STIGQter STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: The Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter should be set to an ISSO-approved value between 1 and 3.

DISA Rule

SV-55939r2_rule

Vulnerability Number

V-16035

Group Title

Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter

Rule Version

DO6749-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Limit the number of failed login attempts for the database.

From SQL*Plus:

alter system set sec_max_failed_login_attempts = 3 scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

Check Contents

From SQL*Plus:

select value from v$parameter where name = 'sec_max_failed_login_attempts';

If the value returned is equal to 0 or greater than 3, this is a Finding.

Vulnerability Number

V-16035

Documentable

False

Rule Version

DO6749-ORACLE11

Severity Override Guidance

From SQL*Plus:

select value from v$parameter where name = 'sec_max_failed_login_attempts';

If the value returned is equal to 0 or greater than 3, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments