Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15111 | DG0042-ORACLE11 | SV-24379r1_rule | ECLP-1 | Medium |
Description |
---|
The DBMS software installation account is granted privileges not required for DBA or other functions. Use of accounts configured with excess privileges may result in unauthorized or unintentional compromise of the DBMS. |
STIG | Date |
---|---|
Oracle Database 11g Installation STIG | 2014-04-02 |
Check Text ( C-29145r1_chk ) |
---|
Review the DBMS account usage log for use of the Oracle DBMS software installation account. Interview personnel authorized to access the DBMS software installation account to ask how the account is used. If any usage of the account is to support daily operations or general DBA responsibilities, this is a Finding. NOTE: On Windows systems, the Oracle DBMS software is installed using an account with administrator privileges. Ownership should be reassigned to a dedicated OS account used to operate the DBMS software. Except where a change in ownership is made to files/directories during a software update, any check results are not a Finding. |
Fix Text (F-26154r1_fix) |
---|
Develop, document, implement procedures, and train authorized users to restrict usage of the DBMS software installation account for DBMS software installation, upgrade and maintenance only where applicable. For Windows systems, reapplication of the fix for Check DG0019 may be necessary to reestablish correct file/directory ownership. |