1.1 Ensure The Appropriate Version/Patches For Oracle Software Is Installed | SYSTEM AND SERVICES ACQUISITION |
2.3.1 Ensure 'BACKGROUND_CORE_DUMP' Is Not Set To 'Full' | MEDIA PROTECTION |
2.3.2 Ensure 'SHADOW_CORE_DUMP' Is Not Set To 'Full' | MEDIA PROTECTION |
2.3.3 Ensure 'MLE_PROG_LANGUAGES' Is Set To 'OFF' | CONFIGURATION MANAGEMENT |
2.3.4 Ensure 'ALLOW_GROUP_ACCESS_TO_SGA' Is Set To `FALSE` | ACCESS CONTROL, MEDIA PROTECTION |
2.3.5 Review Undocumented (Underscore) Parameters Not Set To 'DEFAULT' Values | CONFIGURATION MANAGEMENT |
2.3.6 Ensure 'OS_ROLES' Is Set To 'FALSE' | ACCESS CONTROL, MEDIA PROTECTION |
2.3.7 Ensure 'REMOTE_OS_ROLES' Is Set To 'FALSE' | ACCESS CONTROL |
2.3.8 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is Set To '3' Or Less | ACCESS CONTROL |
2.3.9 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set To '(DROP,3)' | SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.10 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set To 'LOG' | AUDIT AND ACCOUNTABILITY |
2.3.11 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set To 'FALSE' | ACCESS CONTROL, MEDIA PROTECTION |
2.3.12 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set To 'NONE' | ACCESS CONTROL |
2.3.13 Ensure 'REMOTE_LISTENER' Is Empty | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.3.14 Ensure 'RESOURCE_LIMIT' Is Set To 'TRUE' | ACCESS CONTROL, MEDIA PROTECTION |
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less Than Or Equal To '5' | ACCESS CONTROL |
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater Than Or Equal To '1' | ACCESS CONTROL |
3.3 Ensure 'PASSWORD_LIFE_TIME + PASSWORD_GRACE_TIME' Is Less Than Or Equal To '365' | ACCESS CONTROL |
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Set To 'UNLIMITED' | IDENTIFICATION AND AUTHENTICATION |
3.5 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set For All Profiles | IDENTIFICATION AND AUTHENTICATION |
3.6 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Configured Correctly | IDENTIFICATION AND AUTHENTICATION |
3.7 Ensure 'PASSWORD_ROLLOVER_TIME' Is set to '0' | IDENTIFICATION AND AUTHENTICATION |
3.8 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120' | ACCESS CONTROL |
4.1 Ensure All Default Passwords Are Changed | IDENTIFICATION AND AUTHENTICATION |
4.2 Ensure No Custom 'ORACLE_MAINTAINED' Users Exist | ACCESS CONTROL |
4.3 Review The Users Created Through Real Application Security | ACCESS CONTROL |
4.4 Ensure Old Password Versions Are Not Used | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.5 Ensure The Latest Version of The Password File Is Used | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.6 Ensure That Users In Different RAC Instances Are Identical In PW Files | ACCESS CONTROL |
4.7 Ensure No Public Database Links Exist | ACCESS CONTROL, MEDIA PROTECTION |
4.8 Ensure That Database Link Passwords Are Using The Latest Encryption | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
5.1 Ensure All Auditable System Actions Commands Are Audited | AUDIT AND ACCOUNTABILITY |
5.2 Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is Enabled | AUDIT AND ACCOUNTABILITY |
5.3 Ensure Critical Packages Are Audited | AUDIT AND ACCOUNTABILITY |
5.4 Ensure All Export Activities Are Audited | AUDIT AND ACCOUNTABILITY |
5.5 Ensure The Use Of SYS* Privileges Is Audited | AUDIT AND ACCOUNTABILITY |
6.1.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.2 Ensure Admin Privileges Are Revoked from Unauthorized 'GRANTEE' | ACCESS CONTROL |
6.1.3 Ensure 'IMPORT' And 'EXPORT' 'FULL DATABASE' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.4 Ensure 'CREATE EXTERNAL JOB' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL |
6.1.5 Ensure 'BECOME USER' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.6 Ensure 'TEXT DATASTORE ACCESS' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.7 Ensure 'CREATE', 'ALTER', And 'DROP' 'PUBLIC DATABASE LINK' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.8 Ensure 'LOGMINING' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.9 Ensure 'ALTER SYSTEM' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.10 Ensure 'CREATE LIBRARY' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.1.11 Ensure All `SYSTEM` Privileges Are Revoked from Unauthorized 'GRANTEE' | ACCESS CONTROL |
6.2.1 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.2.2 Ensure 'EXP_FULL_DATABASE' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
6.2.3 Ensure 'IMP_FULL_DATABASE' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |