DG0016-ORACLE11 - Unused database components, database application software, and database objects should be removed from the DBMS system.

Information

Unused, unnecessary DBMS components increase the attack surface for the DBMS by introducing additional targets for attack. By minimizing the services and applications installed on the system, the number of potential vulnerabilities is reduced.

However, dependencies exist among Oracle components that could result in the removal of an apparently unnecessary component interfering with the operation of a required component. Therefore, thorough testing is required before removing components from a production server.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Review the list of installed products available for the DBMS install. If any are required and licensed for operation of applications that will be accessing the DBMS, include them in the application design specification and list them in the System Security Plan. If any are not, but have been installed, uninstall them and remove any database schemas, objects, applications and security principals that exclusively support them.

Verify correct operation of the required Oracle components in a test environment before aplying these changes to a production system.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|III, Rule-ID|SV-24359r2_rule, STIG-ID|DG0016-ORACLE11, Vuln-ID|V-3728

Plugin: Unix

Control ID: 3c083008c95abdd49ffcacc8f23c8fd7290679ba4fea767906673f056d36667b