Scribd
Upload
128 views

CIS Oracle Database 12c Benchmark v3.0.0

The document provides guidelines for securing an Oracle database, including requirements for installation and patching, parameter settings, connection restrictions, user management, privileges and grants, and audit policies. It contains over 25 sections that describe specific configuration settings and privileges that should be reviewed and restricted to harden the database security. The focus is on limiting access, enforcing authentication and authorization, and enabling comprehensive auditing.

Uploaded by

Jesus David Duarte Prado
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
128 views

CIS Oracle Database 12c Benchmark v3.0.0

The document provides guidelines for securing an Oracle database, including requirements for installation and patching, parameter settings, connection restrictions, user management, privileges and grants, and audit policies. It contains over 25 sections that describe specific configuration settings and privileges that should be reviewed and restricted to harden the database security. The focus is on limiting access, enforcing authentication and authorization, and enabling comprehensive auditing.

Uploaded by

Jesus David Duarte Prado
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Oracle Database Installation and Patching Requirements


1.1  Ensure the Appropriate Version/Patches for Oracle Software Is Installed (Not Scored)
2  Oracle Parameter Settings
2.1  Listener Settings
2.1.1  Ensure 'SECURE_CONTROL_' Is Set In 'listener.ora' (Scored)
2.1.2  Ensure 'extproc' Is Not Present in 'listener.ora' (Scored)
2.1.3  Ensure 'ADMIN_RESTRICTIONS_' Is Set to 'ON' (Scored)
2.1.4  Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' (Scored)
2.2  Database Settings
2.2.1  Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE' (Scored)
2.2.2  Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED' (Scored)
2.2.3  Ensure 'GLOBAL_NAMES' Is Set to 'TRUE' (Scored)
2.2.4  Ensure 'O7_DICTIONARY_ACCESSIBILITY' Is Set to 'FALSE' (Scored)
2.2.5  Ensure 'OS_ROLES' Is Set to 'FALSE' (Scored)
2.2.6  Ensure 'REMOTE_LISTENER' Is Empty (Scored)
2.2.7  Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE' (Scored)
2.2.8  Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' (Scored)
2.2.9  Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' (Scored)
2.2.10  Ensure 'UTL_FILE_DIR' Is Empty (Scored)
2.2.11  Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' (Scored)
2.2.12  Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less (Scored)
2.2.13  Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3' (Scored)
2.2.14  Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG' (Scored)
2.2.15  Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE' (Scored)
2.2.16  Ensure 'SQL92_SECURITY' Is Set to 'TRUE' (Scored)
2.2.17  Ensure '_trace_files_public' Is Set to 'FALSE' (Scored)
2.2.18  Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE' (Scored)
3  Oracle Connection and Login Restrictions
3.1  Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' (Scored)
3.2  Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' (Scored)
3.3  Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' (Scored)
3.4  Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20' (Scored)
3.5  Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365' (Scored)
3.6  Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' (Scored)
3.7  Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles (Scored)
3.8  Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' (Scored)
3.9  Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120' (Scored) 76
4  Users
4.1  Ensure All Default Passwords Are Changed (Scored)
4.2  Ensure All Sample Data And Users Have Been Removed (Scored)
4.3  Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any User (Scored)
4.4  Ensure No Users Are Assigned the 'DEFAULT' Profile (Scored)
4.5  Ensure 'SYS.USER$MIG' Has Been Dropped (Scored)
4.6  Ensure No Public Database Links Exist (Scored)
5  Privileges & Grants & ACLs
5.1  Excessive Table, View and Package Privileges
5.1.1  Public Privileges
5.1.1.1  Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Network" Packages (Scored)
5.1.1.2  Ensure 'EXECUTE' is revoked from 'PUBLIC' on "File System" Packages (Scored)
5.1.1.3  Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Encryption" Packages (Scored)
5.1.1.4  Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Java" Packages (Scored)
5.1.1.5  Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Job Scheduler" Packages (Scored)
5.1.1.6  Ensure 'EXECUTE' is revoked from 'PUBLIC' on "SQL Injection Helper" Packages (Scored)
5.1.2  Non-Default Privileges
5.1.2.1  Ensure 'EXECUTE' is not granted to 'PUBLIC' on "Non-default" Packages (Scored)
5.1.3  Other Privileges
5.1.3.1  Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$' (Scored)
