UCF STIG Viewer Logo

All use of privileged accounts must be audited.


Overview

Finding ID Version Rule ID IA Controls Severity
V-61595 O121-C2-004200 SV-76085r2_rule Medium
Description
This is intended to limit exposure, by making it possible to trace any unauthorized access, by a privileged user account or role that has permissions on security functions or security-relevant information, to other data or functionality.
STIG Date
Oracle Database 12c Security Technical Implementation Guide 2017-04-05

Details

Check Text ( C-62467r3_chk )
Review auditing configuration.

If it is possible for a privileged user/role to access non-security functions or information without having the action recorded in the audit log, this is a finding.

To obtain a list of unified auditing policies that have been defined, run the query:
SELECT unique policy_name from AUDIT_UNIFIED_POLICIES;

To obtain a list of unified auditing policies that have been enabled and the users for which it has been enabled, run the query:
SELECT unique policy_name, user_name from AUDIT_UNIFIED_ENABLED_POLICIES;

Unless otherwise required, verify that user_name is set to 'ALL USERS' to insure that the activity of administrative users is being logged.
Fix Text (F-67511r1_fix)
Configure DBMS auditing so that all use of privileged accounts is recorded in the audit log.