<?xml version="1.0" encoding="UTF-8"?>
<!--
  - $Header: emdb/source/oracle/sysman/emdrep/rsc/db/compliance/lsnrSecureConfigCS.dlf /st_emdbsa_11.2/1 2010/06/09 19:19:31 jagopal Exp $
  -
  - Copyright (c) 2004 Oracle. All Rights Reserved.
  -
  - NAME
  -   lsnrSecureConfigStd.dlf - Seed file for the MGMT_MESSAGES table
  -
  - DESCRIPTION
  -   This file contains seed data for the EM Messages table.
  -
  - NOTES
  -
  - MODIFIED   (MM/DD/YY)
  -  groyal     09/29/06 - Remove tabs.  See bug 5572246.
  -  groyal     08/23/06 - Created
  -->
<table xml:lang="en" name="MGMT_MESSAGES">

<!-- lookup-key indicates which columns are used by TransX to recognize a row as a duplicate -->
<lookup-key>
  <column name="MESSAGE_ID"/>
  <column name="SUBSYSTEM"/>
  <column name="LANGUAGE_CODE"/>
  <column name="COUNTRY_CODE"/>
</lookup-key>

<!-- columns indicates which columns will be loaded as part of processing the dataset and
       which should be translated by the Translation Group -->
<columns>
  <column name="MESSAGE_ID" type="string" maxsize="256"/>
  <column name="SUBSYSTEM" type="string" constant="CONFIG_STD"/>
  <column name="LANGUAGE_CODE" type="string" language="%l"/>
  <column name="COUNTRY_CODE" type="string" language="%Cs"/>
  <column name="MESSAGE" type="string" maxsize="1000" translate="yes"/>
</columns>

<!-- dataset specifies the data to be loaded into the repository -->
<dataset>

<!-- Secure Configuration for Oracle Listener -->
<row>
    <col name="MESSAGE_ID">lsnrSecure_NAME</col>
    <col name="MESSAGE">Secure Configuration for Oracle Listener</col>
</row>
<row>
    <col name="MESSAGE_ID">lsnrSecure_DESC</col>
    <col name="MESSAGE">Ensures adherence with best-practice security configuration settings that help protect against database-related threats and attacks, providing a more secure operating environment for the Oracle database.</col>  
</row>
<row>
    <col name="MESSAGE_ID">lsnrSecure_SecurityKEYWORD</col>
    <col name="MESSAGE">Security</col>
</row>    

<!-- Folder: Oracle Directory and File Permissions -->
<row>
    <col name="MESSAGE_ID">LsnrOracleDirAndFilePerms_NAME</col>
    <col name="MESSAGE">Oracle Directory and File Permissions</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrOracleDirAndFilePerms_DESC</col>
    <col name="MESSAGE">Contains rules that ensure the permissions on the directories and files containing the Oracle software are sufficient. Access should be restricted, making it more difficult for an operating system user to attack the database.</col>  
</row>

<!-- Folder: Unix Platform -->
<row>
  <col name="MESSAGE_ID">LsnrOracleDirAndFilePermsU_NAME</col>
  <col name="MESSAGE">Unix Platform</col>
</row>
<row>
  <col name="MESSAGE_ID">LsnrOracleDirAndFilePermsU_DESC</col>
  <col name="MESSAGE">Contains rules that ensure the permissions on the directories and files containing the Oracle software are sufficient.</col> 
</row>

<!-- Rule: Oracle Net Client Log Directory (LOG_DIRECTORY_CLIENT) -->
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirU_NAME</col>
    <col name="MESSAGE">Oracle Net Client Log Directory (LOG_DIRECTORY_CLIENT)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirU_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the LOG_DIRECTORY_CLIENT sqlnet.ora parameter is restricted such that world has no permissions.</col>        
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirU_RATIONALE</col>
    <col name="MESSAGE">The LOG_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client log files are written.  A log file provides information to an administrator trying to troubleshoot network problems.  The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirU_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the LOG_DIRECTORY_CLIENT parameter such that world has no permissions; that is, permissions should be set to 0770 or less.</col>
</row>

<!-- Rule: Oracle Net Client Trace Directory (TRACE_DIRECTORY_CLIENT) -->
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirU_NAME</col>
    <col name="MESSAGE">Oracle Net Client Trace Directory (TRACE_DIRECTORY_CLIENT)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirU_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the TRACE_DIRECTORY_CLIENT sqlnet.ora parameter is restricted such that world has no permissions.</col>        
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirU_RATIONALE</col>
    <col name="MESSAGE">The TRACE_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client trace files are written.  By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems.  Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirU_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the TRACE_DIRECTORY_CLIENT parameter such that world has no permissions; that is, permissions should be set to 0770 or less.</col>
</row>

<!-- Rule: Oracle Net Server Log Directory (LOG_DIRECTORY_SERVER) -->
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirU_NAME</col>
    <col name="MESSAGE">Oracle Net Server Log Directory (LOG_DIRECTORY_SERVER)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirU_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the LOG_DIRECTORY_SERVER sqlnet.ora parameter is restricted such that world has no permissions.</col>        
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirU_RATIONALE</col>
    <col name="MESSAGE">The LOG_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server log files are written.  A log file provides information to an administrator trying to troubleshoot network problems.  The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirU_FIX</col>
    <col name="MESSAGE">estrict permissions to the directory referenced by the LOG_DIRECTORY_SERVER parameter such that world has no permissions; that is, permissions should be set to 0770 or less.</col>
</row>

<!-- Rule: Oracle Net Server Trace Directory (TRACE_DIRECTORY_SERVER) -->
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirU_NAME</col>
    <col name="MESSAGE">Oracle Net Server Trace Directory (TRACE_DIRECTORY_SERVER)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirU_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the TRACE_DIRECTORY_SERVER sqlnet.ora parameter is restricted such that world has no permissions.</col>        
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirU_RATIONALE</col>
    <col name="MESSAGE">The TRACE_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server trace files are written.  By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems.  Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirU_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the TRACE_DIRECTORY_SERVER parameter such that world has no permissions; that is, permissions should be set to 0770 or less.</col>
</row>

<!-- Rule: Listener Log File (LOG_FILE_listener_name) -->
<row>
    <col name="MESSAGE_ID">LsnrLogFileU_NAME</col>
    <col name="MESSAGE">Listener Log File (LOG_FILE_listener_name)</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrLogFileU_DESC</col>
    <col name="MESSAGE">Ensures access to file referenced by the LOG_FILE_listener_name listener.ora parameter is restricted such that world has no permissions.</col>       
</row>
<row>
    <col name="MESSAGE_ID">LsnrLogFileU_RATIONALE</col>
    <col name="MESSAGE">The LOG_FILE_listener_name listener.ora parameter specifies the file for the log file that is automatically generated for listener events. Access to this file should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrLogFileU_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the LOG_FILE_listener_name parameter such that world has no permissions; that is, permissions should be set to 0770 or less.</col>
</row>

<!-- Rule: Listener Trace Directory (TRACE_DIRECTORY_listener_name) -->
<row>
    <col name="MESSAGE_ID">LsnrTraceDirU_NAME</col>
    <col name="MESSAGE">Listener Trace Directory (TRACE_DIRECTORY_listener_name)</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceDirU_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the TRACE_DIRECTORY_listener_name listener.ora parameter is restricted such that world has no permissions.</col>        
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceDirU_RATIONALE</col>
    <col name="MESSAGE">The TRACE_DIRECTORY_listener_name listener.ora parameter specifies the directory of the trace file. Access to the directory containing the trace file should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceDirU_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the TRACE_DIRECTORY_listener_name parameter such that world has no permissions; that is, permissions should be set to 0770 or less.</col>
</row>

<!-- Rule: Listener Trace File (TRACE_FILE_listener_name) -->
<row>
    <col name="MESSAGE_ID">LsnrTraceFileU_NAME</col>
    <col name="MESSAGE">Listener Trace File (TRACE_FILE_listener_name)</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceFileU_DESC</col>
    <col name="MESSAGE">Ensures access to file referenced by the TRACE_FILE_listener_name listener.ora parameter is restricted such that world has no permissions.</col>        
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceFileU_RATIONALE</col>
    <col name="MESSAGE">The TRACE_FILE_listener_name listener.ora parameter specifies the destination of the trace file. Access to the trace file should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceFileU_FIX</col>
    <col name="MESSAGE">Restrict permissions to the file referenced by the TRACE_FILE_listener_name parameter such that world has no permissions; that is, permissions should be set to 0770 or less.</col>
</row>
<!-- End Folder: Unix Platform -->

<!-- Folder: Windows Platform -->
<row>
    <col name="MESSAGE_ID">LsnrOracleDirAndFilePermsW_NAME</col>
    <col name="MESSAGE">Windows Platform</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrOracleDirAndFilePermsW_DESC</col>
    <col name="MESSAGE">Contains rules that ensure the permissions on the directories and files containing the Oracle software are sufficient.</col> 
</row>

<!-- Rule: Oracle Net Client Log Directory (LOG_DIRECTORY_CLIENT) -->
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirW_NAME</col>
    <col name="MESSAGE">Oracle Net Client Log Directory (LOG_DIRECTORY_CLIENT)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirW_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the LOG_DIRECTORY_CLIENT sqlnet.ora parameter is restricted to the owner of the Oracle software.</col>     
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirW_RATIONALE</col>
    <col name="MESSAGE">The LOG_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client log files are written.  A log file provides information to an administrator trying to troubleshoot network problems.  The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientLogDirW_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the LOG_DIRECTORY_CLIENT parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.</col>  
</row>

<!-- Rule: Oracle Net Client Trace Directory (TRACE_DIRECTORY_CLIENT) -->
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirW_NAME</col>
    <col name="MESSAGE">Oracle Net Client Trace Directory (TRACE_DIRECTORY_CLIENT)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirW_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the TRACE_DIRECTORY_CLIENT sqlnet.ora parameter is restricted to the owner of the Oracle software.</col>  
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirW_RATIONALE</col>
    <col name="MESSAGE">The TRACE_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client trace files are written.  By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems.  Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetClientTraceDirW_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the TRACE_DIRECTORY_CLIENT parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.</col>      
</row>

<!-- Rule: Oracle Net Server Log Directory (LOG_DIRECTORY_SERVER) -->
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirW_NAME</col>
    <col name="MESSAGE">Oracle Net Server Log Directory (LOG_DIRECTORY_SERVER)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirW_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the LOG_DIRECTORY_SERVER sqlnet.ora parameter is restricted to the owner of the Oracle software.</col>             
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirW_RATIONALE</col>
    <col name="MESSAGE">The LOG_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server log files are written.  A log file provides information to an administrator trying to troubleshoot network problems.  The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerLogDirW_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the LOG_DIRECTORY_SERVER parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.</col>      
</row>

<!-- Rule: Oracle Net Server Trace Directory (TRACE_DIRECTORY_SERVER) -->
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirW_NAME</col>
    <col name="MESSAGE">Oracle Net Server Trace Directory (TRACE_DIRECTORY_SERVER)</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirW_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the TRACE_DIRECTORY_SERVER sqlnet.ora parameter is restricted to the owner of the Oracle software.</col>              
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirW_RATIONALE</col>
    <col name="MESSAGE">The TRACE_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server trace files are written.  By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems.  Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">OracleNetServerTraceDirW_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the TRACE_DIRECTORY_SERVER parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.</col>
</row>

<!-- Rule: Listener Log File (LOG_FILE_listener_name) -->
<row>
    <col name="MESSAGE_ID">LsnrLogFileW_NAME</col>
    <col name="MESSAGE">Listener Log File (LOG_FILE_listener_name)</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrLogFileW_DESC</col>
    <col name="MESSAGE">Ensures access to file referenced by the LOG_FILE_listener_name listener.ora parameter is restricted to the owner of the Oracle software.</col>       
</row>
<row>
    <col name="MESSAGE_ID">LsnrLogFileW_RATIONALE</col>
    <col name="MESSAGE">The LOG_FILE_listener_name listener.ora parameter specifies the file for the log file that is automatically generated for listener events. Access to this file should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrLogFileW_FIX</col>
    <col name="MESSAGE">Restrict permissions to the file referenced by the LOG_FILE_listener_name parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.</col>
</row>

