STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Default demonstration and sample database objects and applications should be removed.

DISA Rule

SV-24604r2_rule

Vulnerability Number

V-15609

Group Title

DBMS demonstration and sample databases

Rule Version

DG0014-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

For the sample applications and schemas with the Oracle database installation, use the provided SQL scripts (if present) to remove the application objects and drop the demo users and schemas:

From SQL*Plus:
-- Human Resources application:
@?/demo/schema/human_resources.hr_drop.sql
-- Order Entry application:
@?/demo/schema/order_entry/oe_drop.sql and oc_drop.sql
-- Product Media application:
@?/demo/schema/product_media/pm_drop.sql
-- Information Exchange application:
@?/demo/schema/information_exchange/ix_drop.sql
-- Sales History application:
@?/demo/schema/sales_history/sh_drop.sql

For other demo applications, deinstall using the SQL command:
drop user [demo username] cascade;

Check Contents

From SQL*Plus:
select username from dba_users where username in
('ALLUSERS', 'AOLDEMO', 'AQDEMO', 'AQJAVA', 'AQUSER',
'AUC_GUEST', 'BI', 'CTXDEMO', 'DEMO8', 'DEV2000_DEMOS',
'HR', 'IX', 'OE', 'ORABAMSAMPLES', 'PM', 'PORTAL_DEMO',
'PORTAL30_DEMO', 'QS', 'SCOTT', 'SECDEMO', 'SH',
'WK_TEST')
or username like 'QS_%';

If any usernames are listed and are not documented in the System Security Plan and authorized by the IAO, this is a Finding.

See MetaLink note 160861.1 for a list of Oracle database users and usages.

Default demonstration and sample database objects and applications should be removed.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments