O121-BP-023800 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.

Information

The LOG_ARCHIVE_DEST parameter is used to specify the directory to which Oracle archive logs are written. Where the DBMS availability and recovery to a specific point in time is critical, the protection of archive log files is critical. Archive log files may also contain unencrypted sensitive data. If written to an inadequately protected or invalidated directory, the archive log files may be accessed by unauthorized persons or processes.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Specify a valid and protected directory for archive log files.

Restrict access to the Oracle process and software owner accounts, DBAs, and backup operator accounts.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V3R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-219849r961863_rule, STIG-ID|O121-BP-023800, STIG-Legacy|SV-75953, STIG-Legacy|V-61463, Vuln-ID|V-219849

Plugin: OracleDB

Control ID: eee65f05bd0d028ee10f4245c42759c2a9b062c5d8cd8a63151b4c5bf9044664