Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Remote administration should be disabled for the Oracle connection manager.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16032 | DO6747-ORACLE10 | SV-24954r1_rule | EBRP-1 | Medium |
| Description |
|---|
| Remote administration provides a potential opportunity for malicious users to make unauthorized changes to the Connection Manager configuration or interrupt its service. |
| STIG | Date |
|---|---|
| Oracle Database 10g Installation STIG | 2014-04-02 |
Details
| Check Text ( C-29492r1_chk ) |
|---|
| View the cman.ora file in the ORACLE_HOME/network/admin directory. If the file does not exist, the database is not accessed via Oracle Connection Manager and this check is Not a Finding. If the entry and value for REMOTE_ADMIN is not listed or is not set to a value of NO (REMOTE_ADMIN = NO), this is a Finding. |
| Fix Text (F-26560r1_fix) |
|---|
| View the cman.ora file in the ORACLE_HOME/network/admin directory of the Connection Manager. Include the following line in the file: REMOTE_ADMIN = NO |