<!-- Rule: Listener Trace Directory (TRACE_DIRECTORY_listener_name) -->
<row>
    <col name="MESSAGE_ID">LsnrTraceDirW_NAME</col>
    <col name="MESSAGE">Listener Trace Directory (TRACE_DIRECTORY_listener_name)</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceDirW_DESC</col>
    <col name="MESSAGE">Ensures access to directory referenced by the TRACE_DIRECTORY_listener_name listener.ora parameter is restricted to the owner of the Oracle software.</col>     
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceDirW_RATIONALE</col>
    <col name="MESSAGE">The TRACE_DIRECTORY_listener_name listener.ora parameter specifies the directory of the trace file. Access to the directory containing the trace file should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceDirW_FIX</col>
    <col name="MESSAGE">Restrict permissions to the directory referenced by the TRACE_DIRECTORY_listener_name parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.</col>     
</row>

<!-- Rule: Listener Trace File (TRACE_FILE_listener_name) -->
<row>
    <col name="MESSAGE_ID">LsnrTraceFileW_NAME</col>
    <col name="MESSAGE">Listener Trace File (TRACE_FILE_listener_name)</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceFileW_DESC</col>
    <col name="MESSAGE">Ensures access to file referenced by the TRACE_FILE_listener_name listener.ora parameter is restricted to the owner of the Oracle software.</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceFileW_RATIONALE</col>
    <col name="MESSAGE">The TRACE_FILE_listener_name listener.ora parameter specifies the destination of the trace file. Access to the trace file should be restricted in order to prevent exposing sensitive information.</col>
</row>
<row>
    <col name="MESSAGE_ID">LsnrTraceFileW_FIX</col>
    <col name="MESSAGE">Restrict permissions to the file referenced by the TRACE_FILE_listener_name parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.</col>    
</row>
<!-- End Folder: Windows Platform -->

<!-- End Folder: Oracle Directory and File Permissions -->

<!-- Folder: Network Configuration Settings -->
<row>
    <col name="MESSAGE_ID">NetworkConfigSettings_NAME</col>
    <col name="MESSAGE">Network Configuration Settings</col>
</row>
<row>
    <col name="MESSAGE_ID">NetworkConfigSettings_DESC</col>
    <col name="MESSAGE">Contains rules that ensure network configuration parameter settings are secure.</col>    
</row>

<!-- Rule: Secure Logon Authentication Protocol Version (SQLNET.ALLOWED_LOGON_VERSION) -->
<row>
    <col name="MESSAGE_ID">SecureLogonAuthenProtocolVersion_NAME</col>
    <col name="MESSAGE">Secure Logon Authentication Protocol Version (SQLNET.ALLOWED_LOGON_VERSION)</col>
</row>
<row>
    <col name="MESSAGE_ID">SecureLogonAuthenProtocolVersion_DESC</col>
    <col name="MESSAGE">Ensures at a minimum 10g authentication protocols are used.</col>
</row>
<row>
    <col name="MESSAGE_ID">SecureLogonAuthenProtocolVersion_RATIONALE</col>
    <col name="MESSAGE">The SQLNET.ALLOWED_LOGON_VERSION sqlnet.ora parameter specifies which authentication protocols are allowed by the client or database. Once specified, each connection attempt is tested, and if the client or server does not meet the minimum version specified by its partner, authentication fails with an ORA-28040 error.  The specified value represents database server versions.  Any value lower than 10 could expose vulnerabilities that may have existed in previous version of the authentication protocols.</col>
</row>
<row>
    <col name="MESSAGE_ID">SecureLogonAuthenProtocolVersion_FIX</col>
    <col name="MESSAGE">Set SQLNET.ALLOWED_LOGON_VERSION to at least 10.</col>    
</row>

<!-- End Folder: Network Configuration Settings -->


 </dataset>
</table>
