2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE'

Information

The _trace_files_public setting determines whether or not the system's trace file is world readable. This setting should have a value of FALSE to restrict trace file access.

Rationale:

Making the file world readable means anyone can read the instance's trace file, which could contain sensitive information about instance operations.

Please note that the assessment SQL relies on X_$ views which should be created per Appendix 7.

Solution

To remediate this setting, execute the following SQL statement.

ALTER SYSTEM SET '_trace_files_public' = FALSE SCOPE = SPFILE;

See Also

https://workbench.cisecurity.org/benchmarks/13413