STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files.

DISA Rule

SV-219861r401224_rule

Vulnerability Number

V-219861

Group Title

SRG-APP-000516-DB-000363

Rule Version

O121-BP-025100

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Specify dedicated host system disk directories to store database data, transaction and audit files.
Example directory structure:
/*/app/oracle/oradata/db_name
/*/app/oracle/admin/db_name/arch/*
/*/app/oracle/oradata/db_name/audit
/*/app/oracle/fast_recovery_area/db_name/

See Oracle Optimal Flexible Architecture:
https://docs.oracle.com/database/121/LADBI/appendix_ofa.htm#LADBI7921

When multiple applications are accessing a single database, configure DBMS default file storage according to application to use dedicated disk directories.

/*/app/oracle/oradata/db_name/app_name

See Oracle Optimal Flexible Architecture:
https://docs.oracle.com/database/121/LADBI/appendix_ofa.htm#LADBI7921

Check Contents

Review the disk/directory specification where database data, transaction log and audit files are stored.

If DBMS data, transaction log or audit data files are stored in the same directory, this is a finding.

If multiple applications are accessing the database and the database data files are stored in the same directory, this is a finding.

If multiple applications are accessing the database and database data is separated into separate physical directories according to application, this check is not a finding.

Vulnerability Number

V-219861

Documentable

False

Rule Version

O121-BP-025100

Severity Override Guidance

Review the disk/directory specification where database data, transaction log and audit files are stored.

If DBMS data, transaction log or audit data files are stored in the same directory, this is a finding.

If multiple applications are accessing the database and the database data files are stored in the same directory, this is a finding.

If multiple applications are accessing the database and database data is separated into separate physical directories according to application, this check is not a finding.

Check Content Reference

M

Target Key

4059

Comments