| Date of Data Collection | Date of Report | Reporter Version |
|---|---|---|
| Thu Apr 01 2017 09:57:00 | Thu Apr 01 2017 10:07:29 | 1.0.2 (October 2016) - 7409 |
| Name | Platform | Database Role | Log Mode | Created |
|---|---|---|---|---|
| SAMPLE | Linux x86 64-bit | PRIMARY | ARCHIVELOG | Mon Mar 25 2013 17:24:00 |
| Section | Pass | Evaluate | Opportunity | Some Risk | Significant Risk | Severe Risk | Total Findings |
|---|---|---|---|---|---|---|---|
| Basic Information | 0 | 0 | 0 | 0 | 0 | 1 | 1 |
| User Accounts | 3 | 0 | 0 | 2 | 3 | 2 | 10 |
| Privileges and Roles | 5 | 13 | 0 | 0 | 0 | 0 | 18 |
| Authorization Control | 0 | 0 | 1 | 0 | 0 | 0 | 1 |
| Data Encryption | 0 | 1 | 1 | 0 | 0 | 0 | 2 |
| Fine-Grained Access Control | 0 | 0 | 2 | 0 | 0 | 0 | 2 |
| Auditing | 3 | 3 | 2 | 0 | 3 | 0 | 11 |
| Database Configuration | 3 | 4 | 0 | 2 | 2 | 1 | 12 |
| Network Configuration | 1 | 0 | 0 | 1 | 3 | 0 | 5 |
| Operating System | 2 | 1 | 0 | 1 | 1 | 0 | 5 |
| Total | 17 | 22 | 6 | 6 | 12 | 4 | 67 |
| Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production |
| Security options used: (none) |
| Feature | Currently Used |
|---|---|
| AUTHORIZATION CONTROL | |
| Database Vault | No |
| DATA ENCRYPTION | |
| Column Encryption | No |
| Tablespace Encryption | No |
| Network Encryption | No |
| FINE-GRAINED ACCESS CONTROL | |
| Virtual Private Database | No |
| Label Security | No |
| AUDITING | |
| Traditional Audit | Yes |
| Fine Grained Audit | No |
| USER AUTHENTICATION | |
| External Authentication | No |
| Global Authentication | No |
| INFO.PATCH | |||
| Status | Severe Risk | ||
| Summary | Latest Oracle Database PSU not found. | ||
| Details | Patch Inventory: (none) Patch History: Action time: Mon Mar 25 2013 17:48:00 Action: APPLY Namespace: SERVER Version: 11.2.0.3 Bundle series: PSU Comments: Patchset 11.2.0.2.0 | ||
| Remarks | It is vital to keep the database software up-to-date with security fixes as they are released. Oracle issues Patch Set Updates (PSU) on a regular quarterly schedule. These updates should be applied as soon as they are available. For releases prior to Oracle Database 12c, quarterly updates may be delivered by patches not marked as PSUs. | ||
Note: Predefined Oracle accounts which are locked are not included in this report. To include all user accounts, run the report with the -a option.
| User Name | Status | Profile | Tablespace | Predefined | Type |
|---|---|---|---|---|---|
| APEX_030200 | EXPIRED & LOCKED | DEFAULT | SYSAUX | No | PASSWORD |
| CHKMON | OPEN | DEFAULT | SYSTEM | No | PASSWORD |
| DBMON_APDYN | OPEN | DEFAULT | USERS | No | PASSWORD |
| BCK_DBA | OPEN | DEFAULT | USERS | No | PASSWORD |
| META_N | OPEN | DEFAULT | SYSTEM | No | PASSWORD |
| PERFSTAT | OPEN | DEFAULT | USERS | Yes | PASSWORD |
| SAR | OPEN | DEFAULT | SAR_TBL | No | PASSWORD |
| SAR_ANAGRAF | OPEN | DEFAULT | SAR_ANAGRAF_TBL | No | PASSWORD |
| SAR_ANAGRAF_RW | OPEN | DEFAULT | SAR_ANAGRAF_RW_TBL | No | PASSWORD |
| SAR_CIL_ASL | OPEN | DEFAULT | SAR_CIL_ASL_TBL | No | PASSWORD |
| SAR_CIL_ASL_RW | OPEN | DEFAULT | SAR_CIL_ASL_RW_TBL | No | PASSWORD |
| SAR_CONSOLE | OPEN | DEFAULT | SAR_CONSOLE_TBL | No | PASSWORD |
| SAR_CONSOLE_CIL_ASL | OPEN | DEFAULT | SAR_CONSOLE_CIL_ASL_TBL | No | PASSWORD |
| SAR_CUP | OPEN | DEFAULT | SAR_CUP_TBL | No | PASSWORD |
| SAR_G2CLIN | OPEN | DEFAULT | SAR_G2CLIN_TBL | No | PASSWORD |
| SAR_INDICE | OPEN | DEFAULT | SAR_INDICE_TBL | No | PASSWORD |
| SAR_INDICE_RW | OPEN | DEFAULT | SAR_INDICE_RW_TBL | No | PASSWORD |
| SAR_PUB | OPEN | DEFAULT | SAR_PUB_TBL | No | PASSWORD |
| SAR_PUB_RW | OPEN | DEFAULT | SAR_PUB_RW_TBL | No | PASSWORD |
| SAR_RW | OPEN | DEFAULT | SAR_RW_TBL | No | PASSWORD |
| SAR_STORIC | OPEN | DEFAULT | SAR_STORIC_TBL | No | PASSWORD |
| SAR_STORIC_RW | OPEN | DEFAULT | SAR_STORIC_RW_TBL | No | PASSWORD |
| SYS | OPEN | DEFAULT | SYSTEM | Yes | PASSWORD |
| SYSTEM | OPEN | DEFAULT | SYSTEM | Yes | PASSWORD |
| USER.TBLSPACE | |||
| Status | Significant Risk | ||
| Summary | Found 3 users using SYSTEM or SYSAUX tablespace. | ||
| Details | Tablespace SYSTEM: CHKMON, META_N Tablespace SYSAUX: APEX_030200 | ||
| Remarks | The SYSTEM and SYSAUX tablespaces are reserved for Oracle-supplied user accounts. To avoid a possible denial of service caused by exhausting these resources, regular user accounts should not use these tablespaces. Prior to Oracle Database 12.2, the SYSTEM tablespace cannot be encrypted, and this is another reason to avoid user schemas in this tablespace. | ||
| USER.SAMPLE | |||
| Status | Pass | ||
| Summary | No sample schemas found. | ||
| Remarks | Sample schemas are well-known accounts provided by Oracle to serve as simple examples for developers. They generally serve no purpose in a production database and should be removed because they unnecessarily increase the attack surface of the database. | ||
| USER.CASE | |||
| Status | Severe Risk | ||
| Summary | Case-sensitive passwords are not used. | ||
| Details | Initialization parameter SEC_CASE_SENSITIVE_LOGON is set to FALSE. | ||
| Remarks | Case-sensitive passwords are recommended because including both upper and lower-case letters greatly increases the set of possible passwords that must be searched by an attacker who is attempting to guess a password by exhaustive search. Setting SEC_CASE_SENSITIVE_LOGON to TRUE ensures that the database distinguishes between upper and lower-case letters in passwords. | ||
| USER.EXPIRED | |||
| Status | Pass | ||
| Summary | No unlocked users with password expired for more than 30 days found. | ||
| Remarks | Password expiration is used to ensure that users change their passwords on a regular basis. If a user's password has been expired for more than 30 days, it indicates that the user has not logged in for at least that long. Accounts that have been unused for an extended period of time should be investigated to determine whether they should remain active. | ||
| USER.DEFPWD | |||
| Status | Severe Risk | ||
| Summary | Found 1 unlocked user account with default password. | ||
| Details | Users with default password: PERFSTAT | ||
| Remarks | Default account passwords for predefined Oracle accounts are well known. Open accounts with default passwords provide a trivial means of entry for attackers, but well-known passwords should be changed for locked accounts as well. | ||
| USER.AUTHVERS | |||
| Status | Some Risk | ||
| Summary | Minimum client version is not configured correctly. | ||
| Details |
SQLNET.ALLOWED_LOGON_VERSION is not set (default value = 8). Recommended
value is 12.
| ||
| Remarks | Over time, Oracle releases have added support for increasingly secure versions of the algorithm used for password authentication of user accounts. In order to remain compatible with older client software, the database continues to support previous password versions as well. The sqlnet.ora parameter ALLOWED_LOGON_VERSION determines the minimum password version that the database will accept. For maximum security, this parameter should be set to the highest value supported by the database once all client systems have been upgraded. | ||
| USER.VERIFIER | |||
| Status | Significant Risk | ||
| Summary | Found 1 user account requiring updated password verifiers. No user accounts have HTTP verifiers. | ||
| Details | Database supports password versions up to 11G. Users requiring updated password verifiers: DBMON_APDYN(10G ) Users with HTTP verifiers: (none) | ||
| Remarks | For each user account, the database may store multiple verifiers, which are hashes of the user password. Each verifier supports a different version of the password authentication algorithm. Every user account should include a verifier for the latest password version supported by the database so that the user can be authenticated using the latest algorithm supported by the client. When all clients have been updated, the security of user accounts can be improved by removing the obsolete verifiers. HTTP password verifiers are used for XML Database authentication. Use the ALTER USER command to remove these verifiers from user accounts that do not require this access. | ||
| Profile Name | Resource | Value |
|---|---|---|
| DEFAULT | (Number of Users) | 29 |
| DEFAULT | CONNECT_TIME | UNLIMITED |
| DEFAULT | FAILED_LOGIN_ATTEMPTS | 10 |
| DEFAULT | IDLE_TIME | UNLIMITED |
| DEFAULT | PASSWORD_GRACE_TIME | UNLIMITED |
| DEFAULT | PASSWORD_LIFE_TIME | UNLIMITED |
| DEFAULT | PASSWORD_LOCK_TIME | UNLIMITED |
| DEFAULT | PASSWORD_REUSE_MAX | UNLIMITED |
| DEFAULT | PASSWORD_REUSE_TIME | UNLIMITED |
| DEFAULT | PASSWORD_VERIFY_FUNCTION | NULL |
| USER.NOEXPIRE | |||
| Status | Some Risk | ||
| Summary | Found 29 users with passwords that never expire. | ||
| Details |
Profiles with unlimited password lifetime: DEFAULT
Profiles with limited password lifetime: (none)
Users using profiles with unlimited password lifetime: APEX_030200, CHKMON,
DBMON_APDYN, BCKDP, BCK_DBA, FWL, META_N, PERFSTAT, SAR,
SAR_ANAGRAFI, SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW,
SAR_CONSOLE, SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW,
SAR_CONSOLE_RW, SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW,
SAR_PUB, SAR_PUB_RW, SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYS, SYSTEM
| ||
| Remarks | Password expiration is used to ensure that users change their passwords on a regular basis. Passwords that never expire may remain unchanged for an extended period of time. When passwords do not have to be changed regularly, users are also more likely to use the same passwords for multiple accounts. | ||
| USER.NOLOCK | |||
| Status | Pass | ||
| Summary | No users have unlimited failed login attempts. | ||
| Remarks | Attackers sometimes attempt to guess a user's password by simply trying all possibilities from a set of common passwords. To defend against this attack, it is advisable to lock a user account when there are multiple failed login attempts without a successful login. | ||
| USER.PASSWD | |||
| Status | Significant Risk | ||
| Summary | Found 29 users not using password verification function. | ||
| Details |
Profiles with password verification function: (none)
Profiles without password verification function: DEFAULT
Users using profiles without password verification function: APEX_030200,
CHKMON, DBMON_APDYN, BCKDP, BCK_DBA, FWL, META_N, PERFSTAT, SAR,
SAR_ANAGRAFI, SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW,
SAR_CONSOLE, SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW,
SAR_CONSOLE_RW, SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW,
SAR_PUB, SAR_PUB_RW, SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYS, SYSTEM
| ||
| Remarks | Password verification functions are used to ensure that user passwords meet minimum requirements for complexity, which may include factors such as length, use of numbers or punctuation characters, difference from previous passwords, etc. Oracle supplies several predefined functions, or a custom PL/SQL function can be used. Every user profile should include a password verification function. | ||
| PRIV.SYSTEM | |||
| Status | Evaluate | ||
| Summary | 752 grants of system privileges | ||
| Details |
Users directly or indirectly granted each system privilege:
ADMINISTER ANY SQL TUNING SET: BCKDP, SYSTEM
ADMINISTER DATABASE TRIGGER: BCKDP, BCK_DBA, SYSTEM
ADMINISTER RESOURCE MANAGER: BCKDP, BCK_DBA, SYSTEM
ADMINISTER SQL MANAGEMENT OBJECT: BCKDP, BCK_DBA, SYSTEM
ADMINISTER SQL TUNING SET: BCKDP, SYSTEM
ADVISOR: BCKDP, SYSTEM
ALTER ANY ASSEMBLY: BCKDP, SYSTEM
ALTER ANY CLUSTER: BCKDP, SYSTEM
ALTER ANY CUBE: BCKDP, SYSTEM
ALTER ANY CUBE DIMENSION: BCKDP, SYSTEM
ALTER ANY DIMENSION: BCKDP, SYSTEM
ALTER ANY EDITION: BCKDP, SYSTEM
ALTER ANY EVALUATION CONTEXT: BCKDP, SYSTEM
ALTER ANY INDEX: BCKDP, SYSTEM
ALTER ANY INDEXTYPE: BCKDP, SYSTEM
ALTER ANY LIBRARY: BCKDP, SYSTEM
ALTER ANY MATERIALIZED VIEW: BCKDP, SYSTEM
ALTER ANY MINING MODEL: BCKDP, SYSTEM
ALTER ANY OPERATOR: BCKDP, SYSTEM
ALTER ANY OUTLINE: BCKDP, SYSTEM
ALTER ANY PROCEDURE: BCKDP, BCK_DBA, SYSTEM
ALTER ANY ROLE: BCKDP, SYSTEM
ALTER ANY RULE: BCKDP, SYSTEM
ALTER ANY RULE SET: BCKDP, SYSTEM
ALTER ANY SEQUENCE: BCKDP, SYSTEM
ALTER ANY SQL PROFILE: BCKDP, SYSTEM
ALTER ANY TABLE: BCKDP, BCK_DBA, SYSTEM
ALTER ANY TRIGGER: BCKDP, BCK_DBA, SYSTEM
ALTER ANY TYPE: BCKDP, BCK_DBA, SYSTEM
ALTER DATABASE: APEX_030200, BCKDP, BCK_DBA, SYSTEM
ALTER PROFILE: BCKDP, BCK_DBA, SYSTEM
ALTER RESOURCE COST: BCKDP, BCK_DBA, SYSTEM
ALTER ROLLBACK SEGMENT: BCKDP, SYSTEM
ALTER SESSION: APEX_030200, BCKDP, FWL, PERFSTAT, SAR, SAR_ANAGRAFI,
SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
ALTER SYSTEM: APEX_030200, BCKDP, SYSTEM
ALTER TABLESPACE: BCKDP, SYSTEM
ALTER USER: APEX_030200, BCKDP, BCK_DBA, SYSTEM
ANALYZE ANY: BCKDP, BCK_DBA, SYSTEM
ANALYZE ANY DICTIONARY: BCKDP, SYSTEM
AUDIT ANY: BCKDP, BCK_DBA, SYSTEM
AUDIT SYSTEM: BCKDP, BCK_DBA, SYSTEM
BACKUP ANY TABLE: BCKDP, BCK_DBA, SYSTEM
BECOME USER: BCKDP, BCK_DBA, SYSTEM
CHANGE NOTIFICATION: BCKDP, SYSTEM
COMMENT ANY MINING MODEL: BCKDP, SYSTEM
COMMENT ANY TABLE: BCKDP, BCK_DBA, SYSTEM
CREATE ANY ASSEMBLY: BCKDP, SYSTEM
CREATE ANY CLUSTER: BCKDP, BCK_DBA, SYSTEM
CREATE ANY CONTEXT: APEX_030200, BCKDP, BCK_DBA, SYSTEM
CREATE ANY CUBE: BCKDP, SYSTEM
CREATE ANY CUBE BUILD PROCESS: BCKDP, SYSTEM
CREATE ANY CUBE DIMENSION: BCKDP, SYSTEM
CREATE ANY DIMENSION: BCKDP, BCK_DBA, SYSTEM
CREATE ANY DIRECTORY: BCKDP, BCK_DBA, SYSTEM
CREATE ANY EDITION: BCKDP, SYSTEM
CREATE ANY EVALUATION CONTEXT: BCKDP, SYSTEM
CREATE ANY INDEX: BCKDP, BCK_DBA, SYSTEM
CREATE ANY INDEXTYPE: BCKDP, BCK_DBA, SYSTEM
CREATE ANY JOB: BCKDP, SAR_RW, SAR_STORIC_RW, SYSTEM
CREATE ANY LIBRARY: BCKDP, BCK_DBA, SYSTEM
CREATE ANY MATERIALIZED VIEW: BCKDP, BCK_DBA, SYSTEM
CREATE ANY MEASURE FOLDER: BCKDP, SYSTEM
CREATE ANY MINING MODEL: BCKDP, SYSTEM
CREATE ANY OPERATOR: BCKDP, BCK_DBA, SYSTEM
CREATE ANY OUTLINE: BCKDP, SYSTEM
CREATE ANY PROCEDURE: BCKDP, BCK_DBA, SYSTEM
CREATE ANY RULE: BCKDP, SYSTEM
CREATE ANY RULE SET: BCKDP, SYSTEM
CREATE ANY SEQUENCE: BCKDP, BCK_DBA, SYSTEM
CREATE ANY SQL PROFILE: BCKDP, BCK_DBA, SYSTEM
CREATE ANY SYNONYM: BCKDP, BCK_DBA, SYSTEM
CREATE ANY TABLE: BCKDP, BCK_DBA, SYSTEM
CREATE ANY TRIGGER: BCKDP, BCK_DBA, SYSTEM
CREATE ANY TYPE: BCKDP, BCK_DBA, SYSTEM
CREATE ANY VIEW: BCKDP, BCK_DBA, SYSTEM
CREATE ASSEMBLY: BCKDP, SYSTEM
CREATE CLUSTER: APEX_030200, DBMON_APDYN, BCKDP, FWL, SAR, SAR_ANAGRAFI,
SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
CREATE CUBE: BCKDP, SYSTEM
CREATE CUBE BUILD PROCESS: BCKDP, SYSTEM
CREATE CUBE DIMENSION: BCKDP, SYSTEM
CREATE DATABASE LINK: BCKDP, BCK_DBA, SYSTEM
CREATE DIMENSION: APEX_030200, BCKDP, SYSTEM
CREATE EVALUATION CONTEXT: BCKDP, SYSTEM
CREATE EXTERNAL JOB: BCKDP, SYSTEM
CREATE INDEXTYPE: APEX_030200, DBMON_APDYN, BCKDP, SYSTEM
CREATE JOB: APEX_030200, BCKDP, SAR_RW, SYSTEM
CREATE LIBRARY: BCKDP, SYSTEM
CREATE MATERIALIZED VIEW: APEX_030200, BCKDP, SYSTEM
CREATE MEASURE FOLDER: BCKDP, SYSTEM
CREATE MINING MODEL: BCKDP, SYSTEM
CREATE OPERATOR: APEX_030200, DBMON_APDYN, BCKDP, SYSTEM
CREATE PROCEDURE: APEX_030200, DBMON_APDYN, BCKDP, FWL, PERFSTAT, SAR,
SAR_ANAGRAFI, SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW,
SAR_CONSOLE, SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW,
SAR_CONSOLE_RW, SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW,
SAR_PUB, SAR_PUB_RW, SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
CREATE PROFILE: BCKDP, BCK_DBA, SYSTEM
CREATE PUBLIC DATABASE LINK: BCKDP, BCK_DBA, SYSTEM
CREATE PUBLIC SYNONYM: APEX_030200, BCKDP, BCK_DBA, PERFSTAT, SYSTEM
CREATE ROLE: APEX_030200, BCKDP, BCK_DBA, FWL, SAR, SAR_ANAGRAFI,
SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
CREATE ROLLBACK SEGMENT: BCKDP, BCK_DBA, SYSTEM
CREATE RULE: BCKDP, SYSTEM
CREATE RULE SET: BCKDP, SYSTEM
CREATE SEQUENCE: APEX_030200, DBMON_APDYN, BCKDP, FWL, PERFSTAT, SAR,
SAR_ANAGRAFI, SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW,
SAR_CONSOLE, SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW,
SAR_CONSOLE_RW, SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW,
SAR_PUB, SAR_PUB_RW, SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
CREATE SESSION: APEX_030200, CHKMON, DBMON_APDYN, BCKDP, BCK_DBA,
FWL, META_N, PERFSTAT, SAR, SAR_ANAGRAFI, SAR_ANAGRAFI_RW,
SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
CREATE SYNONYM: APEX_030200, BCKDP, FWL, SAR, SAR_ANAGRAFI,
SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
CREATE TABLE: APEX_030200, CHKMON, DBMON_APDYN, BCKDP, BCK_DBA, FWL,
PERFSTAT, SAR, SAR_ANAGRAFI, SAR_ANAGRAFI_RW, SAR_CIL_ASL,
SAR_CIL_ASL_RW, SAR_CONSOLE, SAR_CONSOLE_CIL_ASL,
SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW, SAR_CUP, SAR_G2CLIN,
SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW, SAR_RW, SAR_STORIC,
SAR_STORIC_RW, SYSTEM
CREATE TABLESPACE: APEX_030200, BCKDP, BCK_DBA, SYSTEM
CREATE TRIGGER: APEX_030200, DBMON_APDYN, BCKDP, FWL, SAR, SAR_ANAGRAFI,
SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
CREATE TYPE: APEX_030200, DBMON_APDYN, BCKDP, SAR, SAR_CIL_ASL,
SAR_CUP, SAR_G2CLIN, SAR_STORIC, SYSTEM
CREATE USER: APEX_030200, BCKDP, BCK_DBA, SYSTEM
CREATE VIEW: APEX_030200, BCKDP, FWL, PERFSTAT, SAR, SAR_ANAGRAFI,
SAR_ANAGRAFI_RW, SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW, SYSTEM
DEBUG ANY PROCEDURE: BCKDP, SAR_INDICE_RW, SYSTEM
DEBUG CONNECT SESSION: BCKDP, SAR_INDICE_RW, SYSTEM
DELETE ANY CUBE DIMENSION: BCKDP, SYSTEM
DELETE ANY MEASURE FOLDER: BCKDP, SYSTEM
DELETE ANY TABLE: BCKDP, BCK_DBA, SYSTEM
DEQUEUE ANY QUEUE: BCKDP, SYSTEM
DROP ANY ASSEMBLY: BCKDP, SYSTEM
DROP ANY CLUSTER: BCKDP, BCK_DBA, SYSTEM
DROP ANY CONTEXT: BCKDP, BCK_DBA, SYSTEM
DROP ANY CUBE: BCKDP, SYSTEM
DROP ANY CUBE BUILD PROCESS: BCKDP, SYSTEM
DROP ANY CUBE DIMENSION: BCKDP, SYSTEM
DROP ANY DIMENSION: BCKDP, BCK_DBA, SYSTEM
DROP ANY DIRECTORY: BCKDP, BCK_DBA, SYSTEM
DROP ANY EDITION: BCKDP, SYSTEM
DROP ANY EVALUATION CONTEXT: BCKDP, SYSTEM
DROP ANY INDEX: BCKDP, BCK_DBA, SYSTEM
DROP ANY INDEXTYPE: BCKDP, BCK_DBA, SYSTEM
DROP ANY LIBRARY: BCKDP, BCK_DBA, SYSTEM
DROP ANY MATERIALIZED VIEW: BCKDP, BCK_DBA, SYSTEM
DROP ANY MEASURE FOLDER: BCKDP, SYSTEM
DROP ANY MINING MODEL: BCKDP, SYSTEM
DROP ANY OPERATOR: BCKDP, BCK_DBA, SYSTEM
DROP ANY OUTLINE: BCKDP, BCK_DBA, SYSTEM
DROP ANY PROCEDURE: BCKDP, BCK_DBA, SYSTEM
DROP ANY ROLE: BCKDP, BCK_DBA, SYSTEM
DROP ANY RULE: BCKDP, SYSTEM
DROP ANY RULE SET: BCKDP, SYSTEM
DROP ANY SEQUENCE: BCKDP, BCK_DBA, SYSTEM
DROP ANY SQL PROFILE: BCKDP, BCK_DBA, SYSTEM
DROP ANY SYNONYM: BCKDP, BCK_DBA, SYSTEM
DROP ANY TABLE: BCKDP, BCK_DBA, SYSTEM
DROP ANY TRIGGER: BCKDP, BCK_DBA, SYSTEM
DROP ANY TYPE: BCKDP, BCK_DBA, SYSTEM
DROP ANY VIEW: BCKDP, BCK_DBA, SYSTEM
DROP PROFILE: BCKDP, BCK_DBA, SYSTEM
DROP PUBLIC DATABASE LINK: BCKDP, BCK_DBA, SYSTEM
DROP PUBLIC SYNONYM: APEX_030200, BCKDP, BCK_DBA, PERFSTAT, SYSTEM
DROP ROLLBACK SEGMENT: BCKDP, BCK_DBA, SYSTEM
DROP TABLESPACE: APEX_030200, BCKDP, BCK_DBA, SYSTEM
DROP USER: APEX_030200, BCKDP, BCK_DBA, SYSTEM
ENQUEUE ANY QUEUE: BCKDP, SYSTEM
EXECUTE ANY ASSEMBLY: BCKDP, SYSTEM
EXECUTE ANY CLASS: BCKDP, SYSTEM
EXECUTE ANY EVALUATION CONTEXT: BCKDP, SYSTEM
EXECUTE ANY INDEXTYPE: BCKDP, SYSTEM
EXECUTE ANY LIBRARY: BCKDP, SYSTEM
EXECUTE ANY OPERATOR: BCKDP, BCK_DBA, SYSTEM
EXECUTE ANY PROCEDURE: BCKDP, BCK_DBA, SYSTEM
EXECUTE ANY PROGRAM: BCKDP, SYSTEM
EXECUTE ANY RULE: BCKDP, SYSTEM
EXECUTE ANY RULE SET: BCKDP, SYSTEM
EXECUTE ANY TYPE: BCKDP, BCK_DBA, SYSTEM
EXECUTE ASSEMBLY: BCKDP, SYSTEM
EXEMPT ACCESS POLICY: BCKDP
EXPORT FULL DATABASE: BCKDP, SYSTEM
FLASHBACK ANY TABLE: BCKDP, SYSTEM
FLASHBACK ARCHIVE ADMINISTER: BCKDP, SYSTEM
FORCE ANY TRANSACTION: BCKDP, SYSTEM
FORCE TRANSACTION: BCKDP, SYSTEM
GLOBAL QUERY REWRITE: BCKDP, BCK_DBA, SYSTEM
GRANT ANY OBJECT PRIVILEGE: BCKDP, BCK_DBA, SYSTEM
GRANT ANY PRIVILEGE: BCKDP, BCK_DBA, SYSTEM
GRANT ANY ROLE: BCKDP, BCK_DBA, SYSTEM
IMPORT FULL DATABASE: BCKDP, SYSTEM
INSERT ANY CUBE DIMENSION: BCKDP, SYSTEM
INSERT ANY MEASURE FOLDER: BCKDP, SYSTEM
INSERT ANY TABLE: BCKDP, BCK_DBA, SYSTEM
LOCK ANY TABLE: BCKDP, SYSTEM
MANAGE ANY FILE GROUP: BCKDP, SYSTEM
MANAGE ANY QUEUE: BCKDP, BCK_DBA, SYSTEM
MANAGE FILE GROUP: BCKDP, SYSTEM
MANAGE SCHEDULER: BCKDP, SAR_STORIC_RW, SYSTEM
MANAGE TABLESPACE: BCKDP, SYSTEM
MERGE ANY VIEW: BCKDP, SYSTEM
ON COMMIT REFRESH: BCKDP, SYSTEM
QUERY REWRITE: BCKDP, SYSTEM
READ ANY FILE GROUP: BCKDP, BCK_DBA, SYSTEM
RESTRICTED SESSION: BCKDP, BCK_DBA, SYSTEM
RESUMABLE: BCKDP, BCK_DBA, SYSTEM
SELECT ANY CUBE: BCKDP, SYSTEM
SELECT ANY CUBE DIMENSION: BCKDP, SYSTEM
SELECT ANY DICTIONARY: BCKDP, SYSTEM
SELECT ANY MINING MODEL: BCKDP, SYSTEM
SELECT ANY SEQUENCE: BCKDP, BCK_DBA, SYSTEM
SELECT ANY TABLE: BCKDP, BCK_DBA, SYSTEM
SELECT ANY TRANSACTION: BCKDP, SYSTEM
UNDER ANY TABLE: BCKDP, SYSTEM
UNDER ANY TYPE: BCKDP, SYSTEM
UNDER ANY VIEW: BCKDP, SYSTEM
UNLIMITED TABLESPACE: APEX_030200, DBMON_APDYN, BCKDP, SYSTEM
UPDATE ANY CUBE: BCKDP, SYSTEM
UPDATE ANY CUBE BUILD PROCESS: BCKDP, SYSTEM
UPDATE ANY CUBE DIMENSION: BCKDP, SYSTEM
UPDATE ANY TABLE: BCKDP, BCK_DBA, SYSTEM
| ||
| Remarks | System privileges provide the ability to access data or perform administrative operations for the entire database. Consistent with the principle of least privilege, these privileges should be granted sparingly. The Privilege Analysis feature of Database Vault may be helpful to determine the minimum set of privileges required by a user or role. In some cases, it may be possible to substitute a more limited object privilege grant in place of a system privilege grant that applies to all objects. System privileges should be granted with admin option only when the recipient needs the ability to grant the privilege to others. | ||
| PRIV.ROLES | |||
| Status | Evaluate | ||
| Summary | 79 grants of roles | ||
| Details |
Users directly or indirectly granted each role:
AQ_ADMINISTRATOR_ROLE: SYSTEM
CONNECT: APEX_030200
CHKMON_ROLE: CHKMON
CTXAPP: (none)
DATAPUMP_EXP_FULL_DATABASE: BCKDP, SYSTEM
DATAPUMP_IMP_FULL_DATABASE: BCKDP, SYSTEM
DBA: BCKDP, SYSTEM
DELETE_CATALOG_ROLE: BCKDP, SYSTEM
EXECUTE_CATALOG_ROLE: BCKDP, BCK_DBA, SYSTEM
EXP_FULL_DATABASE: BCKDP, BCK_DBA, SYSTEM
GATHER_SYSTEM_STATISTICS: BCKDP, SYSTEM
HS_ADMIN_EXECUTE_ROLE: BCKDP, BCK_DBA, SYSTEM
HS_ADMIN_SELECT_ROLE: CHKMON, DBMON_APDYN, BCKDP, BCK_DBA, META_N,
PERFSTAT, SYSTEM
IMP_FULL_DATABASE: BCKDP, BCK_DBA, SYSTEM
JAVAUSERPRIV: (none)
JAVA_ADMIN: BCKDP, SYSTEM
JAVA_DEPLOY: BCKDP, SYSTEM
OEM_MONITOR: (none)
PIMPEXP: EI
PIMPEXP_DBA: BCK_DBA
RESOURCE: APEX_030200, DBMON_APDYN
SCHEDULER_ADMIN: BCKDP, SYSTEM
SELECT_CATALOG_ROLE: CHKMON, DBMON_APDYN, BCKDP, BCK_DBA, META_N,
PERFSTAT, SYSTEM
STD_USER: FWL, SAR, SAR_ANAGRAFI, SAR_ANAGRAFI_RW,
SAR_CIL_ASL, SAR_CIL_ASL_RW, SAR_CONSOLE,
SAR_CONSOLE_CIL_ASL, SAR_CONSOLE_CIL_ASL_RW, SAR_CONSOLE_RW,
SAR_CUP, SAR_G2CLIN, SAR_INDICE, SAR_INDICE_RW, SAR_PUB, SAR_PUB_RW,
SAR_RW, SAR_STORIC, SAR_STORIC_RW
WM_ADMIN_ROLE: BCKDP, SYSTEM
XDBADMIN: BCKDP, SYSTEM
XDB_SET_INVOKER: BCKDP, SYSTEM
| ||
| Remarks | Roles are a convenient way to manage groups of related privileges, especially when the privileges are required for a particular task or job function. Beware of broadly defined roles, which may confer more privileges than an individual recipient requires. Roles should be granted with admin option only when the recipient needs the ability to modify the role or grant it to others. | ||
| PRIV.ACCT | |||
| Status | Evaluate | ||
| Summary | 26 grants of account management privileges (6 with admin option) | ||
| Details |
Grants of ALTER USER, CREATE USER, DROP USER:
APEX_030200: ALTER USER, CREATE USER, DROP USER
BCKDP <- DBA: ALTER USER(*), CREATE USER(*), DROP USER(*)
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE: ALTER USER
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
ALTER USER, CREATE USER, DROP USER
BCKDP <- DBA <- IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP USER
BCK_DBA <- PIMPEXP_DBA <- IMP_FULL_DATABASE: ALTER USER, CREATE USER,
DROP USER
SYSTEM <- DBA: ALTER USER(*), CREATE USER(*), DROP USER(*)
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: ALTER USER
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
ALTER USER, CREATE USER, DROP USER
SYSTEM <- DBA <- IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP
USER
(*) = granted with admin option
| ||
| Remarks | User management privileges (ALTER USER, CREATE USER, DROP USER) can be used to create and modify other user accounts, including changing passwords. This power can be abused to gain access to another user's account, which may have greater privileges. | ||
| PRIV.MGMT | |||
| Status | Evaluate | ||
| Summary | 63 grants of privilege management privileges (12 with admin option) | ||
| Details |
Grants of ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT
PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE:
APEX_030200: CREATE ROLE
BCKDP <- DBA: ALTER ANY ROLE(*), CREATE ROLE(*), DROP ANY ROLE(*), GRANT
ANY OBJECT PRIVILEGE(*), GRANT ANY PRIVILEGE(*), GRANT ANY ROLE(*)
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT
PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY
PRIVILEGE, GRANT ANY ROLE
BCKDP <- DBA <- IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT
ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
BCK_DBA <- PIMPEXP_DBA <- IMP_FULL_DATABASE: CREATE ROLE, DROP ANY
ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
FWL <- STD_USER: CREATE ROLE
SAR <- STD_USER: CREATE ROLE
SAR_ANAGRAFI <- STD_USER: CREATE ROLE
SAR_ANAGRAFI_RW <- STD_USER: CREATE ROLE
SAR_CIL_ASL <- STD_USER: CREATE ROLE
SAR_CIL_ASL_RW <- STD_USER: CREATE ROLE
SAR_CONSOLE <- STD_USER: CREATE ROLE
SAR_CONSOLE_CIL_ASL <- STD_USER: CREATE ROLE
SAR_CONSOLE_CIL_ASL_RW <- STD_USER: CREATE ROLE
SAR_CONSOLE_RW <- STD_USER: CREATE ROLE
SAR_CUP <- STD_USER: CREATE ROLE
SAR_G2CLIN <- STD_USER: CREATE ROLE
SAR_INDICE <- STD_USER: CREATE ROLE
SAR_INDICE_RW <- STD_USER: CREATE ROLE
SAR_PUB <- STD_USER: CREATE ROLE
SAR_PUB_RW <- STD_USER: CREATE ROLE
SAR_RW <- STD_USER: CREATE ROLE
SAR_STORIC <- STD_USER: CREATE ROLE
SAR_STORIC_RW <- STD_USER: CREATE ROLE
SYSTEM <- DBA: ALTER ANY ROLE(*), CREATE ROLE(*), DROP ANY ROLE(*),
GRANT ANY OBJECT PRIVILEGE(*), GRANT ANY PRIVILEGE(*), GRANT ANY
ROLE(*)
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT
PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY
PRIVILEGE, GRANT ANY ROLE
SYSTEM <- DBA <- IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT
ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
(*) = granted with admin option
| ||
| Remarks | Users with privilege management privileges (ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE) can change the set of privileges granted to themselves and other users. This ability should be granted sparingly, since it can be used to circumvent many security controls in the database. | ||
| PRIV.AUDIT | |||
| Status | Evaluate | ||
| Summary | 18 grants of audit privilege (4 with admin option) | ||
| Details |
Grants of AUDIT ANY, AUDIT SYSTEM:
BCKDP <- DBA: AUDIT ANY(*), AUDIT SYSTEM(*)
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
AUDIT ANY, AUDIT SYSTEM
BCKDP <- DBA <- IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
BCK_DBA <- PIMPEXP_DBA <- IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
SYSTEM <- DBA: AUDIT ANY(*), AUDIT SYSTEM(*)
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
AUDIT ANY, AUDIT SYSTEM
SYSTEM <- DBA <- IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
(*) = granted with admin option
| ||
| Remarks | Audit management privileges (AUDIT ANY, AUDIT SYSTEM) can be used to change the audit policies for the database. This ability should be granted sparingly, since it may be used to hide malicious activity. | ||
| PRIV.DATA | |||
| Status | Evaluate | ||
| Summary | 83 grants of data access privileges (20 with admin option) | ||
| Details |
Grants of ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ
ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE:
EI: SELECT ANY TABLE
EI <- PIMPEXP: SELECT ANY TABLE
EI <- PIMPEXP <- EXP_FULL_DATABASE: SELECT ANY TABLE
BCKDP <- DBA: ALTER ANY TABLE(*), ALTER ANY TRIGGER(*), CREATE ANY
INDEX(*), CREATE ANY PROCEDURE(*), CREATE ANY TRIGGER(*), DELETE ANY
TABLE(*), INSERT ANY TABLE(*), SELECT ANY DICTIONARY(*), SELECT ANY
TABLE(*), UPDATE ANY TABLE(*)
BCKDP <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
SELECT ANY TABLE
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE, SELECT
ANY TABLE
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
SELECT ANY TABLE
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE,
SELECT ANY TABLE, UPDATE ANY TABLE
BCKDP <- DBA <- EXP_FULL_DATABASE: SELECT ANY TABLE
BCKDP <- DBA <- IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY TRIGGER,
CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY
TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
BCK_DBA: SELECT ANY TABLE
BCK_DBA <- PIMPEXP_DBA: SELECT ANY TABLE
BCK_DBA <- PIMPEXP_DBA <- EXP_FULL_DATABASE: SELECT ANY TABLE
BCK_DBA <- PIMPEXP_DBA <- IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER
ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY
TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE
ANY TABLE
SYSTEM: SELECT ANY TABLE
SYSTEM <- DBA: ALTER ANY TABLE(*), ALTER ANY TRIGGER(*), CREATE ANY
INDEX(*), CREATE ANY PROCEDURE(*), CREATE ANY TRIGGER(*), DELETE ANY
TABLE(*), INSERT ANY TABLE(*), SELECT ANY DICTIONARY(*), SELECT ANY
TABLE(*), UPDATE ANY TABLE(*)
SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
SELECT ANY TABLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE, SELECT
ANY TABLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
SELECT ANY TABLE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY
PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE,
SELECT ANY TABLE, UPDATE ANY TABLE
SYSTEM <- DBA <- EXP_FULL_DATABASE: SELECT ANY TABLE
SYSTEM <- DBA <- IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY
TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER,
DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
(no users) <- OEM_MONITOR: SELECT ANY DICTIONARY
(*) = granted with admin option
| ||
| Remarks | Users with data access privileges (ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE) can override various access controls on data. Most administrative tasks do not require access to the data itself, so these privileges should be granted rarely even to administrators. In addition to minimizing grants of these privileges, consider the use of Database Vault realms to limit the use of these privileges to access sensitive data. | ||
| PRIV.EXEMPT | |||
| Status | Evaluate | ||
| Summary | 1 grant of access control exemption privileges | ||
| Details | Grants of EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY: BCKDP: EXEMPT ACCESS POLICY | ||
| Remarks | Users with exemption privileges (EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY) can bypass the access control policies created using Virtual Private Database and Data Redaction. Most administrative tasks do not require access to the data itself, so these privileges should be granted rarely even to administrators. | ||
| PRIV.PASSWD | |||
| Status | Evaluate | ||
| Summary | 1 grant of object privileges on restricted objects | ||
| Details | Grants of READ, SELECT on objects containing verifiers: APEX_030200: SELECT on SYS.USER$ | ||
| Remarks | Users with these privileges can access objects that contain user password verifiers. The verifiers can be used in offline attacks to discover user passwords. | ||
| PRIV.OBJ | |||
| Status | Evaluate | ||
| Summary | 112 grants of object privileges on restricted objects | ||
| Details |
Grants of DELETE, INSERT, UPDATE on SYS, DVSYS, or LBACSYS objects:
EI <- PIMPEXP <- EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on
SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on
SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on
SYS.INCFIL, UPDATE on SYS.INCVID
BCKDP <- DBA: DELETE on SYS.MAP_OBJECT, INSERT on SYS.MAP_OBJECT, UPDATE
on SYS.MAP_OBJECT
BCKDP <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
DELETE on SYS.EXPIMP_TTS_CT$, INSERT on SYS.EXPIMP_TTS_CT$, UPDATE on
SYS.EXPIMP_TTS_CT$
BCKDP <- DBA <- DELETE_CATALOG_ROLE: DELETE on SYS.AUD$, DELETE on
SYS.FGA_LOG$
BCKDP <- DBA <- EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on
SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on
SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on
SYS.INCFIL, UPDATE on SYS.INCVID
BCKDP <- DBA <- GATHER_SYSTEM_STATISTICS: DELETE on SYS.AUX_STATS$,
INSERT on SYS.AUX_STATS$, UPDATE on SYS.AUX_STATS$
BCKDP <- DBA <- IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$,
INSERT on SYS.EXPIMP_TTS_CT$, UPDATE on SYS.EXPIMP_TTS_CT$
BCK_DBA <- PIMPEXP_DBA <- EXP_FULL_DATABASE: DELETE on SYS.INCEXP,
DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP,
INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP,
UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
BCK_DBA <- PIMPEXP_DBA <- IMP_FULL_DATABASE: DELETE on
SYS.EXPIMP_TTS_CT$, INSERT on SYS.EXPIMP_TTS_CT$, UPDATE on
SYS.EXPIMP_TTS_CT$
SYSTEM: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
SYSTEM <- DBA: DELETE on SYS.MAP_OBJECT, INSERT on SYS.MAP_OBJECT,
UPDATE on SYS.MAP_OBJECT
SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE <- EXP_FULL_DATABASE:
DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- EXP_FULL_DATABASE:
DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID,
INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID,
UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE <- IMP_FULL_DATABASE:
DELETE on SYS.EXPIMP_TTS_CT$, INSERT on SYS.EXPIMP_TTS_CT$, UPDATE on
SYS.EXPIMP_TTS_CT$
SYSTEM <- DBA <- DELETE_CATALOG_ROLE: DELETE on SYS.AUD$, DELETE on
SYS.FGA_LOG$
SYSTEM <- DBA <- EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on
SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on
SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on
SYS.INCFIL, UPDATE on SYS.INCVID
SYSTEM <- DBA <- GATHER_SYSTEM_STATISTICS: DELETE on SYS.AUX_STATS$,
INSERT on SYS.AUX_STATS$, UPDATE on SYS.AUX_STATS$
SYSTEM <- DBA <- IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$,
INSERT on SYS.EXPIMP_TTS_CT$, UPDATE on SYS.EXPIMP_TTS_CT$
| ||
| Remarks | Users with these privileges can directly modify objects in the SYS, DVSYS, or LBACSYS schemas. Manipulating these system objects may allow security protections to be circumvented or otherwise interfere with normal operation of the database. | ||
| PRIV.USER | |||
| Status | Pass | ||
| Summary | No grants of EXECUTE on restricted packages | ||
| Remarks | These PL/SQL packages (DBMS_SCHEDULER, DBMS_SYS_SQL) allow for execution of SQL code or external jobs using the identity of a different user. Access should be strictly limited and granted only to users with a legitimate need for this functionality. | ||
| PRIV.EXFIL | |||
| Status | Pass | ||
| Summary | No grants of EXECUTE on restricted packages | ||
| Remarks | These PL/SQL packages (DBMS_BACKUP_RESTORE) can send data from the database using the network or file system. Access should be granted only to users with a legitimate need for this functionality. | ||
| PRIV.SYSPUB | |||
| Status | Pass | ||
| Summary | No grants of system privileges to PUBLIC | ||
| Remarks | Privileges granted to PUBLIC are available to all users. This generally should include few, if any, system privileges since these will not be needed by ordinary users who are not administrators. | ||
| PRIV.ROLEPUB | |||
| Status | Pass | ||
| Summary | No grants of roles to PUBLIC | ||
| Remarks | Roles granted to PUBLIC are available to all users. Most roles contain privileges that are not appropriate for all users. | ||
| PRIV.COLPUB | |||
| Status | Pass | ||
| Summary | No grants of column privileges to PUBLIC | ||
| Remarks | Privileges granted to PUBLIC are available to all users. This should include column privileges only for data that is intended to be accessible to everyone. | ||
| PRIV.DBA | |||
| Status | Evaluate | ||
| Summary | 2 grants of DBA role (1 with admin option) | ||
| Details | Grants of DBA role: BCKDP: DBA SYSTEM: DBA(*) (*) = granted with admin option | ||
| Remarks | The DBA role is very powerful and can be used to bypass many security protections. It should be granted to only a small number of trusted administrators. Furthermore, each trusted user should have an individual account for accountability reasons. As with any powerful role, avoid granting the DBA role with admin option unless absolutely necessary. | ||
| PRIV.BIGROLES | |||
| Status | Evaluate | ||
| Summary | 14 grants of powerful roles (1 with admin option) | ||
| Details |
Grants of AQ_ADMINISTRATOR_ROLE, EM_EXPRESS_ALL, EXP_FULL_DATABASE,
IMP_FULL_DATABASE, OEM_MONITOR roles:
EI <- PIMPEXP: EXP_FULL_DATABASE
BCKDP <- DBA: EXP_FULL_DATABASE, IMP_FULL_DATABASE
BCKDP <- DBA <- DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE
BCKDP <- DBA <- DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE,
IMP_FULL_DATABASE
BCK_DBA <- PIMPEXP_DBA: EXP_FULL_DATABASE, IMP_FULL_DATABASE
SYSTEM: AQ_ADMINISTRATOR_ROLE(*)
SYSTEM <- DBA: EXP_FULL_DATABASE, IMP_FULL_DATABASE
SYSTEM <- DBA <- DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE
SYSTEM <- DBA <- DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE,
IMP_FULL_DATABASE
(*) = granted with admin option
| ||
| Remarks | Like the DBA role, these roles (AQ_ADMINISTRATOR_ROLE, EM_EXPRESS_ALL, EXP_FULL_DATABASE, IMP_FULL_DATABASE, OEM_MONITOR) contain powerful privileges that can be used to bypass security protections. They should be granted only to a small number of trusted administrators. | ||
| PRIV.JAVA | |||
| Status | Evaluate | ||
| Summary | Found 4 users or roles with Java permission. | ||
| Details |
Grantee: EJBCLIENT
GRANT, Name: getClassLoader, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: *, Type Schema: SYS, Type Name: java.net.SocketPermission,
Action: connect,resolve
GRANT, Name: createClassLoader, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
Grantee: JMXSERVER
GRANT, Name: *, Type Schema: SYS, Type Name: java.net.SocketPermission,
Action: accept,connect,listen,resolve
GRANT, Name: control, Type Schema: SYS, Type Name:
java.util.logging.LoggingPermission
GRANT, Name: accessClassInPackage.*, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: com.sun.management.*, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: read,write
GRANT, Name: createMBeanServer, Type Schema: SYS, Type Name:
javax.management.MBeanServerPermission
GRANT, Name: control, Type Schema: SYS, Type Name:
java.lang.management.ManagementPermission
GRANT, Name: monitor, Type Schema: SYS, Type Name:
java.lang.management.ManagementPermission
GRANT, Name: *, Type Schema: SYS, Type Name:
javax.management.MBeanPermission, Action: *
GRANT, Name: javax.net.ssl.*, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: read,write
GRANT, Name: https.proxyHost, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: read,write
GRANT, Name: javax.net.debug, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: read,write
GRANT, Name: java.rmi.server.randomIDs, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: read,write
GRANT, Name: com.sun.jmx.*, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: read,write
GRANT, Name: javavm/lib/management/*, Type Schema: SYS, Type Name:
java.io.FilePermission, Action: read
GRANT, Name: javavm/lib/management/jmxremote.access, Type Schema: SYS, Type
Name: java.io.FilePermission, Action: read
GRANT, Name: javavm/lib/management/management.properties, Type Schema: SYS,
Type Name: java.io.FilePermission, Action: read
GRANT, Name: setContextClassLoader, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
Grantee: PUBLIC
GRANT, Name: exitVM, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: user.language, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: write
GRANT, Name: *, Type Schema: SYS, Type Name: java.util.PropertyPermission,
Action: read
GRANT, Name: DUMMY, Type Schema: SYS, Type Name:
oracle.aurora.security.JServerPermission
GRANT, Name: createSecurityManager, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: modifyThread, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: modifyThreadGroup, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: preferences, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: getenv.ORACLE_HOME, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: getenv.TNS_ADMIN, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
GRANT, Name: LoadClassInPackage.*, Type Schema: SYS, Type Name:
oracle.aurora.security.JServerPermission
GRANT, Name: oracle.net.tns_admin, Type Schema: SYS, Type Name:
java.util.PropertyPermission, Action: write
RESTRICT, Name: LoadClassInPackage.oracle.jdbc.*, Type Schema: SYS, Type
Name: oracle.aurora.security.JServerPermission
RESTRICT, Name: LoadClassInPackage.oracle.ord.*, Type Schema: SYS, Type
Name: oracle.aurora.security.JServerPermission
RESTRICT, Name: LoadClassInPackage.java.*, Type Schema: SYS, Type Name:
oracle.aurora.security.JServerPermission
RESTRICT, Name: LoadClassInPackage.oracle.aurora.*, Type Schema: SYS, Type
Name: oracle.aurora.security.JServerPermission
RESTRICT, Name: loadLibrary.*, Type Schema: SYS, Type Name:
java.lang.RuntimePermission
RESTRICT, Name: 0:java.lang.RuntimePermission#loadLibrary.*, Type Schema:
SYS, Type Name: oracle.aurora.rdbms.security.PolicyTablePermission
Grantee: SYSTEM
GRANT, Name: <<ALL FILES>>, Type Schema: SYS, Type Name:
java.io.FilePermission, Action: read
| ||
| Remarks | Java permission grants control the ability of database users to execute Java classes within the database server. A database user executing Java code must have both Java security permissions and database privileges to access resources within the database. These resources include database resources, such as tables and PL/SQL packages, operating system resources, such as files and sockets, Oracle JVM classes, and user-loaded classes. Make sure that these permissions are limited to the minimum required by each user. | ||
| PRIV.ADMIN | |||
| Status | Evaluate | ||
| Summary | Found 1 user granted administrative privileges. Found 0 administrative privileges not granted to any user. | ||
| Details | SYSDBA (1): SYS SYSOPER (1): SYS | ||
| Remarks | Administrative privileges allow a user to perform maintenance operations, including some that may occur while the database is not open. The SYSDBA privilege allows the user to run as SYS and perform virtually all privileged operations. Starting with Oracle Database 12.1, less powerful administrative privileges were introduced to allow users to perform common administrative tasks with less than full SYSDBA privileges. To achieve the benefit of this separation of duty, each of these administrative privileges should be granted to at least one user account. | ||
| AUTH.DV | |||
| Status | Opportunity | ||
| Summary | Database Vault is not enabled. | ||
| Remarks | Database Vault provides for configurable policies to control the actions of privileged administrative users, in order to protect against insider threats, stolen credentials, and human error. Data realms prevent unauthorized access to sensitive data objects, even by users with system privileges. Command rules limit the SQL commands and options that administrators can execute. | ||
| CRYPT.TDE | |||
| Status | Opportunity | ||
| Summary | No encrypted tablespaces found. No encrypted columns found. | ||
| Remarks | Encryption of some sensitive data is a requirement in certain regulated environments. Transparent Data Encryption automatically encrypts data as it is stored and decrypts it upon retrieval. This protects sensitive data from attacks that bypass the database to read data files directly. Encryption keys may be stored in wallets on the database server itself, or stored remotely in Oracle Key Vault for improved security. | ||
| CRYPT.WALLET | |||
| Status | Evaluate | ||
| Summary | Found 1 wallet. No wallets are stored in the data file directory. | ||
| Details | Wallet location: /o11xxx/app/oracle/admin/SAMPLE/wallet Wallet type: file Status: CLOSED Data file directory: /o11xxx/app/oracle/product/11g/dbs | ||
| Remarks | Wallets are encrypted files used to store encryption keys, passwords, and other sensitive data. Wallet files should not be stored in the same directory with database data files, to avoid accidentally creating backups that include both encrypted data files and the wallet containing the master key protecting those files. For maximum separation of keys and data, consider storing encryption keys in Oracle Key Vault instead of wallet files. | ||
| ACCESS.VPD | |||
| Status | Opportunity | ||
| Summary | No VPD policies found. | ||
| Details | Users with EXEMPT ACCESS POLICY privilege: BCKDP Users with EXECUTE on SYS.DBMS_RLS: APEX_030200, BCKDP, BCK_DBA, SYSTEM | ||
| Remarks | Virtual Private Database (VPD) allows for fine-grained control over which rows and columns of a table are visible to a SQL statement. Access control using VPD limits each database session to only the specific data it should be able to access. Access by users with the EXEMPT ACCESS POLICY privilege will not be affected by VPD policies. Users who can execute the DBMS_RLS package are able to create and modify these policies. | ||
| ACCESS.OLS | |||
| Status | Opportunity | ||
| Summary | Label Security is not enabled. | ||
| Remarks | Oracle Label Security provides the ability to tag data with a data label or a data classification. Access to sensitive data is controlled by comparing the data label with the requesting user's label or security clearance. A user label or security clearance can be thought of as an extension to standard database privileges and roles. Access by users with the EXEMPT ACCESS POLICY privilege will not be affected by the Label Security policies. Each policy has a corresponding role; users who have this role are able to administer the policy. | ||
| AUDIT.RECORDS | |||
| Status | Evaluate | ||
| Summary | Examined 2 audit trails. Found records in 1 audit trail. No errors found in audit initialization parameters. | ||
| Details |
Traditional Audit Trail: In use, 56088060 records found (Jan 15 2015 - Apr
01 2017)
FGA Audit Trail: No records found
AUDIT_FILE_DEST=/o11xxx/app/oracle/admin/SAMPLE/adump
AUDIT_SYSLOG_LEVEL is not set.