5.1.3.2  Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%' (Scored)
5.1.3.3  Ensure 'ALL' Is Revoked on 'Sensitive' Tables (Scored)
5.2  Excessive System Privileges
5.2.1  Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.2  Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES' (Scored)
5.2.3  Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN' (Scored). 120
5.2.4  Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP' (Scored)
5.2.5  Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.6  Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.7  Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.8  Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.9  Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.10  Ensure 'CREATE PROCEDURE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.11  Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.12  Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.13  Ensure 'CREATE LIBRARY' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.14  Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.15  Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.2.16  Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.3  Excessive Role Privileges
5.3.1  Ensure 'DELETE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.3.2  Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.3.3  Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE' (Scored)
5.3.4  Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE' (Scored)
6  Audit/Logging Policies and Procedures
6.1  Traditional Auditing
6.1.1  Ensure the 'USER' Audit Option Is Enabled (Scored)
6.1.2  Ensure the 'ROLE' Audit Option Is Enabled (Scored)
6.1.3  Ensure the 'SYSTEM GRANT' Audit Option Is Enabled (Scored)
6.1.4  Ensure the 'PROFILE' Audit Option Is Enabled (Scored)
6.1.5  Ensure the 'DATABASE LINK' Audit Option Is Enabled (Scored)
6.1.6  Ensure the 'PUBLIC DATABASE LINK' Audit Option Is Enabled (Scored)
6.1.7  Ensure the 'PUBLIC SYNONYM' Audit Option Is Enabled (Scored)
6.1.8  Ensure the 'SYNONYM' Audit Option Is Enabled (Scored)
6.1.9  Ensure the 'DIRECTORY' Audit Option Is Enabled (Scored)
6.1.10  Ensure the 'SELECT ANY DICTIONARY' Audit Option Is Enabled (Scored)
6.1.11  Ensure the 'GRANT ANY OBJECT PRIVILEGE' Audit Option Is Enabled (Scored)
6.1.12  Ensure the 'GRANT ANY PRIVILEGE' Audit Option Is Enabled (Scored)
6.1.13  Ensure the 'DROP ANY PROCEDURE' Audit Option Is Enabled (Scored) . 182
6.1.14  Ensure the 'ALL' Audit Option on 'SYS.AUD$' Is Enabled (Scored)
6.1.15  Ensure the 'PROCEDURE' Audit Option Is Enabled (Scored)
6.1.16  Ensure the 'ALTER SYSTEM' Audit Option Is Enabled (Scored)
6.1.17  Ensure the 'TRIGGER' Audit Option Is Enabled (Scored)
6.1.18  Ensure the 'CREATE SESSION' Audit Option Is Enabled (Scored)
6.2  Unified Auditing
6.2.1  Ensure the 'CREATE USER' Action Audit Is Enabled (Scored)
6.2.2  Ensure the 'ALTER USER' Action Audit Is Enabled (Scored)
6.2.3  Ensure the 'DROP USER' Audit Option Is Enabled (Scored)
6.2.4  Ensure the 'CREATE ROLE' Action Audit Is Enabled (Scored)
6.2.5  Ensure the 'ALTER ROLE' Action Audit Is Enabled (Scored)
6.2.6  Ensure the 'DROP ROLE' Action Audit Is Enabled (Scored)
6.2.7  Ensure the 'GRANT' Action Audit Is Enabled (Scored)
6.2.8  Ensure the 'REVOKE' Action Audit Is Enabled (Scored)
6.2.9  Ensure the 'CREATE PROFILE' Action Audit Is Enabled (Scored)
6.2.10  Ensure the 'ALTER PROFILE' Action Audit Is Enabled (Scored)
6.2.11  Ensure the 'DROP PROFILE' Action Audit Is Enabled (Scored)
6.2.12nsure the 'CREATE DATABASE LINK' Action Audit Is Enabled (Scored)218
6.2.13  Ensure the 'ALTER DATABASE LINK' Action Audit Is Enabled (Scored)
6.2.14  Ensure the 'DROP DATABASE LINK' Action Audit Is Enabled (Scored)
6.2.15  Ensure the 'CREATE SYNONYM' Action Audit Is Enabled (Scored)
6.2.16  Ensure the 'ALTER SYNONYM' Action Audit Is Enabled (Scored)
6.2.17  Ensure the 'DROP SYNONYM' Action Audit Is Enabled (Scored)
6.2.18  Ensure the 'SELECT ANY DICTIONARY' Privilege Audit Is Enabled (Scored)
6.2.19  Ensure the 'AUDSYS.AUD$UNIFIED' Access Audit Is Enabled (Scored)
6.2.20  Ensure the 'CREATE PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled (Scored)
6.2.21  Ensure the 'ALTER PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled (Scored)
6.2.22  Ensure the 'DROP PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled (Scored)
6.2.23  Ensure the 'ALTER SYSTEM' Privilege Audit Is Enabled (Scored)
6.2.24  Ensure the 'CREATE TRIGGER' Action Audit Is Enabled (Scored)
6.2.25  Ensure the 'ALTER TRIGGER' Action Audit IS Enabled (Scored)
6.2.26  Ensure the 'DROP TRIGGER' Action Audit Is Enabled (Scored)
6.2.27  Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is Enabled (Scored)
7  Appendix: Establishing an Audit/Scan User
8  Appendix: Establishing a Unified Audit Policy
ON' Set to 'YES' (Scored)
Enabled (Scored)
Enabled (Scored)
nabled (Scored)

You might also like