DG0122-ORACLE11 - Access to sensitive data should be restricted to authorized users identified by the Information Owner - 'datafile'

Information

The Oracle parameter file contains configuration settings that are applied to the database at database and instance startup. Unauthorized changes to these parameters could lead to a compromise of the database security posture. Oracle data and redo log files contain the data and transaction information that support the database use. Unauthorized access to these files bypasses access controls defined and enforced by the DBMS itself and can lead to a loss of confidentiality and integrity.

Solution

Set UNIX permissions on critical files to 640 or more restrictive.

Check group membership of the group assigned access permissions to the database software to verify all members are authorized to have the assigned access.

Set Windows permissions to Full Control assigned to the Administrators, the Oracle service account and DBAs.

Remove any unauthorized account access.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(1), CAT|II, Rule-ID|SV-24764r1_rule, STIG-ID|DG0122-ORACLE11, Vuln-ID|V-15630

Plugin: OracleDB

Control ID: d1e7ed19d5a57dfb248052c3ad02119a159bccc6d2e324dc6266aea49c9e43db