The DBMS data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files.

From Oracle Database 12c Security Technical Implementation Guide

Associated with: CCI-000366

SV-76453r1_rule The DBMS data files, transaction logs and audit files must be stored in dedicated directories or disk partitions separate from software or other application files.

Vulnerability discussion

Protection of DBMS data, transaction and audit data files stored by the host operating system is dependent on OS controls. When different applications share the same database process, resource contention and differing security controls may be required to isolate and protect one application's data and audit logs from another. DBMS software libraries and configuration files also require differing access control lists.

Check content

Review the disk/directory specification where database data, transaction log and audit files are stored. If DBMS data, transaction or audit data files are stored in the same directory, this is a finding. If separation of data, transaction and audit data is not supported by the DBMS, this check is not a finding. If stored separately and access permissions for each directory is the same, this is a finding.

Fix text

Product-specific fix pending development. Use Generic Fix listed below: Specify dedicated host system disk directories to store database data, transaction and audit files. Configure DBMS default file storage locations to use dedicated disk directories where supported by the DBMS.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.