Skip to content

The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.

An XCCDF Rule

Description

<VulnDiscussion>The LOG_ARCHIVE_DEST parameter is used to specify the directory to which Oracle archive logs are written. Where the DBMS availability and recovery to a specific point in time is critical, the protection of archive log files is critical. Archive log files may also contain unencrypted sensitive data. If written to an inadequately protected or invalidated directory, the archive log files may be accessed by unauthorized persons or processes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-219721r879887_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Specify a valid and protected directory for archive log files.

Restrict access to the Oracle process and software owner accounts, DBAs, and backup operator accounts.