The OS or application, or both, must, upon successful logon, display to the user the date and time of the users last logon.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-61863	O121-N3-005802	SV-76353r1_rule		Low

Description
Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the date and time of their last successful logon allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service-oriented architectures). Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of their account. This STIG requirement mandates the implementation of a method to mitigate Oracle's inability to display the data specified in the SRG. This assumes that the operating system is capable of displaying the specified data.

Description

Users need to be aware of activity that occurs regarding their application account. Providing users with information regarding the date and time of their last successful logon allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. This requirement is intended to cover both traditional interactive logons to information systems and general accesses to information systems that occur in other types of architectural configurations (e.g., service-oriented architectures). Unauthorized access to DBMS accounts may go undetected if account access is not monitored. Authorized users may serve as a reliable party to report unauthorized use of their account. This STIG requirement mandates the implementation of a method to mitigate Oracle's inability to display the data specified in the SRG. This assumes that the operating system is capable of displaying the specified data.

STIG	Date
Oracle Database 12c Security Technical Implementation Guide	2017-04-05

Details

Check Text ( C-62743r1_chk )
This requirement applies to interactive accounts only. Log on to each operating system where interactive Oracle users will communicate with the DBMS. If each OS displays the date and time of the user's last logon, this is not a finding. Log on to each interactive application that accesses the DBMS. If each application displays the date and time of the user's last logon, this is not a finding. By default, SQLPlus will display the user's last logon time. $ sqlplus auser/thepassword SQLPlus: Release 12.1.0.2.0 Production on Tue May 12 11:55:16 2015 Copyright (c) 1982, 2014, Oracle. All rights reserved. Last Successful logon time: Tue May 12 2015 11:54:54 -06:00 Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options SQL>

Check Text ( C-62743r1_chk )

This requirement applies to interactive accounts only.

Log on to each operating system where interactive Oracle users will communicate with the DBMS.

If each OS displays the date and time of the user's last logon, this is not a finding.

Log on to each interactive application that accesses the DBMS.

If each application displays the date and time of the user's last logon, this is not a finding.

By default, SQL*Plus will display the user's last logon time.

$ sqlplus auser/thepassword

SQL*Plus: Release 12.1.0.2.0 Production on Tue May 12 11:55:16 2015

Copyright (c) 1982, 2014, Oracle. All rights reserved.

Last Successful logon time: Tue May 12 2015 11:54:54 -06:00

Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

SQL>

Fix Text (F-67779r1_fix)
Modify OS logon behavior and/or application behavior to display the required data. By default, SQL*Plus will display the user's last logon time.