DO0145-ORACLE11 - OS DBA group membership should be restricted to authorized accounts.

Information

Oracle SYSDBA privileges include privileges to administer the database outside of database controls (when the database is shut down) in addition to all privileges controlled under database operation. Assignment of membership to the OS dba group to unauthorized persons can compromise all DBMS activities.

Solution

Document user accounts that are authorized by the IAO to be assigned DBA privileges in the System Security Plan.

Remove any accounts assigned membership in the operating system DBA group that has not been authorized by the IAO.

Develop, document and implement procedures for periodic review of accounts assigned membership to the DBA group.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|III, Rule-ID|SV-24853r1_rule, STIG-ID|DO0145-ORACLE11, Vuln-ID|V-3845

Plugin: Unix

Control ID: 6c9d84f3cc0b9f15239ffc1e271ff8f56f4cd3abe0d9e120a6052c3db9677484