From Oracle Database 12c Security Technical Implementation Guide
Part of SRG-APP-000063-DB-000018
Associated with: CCI-000366
This is intended to limit exposure, by making it possible to trace any unauthorized access, by a privileged user account or role that has permissions on security functions or security-relevant information, to other data or functionality.
Review auditing configuration. If it is possible for a privileged user/role to access non-security functions or information without having the action recorded in the audit log, this is a finding. To obtain a list of unified auditing policies that have been defined, run the query: SELECT unique policy_name from AUDIT_UNIFIED_POLICIES; To obtain a list of unified auditing policies that have been enabled and the users for which it has been enabled, run the query: SELECT unique policy_name, user_name from AUDIT_UNIFIED_ENABLED_POLICIES; Unless otherwise required, verify that user_name is set to 'ALL USERS' to insure that the activity of administrative users is being logged.
Configure DBMS auditing so that all use of privileged accounts is recorded in the audit log.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer