STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 1 Release: 16 Benchmark Date: 24 Jan 2020: The DBMS must have allocated audit record storage capacity.

DISA Rule

SV-76105r1_rule

Vulnerability Number

V-61615

Group Title

SRG-APP-000072-DB-000046

Rule Version

O121-C2-005700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Allocate sufficient disk space for file-based audit.

Ensure that audit tables are in their own tablespaces and that the tablespaces have enough room for the volume of log data that will be produced.

Check Contents

Review the DBMS settings to determine whether audit logging is configured to produce logs consistent with the amount of space allocated for logging. If auditing will generate excessive logs so that they may outgrow the space reserved for logging, this is a finding.

If file-based auditing is in use, check that sufficient space is available to support the file(s). If not, this is a finding

If standard, table-based auditing is used: The audit logs are written to a table called AUD$, and if a Virtual Private Database is deployed, we also create a table called FGA_LOG$. First check the current location of the audit trail tables.

CONN / AS SYSDBA

SELECT table_name, tablespace_name
FROM dba_tables
WHERE table_name IN ('AUD$', 'FGA_LOG$')
ORDER BY table_name;

TABLE_NAME TABLESPACE_NAME
------------------------------ ------------------------------
AUD$ SYSTEM
FGA_LOG$ SYSTEM

If the tablespace name is SYSTEM, the table needs to be relocated to its own tablespace. Ensure that adequate space is allocated to that tablespace.

If Unified Auditing is used:
Audit logs are written to tables in the AUDSYS schema. The default tablespace for AUDSYS is USERS. A separate tablespace should be created to contain audit data. Ensure that adequate space is allocated to that tablespace.

Vulnerability Number

V-61615

Documentable

False

Rule Version

O121-C2-005700

Severity Override Guidance

Review the DBMS settings to determine whether audit logging is configured to produce logs consistent with the amount of space allocated for logging. If auditing will generate excessive logs so that they may outgrow the space reserved for logging, this is a finding.

If file-based auditing is in use, check that sufficient space is available to support the file(s). If not, this is a finding

If standard, table-based auditing is used: The audit logs are written to a table called AUD$, and if a Virtual Private Database is deployed, we also create a table called FGA_LOG$. First check the current location of the audit trail tables.

CONN / AS SYSDBA

SELECT table_name, tablespace_name
FROM dba_tables
WHERE table_name IN ('AUD$', 'FGA_LOG$')
ORDER BY table_name;

TABLE_NAME TABLESPACE_NAME
------------------------------ ------------------------------
AUD$ SYSTEM
FGA_LOG$ SYSTEM

If the tablespace name is SYSTEM, the table needs to be relocated to its own tablespace. Ensure that adequate space is allocated to that tablespace.

If Unified Auditing is used:
Audit logs are written to tables in the AUDSYS schema. The default tablespace for AUDSYS is USERS. A separate tablespace should be created to contain audit data. Ensure that adequate space is allocated to that tablespace.

Check Content Reference

M

Target Key

2679

Comments