Details

The admin_restrictions_ setting in the listener.ora file can require that any attempted real-time alteration of the parameters in the listener via the set command file be refused unless the listener.ora file is manually altered, then restarted by a privileged user.

Rationale:

Blocking unprivileged users from making alterations of the listener.ora file, where remote data/service settings are specified, will help protect data confidentiality.

Solution

To remediate this recommendation:
Use a text editor such as vi to set the admin_restrictions_ to the value ON.

Default Value:

Not set.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2868

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-2(9)
• CSCv6|5.1
• CSCv7|4.3

Source

• Tenable.com/audits