STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

OS accounts utilized to run external procedures called by the DBMS must have limited privileges.

DISA Rule

SV-237712r667168_rule

Vulnerability Number

V-237712

Group Title

SRG-APP-000141-DB-000093

Rule Version

O121-C2-004400

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

Limit privileges to DBMS-related OS accounts to those required to perform their DBMS specific functionality.

Check Contents

Determine which OS accounts are used by the DBMS to run external procedures.

Validate that these OS accounts have only the privileges necessary to perform the required functionality.

If any OS accounts, utilized by the database for running external procedures, have privileges beyond those required for running the external procedures, this is a finding.

If use of the external procedure agent is authorized, ensure extproc is restricted to execution of authorized applications.

External jobs are run using the account nobody by default.

Review the contents of the file ORACLE_HOME/rdbms/admin/externaljob.ora for the lines run_user= and run_group=.

If the user assigned to these parameters is not "nobody", this is a finding.

System views providing privilege information are:
DBA_SYS_PRIVS
DBA_TAB_PRIVS
DBA_ROLE_PRIVS

OS accounts utilized to run external procedures called by the DBMS must have limited privileges.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments