DG0040-ORACLE11 - The DBMS software installation account should be restricted to authorized users - '$ORACLE_HOME owner, group and permissions are configured'

Information

DBA and other privileged administrative or application owner accounts are granted privileges that allow actions that can have a greater impact on database security and operation. It is especially important to grant access to privileged accounts to only those persons who are qualified and authorized to use them.

Solution

Develop, document and implement procedures to restrict use of the Oracle DBMS software installation account.

Unix environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use, except in cases where this would interfere with required functionality. In such cases, prevent direct logon as the Oracle DBMS software installation account by locking its password; authorize the appropriate administrative users to operate as the Oracle DBMS software installation account via the 'su' or 'sudo' command.

Other environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, Rule-ID|SV-24374r2_rule, STIG-ID|DG0040-ORACLE11, Vuln-ID|V-2422

Plugin: Unix

Control ID: 89cc3ffbef46febcf90e08287d03ba286cd5eaf790c9e7861a82d3a77fe8e983