Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15644 | DG0141-ORACLE10 | SV-24800r1_rule | ECAR-2 ECAR-3 | Medium |
Description |
---|
Configuring proper auditing is critical to recording any malicious events or detecting when attacks on the database occur. Auditing can be turned on for any SQL statement or any use of a system privilege. Auditing can be enabled for all users (system wide) or for specific users. You may indicate whether one audit record for each access to an object or one audit record for the entire session is generated. You can enable auditing for commands that result in success, commands that result in failure, or both. Not all audit options can be audited by session. Audit options set using the BY SESSION clause for those actions that will not produce a session audit record will default to BY ACCESS. |
STIG | Date |
---|---|
Oracle 10 Database Instance STIG | 2014-01-14 |
Check Text ( None ) |
---|
None |
Fix Text (F-22790r1_fix) |
---|
There are three (3) types of auditable events: 1) Use of system privileges, 2) Use of object privileges, and 3) Issuance of statements. Activating some auditing options sometimes activates others. For example, the use of a system privilege requires the issuance of a system command. Auditing for use of the privilege also audits for the statement. Configure auditing for Oracle as follows: From SQL*Plus: audit all by access; audit all privileges by access; audit alter java class by access; audit alter java resource by access; audit alter java source by access; audit alter sequence by access; audit alter table by access; audit comment table by access; audit create java class by access; audit create java resource by access; audit create java source by access; audit debug procedure by access; audit drop java class by access; audit drop java resource by access; audit drop java source by access; audit exempt access policy by access; audit exempt identity policy by access; audit grant directory by access; audit grant procedure by access; audit grant sequence by access; audit grant table by access; audit grant type by access; audit sysdba by access; audit sysoper by access; The following SQL statements will disable audits set by the commands above that are not required: noaudit execute library; audit rename on default by access; If application objects have already been created, then the audit rename on object statement should be issued for all application objects. From SQL*Plus: audit rename on [application object name] by access; |