Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 1/35
Oracle Database Security Risk Assessment
Highly Confidential
Assessment Date & Time
Date of Data Collection Date of Report Reporter Version
Sun Mar 05 2017 16:11:00 Sun Mar 05 2017 16:17:24 1.0.2 (October 2016) - 7409
Database Identity
Name Platform Database Role Log Mode Created
DB3 Linux x86 64-bit PRIMARY NOARCHIVELOG Wed Jul 20 2016 14:08:00
Summary
Section Pass Evaluate OpportunitySome
Risk
Significant
Risk
Severe
Risk
Total
Findings
Basic Information 0 0 0 0 0 1 1
User Accounts 5 0 0 2 2 1 10
Privileges and Roles 3 14 0 0 1 0 18
Authorization Control 0 0 2 0 0 0 2
Data Encryption 0 1 1 0 0 0 2
Fine-Grained AccessControl
0 1 4 0 0 0 5
Auditing 4 5 1 0 2 0 12
Database Configuration 6 5 0 0 1 0 12
Network Configuration 2 0 0 0 0 0 2
Operating System 2 1 0 1 0 0 4
Total 22 27 8 3 6 2 68
Basic Information
Database Version
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
Security options used: (none)
Security Features
Feature Currently Used
AUTHORIZATION CONTROL
Database Vault No
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 2/35
Feature Currently Used
Privilege Analysis No
DATA ENCRYPTION
Column Encryption No
Tablespace Encryption No
Network Encryption No
FINE-GRAINED ACCESS CONTROL
Data Redaction No
Virtual Private Database Yes
Real Application Security No
Label Security No
Transparent Sensitive Data Protection No
AUDITING
Traditional Audit No
Fine Grained Audit No
Unified Audit Yes
USER AUTHENTICATION
External Authentication No
Global Authentication No
Patch Check
INFO.PATCH
Status Severe Risk
Summary Latest Oracle Database PSU not found.
DetailsPatch Inventory: (none)
Patch History: (none)
Remarks It is vital to keep the database software up-to-date with security fixes as they are released. Oracleissues Patch Set Updates (PSU) on a regular quarterly schedule. These updates should be applied assoon as they are available. For releases prior to Oracle Database 12c, quarterly updates may bedelivered by patches not marked as PSUs.
User Accounts
Note: Predefined Oracle accounts which are locked are not included in this report. To include all useraccounts, run the report with the -a option.
User Accounts
User Name Status Profile Tablespace Predefined Type
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 3/35
APPUSER OPEN DEFAULT USERS No PASSWORD
APPUSER02 OPEN DEFAULT SYSTEM No PASSWORD
APPUSER03 OPEN DEFAULT USERS No PASSWORD
SYS OPEN DEFAULT SYSTEM Yes PASSWORD
SYSTEM OPEN DEFAULT SYSTEM Yes PASSWORD
User Accounts in SYSTEM or SYSAUX Tablespace
USER.TBLSPACE
Status Significant Risk
Summary Found 1 user using SYSTEM or SYSAUX tablespace.
DetailsTablespace SYSTEM: APPUSER02 Tablespace SYSAUX: (none)
Remarks The SYSTEM and SYSAUX tablespaces are reserved for Oracle-supplied user accounts. To avoid apossible denial of service caused by exhausting these resources, regular user accounts should not usethese tablespaces. Prior to Oracle Database 12.2, the SYSTEM tablespace cannot be encrypted, andthis is another reason to avoid user schemas in this tablespace.
Sample Schemas
USER.SAMPLE
Status Pass
Summary No sample schemas found.
Remarks Sample schemas are well-known accounts provided by Oracle to serve as simple examples fordevelopers. They generally serve no purpose in a production database and should be removedbecause they unnecessarily increase the attack surface of the database.
Inactive Users
USER.INACTIVE
Status Some Risk
Summary Found 4 unlocked users inactive for more than 30 days.
DetailsInactive users: APPUSER, APPUSER02, APPUSER03, SYS
Remarks If a user account is no longer in use, it increases the attack surface of the system unnecessarily whileproviding no corresponding benefit. Furthermore, unauthorized use is less likely to be noticed whenno one is regularly using the account. Accounts that have been unused for more than 30 days shouldbe investigated to determine whether they should remain active.
Case-Sensitive Passwords
USER.CASE
Status Pass
Summary Case-sensitive passwords are used.
Details
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 4/35
Initialization parameter SEC_CASE_SENSITIVE_LOGON is set to TRUE.
Remarks Case-sensitive passwords are recommended because including both upper and lower-case lettersgreatly increases the set of possible passwords that must be searched by an attacker who isattempting to guess a password by exhaustive search. Setting SEC_CASE_SENSITIVE_LOGON to TRUEensures that the database distinguishes between upper and lower-case letters in passwords.
Users with Expired Passwords
USER.EXPIRED
Status Some Risk
Summary Found 1 unlocked user with password expired for more than 30 days.
DetailsUsers with expired passwords: SYS
Remarks Password expiration is used to ensure that users change their passwords on a regular basis. If a user'spassword has been expired for more than 30 days, it indicates that the user has not logged in for atleast that long. Accounts that have been unused for an extended period of time should beinvestigated to determine whether they should remain active.
Users with Default Passwords
USER.DEFPWD
Status Severe Risk
Summary Found 2 unlocked user accounts with default password.
DetailsUsers with default password: SYS, SYSTEM
Remarks Default account passwords for predefined Oracle accounts are well known. Open accounts with defaultpasswords provide a trivial means of entry for attackers, but well-known passwords should bechanged for locked accounts as well.
Password Verifiers
USER.VERIFIER
Status Pass
Summary All user accounts support the latest password version. No user accounts have HTTP verifiers.
DetailsDatabase supports password versions up to 12C. Users requiring updated password verifiers: (none)
Users with HTTP verifiers: (none)
Remarks For each user account, the database may store multiple verifiers, which are hashes of the userpassword. Each verifier supports a different version of the password authentication algorithm. Everyuser account should include a verifier for the latest password version supported by the database sothat the user can be authenticated using the latest algorithm supported by the client. When all clientshave been updated, the security of user accounts can be improved by removing the obsolete verifiers.HTTP password verifiers are used for XML Database authentication. Use the ALTER USER command toremove these verifiers from user accounts that do not require this access.
User Profiles
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 5/35
Profile Name Resource Value
DEFAULT (Number of Users) 5
DEFAULT CONNECT_TIME UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS 10
DEFAULT IDLE_TIME UNLIMITED
DEFAULT PASSWORD_GRACE_TIME 7
DEFAULT PASSWORD_LIFE_TIME 180
DEFAULT PASSWORD_LOCK_TIME 1
DEFAULT PASSWORD_REUSE_MAX UNLIMITED
DEFAULT PASSWORD_REUSE_TIME UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION NULL
ORA_STIG_PROFILE (Number of Users) 0
ORA_STIG_PROFILE CONNECT_TIME UNLIMITED (DEFAULT)
ORA_STIG_PROFILE FAILED_LOGIN_ATTEMPTS 3
ORA_STIG_PROFILE IDLE_TIME 15
ORA_STIG_PROFILE PASSWORD_GRACE_TIME 5
ORA_STIG_PROFILE PASSWORD_LIFE_TIME 60
ORA_STIG_PROFILE PASSWORD_LOCK_TIME UNLIMITED
ORA_STIG_PROFILE PASSWORD_REUSE_MAX 10
ORA_STIG_PROFILE PASSWORD_REUSE_TIME 365
ORA_STIG_PROFILE PASSWORD_VERIFY_FUNCTION ORA12C_STRONG_VERIFY_FUNCTION
Users with Unlimited Password Lifetime
USER.NOEXPIRE
Status Pass
Summary Password expiration is configured for all users.
Remarks Password expiration is used to ensure that users change their passwords on a regular basis.Passwords that never expire may remain unchanged for an extended period of time. When passwordsdo not have to be changed regularly, users are also more likely to use the same passwords formultiple accounts.
Users with Unlimited Failed Login Attempts
USER.NOLOCK
Status Pass
Summary No users have unlimited failed login attempts.
Remarks Attackers sometimes attempt to guess a user's password by simply trying all possibilities from a set ofcommon passwords. To defend against this attack, it is advisable to lock a user account when thereare multiple failed login attempts without a successful login.
Password Verification Functions
USER.PASSWD
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 6/35
Status Significant Risk
Summary Found 5 users not using password verification function.
DetailsProfiles with password verification function: ORA_STIG_PROFILE Profiles without password verification function: DEFAULT Users using profiles without password verification function: APPUSER, APPUSER02, APPUSER03, SYS, SYSTEM
Remarks Password verification functions are used to ensure that user passwords meet minimum requirementsfor complexity, which may include factors such as length, use of numbers or punctuation characters,difference from previous passwords, etc. Oracle supplies several predefined functions, or a customPL/SQL function can be used. Every user profile should include a password verification function.
Privileges and Roles
All System Privileges
PRIV.SYSTEM
Status Evaluate
Summary 462 grants of system privileges
DetailsUsers directly or indirectly granted each system privilege:
ADMINISTER ANY SQL TUNING SET: APPUSER03, SYSTEM ADMINISTER DATABASE TRIGGER: APPUSER03, SYSTEM ADMINISTER KEY MANAGEMENT: (none)ADMINISTER RESOURCE MANAGER: APPUSER03, SYSTEM ADMINISTER SQL MANAGEMENT OBJECT: APPUSER03, SYSTEM ADMINISTER SQL TUNING SET: APPUSER03, SYSTEM ADVISOR: APPUSER03, SYSTEM ALTER ANY ASSEMBLY: APPUSER03, SYSTEM ALTER ANY CLUSTER: APPUSER03, SYSTEM ALTER ANY CUBE: APPUSER03, SYSTEMALTER ANY CUBE BUILD PROCESS: APPUSER03, SYSTEM ALTER ANY CUBE DIMENSION: APPUSER03, SYSTEM ALTER ANY DIMENSION: APPUSER03, SYSTEM ALTER ANY EDITION: APPUSER03, SYSTEM ALTER ANY EVALUATION CONTEXT: APPUSER03, SYSTEM ALTER ANY INDEX: APPUSER03, SYSTEM ALTER ANY INDEXTYPE: APPUSER03, SYSTEM ALTER ANY LIBRARY: APPUSER03, SYSTEM ALTER ANY MATERIALIZED VIEW: APPUSER03, SYSTEM ALTER ANY MEASURE FOLDER: APPUSER03, SYSTEM ALTER ANY MINING MODEL: APPUSER03, SYSTEM ALTER ANY OPERATOR: APPUSER03, SYSTEM ALTER ANY OUTLINE: APPUSER03, SYSTEM ALTER ANY PROCEDURE: APPUSER03, SYSTEM ALTER ANY ROLE: APPUSER03, SYSTEMALTER ANY RULE: APPUSER03, SYSTEMALTER ANY RULE SET: APPUSER03, SYSTEM ALTER ANY SEQUENCE: APPUSER03, SYSTEM ALTER ANY SQL PROFILE: APPUSER03, SYSTEM ALTER ANY SQL TRANSLATION PROFILE: APPUSER03, SYSTEM ALTER ANY TABLE: APPUSER03, SYSTEM ALTER ANY TRIGGER: APPUSER03, SYSTEM ALTER ANY TYPE: APPUSER03, SYSTEMALTER DATABASE: APPUSER03, SYSTEMALTER PROFILE: APPUSER03, SYSTEM ALTER RESOURCE COST: APPUSER03, SYSTEM ALTER ROLLBACK SEGMENT: APPUSER03, SYSTEM ALTER SESSION: APPUSER03, SYSTEM ALTER SYSTEM: APPUSER03, SYSTEM ALTER TABLESPACE: APPUSER03, SYSTEM
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 7/35
ALTER USER: APPUSER03, SYSTEM ANALYZE ANY: APPUSER03, SYSTEM ANALYZE ANY DICTIONARY: APPUSER03, SYSTEM AUDIT ANY: APPUSER03, SYSTEM AUDIT SYSTEM: APPUSER03, SYSTEM BACKUP ANY TABLE: APPUSER03, SYSTEM BECOME USER: APPUSER03, SYSTEM CHANGE NOTIFICATION: APPUSER03, SYSTEM COMMENT ANY MINING MODEL: APPUSER03, SYSTEM COMMENT ANY TABLE: APPUSER03, SYSTEM CREATE ANY ASSEMBLY: APPUSER03, SYSTEM CREATE ANY CLUSTER: APPUSER03, SYSTEM CREATE ANY CONTEXT: APPUSER03, SYSTEM CREATE ANY CREDENTIAL: APPUSER03, SYSTEM CREATE ANY CUBE: APPUSER03, SYSTEM CREATE ANY CUBE BUILD PROCESS: APPUSER03, SYSTEM CREATE ANY CUBE DIMENSION: APPUSER03, SYSTEM CREATE ANY DIMENSION: APPUSER03, SYSTEM CREATE ANY DIRECTORY: APPUSER03, SYSTEM CREATE ANY EDITION: APPUSER03, SYSTEM CREATE ANY EVALUATION CONTEXT: APPUSER03, SYSTEM CREATE ANY INDEX: APPUSER03, SYSTEM CREATE ANY INDEXTYPE: APPUSER03, SYSTEM CREATE ANY JOB: APPUSER03, SYSTEMCREATE ANY LIBRARY: APPUSER03, SYSTEM CREATE ANY MATERIALIZED VIEW: APPUSER03, SYSTEM CREATE ANY MEASURE FOLDER: APPUSER03, SYSTEM CREATE ANY MINING MODEL: APPUSER03, SYSTEM CREATE ANY OPERATOR: APPUSER03, SYSTEM CREATE ANY OUTLINE: APPUSER03, SYSTEM CREATE ANY PROCEDURE: APPUSER03, SYSTEM CREATE ANY RULE: APPUSER03, SYSTEM CREATE ANY RULE SET: APPUSER03, SYSTEM CREATE ANY SEQUENCE: APPUSER03, SYSTEM CREATE ANY SQL PROFILE: APPUSER03, SYSTEM CREATE ANY SQL TRANSLATION PROFILE: APPUSER03, SYSTEM CREATE ANY SYNONYM: APPUSER03, SYSTEM CREATE ANY TABLE: APPUSER03, SYSTEM CREATE ANY TRIGGER: APPUSER03, SYSTEM CREATE ANY TYPE: APPUSER03, SYSTEM CREATE ANY VIEW: APPUSER03, SYSTEM CREATE ASSEMBLY: APPUSER03, SYSTEM CREATE CLUSTER: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE CREDENTIAL: APPUSER03, SYSTEM CREATE CUBE: APPUSER03, SYSTEM CREATE CUBE BUILD PROCESS: APPUSER03, SYSTEM CREATE CUBE DIMENSION: APPUSER03, SYSTEM CREATE DATABASE LINK: APPUSER03, SYSTEM CREATE DIMENSION: APPUSER03, SYSTEM CREATE EVALUATION CONTEXT: APPUSER03, SYSTEM CREATE EXTERNAL JOB: APPUSER03, SYSTEM CREATE INDEXTYPE: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE JOB: APPUSER03, SYSTEM CREATE LIBRARY: APPUSER03, SYSTEMCREATE MATERIALIZED VIEW: APPUSER03, SYSTEM CREATE MEASURE FOLDER: APPUSER03, SYSTEM CREATE MINING MODEL: APPUSER03, SYSTEM CREATE OPERATOR: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE PLUGGABLE DATABASE: APPUSER03, SYSTEM CREATE PROCEDURE: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE PROFILE: APPUSER03, SYSTEMCREATE PUBLIC DATABASE LINK: APPUSER03, SYSTEM CREATE PUBLIC SYNONYM: APPUSER03, SYSTEM CREATE ROLE: APPUSER03, SYSTEM CREATE ROLLBACK SEGMENT: APPUSER03, SYSTEM CREATE RULE: APPUSER03, SYSTEM CREATE RULE SET: APPUSER03, SYSTEM CREATE SEQUENCE: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE SESSION: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE SQL TRANSLATION PROFILE: APPUSER03, SYSTEM CREATE SYNONYM: APPUSER03, SYSTEM
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 8/35
CREATE TABLE: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE TABLESPACE: APPUSER, APPUSER03, SYSTEM CREATE TRIGGER: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE TYPE: APPUSER, APPUSER02, APPUSER03, SYSTEM CREATE USER: APPUSER03, SYSTEM CREATE VIEW: APPUSER03, SYSTEM DEBUG ANY PROCEDURE: APPUSER03, SYSTEM DEBUG CONNECT SESSION: APPUSER03, SYSTEM DELETE ANY CUBE DIMENSION: APPUSER03, SYSTEM DELETE ANY MEASURE FOLDER: APPUSER03, SYSTEM DELETE ANY TABLE: APPUSER03, SYSTEM DEQUEUE ANY QUEUE: APPUSER03, SYSTEM DROP ANY ASSEMBLY: APPUSER03, SYSTEM DROP ANY CLUSTER: APPUSER03, SYSTEM DROP ANY CONTEXT: APPUSER03, SYSTEM DROP ANY CUBE: APPUSER03, SYSTEM DROP ANY CUBE BUILD PROCESS: APPUSER03, SYSTEM DROP ANY CUBE DIMENSION: APPUSER03, SYSTEM DROP ANY DIMENSION: APPUSER03, SYSTEM DROP ANY DIRECTORY: APPUSER03, SYSTEM DROP ANY EDITION: APPUSER03, SYSTEM DROP ANY EVALUATION CONTEXT: APPUSER03, SYSTEM DROP ANY INDEX: APPUSER03, SYSTEMDROP ANY INDEXTYPE: APPUSER03, SYSTEM DROP ANY LIBRARY: APPUSER03, SYSTEM DROP ANY MATERIALIZED VIEW: APPUSER03, SYSTEM DROP ANY MEASURE FOLDER: APPUSER03, SYSTEM DROP ANY MINING MODEL: APPUSER03, SYSTEM DROP ANY OPERATOR: APPUSER03, SYSTEM DROP ANY OUTLINE: APPUSER03, SYSTEM DROP ANY PROCEDURE: APPUSER03, SYSTEM DROP ANY ROLE: APPUSER03, SYSTEM DROP ANY RULE: APPUSER03, SYSTEM DROP ANY RULE SET: APPUSER03, SYSTEM DROP ANY SEQUENCE: APPUSER03, SYSTEM DROP ANY SQL PROFILE: APPUSER03, SYSTEM DROP ANY SQL TRANSLATION PROFILE: APPUSER03, SYSTEM DROP ANY SYNONYM: APPUSER03, SYSTEM DROP ANY TABLE: APPUSER03, SYSTEMDROP ANY TRIGGER: APPUSER03, SYSTEM DROP ANY TYPE: APPUSER03, SYSTEM DROP ANY VIEW: APPUSER03, SYSTEM DROP PROFILE: APPUSER03, SYSTEM DROP PUBLIC DATABASE LINK: APPUSER03, SYSTEM DROP PUBLIC SYNONYM: APPUSER03, SYSTEM DROP ROLLBACK SEGMENT: APPUSER03, SYSTEM DROP TABLESPACE: APPUSER03, SYSTEM DROP USER: APPUSER03, SYSTEM EM EXPRESS CONNECT: APPUSER03, SYSTEM ENQUEUE ANY QUEUE: APPUSER03, SYSTEM EXECUTE ANY ASSEMBLY: APPUSER03, SYSTEM EXECUTE ANY CLASS: APPUSER03, SYSTEM EXECUTE ANY EVALUATION CONTEXT: APPUSER03, SYSTEM EXECUTE ANY INDEXTYPE: APPUSER03, SYSTEM EXECUTE ANY LIBRARY: APPUSER03, SYSTEM EXECUTE ANY OPERATOR: APPUSER03, SYSTEM EXECUTE ANY PROCEDURE: APPUSER03, SYSTEM EXECUTE ANY PROGRAM: APPUSER03, SYSTEM EXECUTE ANY RULE: APPUSER03, SYSTEM EXECUTE ANY RULE SET: APPUSER03, SYSTEM EXECUTE ANY TYPE: APPUSER03, SYSTEM EXECUTE ASSEMBLY: APPUSER03, SYSTEM EXEMPT DDL REDACTION POLICY: APPUSER03, SYSTEM EXEMPT DML REDACTION POLICY: APPUSER03, SYSTEM EXEMPT REDACTION POLICY: APPUSER03, SYSTEM EXPORT FULL DATABASE: APPUSER03, SYSTEM FLASHBACK ANY TABLE: APPUSER03, SYSTEM FLASHBACK ARCHIVE ADMINISTER: APPUSER03, SYSTEM FORCE ANY TRANSACTION: APPUSER03, SYSTEM FORCE TRANSACTION: APPUSER03, SYSTEM GLOBAL QUERY REWRITE: APPUSER03, SYSTEM
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 9/35
GRANT ANY OBJECT PRIVILEGE: APPUSER03, SYSTEM GRANT ANY PRIVILEGE: APPUSER03, SYSTEM GRANT ANY ROLE: APPUSER03, SYSTEMIMPORT FULL DATABASE: APPUSER03, SYSTEM INHERIT ANY PRIVILEGES: (none) INSERT ANY CUBE DIMENSION: APPUSER03, SYSTEM INSERT ANY MEASURE FOLDER: APPUSER03, SYSTEM INSERT ANY TABLE: APPUSER03, SYSTEM LOCK ANY TABLE: APPUSER03, SYSTEMLOGMINING: APPUSER03, SYSTEM MANAGE ANY FILE GROUP: APPUSER03, SYSTEM MANAGE ANY QUEUE: APPUSER03, SYSTEM MANAGE FILE GROUP: APPUSER03, SYSTEM MANAGE SCHEDULER: APPUSER03, SYSTEM MANAGE TABLESPACE: APPUSER03, SYSTEM MERGE ANY VIEW: APPUSER03, SYSTEMON COMMIT REFRESH: APPUSER03, SYSTEM QUERY REWRITE: APPUSER03, SYSTEM READ ANY FILE GROUP: APPUSER03, SYSTEM READ ANY TABLE: APPUSER03, SYSTEMREDEFINE ANY TABLE: APPUSER03, SYSTEM RESTRICTED SESSION: APPUSER03, SYSTEM RESUMABLE: APPUSER03, SYSTEM SELECT ANY CUBE: APPUSER03, SYSTEM SELECT ANY CUBE BUILD PROCESS: APPUSER03, SYSTEM SELECT ANY CUBE DIMENSION: APPUSER03, SYSTEM SELECT ANY DICTIONARY: APPUSER03, SYSTEM SELECT ANY MEASURE FOLDER: APPUSER03, SYSTEM SELECT ANY MINING MODEL: APPUSER03, SYSTEM SELECT ANY SEQUENCE: APPUSER03, SYSTEM SELECT ANY TABLE: APPUSER03, SYSTEM SELECT ANY TRANSACTION: APPUSER03, SYSTEM SET CONTAINER: APPUSER03, SYSTEM UNDER ANY TABLE: APPUSER03, SYSTEM UNDER ANY TYPE: APPUSER03, SYSTEMUNDER ANY VIEW: APPUSER03, SYSTEMUNLIMITED TABLESPACE: SYSTEM UPDATE ANY CUBE: APPUSER03, SYSTEM UPDATE ANY CUBE BUILD PROCESS: APPUSER03, SYSTEM UPDATE ANY CUBE DIMENSION: APPUSER03, SYSTEM UPDATE ANY TABLE: APPUSER03, SYSTEM USE ANY SQL TRANSLATION PROFILE: APPUSER03, SYSTEM
Remarks System privileges provide the ability to access data or perform administrative operations for the entiredatabase. Consistent with the principle of least privilege, these privileges should be granted sparingly.The Privilege Analysis feature of Database Vault may be helpful to determine the minimum set ofprivileges required by a user or role. In some cases, it may be possible to substitute a more limitedobject privilege grant in place of a system privilege grant that applies to all objects. System privilegesshould be granted with admin option only when the recipient needs the ability to grant the privilege toothers.
All Roles
PRIV.ROLES
Status Evaluate
Summary 54 grants of roles
DetailsUsers directly or indirectly granted each role:
A: (none) ADMIN_ROLE: APPUSER AQ_ADMINISTRATOR_ROLE: SYSTEM CAPTURE_ADMIN: APPUSER03, SYSTEM CDB_DBA: (none) CONNECT: (none)
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 10/35
CTXAPP: (none) DATAPUMP_EXP_FULL_DATABASE: APPUSER03, SYSTEM DATAPUMP_IMP_FULL_DATABASE: APPUSER03, SYSTEM DBA: APPUSER03, SYSTEM DBFS_ROLE: (none) DELETE_CATALOG_ROLE: APPUSER03, SYSTEM DV_ACCTMGR: (none) DV_ADMIN: (none) DV_AUDIT_CLEANUP: (none) DV_DATAPUMP_NETWORK_LINK: (none) DV_GOLDENGATE_ADMIN: (none) DV_GOLDENGATE_REDO_ACCESS: (none)DV_MONITOR: (none) DV_OWNER: (none) DV_PATCH_ADMIN: (none) DV_PUBLIC: (none) DV_SECANALYST: (none) DV_STREAMS_ADMIN: (none) DV_XSTREAM_ADMIN: (none) EM_EXPRESS_ALL: APPUSER03, SYSTEMEM_EXPRESS_BASIC: APPUSER03, SYSTEM EXECUTE_CATALOG_ROLE: APPUSER03, SYSTEM EXP_FULL_DATABASE: APPUSER03, SYSTEM GATHER_SYSTEM_STATISTICS: APPUSER03, SYSTEM GSMADMIN_ROLE: (none) GSMUSER_ROLE: (none) GSM_POOLADMIN_ROLE: (none) HS_ADMIN_EXECUTE_ROLE: APPUSER03, SYSTEM HS_ADMIN_SELECT_ROLE: APPUSER, APPUSER03, SYSTEM IMP_FULL_DATABASE: APPUSER03, SYSTEM JAVAUSERPRIV: (none) JAVA_ADMIN: APPUSER03, SYSTEM JAVA_DEPLOY: APPUSER03, SYSTEM LBAC_DBA: (none) OEM_MONITOR: (none) OLAP_DBA: APPUSER03, SYSTEM OLAP_XS_ADMIN: APPUSER03, SYSTEM OPTIMIZER_PROCESSING_RATE: APPUSER03, SYSTEM RECOVERY_CATALOG_USER: (none) RESOURCE: APPUSER, APPUSER02 SCHEDULER_ADMIN: APPUSER03, SYSTEM SELECT_CATALOG_ROLE: APPUSER, APPUSER03, SYSTEM SPATIAL_CSW_ADMIN: (none) SPATIAL_WFS_ADMIN: (none) WM_ADMIN_ROLE: APPUSER03, SYSTEM XDBADMIN: APPUSER03, SYSTEM XDB_SET_INVOKER: APPUSER03, SYSTEM XS_RESOURCE: APPUSER03, SYSTEM
Remarks Roles are a convenient way to manage groups of related privileges, especially when the privileges arerequired for a particular task or job function. Beware of broadly defined roles, which may confer moreprivileges than an individual recipient requires. Roles should be granted with admin option only whenthe recipient needs the ability to modify the role or grant it to others.
Account Management Privileges
PRIV.ACCT
Status Evaluate
Summary 42 grants of account management privileges
DetailsGrants of ALTER USER, CREATE USER, DROP USER:
APPUSER03 <‐ DBA: ALTER USER, CREATE USER, DROP USER APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: ALTER USER APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP USER
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 11/35
APPUSER03 <‐ DBA <‐ EM_EXPRESS_ALL: ALTER USER, CREATE USER, DROP USER APPUSER03 <‐ DBA <‐ IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP USER
SYSTEM <‐ DBA: ALTER USER, CREATE USER, DROP USER SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: ALTER USER SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP USER SYSTEM <‐ DBA <‐ EM_EXPRESS_ALL: ALTER USER, CREATE USER, DROP USER SYSTEM <‐ DBA <‐ IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP USER
(no users) <‐ ADMIN_ROLE01 <‐ DBA: ALTER USER, CREATE USER, DROP USER (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: ALTER USER (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP USER (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ EM_EXPRESS_ALL: ALTER USER, CREATE USER, DROP USER (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ IMP_FULL_DATABASE: ALTER USER, CREATE USER, DROP USER
(no users) <‐ DV_ACCTMGR: ALTER USER, CREATE USER, DROP USER
Remarks User management privileges (ALTER USER, CREATE USER, DROP USER) can be used to create andmodify other user accounts, including changing passwords. This power can be abused to gain accessto another user's account, which may have greater privileges.
Privilege Management Privileges
PRIV.MGMT
Status Evaluate
Summary 82 grants of privilege management privileges
DetailsGrants of ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE:
APPUSER03 <‐ DBA: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE APPUSER03 <‐ DBA <‐ EM_EXPRESS_ALL: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE APPUSER03 <‐ DBA <‐ IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
SYSTEM <‐ DBA: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE SYSTEM <‐ DBA <‐ EM_EXPRESS_ALL: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE SYSTEM <‐ DBA <‐ IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
(no users) <‐ ADMIN_ROLE01 <‐ DBA: ALTER ANY ROLE, CREATE ROLE, DROP
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 12/35
ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ EM_EXPRESS_ALL: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ IMP_FULL_DATABASE: CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
(no users) <‐ DV_OWNER: GRANT ANY ROLE
(no users) <‐ DV_REALM_OWNER: ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
Remarks Users with privilege management privileges (ALTER ANY ROLE, CREATE ROLE, DROP ANY ROLE, GRANTANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE) can change the set of privilegesgranted to themselves and other users. This ability should be granted sparingly, since it can be usedto circumvent many security controls in the database.
Audit Management Privileges
PRIV.AUDIT
Status Evaluate
Summary 26 grants of audit privilege
DetailsGrants of AUDIT ANY, AUDIT SYSTEM:
APPUSER03 <‐ DBA: AUDIT ANY, AUDIT SYSTEM APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM APPUSER03 <‐ DBA <‐ IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
SYSTEM <‐ DBA: AUDIT ANY, AUDIT SYSTEM SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM SYSTEM <‐ DBA <‐ IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
(no users) <‐ ADMIN_ROLE01 <‐ DBA: AUDIT ANY, AUDIT SYSTEM (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ IMP_FULL_DATABASE: AUDIT ANY, AUDIT SYSTEM
(no users) <‐ AUDIT_ADMIN: AUDIT ANY, AUDIT SYSTEM
Remarks Audit management privileges (AUDIT ANY, AUDIT SYSTEM) can be used to change the audit policies forthe database. This ability should be granted sparingly, since it may be used to hide malicious activity.
Data Access Privileges
PRIV.DATA
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 13/35
Status Evaluate
Summary 127 grants of data access privileges
DetailsGrants of ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE:
APPUSER03 <‐ DBA: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE APPUSER03 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: SELECT ANY TABLE APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE, SELECT ANY TABLE APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: SELECT ANY TABLE APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE APPUSER03 <‐ DBA <‐ EXP_FULL_DATABASE: SELECT ANY TABLE APPUSER03 <‐ DBA <‐ IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE APPUSER03 <‐ DBA <‐ OLAP_DBA: DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
SYSTEM: SELECT ANY TABLE SYSTEM <‐ DBA: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE SYSTEM <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: SELECT ANY TABLE SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE, SELECT ANY TABLE SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: SELECT ANY TABLE SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE SYSTEM <‐ DBA <‐ EXP_FULL_DATABASE: SELECT ANY TABLE SYSTEM <‐ DBA <‐ IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE SYSTEM <‐ DBA <‐ OLAP_DBA: DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
(no users) <‐ ADMIN_ROLE01 <‐ DBA: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ ANY TABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: SELECT ANY TABLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: DELETE ANY TABLE, SELECT ANY TABLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: SELECT ANY TABLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ EXP_FULL_DATABASE: SELECT ANY TABLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ IMP_FULL_DATABASE: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 14/35
TABLE, UPDATE ANY TABLE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ OLAP_DBA: DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
(no users) <‐ DV_OWNER: ALTER ANY TRIGGER
(no users) <‐ DV_REALM_OWNER: ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX, CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, SELECT ANY TABLE, UPDATE ANY TABLE
(no users) <‐ OEM_MONITOR: SELECT ANY DICTIONARY
(no users) <‐ RECOVERY_CATALOG_OWNER: CREATE ANY TRIGGER
Remarks Users with data access privileges (ALTER ANY TABLE, ALTER ANY TRIGGER, CREATE ANY INDEX,CREATE ANY PROCEDURE, CREATE ANY TRIGGER, DELETE ANY TABLE, INSERT ANY TABLE, READ ANYTABLE, SELECT ANY DICTIONARY, SELECT ANY TABLE, UPDATE ANY TABLE) can override various accesscontrols on data. Most administrative tasks do not require access to the data itself, so these privilegesshould be granted rarely even to administrators. In addition to minimizing grants of these privileges,consider the use of Database Vault realms to limit the use of these privileges to access sensitive data.
Access Control Exemption Privileges
PRIV.EXEMPT
Status Evaluate
Summary 9 grants of access control exemption privileges
DetailsGrants of EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY:
APPUSER03 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY APPUSER03 <‐ DBA <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY
SYSTEM <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY SYSTEM <‐ DBA <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY
(no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ EXP_FULL_DATABASE: EXEMPT REDACTION POLICY
Remarks Users with exemption privileges (EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY) can bypass theaccess control policies created using Virtual Private Database and Data Redaction. Most administrativetasks do not require access to the data itself, so these privileges should be granted rarely even toadministrators.
Access to Password Verifier Tables
PRIV.PASSWD
Status Evaluate
Summary 8 grants of object privileges on restricted objects
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 15/35
Details Grants of READ, SELECT on objects containing verifiers:
(no users) <‐ DV_ADMIN <‐ DV_SECANALYST: SELECT on SYS.LINK$, SELECT on SYS.USER$
(no users) <‐ DV_OWNER <‐ DV_ADMIN <‐ DV_SECANALYST: SELECT on SYS.LINK$, SELECT on SYS.USER$ (no users) <‐ DV_OWNER <‐ DV_SECANALYST: SELECT on SYS.LINK$, SELECT on SYS.USER$
(no users) <‐ DV_SECANALYST: SELECT on SYS.LINK$, SELECT on SYS.USER$
Remarks Users with these privileges can access objects that contain user password verifiers. The verifiers canbe used in offline attacks to discover user passwords.
Access to Restricted Objects
PRIV.OBJ
Status Evaluate
Summary 168 grants of object privileges on restricted objects
DetailsGrants of DELETE, INSERT, UPDATE on SYS, DVSYS, or LBACSYS objects:
APPUSER03 <‐ DBA: DELETE on SYS.MAP_OBJECT, INSERT on SYS.MAP_OBJECT, INSERT on SYS.XSDB$SCHEMA_ACL, UPDATE on SYS.MAP_OBJECT, UPDATE on SYS.XSDB$SCHEMA_ACL APPUSER03 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$ APPUSER03 <‐ DBA <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID APPUSER03 <‐ DBA <‐ GATHER_SYSTEM_STATISTICS: DELETE on SYS.AUX_STATS$, DELETE on SYS.WRI$_OPTSTAT_AUX_HISTORY, INSERT on SYS.AUX_STATS$, INSERT on SYS.WRI$_OPTSTAT_AUX_HISTORY, UPDATE on SYS.AUX_STATS$, UPDATE on SYS.WRI$_OPTSTAT_AUX_HISTORY APPUSER03 <‐ DBA <‐ IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$ APPUSER03 <‐ DBA <‐ OPTIMIZER_PROCESSING_RATE: DELETE on SYS.OPT_CALIBRATION_STATS$, INSERT on SYS.OPT_CALIBRATION_STATS$, UPDATE on SYS.OPT_CALIBRATION_STATS$
SYSTEM: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID SYSTEM <‐ DBA: DELETE on SYS.MAP_OBJECT, INSERT on SYS.MAP_OBJECT, INSERT on SYS.XSDB$SCHEMA_ACL, UPDATE on SYS.MAP_OBJECT, UPDATE on SYS.XSDB$SCHEMA_ACL SYSTEM <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 16/35
SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$ SYSTEM <‐ DBA <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID SYSTEM <‐ DBA <‐ GATHER_SYSTEM_STATISTICS: DELETE on SYS.AUX_STATS$, DELETE on SYS.WRI$_OPTSTAT_AUX_HISTORY, INSERT on SYS.AUX_STATS$, INSERT on SYS.WRI$_OPTSTAT_AUX_HISTORY, UPDATE on SYS.AUX_STATS$, UPDATE on SYS.WRI$_OPTSTAT_AUX_HISTORY SYSTEM <‐ DBA <‐ IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$ SYSTEM <‐ DBA <‐ OPTIMIZER_PROCESSING_RATE: DELETE on SYS.OPT_CALIBRATION_STATS$, INSERT on SYS.OPT_CALIBRATION_STATS$, UPDATE on SYS.OPT_CALIBRATION_STATS$
(no users) <‐ ADMIN_ROLE01 <‐ DBA: DELETE on SYS.MAP_OBJECT, INSERT on SYS.MAP_OBJECT, INSERT on SYS.XSDB$SCHEMA_ACL, UPDATE on SYS.MAP_OBJECT, UPDATE on SYS.XSDB$SCHEMA_ACL (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE <‐ IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$ (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ EXP_FULL_DATABASE: DELETE on SYS.INCEXP, DELETE on SYS.INCFIL, DELETE on SYS.INCVID, INSERT on SYS.INCEXP, INSERT on SYS.INCFIL, INSERT on SYS.INCVID, UPDATE on SYS.INCEXP, UPDATE on SYS.INCFIL, UPDATE on SYS.INCVID (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ GATHER_SYSTEM_STATISTICS: DELETE on SYS.AUX_STATS$, DELETE on SYS.WRI$_OPTSTAT_AUX_HISTORY, INSERT on SYS.AUX_STATS$, INSERT on SYS.WRI$_OPTSTAT_AUX_HISTORY, UPDATE on SYS.AUX_STATS$, UPDATE on SYS.WRI$_OPTSTAT_AUX_HISTORY (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ IMP_FULL_DATABASE: DELETE on SYS.EXPIMP_TTS_CT$, DELETE on SYS.RADM_FPTM$, INSERT on SYS.EXPIMP_TTS_CT$, INSERT on SYS.RADM_FPTM$, UPDATE on SYS.EXPIMP_TTS_CT$ (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ OPTIMIZER_PROCESSING_RATE: DELETE on SYS.OPT_CALIBRATION_STATS$, INSERT on SYS.OPT_CALIBRATION_STATS$, UPDATE on SYS.OPT_CALIBRATION_STATS$
(no users) <‐ DV_AUDIT_CLEANUP: DELETE on DVSYS.AUDIT_TRAIL$, DELETE on DVSYS.DV$CONFIGURATION_AUDIT, DELETE on DVSYS.DV$ENFORCEMENT_AUDIT
(no users) <‐ DV_OWNER <‐ DV_AUDIT_CLEANUP: DELETE on DVSYS.AUDIT_TRAIL$, DELETE on DVSYS.DV$CONFIGURATION_AUDIT, DELETE on DVSYS.DV$ENFORCEMENT_AUDIT
Remarks Users with these privileges can directly modify objects in the SYS, DVSYS, or LBACSYS schemas.Manipulating these system objects may allow security protections to be circumvented or otherwiseinterfere with normal operation of the database.
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 17/35
User Impersonation
PRIV.USER
Status Pass
Summary No grants of EXECUTE on restricted packages
Remarks These PL/SQL packages (DBMS_SCHEDULER, DBMS_SYS_SQL) allow for execution of SQL code orexternal jobs using the identity of a different user. Access should be strictly limited and granted onlyto users with a legitimate need for this functionality.
Data Exfiltration
PRIV.EXFIL
Status Pass
Summary No grants of EXECUTE on restricted packages
Remarks These PL/SQL packages (DBMS_BACKUP_RESTORE) can send data from the database using the networkor file system. Access should be granted only to users with a legitimate need for this functionality.
System Privileges Granted to PUBLIC
PRIV.SYSPUB
Status Evaluate
Summary 1 grant of system privileges to PUBLIC
DetailsGrants of system privileges to PUBLIC:
PUBLIC: CREATE TABLESPACE
Remarks Privileges granted to PUBLIC are available to all users. This generally should include few, if any, systemprivileges since these will not be needed by ordinary users who are not administrators.
Roles Granted to PUBLIC
PRIV.ROLEPUB
Status Significant Risk
Summary 1 grant of roles to PUBLIC
DetailsGrants of roles to PUBLIC:
PUBLIC: A
Remarks Roles granted to PUBLIC are available to all users. Most roles contain privileges that are notappropriate for all users.
Column Privileges Granted to PUBLIC
PRIV.COLPUB
Status Pass
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 18/35
Summary No grants of column privileges to PUBLIC
Remarks Privileges granted to PUBLIC are available to all users. This should include column privileges only fordata that is intended to be accessible to everyone.
DBA Role
PRIV.DBA
Status Evaluate
Summary 3 grants of DBA role
DetailsGrants of DBA role:
APPUSER03: DBA
SYSTEM: DBA
(no users) <‐ ADMIN_ROLE01: DBA
Remarks The DBA role is very powerful and can be used to bypass many security protections. It should begranted to only a small number of trusted administrators. Furthermore, each trusted user should havean individual account for accountability reasons. As with any powerful role, avoid granting the DBArole with admin option unless absolutely necessary.
Other Powerful Roles
PRIV.BIGROLES
Status Evaluate
Summary 20 grants of powerful roles (1 with admin option)
DetailsGrants of AQ_ADMINISTRATOR_ROLE, EM_EXPRESS_ALL, EXP_FULL_DATABASE, IMP_FULL_DATABASE, OEM_MONITOR roles:
APPUSER03 <‐ DBA: EM_EXPRESS_ALL, EXP_FULL_DATABASE, IMP_FULL_DATABASE APPUSER03 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE APPUSER03 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE, IMP_FULL_DATABASE
SYSTEM: AQ_ADMINISTRATOR_ROLE(*) SYSTEM <‐ DBA: EM_EXPRESS_ALL, EXP_FULL_DATABASE, IMP_FULL_DATABASE SYSTEM <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE SYSTEM <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE, IMP_FULL_DATABASE
(no users) <‐ ADMIN_ROLE01 <‐ DBA: EM_EXPRESS_ALL, EXP_FULL_DATABASE, IMP_FULL_DATABASE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_EXP_FULL_DATABASE: EXP_FULL_DATABASE (no users) <‐ ADMIN_ROLE01 <‐ DBA <‐ DATAPUMP_IMP_FULL_DATABASE: EXP_FULL_DATABASE, IMP_FULL_DATABASE
(no users) <‐ GSMADMIN_ROLE: AQ_ADMINISTRATOR_ROLE
(*) = granted with admin option
Remarks Like the DBA role, these roles (AQ_ADMINISTRATOR_ROLE, EM_EXPRESS_ALL, EXP_FULL_DATABASE,IMP_FULL_DATABASE, OEM_MONITOR) contain powerful privileges that can be used to bypass securityprotections. They should be granted only to a small number of trusted administrators.
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 19/35
Java Permissions
PRIV.JAVA
Status Evaluate
Summary Found 4 users or roles with Java permission.
DetailsGrantee: EJBCLIENT GRANT, Name: createClassLoader, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: getClassLoader, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: *, Type Schema: SYS, Type Name: java.net.SocketPermission, Action: connect,resolve
Grantee: JMXSERVER GRANT, Name: javavm/lib/management/*, Type Schema: SYS, Type Name: java.io.FilePermission, Action: read GRANT, Name: *, Type Schema: SYS, Type Name: java.net.SocketPermission, Action: accept,connect,listen,resolve GRANT, Name: control, Type Schema: SYS, Type Name: java.util.logging.LoggingPermission GRANT, Name: accessClassInPackage.*, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: *, Type Schema: SYS, Type Name: javax.management.MBeanPermission, Action: * GRANT, Name: createMBeanServer, Type Schema: SYS, Type Name: javax.management.MBeanServerPermission GRANT, Name: control, Type Schema: SYS, Type Name: java.lang.management.ManagementPermission GRANT, Name: monitor, Type Schema: SYS, Type Name: java.lang.management.ManagementPermission GRANT, Name: javax.net.ssl.*, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: read,write GRANT, Name: https.proxyHost, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: read,write GRANT, Name: javax.net.debug, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: read,write GRANT, Name: java.rmi.server.randomIDs, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: read,write GRANT, Name: com.sun.jmx.*, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: read,write GRANT, Name: com.sun.management.*, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: read,write GRANT, Name: javavm/lib/management/jmxremote.access, Type Schema: SYS, Type Name: java.io.FilePermission, Action: read GRANT, Name: javavm/lib/management/management.properties, Type Schema: SYS, Type Name: java.io.FilePermission, Action: read GRANT, Name: createAccessControlContext, Type Schema: SYS, Type Name: java.security.SecurityPermission GRANT, Name: setContextClassLoader, Type Schema: SYS, Type Name: java.lang.RuntimePermission
Grantee: PUBLIC GRANT, Name: user.language, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: write GRANT, Name: *, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: read GRANT, Name: DUMMY, Type Schema: SYS, Type Name: oracle.aurora.security.JServerPermission GRANT, Name: LoadClassInPackage.*, Type Schema: SYS, Type Name: oracle.aurora.security.JServerPermission GRANT, Name: exitVM, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: getenv.TNS_ADMIN, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: getenv.ORACLE_HOME, Type Schema: SYS, Type Name: java.lang.RuntimePermission
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 20/35
GRANT, Name: createSecurityManager, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: modifyThread, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: modifyThreadGroup, Type Schema: SYS, Type Name: java.lang.RuntimePermission GRANT, Name: oracle.net.tns_admin, Type Schema: SYS, Type Name: java.util.PropertyPermission, Action: write GRANT, Name: preferences, Type Schema: SYS, Type Name: java.lang.RuntimePermission RESTRICT, Name: LoadClassInPackage.oracle.ord.*, Type Schema: SYS, Type Name: oracle.aurora.security.JServerPermission RESTRICT, Name: 0:java.lang.RuntimePermission#loadLibrary.*, Type Schema: SYS, Type Name: oracle.aurora.rdbms.security.PolicyTablePermission RESTRICT, Name: loadLibrary.*, Type Schema: SYS, Type Name: java.lang.RuntimePermission RESTRICT, Name: LoadClassInPackage.oracle.aurora.*, Type Schema: SYS, Type Name: oracle.aurora.security.JServerPermission RESTRICT, Name: LoadClassInPackage.java.*, Type Schema: SYS, Type Name: oracle.aurora.security.JServerPermission RESTRICT, Name: LoadClassInPackage.oracle.jdbc.*, Type Schema: SYS, Type Name: oracle.aurora.security.JServerPermission
Grantee: SYSTEM GRANT, Name: <<ALL FILES>>, Type Schema: SYS, Type Name: java.io.FilePermission, Action: read
Remarks Java permission grants control the ability of database users to execute Java classes within thedatabase server. A database user executing Java code must have both Java security permissions anddatabase privileges to access resources within the database. These resources include databaseresources, such as tables and PL/SQL packages, operating system resources, such as files and sockets,Oracle JVM classes, and user-loaded classes. Make sure that these permissions are limited to theminimum required by each user.
Users with Administrative Privileges
PRIV.ADMIN
Status Evaluate
Summary Found 4 users granted administrative privileges. Found 0 administrative privileges not granted to anyuser.
DetailsSYSDBA (1): SYS SYSOPER (1): SYS SYSBACKUP (1): SYSBACKUP SYSDG (1): SYSDG SYSKM (1): SYSKM
Remarks Administrative privileges allow a user to perform maintenance operations, including some that mayoccur while the database is not open. The SYSDBA privilege allows the user to run as SYS and performvirtually all privileged operations. Starting with Oracle Database 12.1, less powerful administrativeprivileges were introduced to allow users to perform common administrative tasks with less than fullSYSDBA privileges. To achieve the benefit of this separation of duty, each of these administrativeprivileges should be granted to at least one user account.
Authorization Control
Database Vault
AUTH.DV
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 21/35
Status Opportunity
Summary Database Vault is not enabled.
Remarks Database Vault provides for configurable policies to control the actions of privileged administrativeusers, in order to protect against insider threats, stolen credentials, and human error. Data realmsprevent unauthorized access to sensitive data objects, even by users with system privileges. Commandrules limit the SQL commands and options that administrators can execute.
Privilege Analysis
AUTH.PRIV
Status Opportunity
Summary No privilege analysis policies found.
Details
Users with EXECUTE on SYS.DBMS_PRIVILEGE_CAPTURE: APPUSER03, SYSTEM
Remarks Privilege Analysis records the privileges used during a real or simulated workload. After collecting dataabout the privileges that are actually used, this information can be used to revoke privilege grants thatare no longer needed.
Data Encryption
Transparent Data Encryption
CRYPT.TDE
Status Opportunity
Summary No encrypted tablespaces found. No encrypted columns found.
Remarks Encryption of some sensitive data is a requirement in certain regulated environments. TransparentData Encryption automatically encrypts data as it is stored and decrypts it upon retrieval. This protectssensitive data from attacks that bypass the database to read data files directly. Encryption keys maybe stored in wallets on the database server itself, or stored remotely in Oracle Key Vault for improvedsecurity.
Encryption Key Wallet
CRYPT.WALLET
Status Evaluate
Summary Found 1 wallet. No wallets are stored in the data file directory.
DetailsWallet location: /u01/app/oracle/admin/DB3/wallet Wallet type: FILE Status: NOT_AVAILABLE Keystore type: UNKNOWN Wallet order: SINGLE
Data file directory: /u01/app/oracle/product/12.1.0.2/db_1/dbs
Remarks Wallets are encrypted files used to store encryption keys, passwords, and other sensitive data. Walletfiles should not be stored in the same directory with database data files, to avoid accidentally creatingbackups that include both encrypted data files and the wallet containing the master key protectingthose files. For maximum separation of keys and data, consider storing encryption keys in Oracle KeyVault instead of wallet files.
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 22/35
Fine-Grained Access Control
Data Redaction
ACCESS.REDACT
Status Opportunity
Summary No data redaction policies found.
Details
Users with EXEMPT REDACTION POLICY privilege: APPUSER03, SYSTEM Users with EXECUTE on SYS.DBMS_REDACT: APPUSER03, SYSTEM
Remarks Data Redaction automatically masks sensitive data found in the results of a database query. The datais masked immediately before it is returned as part of the result set, so it does not interfere with anyconditions specified as part of the query. Access by users with the EXEMPT REDACTION POLICYprivilege will not be affected by the redaction policy. Users who can execute the DBMS_REDACTpackage are able to create and modify redaction policies. Also consider the use of Oracle DataMasking and Subsetting to permanently mask sensitive data when making copies for test ordevelopment use.
Virtual Private Database
ACCESS.VPD
Status Evaluate
Summary Found 1 VPD policy protecting 51 objects.
DetailsPolicy REPCAT_POLICY: Protects SYSTEM.REPCAT$_REPCAT, SYSTEM.REPCAT$_REPGROUP_PRIVS, SYSTEM.REPCAT$_FLAVORS, SYSTEM.REPCAT$_SNAPGROUP, SYSTEM.REPCAT$_REPOBJECT, SYSTEM.REPCAT$_REPCOLUMN, SYSTEM.REPCAT$_KEY_COLUMNS, SYSTEM.REPCAT$_GENERATED, SYSTEM.REPCAT$_REPPROP, SYSTEM.REPCAT$_REPCATLOG, SYSTEM.REPCAT$_DDL, SYSTEM.REPCAT$_PRIORITY_GROUP, SYSTEM.REPCAT$_PRIORITY, SYSTEM.REPCAT$_COLUMN_GROUP, SYSTEM.REPCAT$_GROUPED_COLUMN, SYSTEM.REPCAT$_CONFLICT, SYSTEM.REPCAT$_RESOLUTION_METHOD, SYSTEM.REPCAT$_RESOLUTION, SYSTEM.REPCAT$_RESOLUTION_STATISTICS, SYSTEM.REPCAT$_RESOL_STATS_CONTROL, SYSTEM.REPCAT$_PARAMETER_COLUMN, SYSTEM.REPCAT$_AUDIT_ATTRIBUTE, SYSTEM.REPCAT$_AUDIT_COLUMN, SYSTEM.REPCAT$_FLAVOR_OBJECTS, SYSTEM.REPCAT$_TEMPLATE_STATUS, SYSTEM.REPCAT$_TEMPLATE_TYPES, SYSTEM.REPCAT$_REFRESH_TEMPLATES, SYSTEM.REPCAT$_USER_AUTHORIZATIONS, SYSTEM.REPCAT$_OBJECT_TYPES, SYSTEM.REPCAT$_TEMPLATE_REFGROUPS, SYSTEM.REPCAT$_TEMPLATE_OBJECTS, SYSTEM.REPCAT$_TEMPLATE_PARMS, SYSTEM.REPCAT$_OBJECT_PARMS, SYSTEM.REPCAT$_USER_PARM_VALUES, SYSTEM.REPCAT$_TEMPLATE_SITES, SYSTEM.REPCAT$_SITE_OBJECTS, SYSTEM.REPCAT$_RUNTIME_PARMS, SYSTEM.REPCAT$_TEMPLATE_TARGETS, SYSTEM.REPCAT$_EXCEPTIONS, SYSTEM.REPCAT$_INSTANTIATION_DDL, SYSTEM.REPCAT$_EXTENSION, SYSTEM.REPCAT$_SITES_NEW, SYSTEM.DEF$_CALLDEST, SYSTEM.DEF$_ERROR, SYSTEM.DEF$_DEFAULTDEST, SYSTEM.DEF$_DESTINATION, SYSTEM.DEF$_LOB, SYSTEM.DEF$_PROPAGATOR, SYSTEM.DEF$_ORIGIN, SYSTEM.DEF$_PUSHED_TRANSACTIONS, SYSTEM.REPCAT$_REPSCHEMA
Users with EXEMPT ACCESS POLICY privilege: (none) Users with EXECUTE on SYS.DBMS_RLS: APPUSER03, SYSTEM
Remarks Virtual Private Database (VPD) allows for fine-grained control over which rows and columns of a tableare visible to a SQL statement. Access control using VPD limits each database session to only thespecific data it should be able to access. Access by users with the EXEMPT ACCESS POLICY privilege
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 23/35
will not be affected by VPD policies. Users who can execute the DBMS_RLS package are able to createand modify these policies.
Real Application Security
ACCESS.RAS
Status Opportunity
Summary No RAS policies found.
