STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-219824r533013_rule
V-219824
SRG-APP-000516-DB-000363
O121-BP-021200
CAT II
10
Change the password for default and custom replication accounts and provide the password to ISSO-authorized users only.
From SQL*Plus:
select 'The number of replication objects defined is: '||
count(*) from all_tables
where table_name like 'REPCAT%';
If the count returned is 0, then Oracle Replication is not installed and this check is not a finding.
Otherwise:
From SQL*Plus:
select count(*) from sys.dba_repcatlog;
If the count returned is 0, then Oracle Replication is not in use and this check is not a finding.
If any results are returned, ask the ISSO or DBA if the replication account (the default is REPADMIN, but may be customized) is restricted to ISSO-authorized personnel only.
If it is not, this is a finding.
If there are multiple replication accounts, confirm that all are justified and documented with the ISSO.
If they are not, this is a finding.
Note: Oracle Database Advanced Replication is deprecated in Oracle Database 12c. Use Oracle GoldenGate to replace all features of Advanced Replication, including multimaster replication, updatable materialized views, hierarchical materialized views, and deployment templates.
V-219824
False
O121-BP-021200
From SQL*Plus:
select 'The number of replication objects defined is: '||
count(*) from all_tables
where table_name like 'REPCAT%';
If the count returned is 0, then Oracle Replication is not installed and this check is not a finding.
Otherwise:
From SQL*Plus:
select count(*) from sys.dba_repcatlog;
If the count returned is 0, then Oracle Replication is not in use and this check is not a finding.
If any results are returned, ask the ISSO or DBA if the replication account (the default is REPADMIN, but may be customized) is restricted to ISSO-authorized personnel only.
If it is not, this is a finding.
If there are multiple replication accounts, confirm that all are justified and documented with the ISSO.
If they are not, this is a finding.
Note: Oracle Database Advanced Replication is deprecated in Oracle Database 12c. Use Oracle GoldenGate to replace all features of Advanced Replication, including multimaster replication, updatable materialized views, hierarchical materialized views, and deployment templates.
M
4059