AUDIT_TRAIL=DB
| ||
| Remarks | Auditing is an essential component for securing any system. The audit trail allows for monitoring the activities of highly privileged users. For any attack that exploits gaps in other security policies, auditing cannot prevent the attack but it forms the critical last line of defense by detecting the malicious activity. Sending audit data to a remote system is recommended in order to prevent any possible tampering with the audit records. The AUDIT_SYSLOG_LEVEL parameter can be set to send an abbreviated version of some audit records to a remote syslog collector. A better solution is to use Oracle Audit Vault and Database Firewall to centrally collect full audit records from multiple databases. | ||
| AUDIT.STMT | |||
| Status | Evaluate | ||
| Summary | Auditing enabled for 28 statements. | ||
| Details |
Traditional Audit (28): ALTER ANY PROCEDURE, ALTER ANY TABLE, ALTER
DATABASE, ALTER PROFILE, ALTER SYSTEM, ALTER USER, CREATE ANY JOB,
CREATE ANY LIBRARY, CREATE ANY PROCEDURE, CREATE ANY TABLE, CREATE
EXTERNAL JOB, CREATE PUBLIC DATABASE LINK, CREATE SESSION, CREATE USER,
DATABASE LINK, DROP ANY PROCEDURE, DROP ANY TABLE, DROP PROFILE, DROP
USER, EXEMPT ACCESS POLICY, GRANT ANY OBJECT PRIVILEGE, GRANT ANY
PRIVILEGE, GRANT ANY ROLE, PROFILE, PUBLIC SYNONYM, ROLE, SYSTEM AUDIT,
SYSTEM GRANT
| ||
| Remarks | This finding shows the SQL statements that are audited by enabled audit policies. | ||
| AUDIT.OBJ | |||
| Status | Opportunity | ||
| Summary | No auditing enabled for objects. | ||
| Remarks | This finding shows the object accesses that are audited by enabled audit policies. | ||
| AUDIT.PRIV | |||
| Status | Evaluate | ||
| Summary | Auditing enabled for 23 privileges. | ||
| Details |
Traditional Audit (23): ALTER ANY PROCEDURE, ALTER ANY TABLE, ALTER
DATABASE, ALTER PROFILE, ALTER SYSTEM, ALTER USER, AUDIT SYSTEM, CREATE
ANY JOB, CREATE ANY LIBRARY, CREATE ANY PROCEDURE, CREATE ANY TABLE,
CREATE EXTERNAL JOB, CREATE PUBLIC DATABASE LINK, CREATE SESSION,
CREATE USER, DROP ANY PROCEDURE, DROP ANY TABLE, DROP PROFILE, DROP
USER, EXEMPT ACCESS POLICY, GRANT ANY OBJECT PRIVILEGE, GRANT ANY
PRIVILEGE, GRANT ANY ROLE
| ||
| Remarks | This finding shows the privileges that are audited by enabled audit policies. | ||
| AUDIT.ADMIN | |||
| Status | Significant Risk | ||
| Summary | Actions of the SYS user are not audited. | ||
| Details | Traditional Audit: AUDIT_SYS_OPERATIONS is set to FALSE. | ||
| Remarks | It is important to audit administrative actions performed by the SYS user. Traditional audit policies do not apply to SYS, so the AUDIT_SYS_OPERATIONS parameter must be set to record SYS actions to a separate audit trail. Beginning with Oracle 12c, the same Unified Audit policies can be applied to SYS that are used to monitor other users. | ||
| AUDIT.PRIVMGMT | |||
| Status | Pass | ||
| Summary | Actions related to privilege management are sufficiently audited. | ||
| Details |
Traditional audit - auditing enabled: GRANT ANY OBJECT PRIVILEGE, GRANT ANY
PRIVILEGE, GRANT ANY ROLE, SYSTEM GRANT
| ||
| Remarks | Granting additional privileges to users or roles potentially affects most security protections and should be audited. Each action or privilege listed here should be included in at least one enabled audit policy. | ||
| AUDIT.ACCTMGMT | |||
| Status | Pass | ||
| Summary | Actions related to account management are sufficiently audited. | ||
| Details |
Traditional audit - auditing enabled: ALTER PROFILE, ALTER USER, CREATE
USER, DROP PROFILE, DROP USER, PROFILE
| ||
| Remarks | Creation of new user accounts or modification of existing accounts can be used to gain access to the privileges of those accounts and should be audited. Each action or privilege listed here should be included in at least one enabled audit policy. | ||
| AUDIT.DBMGMT | |||
| Status | Significant Risk | ||
| Summary | Actions related to database management are not sufficiently audited. | ||
| Details |
Auditing not enabled: ALTER PUBLIC DATABASE LINK, AUDIT ANY, CREATE ANY
DIRECTORY, DROP ANY DIRECTORY, DROP PUBLIC DATABASE LINK, EXECUTE ON
SYS.DBMS_RLS
Traditional audit - auditing enabled: ALTER DATABASE, ALTER SYSTEM, CREATE
ANY LIBRARY, CREATE EXTERNAL JOB, CREATE PUBLIC DATABASE LINK, DATABASE
LINK, PUBLIC SYNONYM, SYSTEM AUDIT
| ||
| Remarks | Actions that affect the management of database features should always be audited. Each action or privilege listed here should be included in at least one enabled audit policy. | ||
| AUDIT.PRIVUSE | |||
| Status | Significant Risk | ||
| Summary | Usages of powerful system privileges are not sufficiently audited. | ||
| Details |
Auditing not enabled: BECOME USER, CREATE ANY TRIGGER, EXEMPT REDACTION
POLICY
Traditional audit - auditing enabled: CREATE ANY JOB, CREATE ANY PROCEDURE,
EXEMPT ACCESS POLICY
| ||
| Remarks | Usage of powerful system privileges should always be audited. Each privilege listed here should be included in at least one enabled audit policy. | ||
| AUDIT.CONN | |||
| Status | Pass | ||
| Summary | Database connections are sufficiently audited. | ||
| Details | Traditional audit - auditing enabled: CREATE SESSION | ||
| Remarks | Successful user connections to the database should be audited to assist with future forensic analysis. Unsuccessful connection attempts can provide early warning of an attacker's attempt to gain access to the database. | ||
| AUDIT.FGA | |||
| Status | Opportunity | ||
| Summary | No fine grained audit policies found. | ||
| Details | Users with EXECUTE on SYS.DBMS_FGA: BCKDP, BCK_DBA, SYSTEM | ||
| Remarks | Fine Grained Audit policies can record highly specific activity, such as access to particular table columns or access that occurs under specified conditions. This is a useful way to monitor unexpected data access while avoiding unnecessary audit records that correspond to normal activity. | ||
| Name | Value |
|---|---|
| AUDIT_FILE_DEST | /o11xxx/app/oracle/admin/SAMPLE/adump |
| AUDIT_SYSLOG_LEVEL | |
| AUDIT_SYS_OPERATIONS | FALSE |
| AUDIT_TRAIL | DB |
| COMPATIBLE | 11.2.0.0.0 |
| DISPATCHERS | (PROTOCOL=TCP) (SERVICE=SAMPLEXDB) |
| GLOBAL_NAMES | FALSE |
| LDAP_DIRECTORY_ACCESS | NONE |
| LDAP_DIRECTORY_SYSAUTH | no |
| O7_DICTIONARY_ACCESSIBILITY | FALSE |
| OS_AUTHENT_PREFIX | ops$ |
| OS_ROLES | FALSE |
| REMOTE_LISTENER | |
| REMOTE_LOGIN_PASSWORDFILE | EXCLUSIVE |
| REMOTE_OS_AUTHENT | FALSE |
| REMOTE_OS_ROLES | FALSE |
| RESOURCE_LIMIT | FALSE |
| SEC_CASE_SENSITIVE_LOGON | FALSE |
| SEC_MAX_FAILED_LOGIN_ATTEMPTS | 10 |
| SEC_PROTOCOL_ERROR_FURTHER_ACTION | CONTINUE |
| SEC_PROTOCOL_ERROR_TRACE_ACTION | TRACE |
| SEC_RETURN_SERVER_RELEASE_BANNER | FALSE |
| SQL92_SECURITY | FALSE |
| UTL_FILE_DIR |
| CONF.SYSOBJ | |||
| Status | Pass | ||
| Summary | Access to dictionary objects is properly limited. | ||
| Details | O7_DICTIONARY_ACCESSIBILITY=FALSE | ||
| Remarks | When O7_DICTIONARY_ACCESSIBILITY is set to FALSE, tables owned by SYS are not affected by the ANY TABLE system privileges. This parameter should always be set to FALSE because tables owned by SYS control the overall state of the database and should not be subject to manipulation by users with ANY TABLE privileges. | ||
| CONF.INFER | |||
| Status | Significant Risk | ||
| Summary | UPDATE and DELETE statements can be used to infer data values. | ||
| Details | SQL92_SECURITY=FALSE. Recommended value is TRUE. | ||
| Remarks | When SQL92_SECURITY is set to TRUE, UPDATE and DELETE statements that refer to a column in their WHERE clauses will succeed only when the user has the privilege to SELECT from the same column. This parameter should be set to TRUE so that this requirement is enforced in order to prevent users from inferring the value of a column which they do not have the privilege to view. | ||
| CONF.NETCOM | |||
| Status | Significant Risk | ||
| Summary | Examined 3 initialization parameters. Found 1 issue. | ||
| Details |
SEC_PROTOCOL_ERROR_FURTHER_ACTION=CONTINUE. Recommended value is
(DELAY,integer) or (DROP,integer).
