Table of Contents
- Title and Copyright Information
- Preface
- 1 Introduction
- 2 Automatic Storage Management Compliance Standards
- 3 Cluster Compliance Standards
- 4 Cluster ASM Compliance Standards
-
5
Host Compliance Standards
- Configuration Monitoring For Core Linux Packages
-
Configuration Monitoring For Exadata Compute Node
- Monitor Configuration Files For Exadata Compute Node Cell Os
- Monitor Configuration Files For Exadata Compute Node Database
- Monitor Configuration Files For Exadata Compute Node Megaraid
- Monitor Configuration Files For Exadata Compute Node Management And Diagnostics Systems
- Monitor Host-Specific Configuration Files For Exadata Compute Node Management And Diagnostics Systems
- Configuration Monitoring For Exadata Compute Node Networking
- Configuration Monitoring For Exadata Compute Node Time
- Configuration Monitoring For Network Time Linux Packages
- Configuration Monitoring For Networking Linux Packages
- Configuration Monitoring For Security Linux Packages
- Configuration Monitoring For User Access Linux Packages
- File Integrity Monitoring For Exadata Compute Node
-
File Integrity Monitoring For Important Linux Packages
- Monitor Executable Files For Core Os Packages
- Monitor Executable Files For Networking Packages
- Monitor Executable Files For Security Packages
- Monitor Executable Files For User Access Packages
- Monitor Library Files For Core Os Packages
- Monitor Library Files For Networking Packages
- Monitor Library Files For Security Packages
- Monitor Library Files For User Access Packages
- Secure Configuration For Host
- Security Recommendations For Oracle Products
- 6 Oracle Access Management Server Compliance Standards
- 7 Oracle Database Machine Compliance Standards
-
8
Oracle Identity Manager Compliance Standards
-
Oracle Identity Manager Server Configuration Compliance
- Disable Caching Configuration
- Disable Reloading Of Adapters And Plug-In Configuration
- Enable Caching Configuration
- Oracle Identity Manager Dbworkmanager Maximum Threads
- Oracle Identity Manager Database Tuning Disk Asynchronous Io
- Oracle Identity Manager Database Tuning Maxdispatchers
- Oracle Identity Manager Database Tuning Maxsharedservers
- Oracle Identity Manager Database Tuning Pgaaggregatetarget
- Oracle Identity Manager Database Tuning Sgatarget
- Oracle Identity Manager Direct Db Max Connections
- Oracle Identity Manager Direct Db Min Connections
- Oracle Identity Manager Jvm Jbo.Ampool.Doampooling
- Oracle Identity Manager Jvm Jbo.Ampool.Maxavailablesize
- Oracle Identity Manager Jvm Jbo.Ampool.Minavailablesize
- Oracle Identity Manager Jvm Jbo.Ampool.Timetolive
- Oracle Identity Manager Jvm Jbo.Connectfailover
- Oracle Identity Manager Jvm Jbo.Doconnectionpooling
- Oracle Identity Manager Jvm Jbo.Load.Components.Lazily
- Oracle Identity Manager Jvm Jbo.Max.Cursors
- Oracle Identity Manager Jvm Jbo.Recyclethreshold
- Oracle Identity Manager Jvm Jbo.Txn.Disconnect_Level
- Oracle Identity Manager Uiworkmanager Maximum Threads
- Oracle Identity Manager Weblogic Domain Inactive Connection Timeout
- Oracle Identity Manager Weblogic Domain Initial Capacity
- Oracle Identity Manager Weblogic Domain Max Capacity
- Oracle Identity Manager Weblogic Domain Max Heap Size
- Oracle Identity Manager Weblogic Domain Min Capacity
- Oracle Identity Manager Weblogic Domain Min Heap Size
- Oracle Identity Manager Weblogic Jms Maximum Number Of Messages
- Oracle Identity Manager Weblogic Jms Message Buffer Size
- Oracle Identity Manager Oracle.Jdbc.Implicitstatementcachesize
- Oracle Identity Manager Oracle.Jdbc.Maxcachedbuffersize
-
Oracle Identity Manager Server Configuration Compliance
-
9
Oracle Identity Manager Cluster Compliance Standards
-
Oracle Identity Manager Cluster Configuration Compliance
- Blocks Size
- Change Log Adapter Parameters
- Cursor Sharing
- Database Statistics
- Initial Number Of Database Writer Processes
- Keep Buffer Pool
- Log Buffer
- Maximum Number Of Open Cursors
- Maximum Number Of Blocks Read In One I/O Operation
- Query Rewrite Integrity
- Redo Logs
- Secure File Storage For Orchestration
- Session Cursors To Cache
- Text Index Optimization(Catalog)
- User Adapter Parameters
-
Oracle Identity Manager Cluster Configuration Compliance
-
10
Oracle Listener Compliance Standards
-
Basic Security Configuration For Oracle Listener
- Check Network Data Integrity On Server
- Encrypt Network Communication On Server
- Force Client Ssl Authentication
- Listener Logfile Permission
- Listener Logfile Permission(Windows)
- Listener Trace Directory Permission
- Listener Trace Directory Permission(Windows)
- Listener Trace File Permission
- Listener Trace File Permission(Windows)
- Ssl Cipher Suites Supported
- Ssl Versions Supported
-
High Security Configuration For Oracle Listener
- Accept Only Secure Registration Request
- Algorithm For Network Data Integrity Check On Server
- Limit Loading External Dll And Libraries
- Listener Default Name
- Listener Direct Administration
- Listener Inbound Connect Timeout
- Listener Logfile Owner
- Listener Logging Status
- Listener Password
- Listener Trace Directory Owner
- Listener Trace File Owner
