|DG0086-ORACLE11, Vuln-ID|V-15106

Plugin: Unix

Control ID: bf8566bf0c6f9a766e8db5e6e116fd6b9b71478ee78580e21a17b43dc5d17d4c