O121-BP-025100 - The DBMS data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files.

Information

Protection of DBMS data, transaction and audit data files stored by the host operating system is dependent on OS controls. When different applications share the same database, resource contention and security controls are required to isolate and protect an application's data from other applications. In addition, it is an Oracle best practice to separate data, transaction logs, and audit logs into separate physical directories according to Oracle's OFA (Optimal Flexible Architecture). And finally, DBMS software libraries and configuration files also require differing access control lists.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Specify dedicated host system disk directories to store database data, transaction and audit files.
Example directory structure:
/*/app/oracle/oradata/db_name
/*/app/oracle/admin/db_name/arch/*
/*/app/oracle/oradata/db_name/audit
/*/app/oracle/fast_recovery_area/db_name/

See Oracle Optimal Flexible Architecture:
https://docs.oracle.com/database/121/LADBI/appendix_ofa.htm#LADBI7921

When multiple applications are accessing a single database, configure DBMS default file storage according to application to use dedicated disk directories.

/*/app/oracle/oradata/db_name/app_name

See Oracle Optimal Flexible Architecture:
https://docs.oracle.com/database/121/LADBI/appendix_ofa.htm#LADBI7921

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V3R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-219861r961863_rule, STIG-ID|O121-BP-025100, STIG-Legacy|SV-76453, STIG-Legacy|V-61963, Vuln-ID|V-219861

Plugin: OracleDB

Control ID: 92f82ed2a77f40add6f3086f8b85a549838ce8ebe18e3b7a845a4a536a7f0ce4