STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-220285r395853_rule
V-220285
SRG-APP-000141-DB-000091
O121-C2-011600
CAT II
10
If any components are required for operation of applications that will be accessing the DBMS, include them in the system documentation.
One cannot remove components, either via Database Configuration Assistant (DBCA) or manually once the database has been created, either from a container or a non-container database.
One can, however, use DBCA to create a non-container database and remove components during the creation process, before the database is created.
When using DBCA to create a custom non-container database, select
creation mode = advanced
Database Template = Custom
Database Options..Database Component.
Components that can be selected or de-selected are:
Oracle JVM, Oracle Text, Oracle Multimedia, Oracle OLAP, Oracle Spatial, Oracle Label Security, Oracle Application Express, Oracle Database Vault
For a container database (CDB), the CDB$ROOT must have all possible database components available. This is because, when a pluggable database (PDB) is plugged into the CDB, the CDB must have the same components installed as the PDB. Since we do not know what components the PDBS may have, the CDB must be able to support all possible PDB configurations.
Components installed in the CDB$ROOT do not need to be licensed. Components are only considered to be used if they are installed in the PDB.
To configure a PDB to only use specific components, do the following:
1) Create a non-CDB 12.1 database and configure that database with the components desired.
2) Plug the non-CDB database into a CDB database, creating a new PDB. If wanted, can then create additional clones from the new PDB.
Run this query to produce a list of components and features installed with the database:
SELECT comp_id, comp_name, version, status from dba_registry
WHERE comp_id not in ('CATALOG','CATPROC','XDB')
AND status <> 'OPTION OFF';
Review the list. If unused components are installed and are not documented and authorized, this is a finding.
Starting with releases 11.1.0.7.x and above, all products are installed by default and the option to customize the product/component selection is no longer possible with the exception of those listed here:
Oracle JVM,
Oracle Text,
Oracle Multimedia,
Oracle OLAP,
Oracle Spatial,
Oracle Label Security,
Oracle Application Express,
Oracle Database Vault
V-220285
False
O121-C2-011600
Run this query to produce a list of components and features installed with the database:
SELECT comp_id, comp_name, version, status from dba_registry
WHERE comp_id not in ('CATALOG','CATPROC','XDB')
AND status <> 'OPTION OFF';
Review the list. If unused components are installed and are not documented and authorized, this is a finding.
Starting with releases 11.1.0.7.x and above, all products are installed by default and the option to customize the product/component selection is no longer possible with the exception of those listed here:
Oracle JVM,
Oracle Text,
Oracle Multimedia,
Oracle OLAP,
Oracle Spatial,
Oracle Label Security,
Oracle Application Express,
Oracle Database Vault
M
4059