CIS Oracle 9/10 OS Audit L1 v2.01

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle 9/10 OS Audit L1 v2.01

Updated: 7/30/2020

Authority: CIS

Plugin: Unix

Revision: 1.22

Estimated Item Count: 108

Audit Items

DescriptionCategories
2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 10g'
2.02 Version/Patches - 'Ensure the latest version of Oracle software is being used, and the latest patches from Metalink have been applied'
2.03 tkprof - 'Remove from system'

CONFIGURATION MANAGEMENT

2.04 listener.ora - 'Change default name of listener'

CONFIGURATION MANAGEMENT

2.05 listener.ora - 'Use IP addresses rather than hostnames'

CONFIGURATION MANAGEMENT

2.06 otrace - 'Disable'

CONFIGURATION MANAGEMENT

2.07 Listener password - 'Encrypt the Listener Password'
2.07 Listener password - 'Use Integrated Authentication'
2.08 Default Accounts (created by Oracle) - '1.Drop the user 2.Lock the user account 3.Change the default password'
2.12 Service or SID name - 'Non-default'

CONFIGURATION MANAGEMENT

3.01 Files in $ORACLE_HOME/bin - 'Verify and set ownership'

CONFIGURATION MANAGEMENT

3.02 Files in $ORACLE_HOME/bin - 'Permissions set to 0755 or less on Unix systems'

CONFIGURATION MANAGEMENT

3.03 Files in $ORACLE_HOME (not including $ORACLE_HOME/bin) - 'Permissions set to 0750 or less on Unix Systems'

CONFIGURATION MANAGEMENT

3.04 Oracle account .profile file - 'Unix systems umask 022'

ACCESS CONTROL

3.05 init.ora - 'Verify and restrict permissions'

CONFIGURATION MANAGEMENT

3.06 spfile.ora - 'Verify and restrict permissions'

CONFIGURATION MANAGEMENT

3.07 Database datafiles - 'Verify and restrict permissions'

CONFIGURATION MANAGEMENT

3.08 init.ora - 'Verify permissions of file referenced by ifile parameter'

CONFIGURATION MANAGEMENT

3.09 init.ora - 'audit_file_dest parameter settings'

CONFIGURATION MANAGEMENT

3.10 init.ora - 'user_dump_dest parameter settings'

CONFIGURATION MANAGEMENT

3.11 init.ora - background_dump_dest parameter settings

CONFIGURATION MANAGEMENT

3.12 init.ora - core_dump_dest parameter settings

CONFIGURATION MANAGEMENT

3.13 init.ora - control_files parameter settings

CONFIGURATION MANAGEMENT

3.14 init.ora - 'log_archive_dest_n parameter settings'

CONFIGURATION MANAGEMENT

3.15 Files in $@ORACLE_HOME@/network/admin directory - 'Verify and set permissions'

CONFIGURATION MANAGEMENT

3.16 webcache.xml - 'Verify and set permissions as needed'

CONFIGURATION MANAGEMENT

3.17 snmp_ro.ora - 'Verify and set permissions as needed'

CONFIGURATION MANAGEMENT

3.18 snmp_rw.ora - 'Verify and set permissions as needed'

CONFIGURATION MANAGEMENT

3.19 sqlnet.ora - 'Verify and set permissions as needed with read permissions for everyone'

CONFIGURATION MANAGEMENT

3.20 sqlnet.ora - 'log_directory_client parameter settings'

CONFIGURATION MANAGEMENT

3.21 sqlnet.ora - 'log_directory_server parameter settings'

CONFIGURATION MANAGEMENT

3.22 sqlnet.ora - 'trace_directory_client parameter settings'

CONFIGURATION MANAGEMENT

3.23 sqlnet.ora - 'trace_directory_server parameter settings'

CONFIGURATION MANAGEMENT

3.24 listener.ora - 'Verify and set permissions'

CONFIGURATION MANAGEMENT

3.25 listener.ora - 'log_file_listener parameter settings'

CONFIGURATION MANAGEMENT

3.26 listener.ora - 'trace_directory_listener_name parameter settings'

CONFIGURATION MANAGEMENT

3.27 listener.ora - 'trace_file_listener_name parameter settings'

CONFIGURATION MANAGEMENT

3.28 sqlplus - 'Verify and set permissions as needed'

CONFIGURATION MANAGEMENT

3.29 .htaccess - 'Verify and set permissions as needed'

CONFIGURATION MANAGEMENT

3.30 wdbsvr.app - 'Verify and set permissions as needed'

CONFIGURATION MANAGEMENT

3.31 xsqlconfig.xml - 'Verify and set permissions as needed'

CONFIGURATION MANAGEMENT

4.01 init.ora - '_trace_file_public = FALSE'

ACCESS CONTROL

4.02 init.ora - 'global_names = TRUE'

CONFIGURATION MANAGEMENT

4.03 init.ora - max_enabled_roles=30

CONFIGURATION MANAGEMENT

4.04 init.ora - 'remote_os_authent = FALSE'

ACCESS CONTROL

4.05 init.ora - 'remote_os_roles = FALSE'

ACCESS CONTROL

4.06 init.ora - 'remote_listener = NULL String'

CONFIGURATION MANAGEMENT

4.07 init.ora - 'audit_trail parameter set to OS, DB, or TRUE'

AUDIT AND ACCOUNTABILITY

4.08 init.ora - 'os_authent_prefix = NULL String'

ACCESS CONTROL

4.09 init.ora - 'os_roles = FALSE'

ACCESS CONTROL