The Oracle REMOTE_OS_ROLES parameter must be set to FALSE.

From Oracle Database 11.2g Security Technical Implementation Guide

Part of SRG-APP-000516-DB-999900

Associated with: CCI-000366

SV-68217r1_rule The Oracle REMOTE_OS_ROLES parameter must be set to FALSE.

Vulnerability discussion

Setting REMOTE_OS_ROLES to TRUE allows operating system groups to control Oracle roles. The default value of FALSE causes roles to be identified and managed by the database. If REMOTE_OS_ROLES is set to TRUE, a remote user could impersonate another operating system user over a network connection.

Check content

From SQL*Plus: select value from v$parameter where name = 'remote_os_roles'; If the returned value is not FALSE or not documented in the System Security Plan as required, this is a Finding.

Fix text

Document remote OS roles in the System Security Plan. If not required, disable use of remote OS roles. From SQL*Plus: alter system set remote_os_roles = FALSE scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer