From Oracle Database 11g Instance STIG
Part of Minimum DBA privilege assignment
Oracle SYSDBA privileges include privileges to administer the database outside of database controls (when the database is shut down or open in restricted mode) in addition to all privileges controlled under database operation. Assignment of SYSDBA privileges in the Oracle password file to unauthorized persons can compromise all DBMS activities.
From SQL*Plus: select username from v$pwfile_users where username not in (select grantee from dba_role_privs where granted_role='DBA') and username<>'INTERNAL' and (sysdba = 'TRUE' or sysoper='TRUE'); If any accounts are listed and are not authorized by the IAO in the System Security Plan, this is a Finding.
If a REMOTE_LOGIN_PASSWORDFILE is in use (='EXCLUSIVE'), list database accounts assigned SYSDBA and SYSOPER database privileges and review for appropriate authorization. Document authorized SYSDBA and SYSOPER users in the System Security Plan. From SQL*Plus: select * from v$pwfile_users; To revoke SYSDBA or SYSOPER from accounts: From SQL*Plus: revoke sysdba from [username]; revoke sysoper from [username];
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer