STIGQter STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS software installation account should be restricted to authorized users.

DISA Rule

SV-24374r2_rule

Vulnerability Number

V-2422

Group Title

DBMS software owner account access

Rule Version

DG0040-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Develop, document and implement procedures to restrict use of the Oracle DBMS software installation account.

Unix environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use, except in cases where this would interfere with required functionality. In such cases, prevent direct logon as the Oracle DBMS software installation account by locking its password; authorize the appropriate administrative users to operate as the Oracle DBMS software installation account via the "su" or "sudo" command.

Other environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use.

Check Contents

Review documented and implemented procedures for controlling and granting access to the Oracle DBMS software installation account.

If access or use of this account is not restricted to the minimum number of personnel required, or unauthorized access to the account has been granted, this is a Finding.

On UNIX systems:
If the account is not disabled when not in use, and not configured to prevent direct logon, this is a Finding.

On Windows systems:
The Oracle DBMS software is usually installed using an account with administrator privileges. Ownership is assigned to the account used to install the DBMS software.

The creation of a dedicated Oracle OS account and change of ownership of all files in the %ORACLE_HOME% and %ORACLE_BASE% directories and subdirectories should be performed prior to placing the DBMS system into production. See checks DG0019, DO0120 and DG0102 for details on establishing a dedicated OS account for Oracle services on Windows platforms.

Vulnerability Number

V-2422

Documentable

True

Rule Version

DG0040-ORACLE11

Severity Override Guidance

Review documented and implemented procedures for controlling and granting access to the Oracle DBMS software installation account.

If access or use of this account is not restricted to the minimum number of personnel required, or unauthorized access to the account has been granted, this is a Finding.

On UNIX systems:
If the account is not disabled when not in use, and not configured to prevent direct logon, this is a Finding.

On Windows systems:
The Oracle DBMS software is usually installed using an account with administrator privileges. Ownership is assigned to the account used to install the DBMS software.

The creation of a dedicated Oracle OS account and change of ownership of all files in the %ORACLE_HOME% and %ORACLE_BASE% directories and subdirectories should be performed prior to placing the DBMS system into production. See checks DG0019, DO0120 and DG0102 for details on establishing a dedicated OS account for Oracle services on Windows platforms.

Check Content Reference

I

Responsibility

Information Assurance Officer

Target Key

1368

Comments