init.ora – ‘sql92_security = TRUE’
Details Enforce the requirement that a user must have SELECT privilege on a table in order to be able to...
- Home
- Security Hardening
- CIS V1.1.0 Oracle 11G OS L2
CIS V1.1.0 Oracle 11G OS L2
listener.ora – ‘admin_restrictions_listener_name = on’
Details alter its parameters without a restart of the listener. Not set and turned off by default. Supportive Information The...listener.ora – ‘Change standard ports’
Details NOTE: Change ORACLE_HOME to the full path of your organization’s Oracle directory. Supportive Information The following resource is also...listener.ora – ‘dynamic_registration_listener_name = OFF’
Details If DYNAMIC_REGISTRATION is turned on all registration connections are accepted by the listener. It is recommended that only static...listener.ora – ‘inbound_connect_timeout_listener = 2’
Details NOTE: Change LISTENER_NAME to the full path of your organization’s Listener name. Supportive Information The following resource is also...listener.ora – ‘secure_control_listener_name = (TCP,IPC)’
Details the listener will accept registration request from any transport. If only IPC or TCPS is required then set the...listener.ora – ‘secure_register_listener_name = (TCP,IPC)’
Details NOTE: Change LISTENER_NAME to the full path of your organization’s Listener name. Supportive Information The following resource is also...listener.ora, tnsnames.ora – ‘Disable external procedures’
Details Remove entries for external procedures from listener.ora or tnsnames.ora file. External procedures can call shared libraries on the host...listener.ora – ‘Use absolute paths in ENVS parameters’
Details Allowing overly broad PATH and CLASSPATH variables could allow an attacker to leverage pathing issues and load malicious binaries...listener.ora – ‘Use IP addresses rather than hostnames’
Details The listener must not be called by the default name as it is commonly known. A distinct name must...