O121-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Setting REMOTE_OS_ROLES to TRUE allows operating system groups to control Oracle roles. The default value of FALSE causes roles to be identified and managed by the database. If REMOTE_OS_ROLES is set to TRUE, a remote user could impersonate another operating system user over a network connection.

Solution

Document remote OS roles in the System Security Plan.

If not required, disable use of remote OS roles.

From SQL*Plus:

alter system set remote_os_roles = FALSE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V3R1_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000366, Rule-ID|SV-219831r961863_rule, STIG-ID|O121-BP-022000, STIG-Legacy|SV-75917, STIG-Legacy|V-61427, Vuln-ID|V-219831

Plugin: OracleDB

Control ID: a7163e286f48ec6763dbc089d023762cc960171373961aef525bd499e4460ed6