STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The Oracle SQLNET.EXPIRE_TIME parameter should be set to a value greater than 0.

DISA Rule

SV-24893r1_rule

Vulnerability Number

V-3863

Group Title

Oracle SQLNET.EXPIRE_TIME parameter

Rule Version

DO0287-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Using a text editor or administrative tool, modify the SQLNET.ORA file on the database host server to include a limit for connection request timeouts for the listener.

Example entry (value unit is in minutes):

SQLNET.EXPIRE_TIME = 3

NOTE: Use the lowest number possible that does not generate so much network traffic that performance becomes unacceptable. The lower the number, the less likely an exhaustion of resources will occur. Set the value to the lowest number greater than 0 that is supported by the target system environment.

Check Contents

View the SQLNET.ORA file to verify if a SQLNET.EXPIRE_TIME has been set to the value greater than 0.

If the parameter does not exist or is set to 0, this is a Finding.

Vulnerability Number

V-3863

Documentable

False

Rule Version

DO0287-ORACLE11

Severity Override Guidance

View the SQLNET.ORA file to verify if a SQLNET.EXPIRE_TIME has been set to the value greater than 0.

If the parameter does not exist or is set to 0, this is a Finding.

The Oracle SQLNET.EXPIRE_TIME parameter should be set to a value greater than 0.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments