The Oracle REMOTE_OS_ROLES parameter must be set to FALSE.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-219831 | SRG-APP-000516-DB-000363 | O121-BP-022000 | SV-219831r961863_rule | 2025-02-12 | 3 |
| Description |
|---|
| Setting REMOTE_OS_ROLES to TRUE allows operating system groups to control Oracle roles. The default value of FALSE causes roles to be identified and managed by the database. If REMOTE_OS_ROLES is set to TRUE, a remote user could impersonate another operating system user over a network connection. |
| ℹ️ Check |
|---|
| From SQL*Plus: select value from v$parameter where name = 'remote_os_roles'; If the value returned is FALSE, this is not a finding. If the value returned is TRUE, confirm that the setting is justified and documented. If not, this is a finding. |
| ✔️ Fix |
|---|
| Document remote OS roles in the System Security Plan. If not required, disable use of remote OS roles. From SQL*Plus: alter system set remote_os_roles = FALSE scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup. |