Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions.

An XCCDF Rule

Description

<VulnDiscussion>Unauthorized users may bypass security mechanisms by submitting jobs to job queues managed by the database to be run under a more privileged security context of the database or host system. These queues must be monitored regularly to detect any such unauthorized job submissions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219842r879887_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Develop, document and implement procedures to monitor the database job queues for unauthorized job submissions.

Develop, document and implement a formal migration plan to convert jobs using DBMS_JOB to use DBMS_SCHEDULER instead for Oracle versions 10.1 and higher. (This does not apply to DBMS_JOB jobs generated by Oracle itself, such as those for refreshing materialized views.)

Set the value of the job_queue_processes parameter to a low value to restrict concurrent DBMS_JOB executions.
Use auditing to capture use of the DBMS_JOB package in the audit trail. Review the audit trail for unauthorized use of the DBMS_JOB package.

Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions.

Description

Remediation - Manual Procedure