STIGQter STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: The Oracle REMOTE_LOGIN_PASSWORDFILE parameter should be set to EXCLUSIVE or NONE.

DISA Rule

SV-24922r2_rule

Vulnerability Number

V-2558

Group Title

Oracle REMOTE_LOGIN_PASSWORDFILE parameter

Rule Version

DO3546-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Disable use of the remote_login_passwordfile where remote administration is not authorized by specifying a value of NONE.

If authorized, restrict use of a password file to exclusive use by each database by specifying a value of EXCLUSIVE.

From SQL*Plus:

alter system set remote_login_passwordfile = 'EXCLUSIVE' scope = spfile;

OR

alter system set remote_login_passwordfile = 'NONE' scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

Check Contents

From SQL*Plus:

select value from v$parameter where name = 'remote_login_passwordfile';

If the value returned does not equal 'EXCLUSIVE' or 'NONE', this is a Finding.

Vulnerability Number

V-2558

Documentable

False

Rule Version

DO3546-ORACLE11

Severity Override Guidance

From SQL*Plus:

select value from v$parameter where name = 'remote_login_passwordfile';

If the value returned does not equal 'EXCLUSIVE' or 'NONE', this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments