DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_FILE_SERVER = sqlnet'

Information

The SQLNet and Listener log files provide audit data useful to the discovery of suspicious behavior. The log files may contain usernames and passwords in clear text as well as other information that could aid a malicious user with unauthorized access attempts to the database. Generation and protection of these files helps support security monitoring efforts.

Solution

Restrict access to the listener and sqlnet log files.

Restrict access to the tnslsnr service account to DBAs, SAs and auditors where they are required by assigned responsibilities.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9, CAT|II, Rule-ID|SV-24946r1_rule, STIG-ID|DO5037-ORACLE11, Vuln-ID|V-2612

Plugin: Unix

Control ID: 7316bde8ece1b69809bcb42730cedab98c2bab7663d2fd888e618198bf6684b9