Revision 1.18Dec 14, 2018
Informational Update
- 1.07 Windows Oracle Domain Network Resource Permissions - 'Verify and set permissions'
- 1.08 Windows Oracle Domain Account Logon to...Value - 'Limit to machine running Oracle services'
- 10.01 Enterprise Management studio mode - 'Access to the enterprise management in studio must be limited'
- 10.02 Enterprise Manager Agent File uploads - 'Monitor the size of file uploads from the enterprise agent'
- 10.03 Enterprise Manager Framework Security - 'Where possible, utilize Enterprise Manager Framework Security Functionality'
- 10.05 Enterprise Manager Framework Security - 'In command line mode, avoid using commands that contain passwords in the arguments.'
- 11.01 ADDM - 'Verify ADDM suggestions'
- 11.02 AMM - 'Monitor AMM'
- 11.03 AWR - 'Implement AWR to record all database performance statistics over a defined time period.'
- 12.00 Oracle Installation - 'Do not install Oracle on an Internet facing server'
- 12.01 Oracle alert log file - 'Review contents'
- 12.02 Database creation scripts on host - 'Remove or secure'
- 12.05 Sensitive information in process list on host - 'Avoid or encrypt'
- 12.06 Sensitive information in cron jobs on host - 'Avoid or encrypt'
- 12.07 Sensitive information in at jbos (or jobs in Windows scheduler) on host - 'Avoid or encrypt'
- 12.08 Sensitive information in environment variables on host - 'Avoid or encrypt'
- 12.09 Sensitive information in batch files on host - 'Avoid or encrypt'
- 12.10 Oracle file locations - 'Separate for performance'
- 12.11 File systems - 'Separate Oracle files from non-Oracle Files'
- 12.12 Optimal Flexible Architecture - 'Implement'
- 12.13 Checksum PL/SQL code - 'Implement'
- 12.14 All database objects - 'Monitor'
- 12.15 Ad-hoc queries on production databases - 'Avoid'
- 12.16 Remote shell access on host - 'Encrypt session'
- 12.17 Applications with database access - 'Review'
- 12.18 Location of development database - 'Separate server from production database'
- 12.19 Network location of production and development databases - 'Separate'
- 12.20 Monitor for development on production databases - 'Prevent development on production databases'
- 12.21 Access to production databases - 'Avoid access from development or test databases'
- 12.22 Developer access to production databases - 'Disallow'
- 12.23 Developer accounts on production databases - 'Remove developer accounts'
- 12.24 Databases created from production exports - 'Change passwords'
- 12.25 Databases created from production systems - 'Remove sensitive data'
- 12.26 Account Management - 'Document and enforce account management procedures'
- 12.27 Change Control - 'Document and enforce change control procedures'
- 12.28 Disaster recovery procedures - 'Review'
- 12.29 Backdoors - 'Eliminate'
- 12.30 Public dissemination of database information - 'Disallow'
- 12.31 Screen saver - 'Set screen saver/lock with password protection of 15 minutes'
- 12.32 Distribution of tnsnames.ora files to clients - 'Include only tnsnames.ora when distributing to clients'
- 12.33 Event and System Logs - 'Monitor'
- 12.34 Access to database objects by a fixed user link - 'Disallow'
- 2.01 Installation - 'Try to ensure that no other users are connected while installing Oracle 11g'
- 2.02 Version/Patches - 'Ensure the latest version of Oracle software and patches have been applied'
- 2.03 Minimal Install - 'Ensure that only the Oracle components necessary to your environment are selected for installation'
- 4.15 Database object definition NOLOGGING clause - 'Do not leave database objects in NOLOGGING mode in production environments.'
- 6.01 Advanced queuing in asynchronous messaging - 'Empty queue at shutdown of Oracle'
- 6.02 Cache - 'Cache must be emptied at shutdown of Oracle'
- 7.01 Redo logs - 'Mirror'
- 7.02 Control files - 'Multiplex control files to multiple physical disks'
- 7.03 Control files - 'Mirror'
- 7.04 Archive logs - 'Ensure there is sufficient space for the archive logging process'
- 7.05 Redo logs - 'Multiplex redo logs to multiple physical disks'
- 7.06 Archive log files - 'Backup'
- 7.07 Backup - 'Automated backups should be verified'
Miscellaneous
- Metadata updated.
- References updated.