Database security checklist updated for 9i,10g,11g R2 version.This documentation is prepared from Sans Institute security checklist 2003, Pete Finnigan web site and Oracle.com Oracle security documentation .
27. Check the spfile and pfile
read/write permissions. Only Oracle software owner can read / write this file.
· $ cd $ORACLE_HOME/dbs
· $ ls -ltr *.ora ( spfileSID.ora)
28. Check the system tablespace for non
sys objects. If the object owner are not ORAUSER move them the default data
tablespace.
·
SELECT * FROM
dba_segments
WHERE owner NOT IN ('SYS', 'SYSTEM') AND
tablespace_name = 'SYSTEM';
29. Check the users who has DBA role
privilege.
·
SELECT * FROM
dba_role_privs where granted_role='DBA';
30. Check the system privileges and find
the users and roles granted "ANY" privileges.
·
SELECT DISTINCT
grantee
FROM dba_sys_privs
WHERE privilege LIKE '%ANY%'
AND GRANTEE NOT IN
('SYS',
'DBA',
'IMP_FULL_DATABASE',
'DATAPUMP_IMP_FULL_DATABASE',
'WMSYS',
'AQ_ADMINISTRATOR_ROLE',
'EXP_FULL_DATABASE',
'SCHEDULER_ADMIN',
'OEM_MONITOR',
'SYSTEM',
'SYSMAN',
'DBSNMP',
'EXFSYS',
'OUTLN');
31. Check the “WITH ADMIN” and “WITH
GRANT” privileges and compare all databases.
·
select count(*) from dba_tab_privs where
grantable='YES';
·
select count(*) from dba_role_privs where
admin_option='YES';
·
select count(*) from
dba_sys_privs where
admin_option='YES';
32. Check the users who has “CREATE LIBRARY “ privileges.
·
select
GRANTEE,ADMIN_OPTION from
dba_sys_privs where privilege like '%CREATE
LIBRARY%';
For Database SECURTIY CHECKLIST-1 please click
Hiç yorum yok:
Yorum Gönder