UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Remote administration must be disabled for the Oracle connection manager.


Overview

Finding ID Version Rule ID IA Controls Severity
V-219874 O121-BP-026500 SV-219874r879887_rule Medium
Description
Remote administration provides a potential opportunity for malicious users to make unauthorized changes to the Connection Manager configuration or interrupt its service.
STIG Date
Oracle Database 12c Security Technical Implementation Guide 2023-03-08

Details

Check Text ( C-21585r533132_chk )
View the cman.ora file in the ORACLE_HOME/network/admin directory.

If the file does not exist, the database is not accessed via Oracle Connection Manager and this check is not a finding.

If the entry and value for REMOTE_ADMIN is not listed or is not set to a value of NO (REMOTE_ADMIN = NO), this is a finding.
Fix Text (F-21584r533133_fix)
View the cman.ora file in the ORACLE_HOME/network/admin directory of the Connection Manager.

Include the following line in the file:

REMOTE_ADMIN = NO