Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Oracle REMOTE_OS_ROLES parameter should be set to FALSE.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2555 | DO3539-ORACLE10 | SV-24914r2_rule | ECLP-1 | High |
| Description |
|---|
| Setting REMOTE_OS_ROLES to TRUE allows operating system groups to control Oracle roles. The default value of FALSE causes roles to be identified and managed by the database. If REMOTE_OS_ROLES is set to TRUE, a remote user could impersonate another operating system user over a network connection. |
| STIG | Date |
|---|---|
| Oracle Database 10g Instance STIG | 2014-04-02 |
Details
| Check Text ( C-29468r2_chk ) |
|---|
| From SQL*Plus: select value from v$parameter where name = 'remote_os_roles'; If the returned value is not FALSE or not documented in the System Security Plan as required, this is a Finding. |
| Fix Text (F-26532r1_fix) |
|---|
| Document remote OS roles in the System Security Plan. If not required, disable use of remote OS roles. From SQL*Plus: alter system set remote_os_roles = FALSE scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup. |