O121-BP-023800 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access.


The LOG_ARCHIVE_DEST parameter is used to specify the directory to which Oracle archive logs are written. Where the DBMS availability and recovery to a specific point in time is critical, the protection of archive log files is critical. Archive log files may also contain unencrypted sensitive data. If written to an inadequately protected or invalidated directory, the archive log files may be accessed by unauthorized persons or processes.


Specify a valid and protected directory for archive log files.

Restrict access to the Oracle process and software owner accounts, DBAs, and backup operator accounts.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

See Also


Item Details


References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-219849r879887_rule, STIG-ID|O121-BP-023800, STIG-Legacy|SV-75953, STIG-Legacy|V-61463, Vuln-ID|V-219849

Plugin: OracleDB

Control ID: 8dc195645d3cc520b08a07de53cd413fd5870096b25a435408c7056da4511cd0