Skip to content
Log In

Oracle Database 12c Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.

    The LOG_ARCHIVE_DEST parameter is used to specify the directory to which Oracle archive logs are written. Where the DBMS availability and recovery to a specific point in time is critical, the prote...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • Use of the DBMS installation account must be logged.

    The DBMS installation account may be used by any authorized user to perform DBMS installation or maintenance. Without logging, accountability for actions attributed to the account is lost.
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • Access to DBMS software files and directories must not be granted to unauthorized users.

    The DBMS software libraries contain the executables used by the DBMS to operate. Unauthorized access to the libraries can result in malicious alteration or planting of operational executables. This...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • Replication accounts must not be granted DBA privileges.

    Replication accounts may be used to access databases defined for the replication architecture. An exploit of a replication on one database could lead to the compromise of any database participating...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • Network access to the DBMS must be restricted to authorized personnel.

    Restricting remote access to specific, trusted systems helps prevent access by unauthorized and potentially malicious users.
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • Changes to configuration options must be audited.

    When standard auditing is in use, the AUDIT_SYS_OPERATIONS parameter is used to enable auditing of actions taken by the user SYS. The SYS user account is a shared account by definition and holds al...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • Remote database or other external access must use fully-qualified names.

    The Oracle GLOBAL_NAMES parameter is used to set the requirement for database link names to be the same name as the remote database whose connection they define. By using the same name for both, am...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • The /diag subdirectory under the directory assigned to the DIAGNOSTIC_DEST parameter must be protected from unauthorized access.

    <DIAGNOSTIC_DEST>/diag indicates the directory where trace, alert, core and incident directories and files are located. The files may contain sensitive data or information that could prove useful t...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules