UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Remote administration should be disabled for the Oracle connection manager.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16032 DO6747-ORACLE10 SV-24954r1_rule EBRP-1 Medium
Description
Remote administration provides a potential opportunity for malicious users to make unauthorized changes to the Connection Manager configuration or interrupt its service.
STIG Date
Oracle Database 10g Installation STIG 2014-04-02

Details

Check Text ( C-29492r1_chk )
View the cman.ora file in the ORACLE_HOME/network/admin directory.

If the file does not exist, the database is not accessed via Oracle Connection Manager and this check is Not a Finding.

If the entry and value for REMOTE_ADMIN is not listed or is not set to a value of NO (REMOTE_ADMIN = NO), this is a Finding.
Fix Text (F-26560r1_fix)
View the cman.ora file in the ORACLE_HOME/network/admin directory of the Connection Manager.

Include the following line in the file:

REMOTE_ADMIN = NO