STIGQter STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE.

DISA Rule

SV-219702r401224_rule

Vulnerability Number

V-219702

Group Title

SRG-APP-000516-DB-000363

Rule Version

O112-BP-021900

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Document remote OS authentication in the System Security Plan.

If not required or not mitigated to an acceptable level, disable remote OS authentication.

From SQL*Plus:

alter system set remote_os_authent = FALSE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

Check Contents

From SQL*Plus:

select value from v$parameter where name = 'remote_os_authent';

If the value returned does not equal FALSE, this is a Finding.

Vulnerability Number

V-219702

Documentable

False

Rule Version

O112-BP-021900

Severity Override Guidance

From SQL*Plus:

select value from v$parameter where name = 'remote_os_authent';

If the value returned does not equal FALSE, this is a Finding.

Check Content Reference

M

Target Key

4057

Comments