Académique Documents
Professionnel Documents
Culture Documents
The database should meet the criteria indicated in the security policy are highlighted below.
Following listed violations are against the security policy. Violations are listed in order of severity;
those exposing the highest risk.
Fix: Change the default password to a value that is difficult to guess. Change the
password for an account by executing the
following command:
ALTER USER <username> IDENTIFIED BY <new password>
Note: If you use Oracle Intelligent Agent and change the password for the DBSNMP account, you
must also place the new password in the snmp_rw.ora file.
Detailed Description: Oracle versions prior to 8.0 do not provide a mechanism to enforce
password strength. In Oracle 8.0 and higher, a password verification script can be used to
include some validation of password strength. Accounts configured with easily-guessed
passwords are targets for password guessing. This check ensures that account passwords are not
found in
the specified dictionary or are not one of the following common passwords:
- password same as the account name
- password same as the account name reversed
- password same as the server name
- password is the account name appended with a number between 1 and 100
Note: If you use Oracle Intelligent Agent and change the password for the DBSNMP account, you
must also place the new
password in the snmp_rw.ora file.
Modify the users associated with a profile by executing the following command:
ALTER USER <username> PROFILE <new profile>
Fix: Change the parameter to ensure that the line DBLINK_ENCRYPT_LOGIN = TRUE
appears in the init.ora configuration file. Restart the server for the setting to take effect.
NOTE: Oracle Version 7.1 or earlier will not run if you make this change.
Detailed Description: Oracle 8 introduced the ability to limit password lifetime through
the use of profiles. This check uses the built-in password aging functionality of Oracle for version
8 servers and higher. The password lifetime will be taken from the profile associated with the
accounts. Requiring password changes on a regular basis counters undetected password
compromises. By determining and setting an appropriate password lifetime, the security risk
associated with password authentication can be reduced. The longer a password is in use, the
more likely the password will become exposed, whether through brute force, eavesdropping, or
other avenues.
Fix: Remind users to change their passwords on a regular basis. Change a password by
executing the command ALTER
USER <username> IDENTIFIED BY <password>.
Fix: Drop the database link and create a link without specifying an account and
passwords. To drop a database link,
execute the command DROP DATABASE LINK <link name>. To re-create a link without hard
coding the password,
execute the command CREATE DATABASE LINK <link name> USING <connection string>.
Modify the users associated with a profile value by executing the following command:
ALTER USER <username> PROFILE <new profile>
Detailed Description: Accounts have been found with the RESOURCE role. The built-in
role RESOURCE is not recommended for application users. This role includes privileges that are
not required by most accounts functioning within the bounds of an application and conveys no
indication of the purpose of the privilege by its name.
Fix: Remove any accounts in the role and delete the role. Create a more appropriate role
with only the required permissions.
Detailed Description: Permissions on objects may be granted to users and roles and to
the user group PUBLIC. Because every database user is a member of the PUBLIC group, granting
object permissions to PUBLIC gives all users in the database access to that object. In a secure
environment, granting object permissions to PUBLIC should be restricted to those objects that all
users are allowed to access.
Fix: To revoke permissions from PUBLIC, execute the following statement: REVOKE
<privilege> ON <object> FROM PUBLIC.
UTL_FILE Permissions
Detailed Description: The UTL_FILE package allows Oracle accounts to read and write
files on the host operating system. Access to this package should be restricted.
Fix: Use the following command to revoke permissions from the UTL_FILE package:
REVOKE <privilege> ON SYS.UTL_FILE FROM <account/role>.
Modify the users associated with a profile value by executing the following command:
ALTER USER <username> PROFILE <new profile>
Detailed Description: A user having object privileges with the GRANT OPTION can grant
privileges to other users as if he were the owner of the object. Use of the WITH GRANT OPTION
may not be appropriate in certain database environments and use of this option should be limited
to security administrators.
Fix: To remove the WITH GRANT OPTION, you must revoke the privilege and regrant it.
The following statement recreates the permission without the WITH GRANT OPTION:
REVOKE DELETE ON <object name> FROM <account>
GRANT DELETE ON <object name> FROM <account>
Detailed Description: The audit trail table (SYS.AUD$) should be placed in its own
tablespace to avoid fragmentation of the system tablespace and to avoid running out of space in
the system tablespace.
Fix: Recreate the SYS.AUD$ table in its own tablespace. In order to do this, you may
wish to implement the following steps as the SYS user:
1. Create the new tablespace for the audit table.
2. Create a table in the new tablespace with a temporary name based on the AUD$ table. Use the
following command:
CREATE TABLE temp_audit <storage clause> as SELECT * FROM SYS.AUD$.
3. Drop the SYS.AUD$ table.
4. Rename the temporary table to AUD$ using the following command:
RENAME temp_audit to AUD$
5. Recreate the views based on SYS.AUD$ and DBA_AUDIT_TRAIL by running the appropriate
sections from the cataudit.sql install script located in the $ORACLE_HOME/rdbms/admin
directory.
Detailed Description: Revoking system privileges having the WITH ADMIN OPTION does
not revoke those privileges from other accounts that have been given the privilege by the account
being revoked. This makes revoking system privileges that were granted WITH ADMIN OPTION
difficult as the privilege can be given to an account and then granted back after it is revoked.
Fix: To revoke the WITH ADMIN OPTION, you must revoke and re-grant the privilege
without the WITH ADMIN OPTION.
Detailed Description: Views containing a WHERE clause without the WITH CHECK
option allow users to insert or update rows that cannot be seen by the view because they do not
meet the selection criteria. Depending on the sensitivity of your data, this may be undesirable
behavior. Adding the WITH CHECK option to the WHERE clause will force the WHERE clause to
be evaluated upon insert or update, and will not allow a user to insert or update rows that would
be otherwise be hidden by the view.
Fix: Drop the view and recreate it using the WITH CHECK option at the end of the
WHERE clause.
Account Permissions
Detailed Description: The CONNECT role includes the system privileges CREATE TABLE,
CREATE DATABASE LINK, and several others, which give users more privileges than required to
connect to a database. Use of this role is strongly discouraged. Instead of using the CONNECT
role to grant access to Oracle, consider creating a user defined role containing only the CREATE
SESSION privilege and then granting this role to accounts.
Fix: Remove any accounts in the role and delete the role. Create a more appropriate role
with only the required permissions.
Default Tablespace
Detailed Description: Use of the SYS or SYSTEM tablespace as the default table space is
highly discouraged. New objects created by the account will be placed on this tablespace. The SYS
or SYSTEM table space contains the data dictionary and should not be used for other tables.
Fix: Change the default table space for an account by executing the following
command: ALTER USER <username>
DEFAULT TABLESPACE <new tablespace>.
Role Permissions
Detailed Description: Oracle does not provide a method of granting row-level
permissions for SELECT, DELETE, or UPDATE statements. It is good security practice to limit the
granting of these permissions. You should instead provide access to these statements through
functions, procedures, or views that provide validation that only the appropriate rows are being
modified or
viewed. To ensure maximum security, the only permissions allowed should be execute
permissions on procedures and functions or select from views.
Fix: To revoke permissions from a role execute the following statement: REVOKE
<privilege> ON <object> FROM <role>
Regards,
Umesh Pawar
Global Interdict
Polaris Software Lab Limited.
+91-22-28290019 #1894