STIGQter STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The audit table should be owned by SYS or SYSTEM.

DISA Rule

SV-24859r2_rule

Vulnerability Number

V-2515

Group Title

Oracle audit table ownership

Rule Version

DO0190-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the owner of the $AUD table to SYS or SYSTEM account.

OR

Recreate the audit table while logged in as SYS or SYSTEM.

Check Contents

From SQL*Plus:

select owner from dba_tables where table_name = 'AUD$';

If the owner account returned is not SYS or SYSTEM, this is a Finding.

If the AUD$ tables does not exist, this is a Finding.

Vulnerability Number

V-2515

Documentable

False

Rule Version

DO0190-ORACLE11

Severity Override Guidance

From SQL*Plus:

select owner from dba_tables where table_name = 'AUD$';

If the owner account returned is not SYS or SYSTEM, this is a Finding.

If the AUD$ tables does not exist, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments