STIGQter STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0.

DISA Rule

SV-24890r1_rule

Vulnerability Number

V-3862

Group Title

Oracle connection timeout parameter

Rule Version

DO0286-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Using a text editor or administrative tool, modify the listener.ora file to include a limit for connection request timeouts for the listener.

Example entry (value unit is in seconds):

INBOUND_CONNECT_TIMEOUT_LISTENER = 2

Modify the sqlnet.ora file to include a limit for connection request timeouts for the listener.

Example entry (value unit is in seconds):

SQLNET.INBOUND_CONNECT_TIMEOUT = 3

Review the Oracle Net Services Administrator's Guide for information about configuring these parameters.

Check Contents

Review the listener.ora file and the sqlnet.ora file.

If the INBOUND_CONNECT_TIMEOUT_[listener-name] parameter does not exist for each listener found in the listener.ora and contain a value greater than 0, this is a Finding.

If the SQLNET.INBOUND_CONNECT_TIMEOUT parameter does not exist in the sqlnet.ora and contain a value greater than 0, this is a Finding.

NOTE: although the default value may provide adequate protection, assuming the default could lead to unanticipated changes in future product updates. Specify a value to manage the setting.

Vulnerability Number

V-3862

Documentable

False

Rule Version

DO0286-ORACLE11

Severity Override Guidance

Review the listener.ora file and the sqlnet.ora file.

If the INBOUND_CONNECT_TIMEOUT_[listener-name] parameter does not exist for each listener found in the listener.ora and contain a value greater than 0, this is a Finding.

If the SQLNET.INBOUND_CONNECT_TIMEOUT parameter does not exist in the sqlnet.ora and contain a value greater than 0, this is a Finding.

NOTE: although the default value may provide adequate protection, assuming the default could lead to unanticipated changes in future product updates. Specify a value to manage the setting.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments