UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS audit logs should be included in backup operations.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15117 DG0176-ORACLE11 SV-24825r1_rule ECTB-1 Medium
Description
DBMS audit logs are essential to the investigation and prosecution of unauthorized access to the DBMS data. Unless audit logs are available for review, the extent of data compromise may not be determined and the vulnerability exploited may not be discovered. Undiscovered vulnerabilities could lead to additional or prolonged compromise of the data.
STIG Date
Oracle Database 11g Installation STIG 2015-06-23

Details

Check Text ( C-29390r1_chk )
Oracle audit events are logged to error logs, trace files, host system logs and may be stored in database tables.

For each Oracle database on the host, determine the location of the database audit trail.

From SQL*Plus:

select value from v$parameter where name = 'audit_trail';

If the audit trail is directed to database tables (DB*), ensure the audit table data is included in the database backups.

Backups of host system log files are covered in host system security reviews and are not covered here.

Other Oracle log files include:

- Listener trace file (specified in the listener.ora file)
- SQLNet trace file (specified in the sqlnet.ora file)
- Oracle database alert and trace files (specified in Oracle parameters):
-- audit_file_dest
-- db_recovery_file_dest
-- diagnostic_dest – 11.1 and higher
-- log_archive_dest
-- log_archive_dest_n

If evidence of inclusion of all audit log files in regular DBMS or host backups does not exist, this is a Finding.
Fix Text (F-26416r1_fix)
Document and implement locations of trace, log and alert locations in the System Security Plan.

Include all trace, log and alert files in regular backups.