STIGQter STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 1 Release: 17 Benchmark Date: 24 Jan 2020: The DBMS must have allocated audit record storage capacity.

DISA Rule

SV-66665r1_rule

Vulnerability Number

V-52449

Group Title

SRG-APP-000072-DB-000046

Rule Version

O112-C2-005700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure that the audit logging tables are in their own tablespaces, and that the tablespaces have enough room for the volume of log data that will be produced.

Check Contents

Review the DBMS settings to determine whether audit logging is configured to produce logs consistent with the amount of space allocated for logging. If auditing will generate excessive logs so that they may outgrow the space reserved for logging, this is a finding.

Oracle Auditing does not write to a log file. The audit logs are written to a table called AUD$, and if a Virtual Private Database is deployed, we also create a table called FGA_LOG$. First check the current location of the audit trail tables.

CONN / AS SYSDBA

SELECT table_name, tablespace_name
FROM dba_tables
WHERE table_name IN ('AUD$', 'FGA_LOG$')
ORDER BY table_name;

TABLE_NAME TABLESPACE_NAME
------------------------------ ------------------------------
AUD$ SYSTEM
FGA_LOG$ SYSTEM

If the tablespace name is SYSTEM, the table needs to be relocated to its own tablespace.

Vulnerability Number

V-52449

Documentable

False

Rule Version

O112-C2-005700

Severity Override Guidance

Review the DBMS settings to determine whether audit logging is configured to produce logs consistent with the amount of space allocated for logging. If auditing will generate excessive logs so that they may outgrow the space reserved for logging, this is a finding.

Oracle Auditing does not write to a log file. The audit logs are written to a table called AUD$, and if a Virtual Private Database is deployed, we also create a table called FGA_LOG$. First check the current location of the audit trail tables.

CONN / AS SYSDBA

SELECT table_name, tablespace_name
FROM dba_tables
WHERE table_name IN ('AUD$', 'FGA_LOG$')
ORDER BY table_name;

TABLE_NAME TABLESPACE_NAME
------------------------------ ------------------------------
AUD$ SYSTEM
FGA_LOG$ SYSTEM

If the tablespace name is SYSTEM, the table needs to be relocated to its own tablespace.

Check Content Reference

M

Target Key

2669

Comments