- Listener.Ora Permission
- Listener.Ora Permission(Windows)
- Oracle Net Inbound Connect Timeout
- Oracle Net Ssl_Cert_Revocation
- Oracle Net Tcp Validnode Checking
- Restrict Sqlnet.Ora Permission
- Restrict Sqlnet.Ora Permission(Windows)
- Secure Remote Listener Administration
- Use Of Hostname In Listener.Ora
- Use Secure Transport For Administration And Registration
- Tcp.Excludeded_Nodes
- Tcp.Invited_Nodes
-
Basic Security Configuration For Oracle Listener
-
11
Oracle Real Application Cluster Database Compliance Standards
-
Basic Security Configuration For Oracle Cluster Database
- Access To Dba_Roles View
- Access To Dba_Role_Privs View
- Access To Dba_Sys_Privs View
- Access To Dba_Tab_Privs View
- Access To Dba_Users View
- Access To Stats$Sqltext Table
- Access To Stats$Sql_Summary Table
- Access To Sys.Aud$ Table
- Access To Sys.Source$ Table
- Access To Sys.User$ Table
- Access To Sys.User_History$ Table
- Allowed Logon Version
- Audit File Destination
- Audit File Destination(Windows)
- Auditing Of Sys Operations Enabled
- Background Dump Destination(Windows)
- Check Network Data Integrity On Server
- Control File Permission
- Control File Permission(Windows)
- Core Dump Destination
- Core Dump Destination(Windows)
- Data Dictionary Protected
- Default Passwords
- Enable Database Auditing
- Encrypt Network Communication On Server
- Execute Privileges On Dbms_Job To Public
- Execute Privileges On Dbms_Sys_Sql To Public
- Force Client Ssl Authentication
- Initialization Parameter File Permission
- Initialization Parameter File Permission(Windows)
- Oracle Home Datafile Permission
- Oracle Home Datafile Permission(Windows)
- Oracle Home Executable Files Owner
- Oracle Home File Permission
- Oracle Home File Permission(Windows)
- Oracle Net Client Log Directory Permission
- Oracle Net Client Log Directory Permission(Windows)
- Oracle Net Client Trace Directory Permission
- Oracle Net Client Trace Directory Permission(Windows)
- Oracle Net Server Log Directory Permission
- Oracle Net Server Log Directory Permission(Windows)
- Oracle Net Server Trace Directory Permission
- Oracle Net Server Trace Directory Permission(Windows)
- Protocol Error Further Action
- Protocol Error Trace Action
- Password Complexity Verification Function Usage
- Password Grace Time
- Password Lifetime
- Password Locking Time
- Public Trace Files
- Remote Os Authentication
- Remote Os Role
- Restricted Privilege To Execute Utl_Http
- Restricted Privilege To Execute Utl_Smtp
- Restricted Privilege To Execute Utl_Tcp
- Ssl Cipher Suites Supported
- Ssl Versions Supported
- Server Parameter File Permission
- Server Parameter File Permission(Windows)
- Use Of Appropriate Umask On Unix Systems
- Use Of Database Links With Cleartext Password
- User Dump Destination
- User Dump Destination(Windows)
- Using Externally Identified Accounts
- Utility File Directory Initialization Parameter Setting
- Well Known Accounts
- Configuration Best Practices For Oracle Rac Database
-
High Security Configuration For Oracle Cluster Database
- $Oracle_Home/Network/Admin File Permission
- $Oracle_Home/Network/Admin File Permission(Windows)
- Access To *_Catalog_* Roles
- Access To All_Source View
- Access To Dba_* Views
- Access To Role_Role_Privs View
- Access To Sys.Link$ Table
- Access To User_Role_Privs View
- Access To User_Tab_Privs View
- Access To V$ Synonyms
- Access To V$ Views
- Access To X_$ Views
- Algorithm For Network Data Integrity Check On Server
- Audit Alter Any Table Privilege
- Audit Alter User Privilege
- Audit Aud$ Privilege
- Audit Create Any Library Privilege
- Audit Create Library Privilege
- Audit Create Role Privilege
- Audit Create Session Privilege
- Audit Create User Privilege
- Audit Drop Any Procedure Privilege
- Audit Drop Any Role Privilege
- Audit Drop Any Table Privilege
- Audit Execute Any Procedure Privilege
- Audit Grant Any Object Privilege
- Audit Grant Any Privilege
- Audit Insert Failure
- Audit Select Any Dictionary Privilege
- Background Dump Destination
- Case Sensitive Logon
- Connect Time
- Cpu Per Session
- Db Securefile
- Dispatchers
- Execute Privileges On Dbms_Lob To Public
- Execute Privileges On Utl_File To Public
- Execute Privilege On Sys.Dbms_Export_Extension To Public
- Execute Privilege On Sys.Dbms_Random Public
- Granting Select Any Table Privilege
- Ifile Referenced File Permission
- Ifile Referenced File Permission(Windows)
- Logical Reads Per Session
- Limit Os Authentication
- Log Archive Destination Owner
- Log Archive Destination Permission
- Log Archive Destination Permission(Windows)
- Log Archive Duplex Destination Owner
- Log Archive Duplex Destination Permission
- Log Archive Duplex Destination Permission(Windows)
- Naming Database Links
- Oracle_Home Network Admin Owner
- Os Roles
- Oracle Agent Snmp Read-Only Configuration File Owner
- Oracle Agent Snmp Read-Only Configuration File Permission
- Oracle Agent Snmp Read-Only Configuration File Permission(Windows)
- Oracle Agent Snmp Read-Write Configuration File Owner
- Oracle Agent Snmp Read-Write Configuration File Permission
- Oracle Agent Snmp Read-Write Configuration File Permission(Windows)
- Oracle Http Server Distributed Configuration File Owner
- Oracle Http Server Distributed Configuration Files Permission
- Oracle Http Server Mod_Plsql Configuration File Owner
- Oracle Http Server Mod_Plsql Configuration File Permission
- Oracle Http Server Mod_Plsql Configuration File Permission(Windows)
- Oracle Home Executable Files Permission
- Oracle Home Executable Files Permission(Windows)
- Oracle Net Client Log Directory Owner
- Oracle Net Client Trace Directory Owner
- Oracle Net Inbound Connect Timeout
- Oracle Net Ssl_Cert_Revocation
- Oracle Net Ssl_Server_Dn_Match
- Oracle Net Server Log Directory Owner
- Oracle Net Server Trace Directory Owner
- Oracle Net Sqlnet Expire Time
- Oracle Net Tcp Validnode Checking
- Oracle Xsql Configuration File Owner
- Oracle Xsql Configuration File Permission
- Oracle Xsql Configuration File Permission(Windows)
- Otrace Data Files
- Private Sga
- Password Reuse Max
- Password Reuse Time
- Proxy Account
- Return Server Release Banner
- Remote Password File
- Restrict Sqlnet.Ora Permission
- Restrict Sqlnet.Ora Permission(Windows)
- Sessions_Per_User
- Sql*Plus Executable Owner
- Sql*Plus Executable Permission
- Sql*Plus Executable Permission(Windows)
- Secure Os Audit Level
- System Privileges To Public
- Tkprof Executable Owner
- Tkprof Executable Permission
- Tkprof Executable Permission(Windows)
- Unlimited Tablespace Quota
- Use Of Automatic Log Archival Features
- Use Of Sql92 Security Features
- Utility File Directory Initialization Parameter Setting In Oracle9I Release 1 And Later
- Webcache Initialization File Owner
- Webcache Initialization File Permission
- Webcache Initialization File Permission(Windows)
- Tcp.Excludeded_Nodes
- Tcp.Invited_Nodes
- Patchable Configuration For Rac Database
-
Storage Best Practices For Oracle Rac Database
- Default Permanent Tablespace Set To A System Tablespace
- Default Temporary Tablespace Set To A System Tablespace
- Dictionary Managed Tablespaces
- Insufficient Number Of Redo Logs
- Insufficient Redo Log Size
- Non-System Data Segments In System Tablespaces
- Non-System Users With System Tablespace As Default Tablespace
- Non-Uniform Default Extent Size For Tablespaces
- Rollback In System Tablespace
- Tablespace Not Using Automatic Segment-Space Management
- Tablespaces Containing Rollback And Data Segments
- Users With Permanent Tablespace As Temporary Tablespace
-
Basic Security Configuration For Oracle Cluster Database
-
12
Oracle Single Instance Database Compliance Standards
-
Basic Security Configuration For Oracle Cluster Database Instance
- Allowed Logon Version
- Audit File Destination
- Audit File Destination(Windows)
- Auditing Of Sys Operations Enabled
- Background Dump Destination(Windows)
- Check Network Data Integrity On Server
- Core Dump Destination
- Core Dump Destination(Windows)
- Data Dictionary Protected
- Enable Database Auditing
- Encrypt Network Communication On Server
- Force Client Ssl Authentication
- Initialization Parameter File Permission
- Initialization Parameter File Permission(Windows)
- Oracle Home Executable Files Owner
- Oracle Home File Permission
- Oracle Home File Permission(Windows)
- Oracle Net Client Log Directory Permission
- Oracle Net Client Log Directory Permission(Windows)
- Oracle Net Client Trace Directory Permission
- Oracle Net Client Trace Directory Permission(Windows)
- Oracle Net Server Log Directory Permission
- Oracle Net Server Log Directory Permission(Windows)
- Oracle Net Server Trace Directory Permission
- Oracle Net Server Trace Directory Permission(Windows)
- Protocol Error Further Action
- Protocol Error Trace Action
- Public Trace Files
- Remote Os Authentication
- Remote Os Role
- Ssl Cipher Suites Supported
- Ssl Versions Supported
- Server Parameter File Permission
- Server Parameter File Permission(Windows)
- Use Of Appropriate Umask On Unix Systems
- User Dump Destination
- User Dump Destination(Windows)
- Using Externally Identified Accounts
- Utility File Directory Initialization Parameter Setting
-
Basic Security Configuration For Oracle Database
- Access To Dba_Roles View
- Access To Dba_Role_Privs View
- Access To Dba_Sys_Privs View
- Access To Dba_Tab_Privs View
- Access To Dba_Users View
- Access To Stats$Sqltext Table
- Access To Stats$Sql_Summary Table
- Access To Sys.Aud$ Table
- Access To Sys.Source$ Table
- Access To Sys.User$ Table
- Access To Sys.User_History$ Table
- Allowed Logon Version
- Audit File Destination
- Audit File Destination(Windows)
- Auditing Of Sys Operations Enabled
- Background Dump Destination(Windows)
- Check Network Data Integrity On Server
- Control File Permission
- Control File Permission(Windows)
- Core Dump Destination
- Core Dump Destination(Windows)
- Data Dictionary Protected
- Default Passwords
- Enable Database Auditing
- Encrypt Network Communication On Server
- Execute Privileges On Dbms_Job To Public
- Execute Privileges On Dbms_Sys_Sql To Public
- Force Client Ssl Authentication
- Initialization Parameter File Permission
- Initialization Parameter File Permission(Windows)
- Oracle Home Datafile Permission
- Oracle Home Datafile Permission(Windows)
- Oracle Home Executable Files Owner
- Oracle Home File Permission
- Oracle Home File Permission(Windows)
- Oracle Net Client Log Directory Permission
- Oracle Net Client Log Directory Permission(Windows)
- Oracle Net Client Trace Directory Permission
- Oracle Net Client Trace Directory Permission(Windows)
- Oracle Net Server Log Directory Permission
- Oracle Net Server Log Directory Permission(Windows)
- Oracle Net Server Trace Directory Permission
- Oracle Net Server Trace Directory Permission(Windows)
- Protocol Error Further Action
- Protocol Error Trace Action
- Password Complexity Verification Function Usage
- Password Grace Time
- Password Lifetime
- Password Locking Time
- Public Trace Files
- Remote Os Authentication
- Remote Os Role
- Restricted Privilege To Execute Utl_Http
- Restricted Privilege To Execute Utl_Smtp
- Restricted Privilege To Execute Utl_Tcp
- Ssl Cipher Suites Supported
- Ssl Versions Supported
- Server Parameter File Permission
- Server Parameter File Permission(Windows)
- Use Of Appropriate Umask On Unix Systems
- Use Of Database Links With Cleartext Password
- Use Of Remote Listener Instances
- User Dump Destination
- User Dump Destination(Windows)
- Using Externally Identified Accounts
- Utility File Directory Initialization Parameter Setting
- Well Known Accounts
-
Configuration Best Practices For Oracle Database
- Disabled Automatic Statistics Collection
- Fast Recovery Area Location Not Set
- Force Logging Disabled
- Insufficient Number Of Control Files
- Not Using Automatic Pga Management
- Not Using Automatic Undo Management
- Not Using Spfile
- Statistics_Level Parameter Set To All
- Timed_Statistics Set To False
- Use Of Non-Standard Initialization Parameters
-
High Security Configuration For Oracle Cluster Database Instance
- $Oracle_Home/Network/Admin File Permission
- $Oracle_Home/Network/Admin File Permission(Windows)
- Algorithm For Network Data Integrity Check On Server
- Background Dump Destination
- Case Sensitive Logon
- Db Securefile
- Dispatchers
- Ifile Referenced File Permission
- Ifile Referenced File Permission(Windows)
- Log Archive Destination Owner
- Log Archive Destination Permission
- Log Archive Destination Permission(Windows)
- Log Archive Duplex Destination Owner
- Log Archive Duplex Destination Permission
- Log Archive Duplex Destination Permission(Windows)
- Naming Database Links
- Oracle_Home Network Admin Owner
- Os Roles
- Oracle Agent Snmp Read-Only Configuration File Owner
- Oracle Agent Snmp Read-Only Configuration File Permission
- Oracle Agent Snmp Read-Only Configuration File Permission(Windows)
- Oracle Agent Snmp Read-Write Configuration File Owner
- Oracle Agent Snmp Read-Write Configuration File Permission
- Oracle Agent Snmp Read-Write Configuration File Permission(Windows)
- Oracle Http Server Distributed Configuration File Owner
- Oracle Http Server Distributed Configuration Files Permission
- Oracle Http Server Mod_Plsql Configuration File Owner
- Oracle Http Server Mod_Plsql Configuration File Permission
- Oracle Http Server Mod_Plsql Configuration File Permission(Windows)
- Oracle Home Executable Files Permission
- Oracle Home Executable Files Permission(Windows)
- Oracle Net Client Log Directory Owner
- Oracle Net Client Trace Directory Owner
- Oracle Net Inbound Connect Timeout
- Oracle Net Ssl_Cert_Revocation
- Oracle Net Ssl_Server_Dn_Match
- Oracle Net Server Log Directory Owner
- Oracle Net Server Trace Directory Owner
- Oracle Net Sqlnet Expire Time
- Oracle Net Tcp Validnode Checking
- Oracle Xsql Configuration File Owner
- Oracle Xsql Configuration File Permission
- Oracle Xsql Configuration File Permission(Windows)
- Otrace Data Files
- Return Server Release Banner
- Remote Password File
- Restrict Sqlnet.Ora Permission
- Restrict Sqlnet.Ora Permission(Windows)
- Sql*Plus Executable Owner
- Sql*Plus Executable Permission
- Sql*Plus Executable Permission(Windows)
- Secure Os Audit Level
- Tkprof Executable Owner
- Tkprof Executable Permission
- Tkprof Executable Permission(Windows)
- Use Of Automatic Log Archival Features
- Use Of Sql92 Security Features
- Utility File Directory Initialization Parameter Setting In Oracle9I Release 1 And Later
- Webcache Initialization File Owner
- Webcache Initialization File Permission
- Webcache Initialization File Permission(Windows)
- Tcp.Excludeded_Nodes
- Tcp.Invited_Nodes
-
High Security Configuration For Oracle Database
- "Domain Users" Group Member Of Local "Users" Group
- $Oracle_Home/Network/Admin File Permission
- $Oracle_Home/Network/Admin File Permission(Windows)
- Access To *_Catalog_* Roles
- Access To All_Source View
- Access To Dba_* Views
- Access To Role_Role_Privs View
- Access To Sys.Link$ Table
- Access To User_Role_Privs View
- Access To User_Tab_Privs View
- Access To V$ Synonyms
- Access To V$ Views
- Access To X_$ Views
- Algorithm For Network Data Integrity Check On Server
- Audit Alter Any Table Privilege
- Audit Alter User Privilege
- Audit Aud$ Privilege
- Audit Create Any Library Privilege
- Audit Create Library Privilege
- Audit Create Role Privilege
- Audit Create Session Privilege
- Audit Create User Privilege
- Audit Drop Any Procedure Privilege
- Audit Drop Any Role Privilege
