Details

DBA and other privileged administrative or application owner accounts are granted privileges that allow actions that can have a greater impact on database security and operation. It is especially important to grant access to privileged accounts to only those persons who are qualified and authorized to use them.

Solution

Develop, document and implement procedures to restrict use of the Oracle DBMS software installation account.

Unix environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use, except in cases where this would interfere with required functionality. In such cases, prevent direct logon as the Oracle DBMS software installation account by locking its password; authorize the appropriate administrative users to operate as the Oracle DBMS software installation account via the ‘su’ or ‘sudo’ command.

Other environments:
Ensure that the Oracle DBMS software installation account is disabled when not in use.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-6b.
• CAT|II
• Rule-ID|SV-24374r2_rule
• STIG-ID|DG0040-ORACLE11
• Vuln-ID|V-2422

Source

• Tenable.com/audits