Changes to configuration options must be audited.

An XCCDF Rule

Description

When standard auditing is in use, the AUDIT_SYS_OPERATIONS parameter is used to enable auditing of actions taken by the user SYS. The SYS user account is a shared account by definition and holds all privileges in the Oracle database. It is the account accessed by users connecting to the database with SYSDBA or SYSOPER privileges.

ID: SV-219868r1018568_rule
Version: O121-BP-025800
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

For Standard auditing, from SQL*Plus:

  alter system set audit_sys_operations = TRUE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.
If Unified Auditing is used:
To ensure auditable events are captured:
Link the oracle binary with uniaud_on, and then restart the database. Oracle Database Upgrade Guide describes how to enable unified auditing.

For additional information on creating audit policies, refer to the Oracle Database Security Guide
http://docs.oracle.com/database/121/DBSEG/audit_config.htm#CHDGBAAC

Changes to configuration options must be audited.

Description

Remediation Templates

A Manual Procedure