Access to Oracle Database files must be limited to relevant processes and to authorized, administrative users.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-270578 | SRG-APP-000243-DB-000374 | O19C-00-017600 | SV-270578r1065012_rule | 2025-02-14 | 1 |
| Description |
|---|
| Applications, including database management systems (DBMSs), must prevent unauthorized and unintended information transfer via shared system resources. Permitting only DBMS processes and authorized, administrative users to have access to the files where the database resides helps ensure that those files are not shared inappropriately and are not open to backdoor access and manipulation. |
| ℹ️ Check |
|---|
| Review the permissions granted to users on the database files, database log files and database backup files. To obtain a list of users and roles that have been granted access to any dictionary table, run the query: SELECT unique grantee from dba_tab_privs where table_name in (select table_name from dictionary) order by grantee; To obtain a list of dictionary tables and assigned privileges granted to a specific user or role, run the query: SELECT grantee, table_name, privilege from dba_tab_privs where table_name in (select table_name from dictionary) and grantee = '<applicable account>'; If any user/role who is not an authorized system administrator with a need to know or database administrator with a need to know, or a system account for running DBMS processes, is permitted to read/view any of these files, this is a finding. |
| ✔️ Fix |
|---|
| Configure the permissions of the database files, database log files, and database backup files so that only relevant system accounts and authorized system administrators and database administrators with a need to know are permitted to read/view these files. |