- Audit Drop Any Table Privilege
- Audit Execute Any Procedure Privilege
- Audit Grant Any Object Privilege
- Audit Grant Any Privilege
- Audit Insert Failure
- Audit Select Any Dictionary Privilege
- Background Dump Destination
- Case Sensitive Logon
- Connect Time
- Cpu Per Session
- Db Securefile
- Dispatchers
- Execute Privileges On Dbms_Lob To Public
- Execute Privileges On Utl_File To Public
- Execute Privilege On Sys.Dbms_Export_Extension To Public
- Execute Privilege On Sys.Dbms_Random Public
- Granting Select Any Table Privilege
- Ifile Referenced File Permission
- Ifile Referenced File Permission(Windows)
- Installation On Domain Controller
- Installed Oracle Home Drive Permissions
- Logical Reads Per Session
- Limit Os Authentication
- Log Archive Destination Owner
- Log Archive Destination Permission
- Log Archive Destination Permission(Windows)
- Log Archive Duplex Destination Owner
- Log Archive Duplex Destination Permission
- Log Archive Duplex Destination Permission(Windows)
- Naming Database Links
- Oracle_Home Network Admin Owner
- Os Roles
- Oracle Agent Snmp Read-Only Configuration File Owner
- Oracle Agent Snmp Read-Only Configuration File Permission
- Oracle Agent Snmp Read-Only Configuration File Permission(Windows)
- Oracle Agent Snmp Read-Write Configuration File Owner
- Oracle Agent Snmp Read-Write Configuration File Permission
- Oracle Agent Snmp Read-Write Configuration File Permission(Windows)
- Oracle Http Server Distributed Configuration File Owner
- Oracle Http Server Distributed Configuration Files Permission
- Oracle Http Server Mod_Plsql Configuration File Owner
- Oracle Http Server Mod_Plsql Configuration File Permission
- Oracle Http Server Mod_Plsql Configuration File Permission(Windows)
- Oracle Home Executable Files Permission
- Oracle Home Executable Files Permission(Windows)
- Oracle Net Client Log Directory Owner
- Oracle Net Client Trace Directory Owner
- Oracle Net Inbound Connect Timeout
- Oracle Net Ssl_Cert_Revocation
- Oracle Net Ssl_Server_Dn_Match
- Oracle Net Server Log Directory Owner
- Oracle Net Server Trace Directory Owner
- Oracle Net Sqlnet Expire Time
- Oracle Net Tcp Validnode Checking
- Oracle Xsql Configuration File Owner
- Oracle Xsql Configuration File Permission
- Oracle Xsql Configuration File Permission(Windows)
- Otrace Data Files
- Private Sga
- Password Reuse Max
- Password Reuse Time
- Proxy Account
- Return Server Release Banner
- Remote Password File
- Restrict Sqlnet.Ora Permission
- Restrict Sqlnet.Ora Permission(Windows)
- Sessions_Per_User
- Sql*Plus Executable Owner
- Sql*Plus Executable Permission
- Sql*Plus Executable Permission(Windows)
- Secure Os Audit Level
- System Privileges To Public
- Tkprof Executable Owner
- Tkprof Executable Permission
- Tkprof Executable Permission(Windows)
- Unlimited Tablespace Quota
- Use Of Automatic Log Archival Features
- Use Of Sql92 Security Features
- Use Of Windows Nt Domain Prefix
- Utility File Directory Initialization Parameter Setting In Oracle9I Release 1 And Later
- Webcache Initialization File Owner
- Webcache Initialization File Permission
- Webcache Initialization File Permission(Windows)
- Windows Tools Permission
- Tcp.Excludeded_Nodes
- Tcp.Invited_Nodes
- Patchable Configuration For Oracle Database
-
Storage Best Practices For Oracle Database
- Default Permanent Tablespace Set To A System Tablespace
- Default Temporary Tablespace Set To A System Tablespace
- Dictionary Managed Tablespaces
- Insufficient Number Of Redo Logs
- Insufficient Redo Log Size
- Non-System Data Segments In System Tablespaces
- Non-System Users With System Tablespace As Default Tablespace
- Non-Uniform Default Extent Size For Tablespaces
- Rollback In System Tablespace
- Tablespace Not Using Automatic Segment-Space Management
- Tablespaces Containing Rollback And Data Segments
- Users With Permanent Tablespace As Temporary Tablespace
-
Basic Security Configuration For Oracle Cluster Database Instance
- 13 Oracle WebLogic Cluster Compliance Standards
- 14 Oracle WebLogic Domain Compliance Standards
-
15
Oracle WebLogic Server Compliance Standards
-
Weblogic Server Configuration Compliance
- Enable Java Net Fast Path Check
- Gathered Writes Enabled
- Jdbc Datasource Protocol Check
- Jms File Store Configured To Zfs Storage Check
- Jms Server Maximum Message Count Check
- Jsse Enabled
- Oracle Optimize Utf8 Conversion Check
- Outbound Enable Check For Sdp Channel
- Performance Pack Enabled
- Scattered Reads Enabled
- Synchronous Write Policy Check For Jms File Stores
-
Weblogic Server Configuration Compliance
-
16
Pluggable Database Compliance Standards
-
Basic Security Configuration For Oracle Pluggable Database
- Access To Dba_Roles View
- Access To Dba_Role_Privs View
- Access To Dba_Sys_Privs View
- Access To Dba_Tab_Privs View
- Access To Dba_Users View
- Access To Stats$Sqltext Table
- Access To Stats$Sql_Summary Table
- Access To Sys.Aud$ Table
- Access To Sys.Source$ Table
- Access To Sys.User$ Table
- Access To Sys.User_History$ Table
- Default Passwords
- Execute Privileges On Dbms_Job To Public
- Execute Privileges On Dbms_Sys_Sql To Public
