Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DBMS must have transaction journaling enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-52243 | O112-C2-012100 | SV-66459r1_rule | Medium |
| Description |
|---|
| Application recovery and reconstitution constitutes executing an information system contingency plan that is comprised of activities that restore essential missions and business functions. Database management systems and transaction-based processing systems are examples of information systems that are transaction-based. Transaction rollback and transaction journaling are examples of mechanisms supporting transaction recovery. The maintenance of data integrity involves preservation and control of not only the data contents, but the relationships between two or more related data items and the actions taken on one that may affect others. A DBMS provides data integrity that may be affected by incomplete or interrupted transactions by means of logging transaction events. This allows the database to recover data content to a point where the data content and its relationships are known to be intact. This data integrity is maintained when the data is undergoing a change or update event. Most DBMS's enable transaction rollback or recovery by default and as an automatic feature of database recovery. |
| STIG | Date |
|---|---|
| Oracle Database 11.2g Security Technical Implementation Guide | 2016-06-23 |
Details
| Check Text ( C-54299r1_chk ) |
|---|
| Review DBMS settings that enable or disable transaction journaling. If the DBMS is not capable of transaction journaling or if journaling is disabled, this is a finding. - - - - - Check to see what the current settings are in the database for creating a transaction journal, called the Oracle archive log. $ sqlplus / as sysdba --If you issue this command and the database log mode is "No Archive Mode", transaction journaling is not enabled and this is a finding. SQL> archive log list Database log mode No Archive Mode Automatic archival Disabled Archive destination USE_DB_RECOVERY_FILE_DEST Oldest online log sequence 427 Current log sequence 429 |
| Fix Text (F-57059r1_fix) |
|---|
| Enable transaction journaling for the database. - - - - - Check to see what the current settings are in the database for creating a transaction journal, called the Oracle archive log. $ sqlplus / as sysdba --If you issue this command and the database log mode is "No Archive Mode", transaction journaling is not enabled, and this is a finding. Complete the following steps to make sure Oracle transaction journaling is enabled. SQL> archive log list Database log mode No Archive Mode Automatic archival Disabled Archive destination USE_DB_RECOVERY_FILE_DEST Oldest online log sequence 427 Current log sequence 429 --Force a checkpoint to help and speed the database shutdown SQL> alter system checkpoint; System altered. --Shut down the database SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. --Start the database in mount mode SQL> startup mount ORACLE instance started. Total System Global Area 456146944 bytes Fixed Size 1344840 bytes Variable Size 373295800 bytes Database Buffers 75497472 bytes Redo Buffers 6008832 bytes Database mounted. --Enable archivelog in the database SQL> alter database archivelog; Database altered. --Open the database SQL> alter database open; Database altered. --Check the current archivelog mode in the database SQL> archive log list Database log mode Archive Mode Automatic archival Enabled Archive destination USE_DB_RECOVERY_FILE_DEST Oldest online log sequence 427 Next log sequence to archive 429 Current log sequence 429 |