Oracle DB Audit Report

by David Schwalenberg
November 19, 2013

This report displays the results from an audit check of Oracle database servers.

The Oracle Database Server asset list is used to identify all Oracle database servers on the network; this asset list is available in the SecurityCenter app store feed. The audit checks are contained in audit files that can be downloaded from the Tenable Customer Support Portal. Any Oracle database servers audited by performing Nessus scans with these policies can be used to populate this report; both the Oracle database and the server OS (Windows, Linux, or Unix) should be audited because the security of the server depends on minimizing the vulnerabilities of both.

The report is available in the SecurityCenter 4.7 Report app feed, an app store of dashboards, reports, and assets.  The report requirements are:

  • SecurityCenter 4.7
  • Nessus 5.2.1
  • Oracle Database Server asset
  • Oracle database compliance audit files

Chapters

Oracle DB Audit Summary - This chapter summarizes the audit results by severity, by server, and by vulnerability area. Green indicates passed audit checks, red indicates failed audit checks, and orange indicates audit checks that could not be performed automatically and need to be verified manually.

Oracle DB Audit Results - This chapter presents detailed lists of the audit check results for each server IP address. First in each list are the audit checks that failed (High severity), followed by the checks that require manual verification (Medium severity), and ending with the checks that passed (Informational).