CIS v1.1.0 Oracle 11g OS Windows Level 1

Audit Details

Name: CIS v1.1.0 Oracle 11g OS Windows Level 1

Updated: 4/25/2022

Authority: CIS

Plugin: Windows

Revision: 1.27

Estimated Item Count: 117

File Details

Filename: CIS_v1.1.0_Oracle_11g_OS_Windows_Level_1.audit

Size: 140 kB

Audit Items

DescriptionCategories
1.01 Windows platform - 'Do not install Oracle on a domain controller'

CONFIGURATION MANAGEMENT

1.02 Windows Oracle Local Account - 'Use Restricted Service Account (RSA)'

ACCESS CONTROL

1.03 Windows Oracle Domain Account - 'Use Restricted Service Account (RSA)'

ACCESS CONTROL

1.04 Windows Oracle Account - 'Deny Log on Locally Right'

ACCESS CONTROL

1.05 Windows Oracle Domain Global Group - 'Create a global group for the RSA and make it the RSA's primary group'

ACCESS CONTROL

1.06 Windows Oracle Account Domain Users Group Membership - 'Remove the RSA from the Domain Users group'

ACCESS CONTROL

1.07 Windows Oracle Domain Network Resource Permissions - 'Verify and set permissions'
1.08 Windows Oracle Domain Account Logon to...Value - 'Limit to machine running Oracle services'
1.09 Windows Program Folder Permissions - 'Verify and set permissions'
1.10 Windows Oracle Registry Key Permissions - 'Verify and set permissions'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.11 Windows Oracle Registry Key Setting - 'Set OSAUTH_PREFIX_DOMAIN registry value to TRUE'

CONFIGURATION MANAGEMENT

2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 11g'
2.02 Version/Patches - 'Ensure the latest version of Oracle software and patches have been applied'
2.03 Minimal Install - 'Ensure that only the Oracle components necessary to your environment are selected for installation'
2.04 tkprof - 'Remove from system' - removed

CONFIGURATION MANAGEMENT

2.04 tkprof - 'Remove from system' - secured
2.05 listener.ora - 'Change default name of listener'

CONFIGURATION MANAGEMENT

2.07 otrace - 'Disable' - no .dat files

CONFIGURATION MANAGEMENT

2.07 otrace - 'Disable' - no directory

CONFIGURATION MANAGEMENT

2.08 Listener password - 'Use OS Authentication'

IDENTIFICATION AND AUTHENTICATION

2.13 Service or SID name - 'Non-default'

CONFIGURATION MANAGEMENT

3.01 Files in $ORACLE_HOME/bin - 'Verify and set ownership'
3.05 init.ora - 'Verify and restrict permissions'
3.06 spfile.ora - 'Verify and restrict permissions'
3.07 Database datafiles - 'Verify and restrict permissions'
3.08 init.ora - 'Verify permissions of file referenced by ifile parameter'
3.09 init.ora - 'audit_file_dest parameter settings'

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

3.10 init.ora - 'diagonostic_dest parameter settings'
3.11 init.ora - 'control_file parameter settings'
3.12 init.ora - 'log_archive_dest_n parameter settings'
3.13 Files in $ORACLE_HOME/network/admin directory - 'Verify and set permissions'
3.14 sqlnet.ora - 'Verify and set permissions with read permissions for everyone'
3.15 sqlnet.ora - 'log_directory_client parameter settings'

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

3.16 sqlnet.ora - 'log_directory_server parameter settings'

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

3.17 sqlnet.ora - 'trace_directory_client parameter settings'
3.18 sqlnet.ora - 'trace_directory_server parameter settings'
3.19 listener.ora - 'Verify and set permissions'
3.20 listener.ora - 'log_file_listener parameter settings'

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

3.21 listener.ora - 'trace_directory_listener_name parameter settings'
3.22 listener.ora - 'trace_file_listener_name parameter settings'
3.23 sqlplus - 'Verify and set permissions'
3.24 .htaccess - 'Verify and set permissions'
3.25 dads.conf - 'Verify and set permissions'
3.26 xsqlconfig.xml - 'Verify and set permissions'
4.01 init.ora - '_trace_file_public = FALSE'

ACCESS CONTROL

4.02 init.ora - 'global_names = TRUE'

CONFIGURATION MANAGEMENT

4.03 init.ora - 'remote_os_authent = FALSE'

IDENTIFICATION AND AUTHENTICATION

4.04 init.ora - 'remote_os_roles = FALSE'

ACCESS CONTROL

4.05 init.ora - 'remote_listener = NULL String'

CONFIGURATION MANAGEMENT

4.06 init.ora - 'audit_trail parameter set to OS, DB, DB_EXTENDED, XML, or XML, EXTENDED'

AUDIT AND ACCOUNTABILITY