The Oracle SID should not be the default SID.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3848 | DO0221-ORACLE11 | SV-24868r2_rule | Low |
| Description |
|---|
| Use of the default Oracle System Identifier (SID) leaves the database vulnerable to attacks that target Oracle installations running under default SID. Using a custom name helps protect the database against this kind of targeted attack. |
| STIG | Date |
|---|---|
| Oracle Database 11g Instance STIG | 2017-06-29 |
Details
| Check Text ( C-29424r2_chk ) |
|---|
| From SQL*Plus: select instance_name from v$instance; Review the instance name with the DBA. Ask the DBA if the instance name was chosen by the installer to conform to local naming conventions, etc. or if it was determined by the installation software. If it was named by the installation software, this is a Finding. |
| Fix Text (F-26451r1_fix) |
|---|
| Follow the instructions in Oracle MetaLink Note 15390.1 (and related documents) to change the SID for the database without re-creating the database to a value other than the application default. |