STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS must protect audit information from any type of unauthorized access.

DISA Rule

SV-219761r395820_rule

Vulnerability Number

V-219761

Group Title

SRG-APP-000118-DB-000059

Rule Version

O112-C2-009300

Severity

CAT II

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.

Weight

10

Fix Recommendation

Add controls and modify permissions to protect database audit log data from unauthorized access, whether stored in the database itself or at the OS level.

Revoke access to the AUD$ table to anyone who should not have access to it.

Check Contents

Review locations of audit logs, both internal to the database and database audit logs located at the operating system-level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized access. If appropriate controls and permissions do not exist, this is a finding.

- - - - -

DBA_TAB_PRIVS describes all object grants in the database. Check to see who has permissions on the AUD$ table.

Related View

DBA_TAB_PRIVS describes the object grants for which the current user is the object owner, grantor, or grantee.
Column Datatype NULL Description
GRANTEE VARCHAR2(30) NOT NULL Name of the user to whom access was granted
OWNER VARCHAR2(30) NOT NULL Owner of the object
TABLE_NAME VARCHAR2(30) NOT NULL Name of the object
GRANTOR VARCHAR2(30) NOT NULL Name of the user who performed the grant
PRIVILEGE VARCHAR2(40) NOT NULL Privilege on the object
GRANTABLE VARCHAR2(3) Indicates whether the privilege was granted with the GRANT OPTION (YES) or not (NO)
HIERARCHY VARCHAR2(3) Indicates whether the privilege was granted with the HIERARCHY OPTION (YES) or not (NO)

sqlplus connect as sysdba;
SQL> SELECT * FROM DBA_TAB_PRIVS where table_name = 'AUD$';
SQL> SELECT * FROM DBA_COL_PRIVS where table_name = 'AUD$';

Vulnerability Number

V-219761

Documentable

False

Rule Version

O112-C2-009300

Severity Override Guidance

Review locations of audit logs, both internal to the database and database audit logs located at the operating system-level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized access. If appropriate controls and permissions do not exist, this is a finding.

- - - - -

DBA_TAB_PRIVS describes all object grants in the database. Check to see who has permissions on the AUD$ table.

Related View

DBA_TAB_PRIVS describes the object grants for which the current user is the object owner, grantor, or grantee.
Column Datatype NULL Description
GRANTEE VARCHAR2(30) NOT NULL Name of the user to whom access was granted
OWNER VARCHAR2(30) NOT NULL Owner of the object
TABLE_NAME VARCHAR2(30) NOT NULL Name of the object
GRANTOR VARCHAR2(30) NOT NULL Name of the user who performed the grant
PRIVILEGE VARCHAR2(40) NOT NULL Privilege on the object
GRANTABLE VARCHAR2(3) Indicates whether the privilege was granted with the GRANT OPTION (YES) or not (NO)
HIERARCHY VARCHAR2(3) Indicates whether the privilege was granted with the HIERARCHY OPTION (YES) or not (NO)

sqlplus connect as sysdba;
SQL> SELECT * FROM DBA_TAB_PRIVS where table_name = 'AUD$';
SQL> SELECT * FROM DBA_COL_PRIVS where table_name = 'AUD$';

Check Content Reference

M

Target Key

4057

Comments