- Password Complexity Verification Function Usage
- Password Grace Time
- Password Lifetime
- Password Locking Time
- Restricted Privilege To Execute Utl_Http
- Restricted Privilege To Execute Utl_Smtp
- Restricted Privilege To Execute Utl_Tcp
- Well Known Accounts
- Configuration Best Practices For Oracle Database
-
High Security Configuration For Oracle Pluggable Database
- Access To *_Catalog_* Roles
- Access To All_Source View
- Access To Dba_* Views
- Access To Role_Role_Privs View
- Access To Sys.Link$ Table
- Access To User_Role_Privs View
- Access To User_Tab_Privs View
- Access To V$ Views
- Access To X_$ Views
- Audit Alter Any Table Privilege
- Audit Alter User Privilege
- Audit Create Any Library Privilege
- Audit Create Library Privilege
- Audit Create Role Privilege
- Audit Create Session Privilege
- Audit Create User Privilege
- Audit Drop Any Procedure Privilege
- Audit Drop Any Role Privilege
- Audit Drop Any Table Privilege
- Audit Execute Any Procedure Privilege
- Audit Grant Any Object Privilege
- Audit Grant Any Privilege
- Audit Insert Failure
- Audit Select Any Dictionary Privilege
- Connect Time
- Cpu Per Session
- Execute Privileges On Dbms_Lob To Public
- Execute Privileges On Utl_File To Public
- Execute Privilege On Sys.Dbms_Export_Extension To Public
- Execute Privilege On Sys.Dbms_Random Public
- Granting Select Any Table Privilege
- Logical Reads Per Session
- Limit Os Authentication
- Private Sga
- Password Reuse Max
- Password Reuse Time
- Proxy Account
- Sessions_Per_User
- System Privileges To Public
- Unlimited Tablespace Quota
- Storage Best Practices For Oracle Database
-
Basic Security Configuration For Oracle Pluggable Database
- 17 Siebel Enterprise Compliance Standards
-
18
Systems Infrastructure Switch Compliance Standards
-
Orachk Systems Infrastructure Switch Best Practices For Oracle Exadata Database Machine
- Exadata Critical Issue Ib1-Ib3
- Exadata Software Version Compatibility With Infiniband Software Version
- Exadata Software Version Compatibility With Infiniband Software Version
- Hostname In /Etc/Hosts
- Infiniband Switch Ntp Configuration
- Infiniband Subnet Manager Status
- Infiniband Subnet Manager Status For Spine
- Infiniband Subnet Manager Status On Leaf
- Infiniband Switch Hostname Configuration
- Infiniband Switch Controlled_Handover Configuration
- Infiniband Switch Log_Flags Configuration
- Infiniband Switch Polling_Retry_Number Configuration
- Infiniband Switch Polling_Retry_Number Configuration
- Infiniband Switch Routing_Engine Configuration
- Infiniband Switch Sminfo_Polling_Timeout Configuration
- Infiniband Switch Sminfo_Polling_Timeout Configuration
- Is Orachk Configured
- Switch Firmware Version
- Verify Average Ping Times To Dns Nameserver [Ib Switch]
- Verify No Ib Switch Ports Disabled Due To Excessive Symbol Errors
- Verify Switch Localtime Configuration Across Switches
- Verify Switch Version Consistency Across Switches
- Sm_Priority Configuration On Infiniband Switch
-
Orachk Systems Infrastructure Switch Best Practices For Recovery Appliance
- Exadata Software Version Compatibility With Infiniband Software Version
- Exadata Software Version Compatibility With Infiniband Software Version
- Infiniband Switch Ntp Configuration
- Infiniband Subnet Manager Status
- Infiniband Subnet Manager Status For Spine
- Infiniband Subnet Manager Status On Leaf
- Infiniband Switch Hostname Configuration
- Infiniband Switch Controlled_Handover Configuration
- Infiniband Switch Log_Flags Configuration
- Infiniband Switch Polling_Retry_Number Configuration
- Infiniband Switch Polling_Retry_Number Configuration
- Infiniband Switch Routing_Engine Configuration
- Infiniband Switch Sminfo_Polling_Timeout Configuration
- Infiniband Switch Sminfo_Polling_Timeout Configuration
- Is Orachk Configured
- Switch Firmware Version
- Verify Average Ping Times To Dns Nameserver [Ib Switch]
- Verify No Ib Switch Ports Disabled Due To Excessive Symbol Errors
- Verify Switch Localtime Configuration Across Switches
- Verify Switch Version Consistency Across Switches
- Sm_Priority Configuration On Infiniband Switch
-
Orachk Systems Infrastructure Switch Best Practices For Oracle Exadata Database Machine
-
19
Security Technical Implementation Guide (STIG) Compliance Standards
- About Security Technical Implementation Guide
- Associating STIG Compliance Standards Targets
- Handling STIG Compliance Standards Violations
- STIG Compliance Standard Rules Exceptions
- Oracle Database STIG Compliance Standard Modifications from Guide
- Oracle WebLogic STIG Compliance Standard
- Oracle HTTP Server STIG Compliance Standard
-
STIG Rules Enhanced by Oracle
-
Oracle 12c Database STIG Variations
- SV-75899r1_rule
- SV-75903r1_rule
- SV-75905r1_rule
- SV-75907r1_rule
- SV-75909r1_rule
- SV-75923r1_rule
- SV-75927r1_rule
- SV-75931r2_rule
- SV-75937r2_rule
- SV-75945r1_rule
- SV-75947r1_rule
- SV-75953r1_rule
- SV-75957r1_rule
- SV-76001r1_rule
- SV-76017r1_rule
- SV-76021r2_rule
- SV-76023r1_rule
- SV-76025r1_rule
- SV-76035r1_rule
- SV-76037r1_rule
- SV-76039r1_rule
- SV-76041r1_rule
- SV-76043r1_rule
- SV-76045r1_rule
- SV-76051r1_rule
- SV-76053r1_rule
- SV-76055r1_rule
- SV-76059r1_rule
