All applications that access the database should be logged in the audit trail.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3807 | DG0052-ORACLE11 | SV-24626r1_rule | Medium |
| Description |
|---|
| Protections and privileges are designed within the database to correspond to access via authorized software. Use of unauthorized software to access the database could indicate an attempt to bypass established permissions. Reviewing the use of application software to the database can lead to discovery of unauthorized access attempts. |
| STIG | Date |
|---|---|
| Oracle Database 11g Installation STIG | 2017-06-29 |
Details
| Check Text ( C-29151r1_chk ) |
|---|
| Review the DBMS audit trail to determine if the names [or unique identifiers] of applications used to connect to the database are included. If an alternate method other than DBMS logging is authorized and implemented, review the audit trail to determine if the names [or unique identifiers] of applications used to connect to the database are included. If application access to the DBMS is not being audited, this is a Finding. If auditing does not capture the name [or unique identifier] of applications accessing the DBMS at a minimum, this is a Finding. |
| Fix Text (F-26162r1_fix) |
|---|
| Modify auditing to ensure audit records include identification of applications used to access the DBMS. Ensure auditing captures the name [or unique identifier] of applications accessing the DBMS at a minimum. Develop or procure a 3rd-party solution where native DBMS logging is not employed or does not capture required information. |