UCF STIG Viewer Logo

Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15111 DG0042-ORACLE10 SV-24378r1_rule ECLP-1 Medium
Description
The DBMS software installation account is granted privileges not required for DBA or other functions. Use of accounts configured with excess privileges may result in unauthorized or unintentional compromise of the DBMS.
STIG Date
Oracle Database 10g Installation STIG 2014-04-02

Details

Check Text ( C-29144r1_chk )
Review the DBMS account usage log for use of the Oracle DBMS software installation account.

Interview personnel authorized to access the DBMS software installation account to ask how the account is used.

If any usage of the account is to support daily operations or general DBA responsibilities, this is a Finding.

NOTE: On Windows systems, the Oracle DBMS software is installed using an account with administrator privileges. Ownership should be reassigned to a dedicated OS account used to operate the DBMS software. Except where a change in ownership is made to files/directories during a software update, any check results are not a Finding.
Fix Text (F-26153r1_fix)
Develop, document, implement procedures, and train authorized users to restrict usage of the DBMS software installation account for DBMS software installation, upgrade and maintenance only where applicable.

For Windows systems, reapplication of the fix for Check DG0019 may be necessary to reestablish correct file/directory ownership.