UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Database executable and configuration files should be monitored for unauthorized modifications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2420 DG0010-ORACLE10 SV-24596r1_rule DCSL-1 Low
Description
Changes to files in the DBMS software directory including executable, configuration, script, or batch files can indicate malicious compromise of the software files. Changes to non-executable files, such as log files and data files, do not usually reflect unauthorized changes, but are modified by the DBMS as part of normal operation. These modifications can be ignored.
STIG Date
Oracle 10 Database Installation STIG 2014-01-14

Details

Check Text ( C-17064r1_chk )
Ask the DBA to describe/demonstrate any software modification detection procedures in place and request documents of these procedures for review.

Verify by reviewing reports for inclusion of the DBMS executable and configuration files.

If documented procedures and proof of implementation does not exist that includes review of the database software directories and database application directories, this is a Finding.
Fix Text (F-2640r1_fix)
Develop, document and implement procedures to monitor changes made to the DBMS software.

Identify all database files and directories to be included in the host system or database backups and provide these to the person responsible for backups.

For Windows systems, you can use the dir /s > filename.txt run weekly to store and compare file modification/creation dates and file sizes using the DOS fc command.

For UNIX systems, you can use the ls –as >filename.txt command to store and compare (diff command) file statistics for comparison.

These are not as comprehensive as some tools available, but may be enhanced by including checks for checksums or file hashes.