Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-61427 | O121-BP-022000 | SV-75917r1_rule | High |
Description |
---|
Setting REMOTE_OS_ROLES to TRUE allows operating system groups to control Oracle roles. The default value of FALSE causes roles to be identified and managed by the database. If REMOTE_OS_ROLES is set to TRUE, a remote user could impersonate another operating system user over a network connection. |
STIG | Date |
---|---|
Oracle Database 12c Security Technical Implementation Guide | 2018-01-03 |
Check Text ( C-62317r1_chk ) |
---|
From SQL*Plus: select value from v$parameter where name = 'remote_os_roles'; If the returned value is not FALSE or not documented in the System Security Plan as required, this is a finding. |
Fix Text (F-67343r1_fix) |
---|
Document remote OS roles in the System Security Plan. If not required, disable use of remote OS roles. From SQL*Plus: alter system set remote_os_roles = FALSE scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup. |