Access to DBMS software files and directories must not be granted to unauthorized users.

An XCCDF Rule

Description

<VulnDiscussion>The DBMS software libraries contain the executables used by the DBMS to operate. Unauthorized access to the libraries can result in malicious alteration or planting of operational executables. This may in turn jeopardize data stored in the DBMS and/or operation of the host system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219865r879887_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

For UNIX Systems:

Set the umask of the Oracle software owner account to 022. Determine the shell being used for the Oracle software owner account:

  env | grep -i shell
Startup files for each shell are as follows (located in users $HOME directory):

  C-Shell (CSH) = .cshrc
  Bourne Shell (SH) = .profile
  Korn Shell (KSH) = .kshrc
  TC Shell (TCS) = .tcshrc
  BASH Shell = .bash_profile or .bashrc

Edit the shell startup file for the account and add or modify the line:

  umask 022

Log off and logon, then enter the umask command to confirm the setting.

Note: To effect this change for all Oracle processes, a reboot of the DBMS server may be required.

For Windows Systems:
Restrict access to the DBMS software libraries to the fewest accounts that clearly require access based on job function.

Document authorized access controls and justify any access grants that do not fall under DBA, DBMS process, ownership, or SA accounts.

Access to DBMS software files and directories must not be granted to unauthorized users.

Description

Remediation - Manual Procedure