The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE.

An XCCDF Rule

Description

<VulnDiscussion>The _TRACE_FILES_PUBLIC parameter is used to make trace files used for debugging database applications and events available to all database users. Use of this capability precludes the discrete assignment of privileges based on job function. Additionally, its use may provide access to external files and data to unauthorized users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219850r879887_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

From SQL*Plus (shutdown database instance):

  shutdown immediate

From SQL*Plus (create a pfile from spfile):
  create pfile='[PATH]init[SID].ora' from spfile;

Edit the init[SID].ora file and remove the following line:

  *._trace_files_public=TRUE

From SQL*Plus (update the spfile using the pfile):

  create spfile from pfile='[PATH]init[SID].ora';

From SQL*Plus (start the database instance):

  startup

Note: [PATH] depends on the platform (Windows or UNIX).

Ensure the file is directed to a writable location.

[SID] is equal to the oracle SID or database instance ID.

The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE.

Description

Remediation - Manual Procedure