Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Changes to configuration options are not audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15645 | DG0142-ORACLE10 | SV-24804r2_rule | ECAR-3 | Medium |
| Description |
|---|
| The AUDIT_SYS_OPERATIONS parameter is used to enable auditing of actions taken by the user SYS. The SYS user account is a shared account by definition and holds all privileges in the Oracle database. It is the account accessed by users connecting to the database with SYSDBA or SYSOPER privileges. |
| STIG | Date |
|---|---|
| Oracle Database 10g Instance STIG | 2014-04-02 |
Details
| Check Text ( C-29370r2_chk ) |
|---|
| From SQL*Plus: select value from v$parameter where name = 'audit_sys_operations'; If the value returned is FALSE, this is a Finding. |
| Fix Text (F-26395r1_fix) |
|---|
| From SQL*Plus: alter system set audit_sys_operations = TRUE scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup. |