DG0010-ORACLE11 - Database executable and configuration files should be monitored for unauthorized modifications.

Information

Changes to files in the DBMS software directory including executable, configuration, script, or batch files can indicate malicious compromise of the software files. Changes to non-executable files, such as log files and data files, do not usually reflect unauthorized changes, but are modified by the DBMS as part of normal operation. These modifications can be ignored.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement procedures to monitor changes made to the DBMS software.

Identify all database files and directories to be included in the host system or database backups and provide these to the person responsible for backups.

For Windows systems, you can use the dir /s > filename.txt run weekly to store and compare file modification/creation dates and file sizes using the DOS fc command.

For UNIX systems, you can use the ls -as >filename.txt command to store and compare (diff command) file statistics for comparison.

These are not as comprehensive as some tools available, but may be enhanced by including checks for checksums or file hashes.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|III, Rule-ID|SV-24597r1_rule, STIG-ID|DG0010-ORACLE11, Vuln-ID|V-2420

Plugin: Windows

Control ID: 06c98348a50727c55a92d6803170437ffd95c17b15a884b3876fe9990ec2d1c5