UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users should be alerted upon login of previous successful connections or unsuccessful attempts to access their account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15641 DG0135-ORACLE11 SV-24429r1_rule Medium
Description
Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of to their account.
STIG Date
Oracle Database 11g Instance STIG 2017-06-29

Details

Check Text ( C-29367r1_chk )
If the database does not store or process classified data, or user accounts are prohibited from accessing the database interactively, this check is Not a Finding.

NOTE: Per the STIG, The definition of an Interactive Database User can be considered an end-user who accesses the database interactively using tools like SQL*Plus, TOAD, etc. and not through a mid-tier application. Your DAA has the option to consider administration accounts (SYSDBA, SYSOPER, SCHEMA accounts and accounts assigned DBA privileges) as Interactive Database User accounts for the purposes of this check. The definition of an Interactive Database User should be documented in the System Security Plan.

Have the DBA perform an interactive logon test (via SQL*Plus) using a non-privileged account (and a privileged account if privileged accounts meet this requirement) to verify display of user access and account usage.

If the last successful and number of unsuccessful attempts since the last successful attempt are not reported, this is a Finding.
Fix Text (F-26391r1_fix)
Develop, document and implement an automated method to display at interactive logon the time and date of the last successful login and the number of failed login attempts since the last successful login for users that access the database interactively.

This may require a custom-developed logon trigger or procedure to accomplish.

NOTE: This may cause interaction/functionality problems with COTS applications not designed for this kind of interaction.