O112-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Setting REMOTE_OS_ROLES to TRUE allows operating system groups to control Oracle roles. The default value of FALSE causes roles to be identified and managed by the database. If REMOTE_OS_ROLES is set to TRUE, a remote user could impersonate another operating system user over a network connection.

Solution

Document remote OS roles in the System Security Plan.

If not required, disable use of remote OS roles.

From SQL*Plus:

alter system set remote_os_roles = FALSE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11-2g_V2R3_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000366, Rule-ID|SV-219703r401224_rule, STIG-ID|O112-BP-022000, STIG-Legacy|SV-68217, STIG-Legacy|V-53977, Vuln-ID|V-219703

Plugin: OracleDB

Control ID: a9d9892ffe38fc1809c3c911cac00b397c9e9cab7edcff99d28399b5b7619b5d