- SV-76061r1_rule
- SV-76063r1_rule
- SV-76081r1_rule
- SV-76085r1_rule
- SV-76093r1_rule
- SV-76095r1_rule
- SV-76097r1_rule
- SV-76099r1_rule
- SV-76101r1_rule
- SV-76103r1_rule
- SV-76105r1_rule
- SV-76111r1_rule
- SV-76115r1_rule
- SV-76117r1_rule
- SV-76121r1_rule
- SV-76123r1_rule
- SV-76125r1_rule
- SV-76127r1_rule
- SV-76129r1_rule
- SV-76131r1_rule
- SV-76143r2_rule
- SV-76145r1_rule
- SV-76147r1_rule
- SV-76157r1_rule
- SV-76159r1_rule
- SV-76161r1_rule
- SV-76163r1_rule
- SV-76167r1_rule
- SV-76173r1_rule
- SV-76175r1_rule
- SV-76181r1_rule
- SV-76193r1_rule
- SV-76195r1_rule
- SV-76197r1_rule
- SV-76199r1_rule
- SV-76203r1_rule
- SV-76205r1_rule
- SV-76207r1_rule
- SV-76209r1_rule
- SV-76211r2_rule
- SV-76213r1_rule
- SV-76215r1_rule
- SV-76217r1_rule
- SV-76219r1_rule
- SV-76221r1_rule
- SV-76229r1_rule
- SV-76237r1_rule
- SV-76245r1_rule
- SV-76247r2_rule
- SV-76249r1_rule
- SV-76251r1_rule
- SV-76253r1_rule
- SV-76255r1_rule
- SV-76257r1_rule
- SV-76261r1_rule
- SV-76263r1_rule
- SV-76275r1_rule
- SV-76287r2_rule
- SV-76289r2_rule
- SV-76291r2_rule
- SV-76293r2_rule
- SV-76299r1_rule
- SV-76301r1_rule
- SV-76307r1_rule
- SV-76309r1_rule
- SV-76339r1_rule
- SV-76365r1_rule
- SV-76377r1_rule
- SV-76455r1_rule
- SV-76457r1_rule
- STIG Database Checks
- STIG Installation Checks
-
Oracle 12c Database STIG Variations
-
20
CIS Compliance Standards
- About CIS Compliance Standards
- Associating CIS Compliance Standards Targets
- Oracle Database Installation and Patching Requirements
-
Oracle Parameter Settings
- Listener Settings
-
Database Settings
- Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE' (Scored)
- Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED' (Scored)
- Ensure 'GLOBAL_NAMES' Is Set to 'TRUE' (Scored)
- Ensure 'O7_DICTIONARY_ACCESSIBILITY' Is Set to 'FALSE' (Scored)
- Ensure 'OS_ROLES' Is Set to 'FALSE' (Scored)
- Ensure 'REMOTE_LISTENER' Is Empty (Scored)
- Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE' (Scored)
- Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' (Scored)
- Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' (Scored)
- Ensure 'UTL_FILE_DIR' Is Empty (Scored)
- Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' (Scored)
- Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less (Scored)
- Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3' (Scored)
- Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG' (Scored)
- Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE' (Scored)
- Ensure 'SQL92_SECURITY' Is Set to 'TRUE' (Scored)
- Ensure '_trace_files_public' Is Set to 'FALSE' (Scored)
- Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE' (Scored)
-
Oracle Connection and Login
Restrictions
- Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' (Scored)
- Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' (Scored)
- Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' (Scored)
- Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20' (Scored)
- Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365' (Scored)
- Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' (Scored)
- Ensure 'DBA_USERS.PASSWORD' Is Not Set to 'EXTERNAL' for Any User (Scored)
- Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles (Scored)
- Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' (Scored)
-
Oracle User Access and
Authorization Restrictions
-
Default Public Privileges for
Packages and Object Types
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_ADVISOR' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_CRYPTO' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_JAVA' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_JAVA_TEST' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_JOB' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_LDAP' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_LOB' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_OBFUSCATION_TOOLKIT' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_RANDOM' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_SCHEDULER' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_SQL' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_XMLGEN' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_XMLQUERY' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_FILE' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_INADDR' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_TCP' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_MAIL' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_SMTP' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_DBWS' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_ORAMTS' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_HTTP' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'HTTPURITYPE' (Scored)
- Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_XMLSTORE' (Scored)
- Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_XMLSAVE' (Scored)
- Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_REDACT' (Scored)
-
Revoke Non-Default Privileges for
Packages and Object Types