SEC_PROTOCOL_ERROR_TRACE_ACTION=TRACE
SEC_RETURN_SERVER_RELEASE_BANNER=FALSE
| ||
| Remarks | The SEC_PROTOCOL_ERROR parameters control the database server's response when it receives malformed network packets from a client. Because these malformed packets may indicate an attempted attack by a malicious client, the parameters should be set to log the incident and terminate the connection. SEC_RETURN_SERVER_RELEASE_BANNER should be set to FALSE to limit the information that is returned to an unauthenticated client, which could be used to help determine the server's vulnerability to a remote attack. | ||
| CONF.EXTAUTH | |||
| Status | Pass | ||
| Summary | Examined 2 initialization parameters. No issues found. | ||
| Details | REMOTE_OS_ROLES=FALSE OS_ROLES=FALSE | ||
| Remarks | The OS_ROLES and REMOTE_OS_ROLES parameters determine whether roles granted to users are controlled by GRANT statements in the database or by the operating system environment. Both parameters should be set to FALSE so that the authorizations of database users are managed by the database itself. | ||
| CONF.FILESYS | |||
| Status | Pass | ||
| Summary | Examined 1 initialization parameter. No issues found. | ||
| Details | UTL_FILE_DIR='' | ||
| Remarks | The UTL_FILE_DIR parameter controls which part of the server's file system can be accessed by PL/SQL code. Note that as the directories specified in the UTL_FILE_DIR parameter may be accessed by any database user, it should be set to specify one or more safe directories that do not contain restricted files such as the configuration or data files for the database. For maximum security, use directory objects which allow finer grained control of access, rather than relying on this parameter. | ||
| CONF.TRIG | |||
| Status | Some Risk | ||
| Summary | Found 1 logon trigger. Found 7 disabled triggers. | ||
| Details |
Logon triggers: SYS.TR_DB_LOGON(ENABLED)
Disabled triggers: EXFSYS.EXPFIL_ALTEREXPTAB_MAINT,
EXFSYS.EXPFIL_DROPOBJ_MAINT, EXFSYS.EXPFIL_DROPUSR_MAINT,
EXFSYS.EXPFIL_RESTRICT_TYPEEVOLVE, EXFSYS.RLMGR_TRUNCATE_MAINT,
SAR.XXX, SAR_CUP.DS_STDF_VERIFICA_INS
| ||
| Remarks | A trigger is code that executes whenever a specific event occurs, such as inserting data in a table or connecting to the database. Disabled triggers are a potential cause for concern because whatever protection or monitoring they may be expected to provide is not active. | ||
| CONF.CONST | |||
| Status | Some Risk | ||
| Summary | Found 7 disabled constraints. | ||
| Details |
Disabled constraints: FK_AMB_USRS_USERS_USR_AMB_USER on
SAR_CUP.AMB_USRS_DOMS_APPS, FK_AMB_USRS_USRDOMAPP_APP on
SAR_CUP.AMB_USRS_ROLES_DOMS_APPS, ANGR_ANAR_CHIAVE_CRITERIO_CK on
SAR_CUP.DE_ANAGRAFICHE, CNNS_USRS_FK on SAR_CUP.DE_CONNESSIONI,
ASSN_USL_UK on SAR_CUP.DS_ASS, OPSN_CODM_UK on
SAR_CUP.DS_OPERATORI_SNTR, CKC_TIPO_FUNZIONE_GYP_FUNZ on
SAR_G2CLIN.GYP_FUNZIONI
| ||
| Remarks | Constraints are used to enforce and guarantee specific relationships between data items stored in the database. Disabled constraints are a potential cause for concern because the conditions they ensure are not enforced. | ||
| CONF.EXTPROC | |||
| Status | Evaluate | ||
| Summary | Found 2 external procedures. No external services found. | ||
| Details | External procedures: ORDSYS.ORDIMLIBS, SYS.DBMS_SUMADV_LIB | ||
| Remarks | External procedures allow code written in other languages to be executed from PL/SQL. Note that modifications to external code cannot be controlled by the database. Be careful to ensure that only trusted code libraries are available to be executed. Although the database can spawn its own process to execute the external procedure, it is advisable to configure a listener service for this purpose so that the external code can run as a less-privileged OS user. The listener configuration should set EXTPROC_DLLS to identify the specific shared library code that can be executed rather than using the default value ANY. | ||
| CONF.DIR | |||
| Status | Severe Risk | ||
| Summary | Found 21 directory objects. No directory objects allow access to restricted Oracle directory paths. Found 11 directory objects with both write and execute access. | ||
| Details |
Directory Name: DATAPUMP
Path = /u02/trans_asv_2/Adam/DataPump/
Users or roles with access: EI(EXECUTE), EI(READ), EI(WRITE)
Directory Name: DATAPUMP_GBR
Path = /u02/trans_asv_2/Adam/DataPump/
Directory Name: DATA_PUMP_DIR
Path = /o11xxx/app/oracle/admin/SAMPLE/dpdump/
Users or roles with access: EXP_FULL_DATABASE(READ),
EXP_FULL_DATABASE(WRITE), IMP_FULL_DATABASE(READ),
IMP_FULL_DATABASE(WRITE)
Directory Name: DATA_PUMP_DIR_DEF_SKED
Path = /bck_DP/definizioni/SAMPLE/
Users or roles with access: BCKDP(READ), BCKDP(WRITE),
EXP_FULL_DATABASE(READ), EXP_FULL_DATABASE(WRITE),
IMP_FULL_DATABASE(READ), IMP_FULL_DATABASE(WRITE), SYSTEM(EXECUTE),
SYSTEM(READ), SYSTEM(WRITE)
Directory Name: DATA_PUMP_DIR_SKED
Path = /bck_DP_SAMPLE/logici/SAMPLE/
Users or roles with access: BCKDP(READ), BCKDP(WRITE),
EXP_FULL_DATABASE(READ), EXP_FULL_DATABASE(WRITE),
IMP_FULL_DATABASE(READ), IMP_FULL_DATABASE(WRITE), SYSTEM(EXECUTE),
SYSTEM(READ), SYSTEM(WRITE)
Directory Name: DATA_PUMP_DIR_SKED_STORIC
Path = /bck_DP/logici/SAMPLE_STORIC/
Users or roles with access: BCKDP(READ), BCKDP(WRITE)
Directory Name: DATA_PUMP_DIR_SKED_TABLES
Path = /bck_DP_SAMPLE/logici/SAMPLE_TABLES/
Users or roles with access: BCKDP(READ), BCKDP(WRITE)
Directory Name: FWLOG_DIR
Path = /u02/dbaudit/log/
Users or roles with access: FWL(READ), FWL(WRITE), SYSTEM(READ),
SYSTEM(WRITE)
Directory Name: FWSPLUNK_DIR
Path = /u02/dbaudit/fw_ora_siem/
Users or roles with access: FWL(READ), FWL(WRITE), SYSTEM(READ),
SYSTEM(WRITE)
Directory Name: FW_DIR
Path = /u02/dbaudit/log/
Users or roles with access: FWL(READ), FWL(WRITE), SYSTEM(READ),
SYSTEM(WRITE)
Directory Name: HELLEN_EXP_DIR
Path = /u02/trans_asv_2/Hellen/
Users or roles with access: EI(READ), EI(WRITE), BCKDP(READ), BCKDP(WRITE),
SYSTEM(EXECUTE), SYSTEM(READ), SYSTEM(WRITE)
Directory Name: HELLEN_STORIC_DIR
Path = /bck_DP/Estemporanei/SAMPLE/
Users or roles with access: SYSTEM(EXECUTE), SYSTEM(READ), SYSTEM(WRITE)
Directory Name: MY_EXP_DIR
Path = /u02/trans_asv_2/Smith/10g/
Users or roles with access: SYSTEM(EXECUTE), SYSTEM(READ), SYSTEM(WRITE)
Directory Name: MY_EXP_DIR1
Path = /orabck_recovery_vcs3/Smith/V9/
Users or roles with access: SYSTEM(EXECUTE), SYSTEM(READ), SYSTEM(WRITE)
Directory Name: ORACLE_OCM_CONFIG_DIR
Path = /o11xxx/app/oracle/product/11g/ccr/state/
Users or roles with access: ORACLE_OCM(READ), ORACLE_OCM(WRITE)
Directory Name: REL_RP_01_ANAG
Path = /utl_db/shed/rel-01/anag/
Users or roles with access: SAR_ANAGRAFI(READ), SAR_ANAGRAFI(WRITE),
SYSTEM(EXECUTE), SYSTEM(READ), SYSTEM(WRITE)
Directory Name: REL_RP_01_REL_DB_EROG
Path = /utl_db/shed/rel-01/erog/
Users or roles with access: SAR_INDICE(READ), SAR_INDICE(WRITE),
SAR_INDICE_RW(READ), SAR_INDICE_RW(WRITE), SYSTEM(EXECUTE),
SYSTEM(READ), SYSTEM(WRITE)
Directory Name: REL_RP_01_REL_DB_FARM
Path = /utl_db/shed/rel-01/farm/
Users or roles with access: SAR_ANAGRAFI(READ), SAR_ANAGRAFI(WRITE),
SYSTEM(EXECUTE), SYSTEM(READ), SYSTEM(WRITE)
Directory Name: Adam
Path = /u02/trans_asv_2/Adam/
Directory Name: SERGEI_EXP_DIR
Path = /u02/trans_asv_2/Sergei/
Users or roles with access: SYSTEM(EXECUTE), SYSTEM(READ), SYSTEM(WRITE)
Directory Name: XMLDIR
Path = /o11xxx/app/oracle/product/11g/rdbms/xml/
Directories with both write and execute access: DATAPUMP,
DATA_PUMP_DIR_DEF_SKED, DATA_PUMP_DIR_SKED, HELLEN_EXP_DIR,
HELLEN_STORIC_DIR, MY_EXP_DIR, MY_EXP_DIR1, REL_RP_01_ANAG,
REL_RP_01_REL_DB_EROG, REL_RP_01_REL_DB_FARM, SERGEI_EXP_DIR
| ||
| Remarks | Directory objects allow access to the server's file system from PL/SQL code within the database. Access to files that are used by the database kernel itself should not be permitted, as this may alter the operation of the database and bypass its access controls. | ||
| CONF.LINKS | |||
| Status | Evaluate | ||
| Summary | Found 1 database link. | ||
| Details | Users with CREATE DATABASE LINK privilege: BCKDP, BCK_DBA, SYSTEM Users with CREATE PUBLIC DATABASE LINK privilege: BCKDP, BCK_DBA, SYSTEM Private links: SAR_STORIC_RW: STORICO_DBL (User SAR_STORIC_RW) | ||
| Remarks | Database links allow users to execute SQL statements that access tables in other databases. This allows for both querying and storing data on the remote database. | ||
| CONF.NETACL | |||
| Status | Evaluate | ||
| Summary | Found 1 network ACL. | ||
| Details | /sys/acls/Posta_elettronica.xml (Host: mail.xenialab.it, Ports: 25 - 25) Principal: PUBLIC, Action: deny, Privilege: connect Principal: PUBLIC, Action: deny, Privilege: resolve | ||
| Remarks | Network ACLs control the external servers that database users can access using network packages such as UTL_TCP and UTL_HTTP. Specifically, a database user needs the connect privilege to an external network host computer if he or she is connecting using the UTL_TCP, UTL_HTTP, UTL_SMTP, and UTL_MAIL utility packages. To convert between a host name and its IP address using the UTL_INADDR package, the resolve privilege is required. Make sure that these permissions are limited to the minimum required by each user. | ||
| CONF.XMLACL | |||
| Status | Evaluate | ||
| Summary | Found 7 XML Database ACLs. | ||
| Details |
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
contents, read-acl, resolve
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Public:All privileges to PUBLIC
Principal: PUBLIC, Action: grant, Privileges: all
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Private:All privileges to OWNER only and not accessible to
others
Principal: dav:owner, Action: grant, Privileges: all
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Read-Only:Readable by all and writeable by none
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
contents, read-acl, resolve
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Read-only privileges to anonymous
Principal: ANONYMOUS, Action: grant, Privileges: read-properties, read-
contents, resolve
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Protected:Readable by PUBLIC and all privileges to OWNER
Principal: dav:owner, Action: grant, Privileges: all
Principal: XDBADMIN, Action: grant, Privileges: all
Principal: PUBLIC, Action: grant, Privileges: read-properties, read-
contents, read-acl, resolve
Principal: ANONYMOUS, Action: grant, Privileges: read-properties, resolve
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd}
Description: Permessi per Posta_elettronica
No PrincipalPrincipal: PUBLIC, Action: grant, Privileges:
{http://xmlns.oracle.com/plsql}connect,
{http://xmlns.oracle.com/plsql}resolve
| ||
| Remarks | XML ACLs control access to database resources using the XML DB feature. Every resource in the Oracle XML DB Repository hierarchy has an associated ACL. The ACL mechanism specifies a privilege-based access control for resources to principals, which are database users or roles. Whenever a resource is accessed, a security check is performed, and the ACL determines if the requesting user has sufficient privileges to access the resource. Make sure that these privileges are limited to the minimum required by each user. | ||
| NET.CRYPT | |||
| Status | Significant Risk | ||
| Summary | Native encryption is partially enabled. Integrity check using checksums is partially enabled. | ||
| Details | SQLNET.ENCRYPTION_SERVER is not set (default value = ACCEPTED). SQLNET.CRYPTO_CHECKSUM_SERVER is not set (default value = ACCEPTED). Examined 3 listeners. LISTENER_XXX: IPC (0), TCP (1), TCPS (0) LISTENER_SAMPLE: IPC (1), TCP (1), TCPS (0) LISTENER_YYY: IPC (0), TCP (1), TCPS (0) SSL_CERT_REVOCATION is not set (default value = NONE). | ||
| Remarks | Network encryption protects the confidentiality and integrity of communication between the database server and its clients. Either Native Encryption or TLS should be enabled. For Native Encryption, both ENCRYPTION_SERVER and CRYPTO_CHECKSUM_SERVER should be set to REQUIRED. If TLS is used, TCPS should be specified for all network ports and SSL_CERT_REVOCATION should be set to REQUIRED. | ||
| NET.CLIENTS | |||
| Status | Significant Risk | ||
| Summary | Valid node check is not enabled. Neither TCP.INVITED_NODES nor TCP.EXCLUDED_NODES is set. | ||
| Details |
TCP.VALIDNODE_CHECKING is not set (default value = NO). Recommended value
is YES.
