The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.
An XCCDF Rule
Description
<VulnDiscussion>The LOG_ARCHIVE_DEST parameter is used to specify the directory to which Oracle archive logs are written. Where the DBMS availability and recovery to a specific point in time is critical, the protection of archive log files is critical. Archive log files may also contain unencrypted sensitive data. If written to an inadequately protected or invalidated directory, the archive log files may be accessed by unauthorized persons or processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-219721r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Specify a valid and protected directory for archive log files.
Restrict access to the Oracle process and software owner accounts, DBAs, and backup operator accounts.