STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 1 Release: 16 Benchmark Date: 24 Jan 2020: All use of privileged accounts must be audited.

DISA Rule

SV-76085r2_rule

Vulnerability Number

V-61595

Group Title

SRG-APP-000063-DB-000018

Rule Version

O121-C2-004200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure DBMS auditing so that all use of privileged accounts is recorded in the audit log.

Check Contents

Review auditing configuration.

If it is possible for a privileged user/role to access non-security functions or information without having the action recorded in the audit log, this is a finding.

To obtain a list of unified auditing policies that have been defined, run the query:
SELECT unique policy_name from AUDIT_UNIFIED_POLICIES;

To obtain a list of unified auditing policies that have been enabled and the users for which it has been enabled, run the query:
SELECT unique policy_name, user_name from AUDIT_UNIFIED_ENABLED_POLICIES;

Unless otherwise required, verify that user_name is set to 'ALL USERS' to insure that the activity of administrative users is being logged.

Vulnerability Number

V-61595

Documentable

False

Rule Version

O121-C2-004200

Severity Override Guidance

Review auditing configuration.

If it is possible for a privileged user/role to access non-security functions or information without having the action recorded in the audit log, this is a finding.

To obtain a list of unified auditing policies that have been defined, run the query:
SELECT unique policy_name from AUDIT_UNIFIED_POLICIES;

To obtain a list of unified auditing policies that have been enabled and the users for which it has been enabled, run the query:
SELECT unique policy_name, user_name from AUDIT_UNIFIED_ENABLED_POLICIES;

Unless otherwise required, verify that user_name is set to 'ALL USERS' to insure that the activity of administrative users is being logged.

Check Content Reference

M

Target Key

2679

Comments