CIS v1.1.0 Oracle 11g OS Windows Level 1

Audit Details

Name: CIS v1.1.0 Oracle 11g OS Windows Level 1

Updated: 4/25/2022

Authority: CIS

Plugin: Windows

Revision: 1.27

Estimated Item Count: 117

File Details

Filename: CIS_v1.1.0_Oracle_11g_OS_Windows_Level_1.audit

Size: 140 kB

Audit Changelog

 
Revision 1.27

Apr 25, 2022

Miscellaneous
  • Metadata updated.
Revision 1.26

Mar 29, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.25

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.24

Feb 1, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.23

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.22

May 6, 2020

Functional Update
  • 1.05 Windows Oracle Domain Global Group - 'Create a global group for the RSA and make it the RSA's primary group'
  • 1.06 Windows Oracle Account Domain Users Group Membership - 'Remove the RSA from the Domain Users group'
Miscellaneous
  • References updated.
Revision 1.21

Apr 22, 2020

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.20

Aug 5, 2019

Miscellaneous
  • Metadata updated.
  • See also link updated.
Revision 1.19

Feb 8, 2019

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.18

Dec 14, 2018

Informational Update
  • 1.07 Windows Oracle Domain Network Resource Permissions - 'Verify and set permissions'
  • 1.08 Windows Oracle Domain Account Logon to...Value - 'Limit to machine running Oracle services'
  • 10.01 Enterprise Management studio mode - 'Access to the enterprise management in studio must be limited'
  • 10.02 Enterprise Manager Agent File uploads - 'Monitor the size of file uploads from the enterprise agent'
  • 10.03 Enterprise Manager Framework Security - 'Where possible, utilize Enterprise Manager Framework Security Functionality'
  • 10.05 Enterprise Manager Framework Security - 'In command line mode, avoid using commands that contain passwords in the arguments.'
  • 11.01 ADDM - 'Verify ADDM suggestions'
  • 11.02 AMM - 'Monitor AMM'
  • 11.03 AWR - 'Implement AWR to record all database performance statistics over a defined time period.'
  • 12.00 Oracle Installation - 'Do not install Oracle on an Internet facing server'
  • 12.01 Oracle alert log file - 'Review contents'
  • 12.02 Database creation scripts on host - 'Remove or secure'
  • 12.05 Sensitive information in process list on host - 'Avoid or encrypt'
  • 12.06 Sensitive information in cron jobs on host - 'Avoid or encrypt'
  • 12.07 Sensitive information in at jbos (or jobs in Windows scheduler) on host - 'Avoid or encrypt'
  • 12.08 Sensitive information in environment variables on host - 'Avoid or encrypt'
  • 12.09 Sensitive information in batch files on host - 'Avoid or encrypt'
  • 12.10 Oracle file locations - 'Separate for performance'
  • 12.11 File systems - 'Separate Oracle files from non-Oracle Files'
  • 12.12 Optimal Flexible Architecture - 'Implement'
  • 12.13 Checksum PL/SQL code - 'Implement'
  • 12.14 All database objects - 'Monitor'
  • 12.15 Ad-hoc queries on production databases - 'Avoid'
  • 12.16 Remote shell access on host - 'Encrypt session'
  • 12.17 Applications with database access - 'Review'
  • 12.18 Location of development database - 'Separate server from production database'
  • 12.19 Network location of production and development databases - 'Separate'
  • 12.20 Monitor for development on production databases - 'Prevent development on production databases'
  • 12.21 Access to production databases - 'Avoid access from development or test databases'
  • 12.22 Developer access to production databases - 'Disallow'
  • 12.23 Developer accounts on production databases - 'Remove developer accounts'
  • 12.24 Databases created from production exports - 'Change passwords'
  • 12.25 Databases created from production systems - 'Remove sensitive data'
  • 12.26 Account Management - 'Document and enforce account management procedures'
  • 12.27 Change Control - 'Document and enforce change control procedures'
  • 12.28 Disaster recovery procedures - 'Review'
  • 12.29 Backdoors - 'Eliminate'
  • 12.30 Public dissemination of database information - 'Disallow'
  • 12.31 Screen saver - 'Set screen saver/lock with password protection of 15 minutes'
  • 12.32 Distribution of tnsnames.ora files to clients - 'Include only tnsnames.ora when distributing to clients'
  • 12.33 Event and System Logs - 'Monitor'
  • 12.34 Access to database objects by a fixed user link - 'Disallow'
  • 2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 11g'
  • 2.02 Version/Patches - 'Ensure the latest version of Oracle software and patches have been applied'
  • 2.03 Minimal Install - 'Ensure that only the Oracle components necessary to your environment are selected for installation'
  • 4.15 Database object definition NOLOGGING clause - 'Do not leave database objects in NOLOGGING mode in production environments.'
  • 6.01 Advanced queuing in asynchronous messaging - 'Empty queue at shutdown of Oracle'
  • 6.02 Cache - 'Cache must be emptied at shutdown of Oracle'
  • 7.01 Redo logs - 'Mirror'
  • 7.02 Control files - 'Multiplex control files to multiple physical disks'
  • 7.03 Control files - 'Mirror'
  • 7.04 Archive logs - 'Ensure there is sufficient space for the archive logging process'
  • 7.05 Redo logs - 'Multiplex redo logs to multiple physical disks'
  • 7.06 Archive log files - 'Backup'
  • 7.07 Backup - 'Automated backups should be verified'
Miscellaneous
  • Metadata updated.
  • References updated.