DG0030-ORACLE11 - Audit trail data should be retained for one year.

Information

Without preservation, a complete discovery of an attack or suspicious activity may not be determined. DBMS audit data also contributes to the complete investigation of unauthorized activity and needs to be included in audit retention plans and procedures.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement an audit retention policy and procedures.

It is recommended that the most recent thirty days of audit logs remain available online.

After thirty days, the audit logs may be maintained offline.

Online maintenance provides for a more timely capability and inclination to investigate suspicious activity.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24368r1_rule, STIG-ID|DG0030-ORACLE11, Vuln-ID|V-2507

Plugin: OracleDB

Control ID: 5b9f9c8eb6ff42226b84c4b60ec7911cf9123b809aaf639bd505355029a77ac8