TCP.INVITED_NODES is not set.
TCP.EXCLUDED_NODES is not set.
| ||
| Remarks | TCP.VALIDNODE_CHECKING should be enabled to control which client nodes can connect to the database server. Either a whitelist of client nodes allowed to connect (TCP.INVITED_NODES) or a blacklist of nodes that are not allowed (TCP.EXCLUDED_NODES) may be specified. Configuring both lists is an error; only the invited node list will be used in this case. | ||
| NET.BANNER | |||
| Status | Some Risk | ||
| Summary | Connect banners are not fully configured. | ||
| Details |
SEC_USER_AUDIT_ACTION_BANNER is not set. Should be set to a proper value.
SEC_USER_UNAUTHORIZED_ACCESS_BANNER is not set. Should be set to a proper
value.
| ||
| Remarks | These banner messages are used to warn connecting users that unauthorized access is not permitted and that their activities may be audited. | ||
| NET.COST | |||
| Status | Significant Risk | ||
| Summary | Examined 3 listeners. Found 3 listeners not configured properly. | ||
| Details |
Listeners not configured properly: LISTENER_YYYY, LISTENER_SAMPLE,
LISTENER_XXXX
Parameter setting for LISTENER_YYYY:
DYNAMIC_REGISTRATION_LISTENER_YYYY is not set (default value = ON).
Recommended value is OFF.
VALID_NODE_CHECKING_REGISTRATION_LISTENER_YYYY is not set (default
value = OFF). Should not be set to OFF.
SECURE_PROTOCOL_LISTENER_YYYY is not set.
SECURE_CONTROL_LISTENER_YYYY is not set.
SECURE_REGISTER_LISTENER_YYYY is not set.
Parameter setting for LISTENER_SAMPLE:
DYNAMIC_REGISTRATION_LISTENER_SAMPLE is not set (default value = ON).
Recommended value is OFF.
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SAMPLE is not set (default
value = OFF). Should not be set to OFF.
SECURE_PROTOCOL_LISTENER_SAMPLE is not set.
SECURE_CONTROL_LISTENER_SAMPLE is not set.
SECURE_REGISTER_LISTENER_SAMPLE is not set.
Parameter setting for LISTENER_XXXX:
DYNAMIC_REGISTRATION_LISTENER_XXXX is not set (default value = ON).
Recommended value is OFF.
VALID_NODE_CHECKING_REGISTRATION_LISTENER_XXXX is not set (default
value = OFF). Should not be set to OFF.
SECURE_PROTOCOL_LISTENER_XXXX is not set.
SECURE_CONTROL_LISTENER_XXXX is not set.
SECURE_REGISTER_LISTENER_XXXX is not set.
| ||
| Remarks | These parameters are used to limit changes to the network listener configuration. One of the following restrictions should be implemented: (a) prevent changes by disabling DYNAMIC_REGISTRATION, (b) limit the nodes that can make changes by enabling VALID_NODE_CHECKING_REGISTRATION, or (c) limit the network sources for changes using the COST parameters SECURE_PROTOCOL, SECURE_CONTROL, and SECURE_REGISTER. | ||
| NET.LISTENLOG | |||
| Status | Pass | ||
| Summary | Examined 3 listeners. Found 0 listeners not configured properly. | ||
| Details |
Listeners configured properly: LISTENER_YYYY, LISTENER_SAMPLE,
LISTENER_XXXX
Parameter setting for LISTENER_YYYY:
LOGGING_LISTENER_YYYY is not set (default value = ON).
Parameter setting for LISTENER_SAMPLE:
LOGGING_LISTENER_YYYYLISTENER_SAMPLE is not set (default value = ON).
Parameter setting for LISTENER_XXXX:
LOGGING_LISTENER_YYYYLISTENER_SAMPLELISTENER_XXXX is not set
(default value = ON).
| ||
| Remarks | This parameter enables logging of listener activity. Log information can be useful for troubleshooting and to provide early warning of attempted attacks. | ||
| OS.AUTH | |||
| Status | Evaluate | ||
| Summary | 18 OS users can connect to the database via OS authentication. | ||
| Details |
SYSDBA [dba group]: postgres, devadm, oradev, smnadm,
orasmn, gw1adm, gw5adm, gw2adm, qasadm, oraqas, prdadm,
oraprd, gw6adm, gw8adm
SYSOPER [dba group]: postgres, devadm, oradev, smnadm,
orasmn, gw1adm, gw5adm, gw2adm, qasadm, oraqas, prdadm,
oraprd, gw6adm, gw8adm
| ||
| Remarks | OS authentication allows operating system users within the specified user group to connect to the database with administrative privileges. This shows the OS group names and users that can exercise each administrative privilege. | ||
| OS.PMON | |||
| Status | Pass | ||
| Summary | Found 4 PMON processes. The owner of the PMON process matches the ORACLE_HOME owner. | ||
| Details |
PMON process: ora_pmon_SAMPLE, Owner: o11xxx
ORACLE_HOME owner: o11xxx
Other PMON processes found:
Owner: 10072, Command: ora_pmon_YYYY
Owner: o11regp, Command: ora_pmon_ZZZZ
Owner: 10072, Command: ora_pmon_AAAA
| ||
| Remarks | The PMON process monitors user processes and frees resources when they terminate. This process should run with the user ID of the ORACLE_HOME owner. | ||
| OS.AGENT | |||
| Status | Pass | ||
| Summary | Found 3 Agent processes. Agent process owners do not overlap with Listener or PMON process owners. | ||
| Details |
Owner: root
Command: /opt/VRTSagents/ha/bin/Netlsnr/NetlsnrAgent -type Netlsnr -agdir
/opt/VRTSagents/ha/bin/Netlsnr
Owner: root
Command: /opt/VRTSagents/ha/bin/Oracle/OracleAgent -type Oracle -agdir
/opt/VRTSagents/ha/bin/Oracle
Owner: root
Command: sh ./DB/check_db_badsess.agent.3
| ||
| Remarks | Agent processes are used by Oracle Enterprise Manager to monitor and manage the database. These processes should run with a user ID separate from the database and listener processes. | ||
| OS.LISTEN | |||
| Status | Some Risk | ||
| Summary | Found 4 Listener processes. Some Listener process owners overlap with Agent or PMON process owners. | ||
| Details |
Owner: 10072
Command: /o10yyy/app/oracle/product/10.2.0/bin/tnslsnr LISTENER_YYYY
-inherit
Owner: o11xxx
Command: /o11xxx/app/oracle/product/11g/bin/tnslsnr LISTENER_SAMPLE
-inherit
Owner: o11regp
Command: /o11zzz/app/oracle/product/11g/bin/tnslsnr LISTENER_ZZZZ
-inherit
Owner: 10072
Command: /o10aaa/app/oracle/product/10.2.0/bin/tnslsnr LISTENER_AAAA
-inherit
| ||
| Remarks | Listener processes accept incoming network connections and connect them to the appropriate database server process. These processes should run with a user ID separate from the database and agent processes. | ||
| OS.FILES | |||
| Status | Significant Risk | ||
| Summary | Examined 354 files. Found 6 errors. | ||
| Details | ORACLE_HOME: /o11xxx/app/oracle/product/11g ORACLE_HOME owner: o11xxx Directories: 2 (0 permission errors) Executables in $ORACLE_HOME/bin: 333 (0 permission errors) Configuration files in $TNS_ADMIN: 2 (0 permission errors) Data files in $ORACLE_HOME/dbs: 17 (2 permission errors) Files with permission errors: dbs/init.ora (rw-r--r-- should be rw-r-----) dbs/initSAMPLE.ora (rw-r--r-- should be rw-r-----) Files or directories with unexpected owner: bin/extjob (owner = root) bin/nmb (owner = root) bin/nmhs (owner = root) bin/nmo (owner = root) | ||
| Remarks | The ORACLE_HOME directory and its subdirectories contain files that are critical to the correct operation of the database, including executable programs, data files, and configuration files. Operating system file permissions must not allow these files to be modified by users other than the ORACLE_HOME owner and must not allow other users to directly read the contents of Oracle data files. | ||
Skipped Inactive Users
Skipped Privilege Analysis
Skipped ENCRYPT_NEW_TABLESPACES Parameter Check
Skipped Redaction Policies
Skipped RAS Policies
Skipped TSDP Policies
Skipped Unified Audit Policies
This report is focused on detecting areas of potential security vulnerabilities or misconfigurations and providing recommendations on how to mitigate those potential vulnerabilities.
The report provides a view on the current status. These recommendations are provided for informational purposes only and should not be used as a substitute for a thorough analysis or interpreted to contain any legal or regulatory advice or guidance.
You are solely responsible for your system, and the data and information gathered during the production of this report. You are also solely responsible for the execution of software to produce this report, and for the effect and results of the execution of any mitigating actions identified herein.
Oracle provides this analysis on an "as is" basis without warranty of any kind and Oracle hereby disclaims all warranties and conditions whether express, implied or statutory.