UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Oracle REMOTE_OS_AUTHENT parameter should be set to FALSE.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2554 DO3538-ORACLE11 SV-24911r2_rule IAIA-1 IAIA-2 High
Description
Setting this value to TRUE allows operating system authentication over an unsecured connection. Trusting remote operating systems can allow a user to impersonate another operating system user and connect to the database without having to supply a password. If REMOTE_OS_AUTHENT is set to true, the only information a remote user needs to connect to the database is the name of any user whose account is setup to be authenticated by the operating system.
STIG Date
Oracle Database 11g Instance STIG 2015-03-26

Details

Check Text ( C-29467r2_chk )
From SQL*Plus:

select value from v$parameter where name = 'remote_os_authent';

If the value returned does not equal FALSE, this is a Finding.
Fix Text (F-26531r1_fix)
Document remote OS authentication in the System Security Plan.

If not required or not mitigated to an acceptable level, disable remote OS authentication.

From SQL*Plus:

alter system set remote_os_authent = FALSE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.