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_SYS_SQL' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_BACKUP_RESTORE' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_AQADM_SYSCALLS' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_REPCAT_SQL_UTL' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'INITJVMAUX' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_STREAMS_ADM_UTL' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_AQADM_SYS' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_STREAMS_RPC' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'LTADM' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'WWV_DBMS_SQL' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'WWV_EXECUTE_IMMEDIATE' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_IJOB' (Scored)
- Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_FILE_TRANSFER' (Scored)
-
Revoke Excessive System
Privileges
- Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'CREATE_PROCEDURE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'CREATE LIBRARY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Revoke Role Privileges
-
Revoke Excessive Table and View
Privileges
- Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$' (Scored)
- Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'USER_HISTORY$' (Scored)
- Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'LINK$' (Scored)
- Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'SYS.USER$' (Scored)
- Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%' (Scored)
- Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'SYS.SCHEDULER$_CREDENTIAL' (Scored)
- Ensure 'SYS.USER$MIG' Has Been Dropped (Scored)
- Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE' (Scored)
- Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES' (Scored)
- Ensure Proxy Users Have Only 'CONNECT' Privilege (Scored)
- Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN' (Scored)
- Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP' (Scored)
-
Default Public Privileges for
Packages and Object Types
-
Audit/Logging Policies and
Procedures
-
Traditional Auditing
- Ensure the 'USER' Audit Option Is Enabled (Scored)
- Ensure the 'ROLE' Audit Option Is Enabled (Scored)
- Ensure the 'SYSTEM GRANT' Audit Option Is Enabled (Scored)
- Ensure the 'PROFILE' Audit Option Is Enabled (Scored)
- Ensure the 'DATABASE LINK' Audit Option Is Enabled (Scored)
- Ensure the 'PUBLIC DATABASE LINK' Audit Option Is Enabled (Scored)
- Ensure the 'PUBLIC SYNONYM' Audit Option Is Enabled (Scored)
- Ensure the 'SYNONYM' Audit Option Is Enabled (Scored)
- Ensure the 'DIRECTORY' Audit Option Is Enabled (Scored)
- Ensure the 'SELECT ANY DICTIONARY' Audit Option Is Enabled (Scored)
- Ensure the 'GRANT ANY OBJECT PRIVILEGE' Audit Option Is Enabled (Scored)
- Ensure the 'GRANT ANY PRIVILEGE' Audit Option Is Enabled (Scored)
- Ensure the 'DROP ANY PROCEDURE' Audit Option Is Enabled (Scored)
- Ensure the 'ALL' Audit Option on 'SYS.AUD$' Is Enabled (Scored)
- Ensure the 'PROCEDURE' Audit Option Is Enabled (Scored)
- Ensure the 'ALTER SYSTEM' Audit Option Is Enabled (Scored)
- Ensure the 'TRIGGER' Audit Option Is Enabled (Scored)
- Ensure the 'CREATE SESSION' Audit Option Is Enabled (Scored)
- PDB Specific Remediation
-
Unified Auditing
- Ensure the 'CREATE USER' Action Audit Is Enabled (Scored)
- Ensure the 'ALTER USER' Action Audit Is Enabled (Scored)
- Ensure the 'DROP USER' Audit Option Is Enabled (Scored)
- Ensure the 'CREATE ROLE’ Action Audit Is Enabled (Scored)
- Ensure the 'ALTER ROLE’ Action Audit Is Enabled (Scored)
- Ensure the 'DROP ROLE’ Action Audit Is Enabled (Scored)
- Ensure the 'GRANT' Action Audit Is Enabled (Scored)
- Ensure the 'REVOKE' Action Audit Is Enabled (Scored)
- Ensure the 'CREATE PROFILE’ Action Audit Is Enabled (Scored)
- Ensure the 'ALTER PROFILE’ Action Audit Is Enabled (Scored)
- Ensure the 'DROP PROFILE’ Action Audit Is Enabled (Scored)
- Ensure the 'CREATE DATABASE LINK’ Action Audit Is Enabled (Scored)
- Ensure the 'ALTER DATABASE LINK’ Action Audit Is Enabled (Scored)
- Ensure the 'DROP DATABASE LINK’ Action Audit Is Enabled (Scored)
- Ensure the 'CREATE SYNONYM’ Action Audit Is Enabled (Scored)
- Ensure the 'ALTER SYNONYM’ Action Audit Is Enabled (Scored)
- Ensure the 'DROP SYNONYM’ Action Audit Is Enabled (Scored)
- Ensure the 'SELECT ANY DICTIONARY’ Privilege Audit Is Enabled (Scored)
- Ensure the 'UNIFIED_AUDIT_TRAIL’ Access Audit Is Enabled (Scored)
- Ensure the 'CREATE PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY’ Action Audit Is Enabled (Scored)
- Ensure the 'ALTER PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY’ Action Audit Is Enabled (Scored)
- Ensure the 'DROP PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY’ Action Audit Is Enabled (Scored)
- Ensure the 'ALTER SYSTEM’ Privilege Audit Is Enabled (Scored)
- Ensure the 'CREATE TRIGGER’ Action Audit Is Enabled (Scored)
- Ensure the 'ALTER TRIGGER’ Action Audit IS Enabled (Scored)
- Ensure the 'DROP TRIGGER’ Action Audit Is Enabled (Scored)
- Ensure the 'LOGON’ AND ‘LOGOFF’ Actions Audit Is Enabled (Scored)
- PDB Specific Remediation
-
Traditional Auditing
- 21 SCAP Supported Standards
- 22 AHF EXAchk Compliance Standards
- 23 Oracle Database Security Assessment Tool Compliance Standard