Detections
Analytics
DG0140-ORACLE11 - Access to DBMS security data should be audited.
Information
DBMS security data is useful to malicious users to perpetrate activities that compromise DBMS operations or data integrity. Auditing of access to this data supports forensic and accountability investigations.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Determine all locations for storage of DBMS security and configuration data. Enable auditing for access to any security data. If auditing results in an unacceptable adverse impact on application operation, reduce the amount of auditing to a reasonable and acceptable level. Document any incomplete audit with acceptance of the risk of incomplete audit in the System Security Plan.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip
Item Details
Audit Name: DISA STIG Oracle 11 Installation v9r1 Linux
References: CAT|II, Rule-ID|SV-24432r1_rule, STIG-ID|DG0140-ORACLE11, Vuln-ID|V-15643
Plugin: Unix
Control ID: dada9af4920f1a1c79650c0c7ae2e48b0a2cd79081af270cbeee5c1139b93ec2