DG0032-ORACLE11 - Audit records should be restricted to authorized individuals - 'audit_trail = db or db_extended'

Information

Audit data is frequently targeted by malicious users as it can provide a means to detect their activity. The protection of the audit trail data is of special concern and requires restrictions to allow only the auditor and DBMS backup, recovery, and maintenance users access to it.

Solution

Document and authorize accounts granted access to the AUD$ table in the System Security Plan.

Revoke access permissions granted to the AUD$ table from unauthorized users.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24622r2_rule, STIG-ID|DG0032-ORACLE11, Vuln-ID|V-5686

Plugin: OracleDB

Control ID: 2b4a35e377ba293a4de7877f4d128c3a22c6e46d9983f386f42234608cff0e6a