2.3.2 Ensure 'SHADOW_CORE_DUMP' Is Not Set To 'Full'

Information

The setting SHADOW_CORE_DUMP determines whether SGA is included in the core dump for foreground(client) processes.

The non-default value of full presents a security concern due to the potential for inclusion of sensitive data in the dump file, even when TDE-tablespace is in use.

Solution

To remediate this recommendation, execute the following SQL statement.

ALTER SYSTEM SET SHADOW_CORE_DUMP='partial' SCOPE=BOTH;

Or

ALTER SYSTEM SET SHADOW_CORE_DUMP='none' SCOPE=BOTH;

See Also

https://workbench.cisecurity.org/benchmarks/16474

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-6, CSCv7|13.2

Plugin: OracleDB

Control ID: 2f0fb198e0e35d01fa86c8b979e1f42786f2d8044f8277dd30cd20e23f864ea2