Details
Users with EXEMPT ACCESS POLICY privilege: (none) Users with ADMIN_ANY_SEC_POLICY privilege: APPUSER03, SYSTEM Users with ADMIN_SEC_POLICY privilege: APPUSER, APPUSER02, APPUSER03, SYSTEM Users with APPLY_SEC_POLICY privilege: (none)
Remarks Like Virtual Private Database, Real Application Security (RAS) provides fine-grained control over therows and columns of a table that are visible to a SQL statement. Specification of RAS data accesspolicies uses a declarative syntax based on access control lists. Access by users with the EXEMPTACCESS POLICY privilege will not be affected by RAS access policies. Users with ADMIN_SEC_POLICYand APPLY_SEC_POLICY privileges are able to create and modify these policies.
Label Security
ACCESS.OLS
Status Opportunity
Summary Label Security is not enabled.
Remarks Oracle Label Security provides the ability to tag data with a data label or a data classification. Accessto sensitive data is controlled by comparing the data label with the requesting user's label or securityclearance. A user label or security clearance can be thought of as an extension to standard databaseprivileges and roles. Access by users with the EXEMPT ACCESS POLICY privilege will not be affected bythe Label Security policies. Each policy has a corresponding role; users who have this role are able toadminister the policy.
Transparent Sensitive Data Protection
ACCESS.TSDP
Status Opportunity
Summary No sensitive types and columns found. Found 0 TSDP policies.
DetailsPolicies: (none)
Users with EXECUTE on SYS.DBMS_TSDP_MANAGE: (none) Users with EXECUTE on SYS.DBMS_TSDP_PROTECT: (none)
Remarks Transparent Sensitive Data Protection (TSDP), introduced in Oracle Database 12.1, allows a data typeto be associated with each column that contains sensitive data. TSDP can then apply various datasecurity features to all instances of a particular type so that protection is uniform and consistent. Datafrom columns marked as sensitive is also automatically redacted in the database audit trail and tracelogs. Users who can execute the DBMS_TSDP_MANAGE and DBMS_TSDP_PROTECT packages are able tomanage sensitive data types and the protection actions that are applied to them.
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 24/35
Auditing
Audit Records
AUDIT.RECORDS
Status Evaluate
Summary Examined 3 audit trails. Found records in 1 audit trail. No errors found in audit initializationparameters.
DetailsTraditional Audit Trail: No records found FGA Audit Trail: No records foundUnified Audit Trail: In use
AUDIT_FILE_DEST=/u01/app/oracle/admin/DB3/adump AUDIT_SYSLOG_LEVEL is not set. AUDIT_TRAIL=DB
Remarks Auditing is an essential component for securing any system. The audit trail allows for monitoring theactivities of highly privileged users. For any attack that exploits gaps in other security policies,auditing cannot prevent the attack but it forms the critical last line of defense by detecting themalicious activity. Sending audit data to a remote system is recommended in order to prevent anypossible tampering with the audit records. The AUDIT_SYSLOG_LEVEL parameter can be set to send anabbreviated version of some audit records to a remote syslog collector. A better solution is to useOracle Audit Vault and Database Firewall to centrally collect full audit records from multipledatabases.
Statement Audit
AUDIT.STMT
Status Evaluate
Summary Auditing enabled for 17 statements.
DetailsUnified Audit (17): ALTER DATABASE LINK, ALTER PLUGGABLE DATABASE, ALTER PROFILE, ALTER ROLE, ALTER USER, CREATE DATABASE LINK, CREATE DIRECTORY, CREATE PLUGGABLE DATABASE, CREATE PROFILE, CREATE ROLE, DROP DATABASE LINK, DROP DIRECTORY, DROP PLUGGABLE DATABASE, DROP PROFILE, DROP ROLE, LOGON, SET ROLE
Remarks This finding shows the SQL statements that are audited by enabled audit policies.
Object Audit
AUDIT.OBJ
Status Evaluate
Summary Auditing enabled for 223 objects.
DetailsTraditional Audit: Schema DVF (1): DBMS_MACSEC_FUNCTION Schema DVSYS (100): AUDIT_TRAIL$, AUDIT_TRAIL$_SEQ, CODE$, CODE$_SEQ, COMMAND_RULE$, COMMAND_RULE$_SEQ, DBA_DV_CODE, DBA_DV_COMMAND_RULE, DBA_DV_FACTOR, DBA_DV_FACTOR_LINK, DBA_DV_FACTOR_TYPE, DBA_DV_IDENTITY, DBA_DV_IDENTITY_MAP, DBA_DV_MAC_POLICY, DBA_DV_MAC_POLICY_FACTOR, DBA_DV_POLICY_LABEL, DBA_DV_REALM, DBA_DV_REALM_AUTH, DBA_DV_REALM_OBJECT, DBA_DV_ROLE, DBA_DV_RULE, DBA_DV_RULE_SET, DBA_DV_RULE_SET_RULE, DBMS_MACADM, DBMS_MACAUD, DBMS_MACOLS,
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 25/35
DBMS_MACOLS_SESSION, DBMS_MACSEC, DBMS_MACSEC_ROLES, DBMS_MACSEC_ROLE_ADMIN, DBMS_MACSEC_RULES, DBMS_MACUTL, DV$CODE, DV$COMMAND_RULE, DV$FACTOR, DV$FACTOR_LINK, DV$FACTOR_TYPE, DV$IDENTITY, DV$IDENTITY_MAP, DV$MAC_POLICY, DV$MAC_POLICY_FACTOR, DV$OLS_POLICY, DV$OLS_POLICY_LABEL, DV$POLICY_LABEL, DV$REALM, DV$REALM_AUTH, DV$REALM_OBJECT, DV$ROLE, DV$RULE, DV$RULE_SET, DV$RULE_SET_RULE, DV$SYS_GRANTEE, DV$SYS_OBJECT, DV$SYS_OBJECT_OWNER, EVALUATE_RULE_SET, FACTOR$, FACTOR$_SEQ, FACTOR_LINK$, FACTOR_LINK$_PRIV, FACTOR_LINK$_SEQ, FACTOR_TYPE$, FACTOR_TYPE$_PRIV, FACTOR_TYPE$_SEQ, GET_FACTOR, GET_TRUST_LEVEL, GET_TRUST_LEVEL_FOR_IDENTITY, IDENTITY$, IDENTITY$_PRIV, IDENTITY$_SEQ, IDENTITY_MAP$, IDENTITY_MAP$_PRIV, IDENTITY_MAP$_SEQ, MACOLS_INIT_SESSION, MAC_POLICY$, MAC_POLICY$_PRIV, MAC_POLICY$_SEQ, MAC_POLICY_FACTOR$, MAC_POLICY_FACTOR$_PRIV, MAC_POLICY_FACTOR$_SEQ, POLICY_LABEL$, POLICY_LABEL$_PRIV, POLICY_LABEL$_SEQ, PREDICATE_TRUE, REALM$, REALM$_SEQ, REALM_AUTH$, REALM_AUTH$_SEQ, REALM_OBJECT$, REALM_OBJECT$_SEQ, ROLE$, ROLE$_PRIV, ROLE$_SEQ, ROLE_IS_ENABLED, RULE$, RULE$_SEQ, RULE_SET$, RULE_SET$_SEQ, RULE_SET_RULE$, RULE_SET_RULE$_SEQ, SET_FACTOR Schema LBACSYS (122): ALL_SA_AUDIT_OPTIONS, ALL_SA_COMPARTMENTS, ALL_SA_DATA_LABELS, ALL_SA_GROUPS, ALL_SA_GROUP_HIERARCHY, ALL_SA_LABELS, ALL_SA_LEVELS, ALL_SA_POLICIES, ALL_SA_PROGRAMS, ALL_SA_PROG_PRIVS, ALL_SA_SCHEMA_POLICIES, ALL_SA_TABLE_POLICIES, ALL_SA_USERS, ALL_SA_USER_COMPARTMENTS, ALL_SA_USER_GROUPS, ALL_SA_USER_LABELS, ALL_SA_USER_LEVELS, ALL_SA_USER_PRIVS, DBA_LBAC_DATA_LABELS, DBA_LBAC_LABELS, DBA_LBAC_LABEL_TAGS, DBA_LBAC_POLICIES, DBA_LBAC_SCHEMA_POLICIES, DBA_LBAC_TABLE_POLICIES, DBA_OLS_AUDIT_OPTIONS, DBA_SA_AUDIT_OPTIONS, DBA_SA_COMPARTMENTS, DBA_SA_DATA_LABELS, DBA_SA_GROUPS, DBA_SA_GROUP_HIERARCHY, DBA_SA_LABELS, DBA_SA_LEVELS, DBA_SA_POLICIES, DBA_SA_PROGRAMS, DBA_SA_PROG_PRIVS, DBA_SA_SCHEMA_POLICIES, DBA_SA_TABLE_POLICIES, DBA_SA_USERS, DBA_SA_USER_COMPARTMENTS, DBA_SA_USER_GROUPS, DBA_SA_USER_LABELS, DBA_SA_USER_LEVELS, DBA_SA_USER_PRIVS, LBAC$CACHE_LIBT, LBAC$EVENT_LIBT, LBAC$LABEL_LIBT, LBAC$LABLT_LIBT, LBAC$PRIVS_LIBT, LBAC$SA, LBAC$SA_LABELS, LBAC$STD_LIBT, LBAC$TYPE_LIBT, LBAC$USER_LIBT, LBAC_BIN_LABEL, LBAC_CACHE, LBAC_ERRORS, LBAC_EVENTS, LBAC_FRAME_GRANT, LBAC_LABEL, LBAC_LABEL_LIST, LBAC_NAME_LIST, LBAC_POLICY_ADMIN, LBAC_PRIVS, LBAC_RLS, LBAC_SERVICES, LBAC_SESSION, LBAC_STANDARD, LBAC_SYSDBA, LBAC_UTL, LDAP_ATTR, LDAP_ATTR_LIST, LDAP_EVENT, LDAP_EVENT_STATUS, NUMERIC_DOMINATED_BY, NUMERIC_DOMINATES, NUMERIC_GREATEST_LBOUND, NUMERIC_LABEL_TO_CHAR, NUMERIC_LEAST_UBOUND, NUMERIC_MERGE_LABEL, NUMERIC_STRICTLY_DOMINATED_BY, NUMERIC_STRICTLY_DOMINATES, OLS$AUDIT, OLS$AUDIT_ACTIONS, OLS$COMPARTMENTS, OLS$DIP_DEBUG, OLS$DIP_EVENTS, OLS$GROUPS, OLS$INSTALLATIONS, OLS$LAB, OLS$LAB_SEQUENCE, OLS$LEVELS, OLS$POL, OLS$POLICY_ADMIN, OLS$POLICY_COLUMNS, OLS$POLS, OLS$POLT, OLS$PROFILES, OLS$PROG, OLS$PROPS, OLS$TAG_SEQUENCE, OLS$TRUSTED_PROGS, OLS$USER, OLS$USER_COMPARTMENTS, OLS$USER_GROUPS, OLS$USER_LEVELS, OLS_DIP_NTFY, PRIVS_TO_CHAR, SA$ADMIN, SA$POL, SA_AUDIT_ADMIN, SA_COMPONENTS, SA_LABEL_ADMIN, SA_POLICY_GRANT, SA_SESSION, SA_SYSDBA, SA_USER_ADMIN, SA_UTL, TO_LBAC_DATA_LABEL, TO_LBAC_LABEL, TO_NUMERIC_DATA_LABEL, TO_NUMERIC_LABEL, USER_SA_SESSION
Remarks This finding shows the object accesses that are audited by enabled audit policies.
