Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace.

    &lt;VulnDiscussion&gt;The Oracle SYSTEM tablespace is used by the database to store all DBMS system objects. Other use of the system tablespace may...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • Application owner accounts must have a dedicated application tablespace.

    &lt;VulnDiscussion&gt;Separation of tablespaces by application helps to protect the application from resource contention and unauthorized access th...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.

    &lt;VulnDiscussion&gt;The LOG_ARCHIVE_DEST parameter is used to specify the directory to which Oracle archive logs are written. Where the DBMS avai...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE.

    &lt;VulnDiscussion&gt;The _TRACE_FILES_PUBLIC parameter is used to make trace files used for debugging database applications and events available t...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • Application object owner accounts must be disabled when not performing installation or maintenance actions.

    &lt;VulnDiscussion&gt;Object ownership provides all database object permissions to the owned object. Access to the application object owner account...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems.

    &lt;VulnDiscussion&gt;Developer roles must not be assigned DBMS administrative privileges to production DBMS application and data directories. The ...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • Use of the DBMS installation account must be logged.

    &lt;VulnDiscussion&gt;The DBMS installation account may be used by any authorized user to perform DBMS installation or maintenance. Without logging...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • The DBMS data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files.

    &lt;VulnDiscussion&gt;Protection of DBMS data, transaction and audit data files stored by the host operating system is dependent on OS controls. Wh...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files.

    &lt;VulnDiscussion&gt;The AUDIT_FILE_DEST parameter specifies the directory where the database audit trail file is stored (when AUDIT_TRAIL paramet...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • Access to DBMS software files and directories must not be granted to unauthorized users.

    &lt;VulnDiscussion&gt;The DBMS software libraries contain the executables used by the DBMS to operate. Unauthorized access to the libraries can res...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules