Detections
Analytics
DG0074-ORACLE11 - Unapproved inactive or expired database accounts should not be found on the database.
Information
Unused or expired DBMS accounts provide a means for undetected, unauthorized access to the database.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Develop, document and implement procedures to monitor database accounts for inactivity and account expiration.Investigate and re-authorize or delete [if appropriate] any accounts that are expired or have been inactive for more than 30 days.
Where appropriate, protect authorized expired or inactive accounts by disabling them or applying some other similar protection.
NOTE: Password and account requirements have changed for DoD since this STIG requirement was published.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip
Item Details
Audit Name: DISA STIG Oracle 11 Instance v9r1 Database
References: CAT|II, Rule-ID|SV-24652r1_rule, STIG-ID|DG0074-ORACLE11, Vuln-ID|V-15130
Plugin: OracleDB
Control ID: b7242e1dff9437291729806bb4e02a3218d00904b8296c64cee01465100498a5