lsnrSecure_NAME
Secure Configuration for Oracle Listener
lsnrSecure_DESC
Ensures adherence with best-practice security configuration settings that help protect against database-related threats and attacks, providing a more secure operating environment for the Oracle database.
lsnrSecure_SecurityKEYWORD
Security
LsnrOracleDirAndFilePerms_NAME
Oracle Directory and File Permissions
LsnrOracleDirAndFilePerms_DESC
Contains rules that ensure the permissions on the directories and files containing the Oracle software are sufficient. Access should be restricted, making it more difficult for an operating system user to attack the database.
LsnrOracleDirAndFilePermsU_NAME
Unix Platform
LsnrOracleDirAndFilePermsU_DESC
Contains rules that ensure the permissions on the directories and files containing the Oracle software are sufficient.
OracleNetClientLogDirU_NAME
Oracle Net Client Log Directory (LOG_DIRECTORY_CLIENT)
OracleNetClientLogDirU_DESC
Ensures access to directory referenced by the LOG_DIRECTORY_CLIENT sqlnet.ora parameter is restricted such that world has no permissions.
OracleNetClientLogDirU_RATIONALE
The LOG_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client log files are written. A log file provides information to an administrator trying to troubleshoot network problems. The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetClientLogDirU_FIX
Restrict permissions to the directory referenced by the LOG_DIRECTORY_CLIENT parameter such that world has no permissions; that is, permissions should be set to 0770 or less.
OracleNetClientTraceDirU_NAME
Oracle Net Client Trace Directory (TRACE_DIRECTORY_CLIENT)
OracleNetClientTraceDirU_DESC
Ensures access to directory referenced by the TRACE_DIRECTORY_CLIENT sqlnet.ora parameter is restricted such that world has no permissions.
OracleNetClientTraceDirU_RATIONALE
The TRACE_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client trace files are written. By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetClientTraceDirU_FIX
Restrict permissions to the directory referenced by the TRACE_DIRECTORY_CLIENT parameter such that world has no permissions; that is, permissions should be set to 0770 or less.
OracleNetServerLogDirU_NAME
Oracle Net Server Log Directory (LOG_DIRECTORY_SERVER)
OracleNetServerLogDirU_DESC
Ensures access to directory referenced by the LOG_DIRECTORY_SERVER sqlnet.ora parameter is restricted such that world has no permissions.
OracleNetServerLogDirU_RATIONALE
The LOG_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server log files are written. A log file provides information to an administrator trying to troubleshoot network problems. The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetServerLogDirU_FIX
estrict permissions to the directory referenced by the LOG_DIRECTORY_SERVER parameter such that world has no permissions; that is, permissions should be set to 0770 or less.
OracleNetServerTraceDirU_NAME
Oracle Net Server Trace Directory (TRACE_DIRECTORY_SERVER)
OracleNetServerTraceDirU_DESC
Ensures access to directory referenced by the TRACE_DIRECTORY_SERVER sqlnet.ora parameter is restricted such that world has no permissions.
OracleNetServerTraceDirU_RATIONALE
The TRACE_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server trace files are written. By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetServerTraceDirU_FIX
Restrict permissions to the directory referenced by the TRACE_DIRECTORY_SERVER parameter such that world has no permissions; that is, permissions should be set to 0770 or less.
LsnrLogFileU_NAME
Listener Log File (LOG_FILE_listener_name)
LsnrLogFileU_DESC
Ensures access to file referenced by the LOG_FILE_listener_name listener.ora parameter is restricted such that world has no permissions.
LsnrLogFileU_RATIONALE
The LOG_FILE_listener_name listener.ora parameter specifies the file for the log file that is automatically generated for listener events. Access to this file should be restricted in order to prevent exposing sensitive information.
LsnrLogFileU_FIX
Restrict permissions to the directory referenced by the LOG_FILE_listener_name parameter such that world has no permissions; that is, permissions should be set to 0770 or less.
LsnrTraceDirU_NAME
Listener Trace Directory (TRACE_DIRECTORY_listener_name)
LsnrTraceDirU_DESC
Ensures access to directory referenced by the TRACE_DIRECTORY_listener_name listener.ora parameter is restricted such that world has no permissions.
LsnrTraceDirU_RATIONALE
The TRACE_DIRECTORY_listener_name listener.ora parameter specifies the directory of the trace file. Access to the directory containing the trace file should be restricted in order to prevent exposing sensitive information.
LsnrTraceDirU_FIX
Restrict permissions to the directory referenced by the TRACE_DIRECTORY_listener_name parameter such that world has no permissions; that is, permissions should be set to 0770 or less.
LsnrTraceFileU_NAME
Listener Trace File (TRACE_FILE_listener_name)
LsnrTraceFileU_DESC
Ensures access to file referenced by the TRACE_FILE_listener_name listener.ora parameter is restricted such that world has no permissions.
LsnrTraceFileU_RATIONALE
The TRACE_FILE_listener_name listener.ora parameter specifies the destination of the trace file. Access to the trace file should be restricted in order to prevent exposing sensitive information.
LsnrTraceFileU_FIX
Restrict permissions to the file referenced by the TRACE_FILE_listener_name parameter such that world has no permissions; that is, permissions should be set to 0770 or less.
LsnrOracleDirAndFilePermsW_NAME
Windows Platform
LsnrOracleDirAndFilePermsW_DESC
Contains rules that ensure the permissions on the directories and files containing the Oracle software are sufficient.
OracleNetClientLogDirW_NAME
Oracle Net Client Log Directory (LOG_DIRECTORY_CLIENT)
OracleNetClientLogDirW_DESC
Ensures access to directory referenced by the LOG_DIRECTORY_CLIENT sqlnet.ora parameter is restricted to the owner of the Oracle software.
OracleNetClientLogDirW_RATIONALE
The LOG_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client log files are written. A log file provides information to an administrator trying to troubleshoot network problems. The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetClientLogDirW_FIX
Restrict permissions to the directory referenced by the LOG_DIRECTORY_CLIENT parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.
OracleNetClientTraceDirW_NAME
Oracle Net Client Trace Directory (TRACE_DIRECTORY_CLIENT)
OracleNetClientTraceDirW_DESC
Ensures access to directory referenced by the TRACE_DIRECTORY_CLIENT sqlnet.ora parameter is restricted to the owner of the Oracle software.
OracleNetClientTraceDirW_RATIONALE
The TRACE_DIRECTORY_CLIENT sqlnet.ora parameter specifies the directory where client trace files are written. By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetClientTraceDirW_FIX
Restrict permissions to the directory referenced by the TRACE_DIRECTORY_CLIENT parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.
OracleNetServerLogDirW_NAME
Oracle Net Server Log Directory (LOG_DIRECTORY_SERVER)
OracleNetServerLogDirW_DESC
Ensures access to directory referenced by the LOG_DIRECTORY_SERVER sqlnet.ora parameter is restricted to the owner of the Oracle software.
OracleNetServerLogDirW_RATIONALE
The LOG_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server log files are written. A log file provides information to an administrator trying to troubleshoot network problems. The log file, by way of the error stack, shows the state of the software at various layers thus can reveal important network and database connection details. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetServerLogDirW_FIX
Restrict permissions to the directory referenced by the LOG_DIRECTORY_SERVER parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.
OracleNetServerTraceDirW_NAME
Oracle Net Server Trace Directory (TRACE_DIRECTORY_SERVER)
OracleNetServerTraceDirW_DESC
Ensures access to directory referenced by the TRACE_DIRECTORY_SERVER sqlnet.ora parameter is restricted to the owner of the Oracle software.
OracleNetServerTraceDirW_RATIONALE
The TRACE_DIRECTORY_SERVER sqlnet.ora parameter specifies the directory where database server trace files are written. By showing a detailed sequence of statements that describe network events as they are executed, a trace file provides detailed information to an administrator trying to troubleshoot network problems. Access to the directory containing these files should be restricted in order to prevent exposing sensitive information.
OracleNetServerTraceDirW_FIX
Restrict permissions to the directory referenced by the TRACE_DIRECTORY_SERVER parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.
LsnrLogFileW_NAME
Listener Log File (LOG_FILE_listener_name)
LsnrLogFileW_DESC
Ensures access to file referenced by the LOG_FILE_listener_name listener.ora parameter is restricted to the owner of the Oracle software.
LsnrLogFileW_RATIONALE
The LOG_FILE_listener_name listener.ora parameter specifies the file for the log file that is automatically generated for listener events. Access to this file should be restricted in order to prevent exposing sensitive information.
LsnrLogFileW_FIX
Restrict permissions to the file referenced by the LOG_FILE_listener_name parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.
LsnrTraceDirW_NAME
Listener Trace Directory (TRACE_DIRECTORY_listener_name)
LsnrTraceDirW_DESC
Ensures access to directory referenced by the TRACE_DIRECTORY_listener_name listener.ora parameter is restricted to the owner of the Oracle software.
LsnrTraceDirW_RATIONALE
The TRACE_DIRECTORY_listener_name listener.ora parameter specifies the directory of the trace file. Access to the directory containing the trace file should be restricted in order to prevent exposing sensitive information.
LsnrTraceDirW_FIX
Restrict permissions to the directory referenced by the TRACE_DIRECTORY_listener_name parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.
LsnrTraceFileW_NAME
Listener Trace File (TRACE_FILE_listener_name)
LsnrTraceFileW_DESC
Ensures access to file referenced by the TRACE_FILE_listener_name listener.ora parameter is restricted to the owner of the Oracle software.
LsnrTraceFileW_RATIONALE
The TRACE_FILE_listener_name listener.ora parameter specifies the destination of the trace file. Access to the trace file should be restricted in order to prevent exposing sensitive information.
LsnrTraceFileW_FIX
Restrict permissions to the file referenced by the TRACE_FILE_listener_name parameter to the owner of the Oracle software set and DBA group. Do not give any of the following permissions to any other users or user groups: DELETE, WRITE_DAC, WRITE_OWNER, CHANGE, ADD, or FULL.
NetworkConfigSettings_NAME
Network Configuration Settings
NetworkConfigSettings_DESC
Contains rules that ensure network configuration parameter settings are secure.
SecureLogonAuthenProtocolVersion_NAME
Secure Logon Authentication Protocol Version (SQLNET.ALLOWED_LOGON_VERSION)
SecureLogonAuthenProtocolVersion_DESC
Ensures at a minimum 10g authentication protocols are used.
SecureLogonAuthenProtocolVersion_RATIONALE
The SQLNET.ALLOWED_LOGON_VERSION sqlnet.ora parameter specifies which authentication protocols are allowed by the client or database. Once specified, each connection attempt is tested, and if the client or server does not meet the minimum version specified by its partner, authentication fails with an ORA-28040 error. The specified value represents database server versions. Any value lower than 10 could expose vulnerabilities that may have existed in previous version of the authentication protocols.
SecureLogonAuthenProtocolVersion_FIX
Set SQLNET.ALLOWED_LOGON_VERSION to at least 10.