The DBMS data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files.
An XCCDF Rule
Description
<VulnDiscussion>Protection of DBMS data, transaction and audit data files stored by the host operating system is dependent on OS controls. When different applications share the same database, resource contention and security controls are required to isolate and protect an application's data from other applications. In addition, it is an Oracle best practice to separate data, transaction logs, and audit logs into separate physical directories according to Oracle’s OFA (Optimal Flexible Architecture). And finally, DBMS software libraries and configuration files also require differing access control lists.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-219861r961863_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Specify dedicated host system disk directories to store database data, transaction and audit files.
Example directory structure:
/*/app/oracle/oradata/db_name
/*/app/oracle/admin/db_name/arch/*
/*/app/oracle/oradata/db_name/audit
/*/app/oracle/fast_recovery_area/db_name/