Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-219842	SRG-APP-000516-DB-000363	O121-BP-023100	SV-219842r961863_rule	2025-02-12	3

Description
Unauthorized users may bypass security mechanisms by submitting jobs to job queues managed by the database to be run under a more privileged security context of the database or host system. These queues must be monitored regularly to detect any such unauthorized job submissions.

ℹ️ Check
The DBMS_JOB PL/SQL package has been replaced by DBMS_SCHEDULER in Oracle versions 10.1 and higher, though it continues to be supported for backward compatibility. Run this query: select value from v$parameter where name = 'job_queue_processes'; Run this query: select value from all_scheduler_global_attribute where ATTRIBUTE_NAME = 'MAX_JOB_SLAVE_PROCESSES'; To understand the relationship between these settings, review: https://docs.oracle.com/database/121/ADMIN/appendix_a.htm#ADMIN11002 Review documented and implemented procedures for monitoring the Oracle DBMS job/batch queues for unauthorized submissions. If procedures for job queue review are not defined, documented or evidence of implementation does not exist, this is a finding. Job queue information is available from the DBA_JOBS view. The following command lists jobs submitted to the queue. DBMS_JOB does not generate a 'history' of previous job executions. Run this query: select job, next_date, next_sec, failures, broken from dba_jobs; Scheduler queue information is available from the DBA_SCHEDULER_JOBS view. The following command lists jobs submitted to the queue. Run this query: select owner, job_name, state, job_class, job_type, job_action from dba_scheduler_jobs;

ℹ️ Check

The DBMS_JOB PL/SQL package has been replaced by DBMS_SCHEDULER in Oracle versions 10.1 and higher, though it continues to be supported for backward compatibility. Run this query: select value from v$parameter where name = 'job_queue_processes'; Run this query: select value from all_scheduler_global_attribute where ATTRIBUTE_NAME = 'MAX_JOB_SLAVE_PROCESSES'; To understand the relationship between these settings, review: https://docs.oracle.com/database/121/ADMIN/appendix_a.htm#ADMIN11002 Review documented and implemented procedures for monitoring the Oracle DBMS job/batch queues for unauthorized submissions. If procedures for job queue review are not defined, documented or evidence of implementation does not exist, this is a finding. Job queue information is available from the DBA_JOBS view. The following command lists jobs submitted to the queue. DBMS_JOB does not generate a 'history' of previous job executions. Run this query: select job, next_date, next_sec, failures, broken from dba_jobs; Scheduler queue information is available from the DBA_SCHEDULER_JOBS view. The following command lists jobs submitted to the queue. Run this query: select owner, job_name, state, job_class, job_type, job_action from dba_scheduler_jobs;

✔️ Fix
Develop, document and implement procedures to monitor the database job queues for unauthorized job submissions. Develop, document and implement a formal migration plan to convert jobs using DBMS_JOB to use DBMS_SCHEDULER instead for Oracle versions 10.1 and higher. (This does not apply to DBMS_JOB jobs generated by Oracle itself, such as those for refreshing materialized views.) Set the value of the job_queue_processes parameter to a low value to restrict concurrent DBMS_JOB executions. Use auditing to capture use of the DBMS_JOB package in the audit trail. Review the audit trail for unauthorized use of the DBMS_JOB package.

✔️ Fix

Develop, document and implement procedures to monitor the database job queues for unauthorized job submissions. Develop, document and implement a formal migration plan to convert jobs using DBMS_JOB to use DBMS_SCHEDULER instead for Oracle versions 10.1 and higher. (This does not apply to DBMS_JOB jobs generated by Oracle itself, such as those for refreshing materialized views.) Set the value of the job_queue_processes parameter to a low value to restrict concurrent DBMS_JOB executions. Use auditing to capture use of the DBMS_JOB package in the audit trail. Review the audit trail for unauthorized use of the DBMS_JOB package.