Privilege Audit
AUDIT.PRIV
Status Evaluate
Summary Auditing enabled for 29 privileges.
DetailsUnified Audit (29): ADMINISTER KEY MANAGEMENT, ALTER ANY PROCEDURE, ALTER ANY SQL TRANSLATION PROFILE, ALTER ANY TABLE, ALTER DATABASE, ALTER SYSTEM, AUDIT SYSTEM, CREATE ANY JOB, CREATE ANY LIBRARY, CREATE ANY PROCEDURE, CREATE ANY SQL TRANSLATION PROFILE, CREATE ANY TABLE, CREATE EXTERNAL JOB, CREATE PUBLIC SYNONYM, CREATE SQL TRANSLATION PROFILE,
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 26/35
CREATE USER, DROP ANY PROCEDURE, DROP ANY SQL TRANSLATION PROFILE, DROP ANY TABLE, DROP PUBLIC SYNONYM, DROP USER, EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY, GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE, LOGMINING, PURGE DBA_RECYCLEBIN, TRANSLATE ANY SQL
Remarks This finding shows the privileges that are audited by enabled audit policies.
Administrative User Audit
AUDIT.ADMIN
Status Pass
Summary Actions of the SYS user are audited.
DetailsTraditional Audit: AUDIT_SYS_OPERATIONS is set to TRUE.
Unified Audit policies enabled for administrators: (none)
Remarks It is important to audit administrative actions performed by the SYS user. Traditional audit policies donot apply to SYS, so the AUDIT_SYS_OPERATIONS parameter must be set to record SYS actions to aseparate audit trail. Beginning with Oracle 12c, the same Unified Audit policies can be applied to SYSthat are used to monitor other users.
Privilege Management Audit
AUDIT.PRIVMGMT
Status Pass
Summary Actions related to privilege management are sufficiently audited.
DetailsTraditional audit ‐ auditing enabled: (none) Unified audit ‐ auditing enabled: GRANT ANY OBJECT PRIVILEGE, GRANT ANY PRIVILEGE, GRANT ANY ROLE
Remarks Granting additional privileges to users or roles potentially affects most security protections and shouldbe audited. Each action or privilege listed here should be included in at least one enabled audit policy.
Account Management Audit
AUDIT.ACCTMGMT
Status Pass
Summary Actions related to account management are sufficiently audited.
DetailsTraditional audit ‐ auditing enabled: (none) Unified audit ‐ auditing enabled: ALTER PROFILE, ALTER USER, CREATE PROFILE, CREATE USER, DROP PROFILE, DROP USER
Remarks Creation of new user accounts or modification of existing accounts can be used to gain access to theprivileges of those accounts and should be audited. Each action or privilege listed here should beincluded in at least one enabled audit policy.
Database Management Audit
AUDIT.DBMGMT
Status Significant Risk
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 27/35
Summary Actions related to database management are not sufficiently audited.
DetailsAuditing not enabled: ALTER PUBLIC DATABASE LINK, AUDIT ANY, CREATE ANY DIRECTORY, CREATE PUBLIC DATABASE LINK, CREATE SPFILE, DROP ANY DIRECTORY, DROP PUBLIC DATABASE LINK, SYSTEM AUDIT
Traditional audit ‐ auditing enabled: (none) Unified audit ‐ auditing enabled: ADMINISTER KEY MANAGEMENT, ALTER DATABASE, ALTER DATABASE LINK, ALTER PLUGGABLE DATABASE, ALTER SYSTEM, CREATE ANY LIBRARY, CREATE DATABASE LINK, CREATE EXTERNAL JOB, CREATE PLUGGABLE DATABASE, CREATE PUBLIC SYNONYM, DROP DATABASE LINK, DROP PLUGGABLE DATABASE, DROP PUBLIC SYNONYM, EXECUTE ON SYS.DBMS_RLS
Remarks Actions that affect the management of database features should always be audited. Each action orprivilege listed here should be included in at least one enabled audit policy.
Privilege Usage Audit
AUDIT.PRIVUSE
Status Significant Risk
Summary Usages of powerful system privileges are not sufficiently audited.
DetailsAuditing not enabled: BECOME USER, CREATE ANY TRIGGER
Traditional audit ‐ auditing enabled: (none) Unified audit ‐ auditing enabled: ALTER ANY SQL TRANSLATION PROFILE, CREATE ANY JOB, CREATE ANY PROCEDURE, CREATE ANY SQL TRANSLATION PROFILE, EXEMPT ACCESS POLICY, EXEMPT REDACTION POLICY, LOGMINING, TRANSLATE ANY SQL
Remarks Usage of powerful system privileges should always be audited. Each privilege listed here should beincluded in at least one enabled audit policy.
Database Connection Audit
AUDIT.CONN
Status Pass
Summary Database connections are sufficiently audited.
DetailsTraditional audit ‐ auditing enabled: (none) Unified audit ‐ auditing enabled: LOGON
Remarks Successful user connections to the database should be audited to assist with future forensic analysis.Unsuccessful connection attempts can provide early warning of an attacker's attempt to gain access tothe database.
Fine Grained Audit
AUDIT.FGA
Status Opportunity
Summary No fine grained audit policies found.
Details
Users with EXECUTE on SYS.DBMS_FGA: APPUSER03, SYSTEM
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 28/35
Remarks Fine Grained Audit policies can record highly specific activity, such as access to particular tablecolumns or access that occurs under specified conditions. This is a useful way to monitor unexpecteddata access while avoiding unnecessary audit records that correspond to normal activity.
Unified Audit
AUDIT.UNIFIED
Status Evaluate
Summary Found 8 unified audit policies. Found 47 objects or statements being audited.
DetailsPolicy ORA_ACCOUNT_MGMT (Disabled): Audits 9 objects/statements Policy ORA_CIS_RECOMMENDATIONS (Disabled): Audits 26 objects/statements Policy ORA_DATABASE_PARAMETER (Disabled): Audits 3 objects/statements Policy ORA_DV_AUDPOL (Disabled): Audits 1768 objects/statements Policy ORA_LOGON_FAILURES (Enabled): Audits 1 objects/statements Policy ORA_RAS_POLICY_MGMT (Disabled): Audits 33 objects/statements Policy ORA_RAS_SESSION_MGMT (Disabled): Audits 14 objects/statements Policy ORA_SECURECONFIG (Enabled): Audits 46 objects/statements
Remarks Unified Audit, available in Oracle Database 12.1 and later releases, combines multiple audit trails intoa single unified view. It also introduces new syntax for specifying effective audit policies.
Database Configuration
Initialization Parameters for Security
Name Value
AUDIT_FILE_DEST /u01/app/oracle/admin/DB3/adump
AUDIT_SYSLOG_LEVEL
AUDIT_SYS_OPERATIONS TRUE
AUDIT_TRAIL DB
COMPATIBLE 12.1.0.2.0
DBFIPS_140 FALSE
DISPATCHERS (PROTOCOL=TCP) (SERVICE=DB3XDB)
GLOBAL_NAMES FALSE
LDAP_DIRECTORY_ACCESS NONE
LDAP_DIRECTORY_SYSAUTH no
O7_DICTIONARY_ACCESSIBILITY FALSE
OS_AUTHENT_PREFIX ops$
OS_ROLES FALSE
PDB_LOCKDOWN
PDB_OS_CREDENTIAL
REMOTE_LISTENER
REMOTE_LOGIN_PASSWORDFILE EXCLUSIVE
REMOTE_OS_AUTHENT FALSE
REMOTE_OS_ROLES FALSE
RESOURCE_LIMIT TRUE
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 29/35
Name Value
SEC_CASE_SENSITIVE_LOGON TRUE
SEC_MAX_FAILED_LOGIN_ATTEMPTS 10
SEC_PROTOCOL_ERROR_FURTHER_ACTION (DROP,3)
SEC_PROTOCOL_ERROR_TRACE_ACTION LOG
SEC_RETURN_SERVER_RELEASE_BANNER FALSE
SQL92_SECURITY FALSE
UNIFIED_AUDIT_SGA_QUEUE_SIZE 1048576
UTL_FILE_DIR
Access to Dictionary Objects
CONF.SYSOBJ
Status Pass
Summary Access to dictionary objects is properly limited.
DetailsO7_DICTIONARY_ACCESSIBILITY=FALSE
Remarks When O7_DICTIONARY_ACCESSIBILITY is set to FALSE, tables owned by SYS are not affected by the ANYTABLE system privileges. This parameter should always be set to FALSE because tables owned by SYScontrol the overall state of the database and should not be subject to manipulation by users with ANYTABLE privileges.
Inference of Table Data
CONF.INFER
Status Significant Risk
Summary UPDATE and DELETE statements can be used to infer data values.
DetailsSQL92_SECURITY=FALSE. Recommended value is TRUE.
Remarks When SQL92_SECURITY is set to TRUE, UPDATE and DELETE statements that refer to a column in theirWHERE clauses will succeed only when the user has the privilege to SELECT from the same column.This parameter should be set to TRUE so that this requirement is enforced in order to prevent usersfrom inferring the value of a column which they do not have the privilege to view.
Network Communications
CONF.NETCOM
Status Pass
Summary Examined 3 initialization parameters. No issues found.
DetailsSEC_PROTOCOL_ERROR_FURTHER_ACTION=(DROP,3) SEC_PROTOCOL_ERROR_TRACE_ACTION=LOG SEC_RETURN_SERVER_RELEASE_BANNER=FALSE
Remarks The SEC_PROTOCOL_ERROR parameters control the database server's response when it receivesmalformed network packets from a client. Because these malformed packets may indicate anattempted attack by a malicious client, the parameters should be set to log the incident and terminate
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 30/35
the connection. SEC_RETURN_SERVER_RELEASE_BANNER should be set to FALSE to limit the informationthat is returned to an unauthenticated client, which could be used to help determine the server'svulnerability to a remote attack.
External Authorization
CONF.EXTAUTH
Status Pass
Summary Examined 2 initialization parameters. No issues found.
DetailsREMOTE_OS_ROLES=FALSE OS_ROLES=FALSE
Remarks The OS_ROLES and REMOTE_OS_ROLES parameters determine whether roles granted to users arecontrolled by GRANT statements in the database or by the operating system environment. Bothparameters should be set to FALSE so that the authorizations of database users are managed by thedatabase itself.
File System Access
CONF.FILESYS
Status Pass
Summary Examined 1 initialization parameter. No issues found.
DetailsUTL_FILE_DIR=''
Remarks The UTL_FILE_DIR parameter controls which part of the server's file system can be accessed by PL/SQLcode. Note that as the directories specified in the UTL_FILE_DIR parameter may be accessed by anydatabase user, it should be set to specify one or more safe directories that do not contain restrictedfiles such as the configuration or data files for the database. For maximum security, use directoryobjects which allow finer grained control of access, rather than relying on this parameter.
Triggers
CONF.TRIG
Status Pass
Summary No logon triggers found. No disabled triggers found.
Remarks A trigger is code that executes whenever a specific event occurs, such as inserting data in a table orconnecting to the database. Disabled triggers are a potential cause for concern because whateverprotection or monitoring they may be expected to provide is not active.
Disabled Constraints
CONF.CONST
Status Pass
Summary No disabled constraints found.
Remarks Constraints are used to enforce and guarantee specific relationships between data items stored in thedatabase. Disabled constraints are a potential cause for concern because the conditions they ensureare not enforced.
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 31/35
External Procedures
CONF.EXTPROC
Status Evaluate
Summary Found 3 external procedures. No external services found.
DetailsExternal procedures: ORDSYS.ORDIMLIBS, SYS.DBMS_SUMADV_LIB, SYS.KUBSAGT_LIB
Remarks External procedures allow code written in other languages to be executed from PL/SQL. Note thatmodifications to external code cannot be controlled by the database. Be careful to ensure that onlytrusted code libraries are available to be executed. Although the database can spawn its own processto execute the external procedure, it is advisable to configure a listener service for this purpose sothat the external code can run as a less-privileged OS user. The listener configuration should setEXTPROC_DLLS to identify the specific shared library code that can be executed rather than using thedefault value ANY.
Directory Objects
CONF.DIR
Status Evaluate
Summary Found 10 directory objects. No directory objects allow access to restricted Oracle directory paths. Nodirectory objects allow both write and execute access.
DetailsDirectory Name: DATA_PUMP_DIR Path = /u01/app/oracle/admin/DB3/dpdump/ Users or roles with access: EXP_FULL_DATABASE(READ), EXP_FULL_DATABASE(READ), EXP_FULL_DATABASE(WRITE), EXP_FULL_DATABASE(WRITE), IMP_FULL_DATABASE(READ), IMP_FULL_DATABASE(READ), IMP_FULL_DATABASE(WRITE), IMP_FULL_DATABASE(WRITE)
Directory Name: OPATCH_INST_DIR Path = /u01/app/oracle/product/12.1.0.2/db_1/OPatch/
Directory Name: OPATCH_LOG_DIR Path = /u01/app/oracle/product/12.1.0.2/db_1/QOpatch/
Directory Name: OPATCH_SCRIPT_DIRPath = /u01/app/oracle/product/12.1.0.2/db_1/QOpatch/
Directory Name: ORACLE_BASE Path = /
Directory Name: ORACLE_HOME Path = /
Directory Name: ORACLE_OCM_CONFIG_DIR Path = /u01/app/oracle/product/12.1.0.2/db_1/ccr/hosts/ol7.localdomain/state/
Directory Name: ORACLE_OCM_CONFIG_DIR2 Path = /u01/app/oracle/product/12.1.0.2/db_1/ccr/state/
Directory Name: XMLDIR Path = /u01/app/oracle/product/12.1.0.2/db_1/rdbms/xml/
Directory Name: XSDDIR Path = /u01/app/oracle/product/12.1.0.2/db_1/rdbms/xml/schema/
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 32/35
Remarks Directory objects allow access to the server's file system from PL/SQL code within the database.Access to files that are used by the database kernel itself should not be permitted, as this may alterthe operation of the database and bypass its access controls.
Database Links
CONF.LINKS
Status Evaluate
Summary Found 2 database links.
DetailsUsers with CREATE DATABASE LINK privilege: APPUSER03, SYSTEM Users with CREATE PUBLIC DATABASE LINK privilege: APPUSER03, SYSTEM
Private links: SYS: DB2 (User HR)
Public links: P_SCOTT (User SCOTT)
Remarks Database links allow users to execute SQL statements that access tables in other databases. Thisallows for both querying and storing data on the remote database.
Network Access Control
CONF.NETACL
Status Evaluate
Summary Found 1 network ACL.
DetailsNETWORK_ACL_FD9ACFEC5BCC48A9E043B6A9E80AFB6F (Host: *, Ports: Min ‐ Max) Principal: GSMADMIN_INTERNAL, Action: deny, Privilege: resolve
Remarks Network ACLs control the external servers that database users can access using network packagessuch as UTL_TCP and UTL_HTTP. Specifically, a database user needs the connect privilege to anexternal network host computer if he or she is connecting using the UTL_TCP, UTL_HTTP, UTL_SMTP,and UTL_MAIL utility packages. To convert between a host name and its IP address using theUTL_INADDR package, the resolve privilege is required. Make sure that these permissions are limitedto the minimum required by each user.
XML Database Access Control
CONF.XMLACL
Status Evaluate
Summary Found 9 XML Database ACLs.
DetailsNamespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Protected:Readable by PUBLIC and all privileges to OWNER Principal: dav:owner, Action: grant, Privileges: all Principal: XDBADMIN, Action: grant, Privileges: all Principal: PUBLIC, Action: grant, Privileges: read‐properties, read‐ contents, read‐acl, resolve
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Public:All privileges to PUBLIC Principal: PUBLIC, Action: grant, Privileges: all
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 33/35
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Private:All privileges to OWNER only and not accessible to others Principal: dav:owner, Action: grant, Privileges: all
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Read‐Only:Readable by all and writeable by none Principal: PUBLIC, Action: grant, Privileges: read‐properties, read‐ contents, read‐acl, resolve
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Protected:Readable by PUBLIC and all privileges to OWNER Principal: dav:owner, Action: grant, Privileges: all Principal: XDBADMIN, Action: grant, Privileges: all Principal: PUBLIC, Action: grant, Privileges: read‐properties, read‐ contents, read‐acl, resolve Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Protected:Readable by PUBLIC and all privileges to OWNER Principal: dav:owner, Action: grant, Privileges: all Principal: XDBADMIN, Action: grant, Privileges: all Principal: PUBLIC, Action: grant, Privileges: read‐properties, read‐ contents, read‐acl, resolve Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Protected:Readable by PUBLIC and all privileges to OWNER Principal: dav:owner, Action: grant, Privileges: all Principal: XDBADMIN, Action: grant, Privileges: all Principal: PUBLIC, Action: grant, Privileges: read‐properties, read‐ contents, read‐acl, resolve Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Protected:Readable by PUBLIC and all privileges to OWNER Principal: dav:owner, Action: grant, Privileges: all Principal: XDBADMIN, Action: grant, Privileges: all Principal: PUBLIC, Action: grant, Privileges: read‐properties, read‐ contents, read‐acl, resolve Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all
Namespace: {http://xmlns.oracle.com/xdb/acl.xsd} Description: Protected:Readable by PUBLIC and all privileges to OWNER Principal: dav:owner, Action: grant, Privileges: all Principal: XDBADMIN, Action: grant, Privileges: all Principal: PUBLIC, Action: grant, Privileges: read‐properties, read‐ contents, read‐acl, resolve Principal: OLAP_XS_ADMIN, Action: grant, Privileges: all
Remarks XML ACLs control access to database resources using the XML DB feature. Every resource in the OracleXML DB Repository hierarchy has an associated ACL. The ACL mechanism specifies a privilege-basedaccess control for resources to principals, which are database users or roles. Whenever a resource isaccessed, a security check is performed, and the ACL determines if the requesting user has sufficientprivileges to access the resource. Make sure that these privileges are limited to the minimum requiredby each user.
Network Configuration
Network Listener Configuration
NET.COST
Status Pass
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 34/35
Summary Examined 1 listener. Found 0 listeners not configured properly.
DetailsListeners configured properly: LISTENER
Parameter setting for LISTENER: DYNAMIC_REGISTRATION_LISTENER=OFF. VALID_NODE_CHECKING_REGISTRATION_LISTENER is not set (default value = OFF). Should not be set to OFF. SECURE_PROTOCOL_LISTENER is not set. SECURE_CONTROL_LISTENER is not set. SECURE_REGISTER_LISTENER is not set.
Remarks These parameters are used to limit changes to the network listener configuration. One of the followingrestrictions should be implemented: (a) prevent changes by disabling DYNAMIC_REGISTRATION, (b)limit the nodes that can make changes by enabling VALID_NODE_CHECKING_REGISTRATION, or (c)limit the network sources for changes using the COST parameters SECURE_PROTOCOL,SECURE_CONTROL, and SECURE_REGISTER.
Listener Logging Control
NET.LISTENLOG
Status Pass
Summary Examined 1 listener. Found 0 listeners not configured properly.
DetailsListeners configured properly: LISTENER
Parameter setting for LISTENER: LOGGING_LISTENER is not set (default value = ON).
Remarks This parameter enables logging of listener activity. Log information can be useful for troubleshootingand to provide early warning of attempted attacks.
Operating System
OS Authentication
OS.AUTH
Status Evaluate
Summary 1 OS user can connect to the database via OS authentication.
DetailsSYSDBA [dba group]: oracle SYSOPER [oper group]: oracle SYSBACKUP [dba group]: oracle SYSKM [dba group]: oracle SYSDG [dba group]: oracle
Remarks OS authentication allows operating system users within the specified user group to connect to thedatabase with administrative privileges. This shows the OS group names and users that can exerciseeach administrative privilege.
Process Monitor Process
OS.PMON
Status Pass
05.03.2017 DB3 Oracle Database Secur悑�ty R悑�sk Assessment
f悑�le:///D:/OracleVM/DB3_report/DB3.html 35/35
Summary Found 1 PMON process. The owner of the PMON process matches the ORACLE_HOME owner.
DetailsPMON process: ora_pmon_DB3, Owner: oracle ORACLE_HOME owner: oracle
Remarks The PMON process monitors user processes and frees resources when they terminate. This processshould run with the user ID of the ORACLE_HOME owner.
Agent Processes
OS.AGENT
Status Some Risk
Summary Some Agent process owners overlap with Listener or PMON process owners.
DetailsOwner: oracle Command: /usr/bin/ssh‐agent /bin/sh ‐c exec ‐l /bin/bash ‐c "env GNOME_SHELL_SESSION_MODE=classic gnome‐session ‐‐session gnome‐classic"
Remarks Agent processes are used by Oracle Enterprise Manager to monitor and manage the database. Theseprocesses should run with a user ID separate from the database and listener processes.
Listener Processes
OS.LISTEN
Status Pass
Summary No Listener processes found. Listener process owners do not overlap with Agent or PMON processowners.
Remarks Listener processes accept incoming network connections and connect them to the appropriatedatabase server process. These processes should run with a user ID separate from the database andagent processes.
Diagnostics
Skip Allowed Logon Version check
Skipped ENCRYPT_NEW_TABLESPACES Parameter Check
Skipped SQLNET Parameters
Skipped SQLNET.ORA Permission
This report is focused on detecting areas of potential security vulnerabilities or misconfigurations and providing recommendations on howto mitigate those potential vulnerabilities.
The report provides a view on the current status. These recommendations are provided for informational purposes only and should not beused as a substitute for a thorough analysis or interpreted to contain any legal or regulatory advice or guidance.
You are solely responsible for your system, and the data and information gathered during the production of this report. You are also solelyresponsible for the execution of software to produce this report, and for the effect and results of the execution of any mitigating actionsidentified herein.
Oracle provides this analysis on an "as is" basis without warranty of any kind and Oracle hereby disclaims all warranties and conditionswhether express, implied or statutory.