STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

DBMS system data files should be stored in dedicated disk directories.

DISA Rule

SV-24419r1_rule

Vulnerability Number

V-15623

Group Title

DBMS system data file protection

Rule Version

DG0112-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Create a dedicated directory or dedicated subdirectories to store database instance files.

Reconfigure the Oracle instance to point to the files in the new locations.

Where feasible, locate database instance files on a dedicated disk partition and/or RAID device to provide additional protection.

Check Contents

From SQL*Plus:
select file_name from dba_data_files
where tablespace_name='SYSTEM';

NOTE: Data files for a given database instance may include data files (*.dbf), REDO log files (redo*.log) and CONTROL files (*.ctl).

Review the files in the directory shown above.

Allowable files are instance database files (*.dbf), REDO log files (redo*.log) and CONTROL files (*.ctl).

If any files other than these exist in the directory, this is a Finding.

A good best practice (not consistently endorsed by the Oracle community) is on database creation, using separate subdirectories for data, redo and control files [under the instance name directory] instead of using a single directory to contain all Oracle data, redo and control instance files.

DBMS system data files should be stored in dedicated disk directories.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments