DG0051-ORACLE11 - Database job/batch queues should be reviewed regularly to detect unauthorized database job submissions - 'job_queue_processes limit is set'

Information

Unauthorized users may bypass security mechanisms by submitting jobs to job queues managed by the database to be run under a more privileged security context of the database or host system. These queues should be monitored regularly to detect any such unauthorized job submissions.

Solution

Develop, document and implement procedures to monitor the database job queues for unauthorized job submissions.

Develop, document and implement a formal migration plan to convert jobs using DBMS_JOB to use DBMS_SCHEDULER instead for Oracle versions 10.1 and higher. (This does not apply to DBMS_JOB jobs generated by Oracle itself, such as those for refreshing materialized views.)

Set the value of the job_queue_processes parameter to a low value to restrict concurrent DBMS_JOB executions.

Use auditing to capture use of the DBMS_JOB package in the audit trail. Review the audit trail for unauthorized use of the DBMS_JOB package.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-60353r2_rule, STIG-ID|DG0051-ORACLE11, Vuln-ID|V-3808

Plugin: OracleDB

Control ID: 838e5c4c11b942288c54b4ad09a83198f4b0298025eb8f001937d73987041ebb