UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to default accounts used to support replication should be restricted to authorized DBAs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2516 DO0210-ORACLE11 SV-24862r1_rule IAGA-1 Medium
Description
Replication database accounts are used for database connections between databases. Replication requires the configuration of these accounts using the same username and password on all databases participating in the replication. Replication connections use fixed user database links. This means that access to the replication account on one server provides access to the other servers participating in the replication. Granting unauthorized access to the replication account provides unauthorized and privileged access to all databases participating in the replication group.
STIG Date
Oracle Database 11g Instance STIG 2015-12-21

Details

Check Text ( C-29420r1_chk )
From SQL*Plus:

select 'The number of replication objects defined is: '||
count(*) from all_tables
where table_name like 'REPCAT%';

If the count returned is 0, then Oracle Replication is not installed and this check is Not a Finding.

Otherwise:

From SQL*Plus:

select count(*) from sys.dba_repcatlog;

If the count returned is 0, then Oracle Replication is not in use and this check is Not a Finding.

If any results are returned, ask the IAO or DBA if the replication account (the default is REPADMIN, but may be customized) is restricted to IAO-authorized personnel only.

If it is not, this is a Finding.

If there are multiple replication accounts, confirm that all are justified and documented with the IAO.

If they are not, this is a Finding.
Fix Text (F-26447r1_fix)
Change the password for default and custom replication accounts and provide the password to IAO-authorized users only.