The DBMS software installation account should be restricted to authorized users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2422 | DG0040-ORACLE10 | SV-24373r1_rule | ECLP-1 ECPA-1 | Medium |
| Description |
|---|
| DBA and other privileged administrative or application owner accounts are granted privileges that allow actions that can have a greater impact on database security and operation. It is especially important to grant access to privileged accounts to only those persons who are qualified and authorized to use them. |
| STIG | Date |
|---|---|
| Oracle 10 Database Installation STIG | 2014-01-14 |
Details
| Check Text ( C-29112r1_chk ) |
|---|
| Review documented and implemented procedures for controlling and granting access of the Oracle DBMS software installation account. If access or use of this account is not restricted to the minimum number of personnel required or unauthorized access to the account has been granted, this is a Finding. On UNIX systems: If the account is not disabled when not in use, this is a Finding. On Windows systems: The Oracle DBMS software is usually installed using an account with administrator privileges. Ownership is assigned to the account used to install the DBMS software. The creation of a dedicated Oracle OS account and change of ownership of all files in the %ORACLE_HOME% and %ORACLE_BASE% directories and subdirectories should be performed prior to placing the DBMS system into production. See checks DG0019, DO0120 and DG0102 for details on establishing a dedicated OS account for Oracle services on Windows platforms. |
| Fix Text (F-26115r1_fix) |
|---|
| Develop, document and implement procedures to restrict use of the Oracle DBMS software installation account. Ensure that the Oracle DBMS software installation account is locked when not in use. |