Changes to configuration options must be audited.
An XCCDF Rule
Description
<VulnDiscussion>The AUDIT_SYS_OPERATIONS parameter is used to enable auditing of actions taken by the user SYS. The SYS user account is a shared account by definition and holds all privileges in the Oracle database. It is the account accessed by users connecting to the database with SYSDBA or SYSOPER privileges.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-219739r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From SQL*Plus:
alter system set audit_sys_operations = TRUE scope = spfile;
The above SQL*Plus command will set the parameter to take effect at next system startup.