Compliance check

1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed

1.2 Ensure All Default Passwords Are Changed

1.3 Ensure All Sample Data And Users Have Been Removed

2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'

2.2.10 Ensure 'UTL_FILE_DIR' Is Empty

2.2.11 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'

2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less

2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DELAY,3' or

'DROP,3'

2.2.14 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG'

2.2.15 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE'

2.2.16 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'

2.2.17 Ensure '_trace_files_public' Is Set to 'FALSE'

2.2.18 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE'

2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or

'XML,EXTENDED'

2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE'

2.2.4 Ensure 'O7_DICTIONARY_ACCESSIBILITY' Is Set to 'FALSE'

2.2.5 Ensure 'OS_ROLES' Is Set to 'FALSE'

2.2.6 Ensure 'REMOTE_LISTENER' Is Empty

2.2.7 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE'

2.2.8 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE'

2.2.9 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE'

3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'

3.10 Ensure No Users Are Assigned the 'DEFAULT' Profile

3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'

3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'

3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'

3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'

3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'

3.7 Ensure 'DBA_USERS.PASSWORD' Is Not Set to 'EXTERNAL' for Any User

3.8 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles

3.9 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'

4.1.1 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_ADVISOR'

4.1.10 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_SCHEDULER'

4.1.11 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_SQL'

4.1.12 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_XMLGEN'

4.1.13 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_XMLQUERY'

4.1.14 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_FILE'

4.1.15 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_INADDR'

4.1.16 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_TCP'

4.1.17 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_MAIL'

4.1.18 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_SMTP'

4.1.19 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_DBWS'

4.1.2 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_CRYPTO'

4.1.20 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_ORAMTS'

4.1.21 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'UTL_HTTP'

4.1.22 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'HTTPURITYPE'

4.1.23 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_XMLSTORE'

4.1.24 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_XMLSAVE'

4.1.25 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_REDACT'

4.1.3 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_JAVA'

4.1.4 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_JAVA_TEST'

4.1.5 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_JOB'

4.1.6 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_LDAP'

4.1.7 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_LOB'

4.1.8 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_OBFUSCATION_TOOLKIT'

4.1.9 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_RANDOM'

4.10 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP'

4.2.1 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_SYS_SQL'

4.2.10 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'LTADM'

4.2.11 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'WWV_DBMS_SQL'

4.2.12 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'WWV_EXECUTE_IMMEDIATE'

4.2.13 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_IJOB'

4.2.14 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_FILE_TRANSFER'

4.2.2 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_BACKUP_RESTORE'

4.2.3 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_AQADM_SYSCALLS'

4.2.4 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_REPCAT_SQL_UTL'

4.2.5 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'INITJVMAUX'

4.2.6 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_STREAMS_ADM_UTL'

4.2.7 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_AQADM_SYS'

4.2.8 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_STREAMS_RPC'

4.2.9 Ensure 'EXECUTE' Is Revoked from 'PUBLIC' on 'DBMS_PRVTAQIM'

4.3.1 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE'

4.3.10 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized

'GRANTEE'

4.3.11 Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE'

4.3.12 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE'

4.3.2 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE'

4.3.3 Ensure 'AUDIT SYSTEM' Is Revoked from Unauthorized 'GRANTEE'

4.3.4 Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE'

4.3.5 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE'

4.3.6 Ensure 'CREATE_PROCEDURE' Is Revoked from Unauthorized 'GRANTEE'

4.3.7 Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE'

4.3.8 Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE'

4.3.9 Ensure 'CREATE LIBRARY' Is Revoked from Unauthorized 'GRANTEE'

4.4.1 Ensure 'DELETE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'

4.4.2 Ensure 'SELECT_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'

4.4.3 Ensure 'EXECUTE_CATALOG_ROLE' Is Revoked from Unauthorized 'GRANTEE'

4.4.4 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE'

4.5.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$'

4.5.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'USER_HISTORY$'

4.5.3 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'LINK$'

4.5.4 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'SYS.USER$'

4.5.5 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%'

4.5.6 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on

'SYS.SCHEDULER$_CREDENTIAL'

4.5.7 Ensure 'SYS.USER$MIG' Has Been Dropped

4.6 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'

4.7 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with
'ADMIN_OPTION' Set to 'YES'

4.8 Ensure Proxy Users Have Only 'CONNECT' Privilege

4.9 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN'

5.1.1 Ensure the 'USER' Audit Option Is Enabled

5.1.10 Ensure the 'SELECT ANY DICTIONARY' Audit Option Is Enabled

5.1.11 Ensure the 'GRANT ANY OBJECT PRIVILEGE' Audit Option Is Enabled
5.1.12 Ensure the 'GRANT ANY PRIVILEGE' Audit Option Is Enabled

5.1.13 Ensure the 'DROP ANY PROCEDURE' Audit Option Is Enabled

5.1.14 Ensure the 'ALL' Audit Option on 'SYS.AUD$' Is Enabled

5.1.15 Ensure the 'PROCEDURE' Audit Option Is Enabled

5.1.16 Ensure the 'ALTER SYSTEM' Audit Option Is Enabled

5.1.17 Ensure the 'TRIGGER' Audit Option Is Enabled

5.1.18 Ensure the 'CREATE SESSION' Audit Option Is Enabled

5.1.2 Ensure the 'ROLE' Audit Option Is Enabled

5.1.3 Ensure the 'SYSTEM GRANT' Audit Option Is Enabled

5.1.4 Ensure the 'PROFILE' Audit Option Is Enabled

5.1.5 Ensure the 'DATABASE LINK' Audit Option Is Enabled

5.1.6 Ensure the 'PUBLIC DATABASE LINK' Audit Option Is Enabled

5.1.7 Ensure the 'PUBLIC SYNONYM' Audit Option Is Enabled

5.1.8 Ensure the 'SYNONYM' Audit Option Is Enabled

5.1.9 Ensure the 'GRANT DIRECTORY' Audit Option Is Enabled

Description & Rationale
The Oracle installation version and patches should be the most recent that are
compatible with the organization's operational needs._x000D_
_x000D_
Rationale:_x000D_
Using the most recent Oracle database software, along with all applicable patches can
help limit the possibilities for vulnerabilities in the software, the installation version
and/or patches applied during setup should be established according to the needs of
the organization. Ensure you are using a release that is covered by a level of support
that includes the generation of Critical Patch Updates._x000D_
_x000D_
NOTE: Nessus has not performed this check. Please review the benchmark to ensure
target compliance.

Default passwords should not be used by Oracle database users._x000D_

_x000D_
Rationale:_x000D_
Default passwords should be considered 'well known' to attackers. Consequently, if
default passwords remain in place, any attacker with access to the database can
authenticate as the user with that default password.

Oracle sample schemas can be used to create sample users

('BI','HR','IX','OE','PM','SCOTT','SH'), with well-known default passwords, particular
views, and procedures/functions, in addition to tables and fictitious data. The sample
schemas should be removed._x000D_
_x000D_
Rationale:_x000D_
The sample schemas are typically not required for production operations of the
database. The default users, views, and/or procedures/functions created by sample
schemas could be used to launch exploits against production environments.

The 'AUDIT_SYS_OPERATIONS' setting provides for the auditing of all user activities
conducted under the 'SYSOPER' and 'SYSDBA' accounts. The setting should be set to
'TRUE' to enable this auditing._x000D_
_x000D_
Rationale:_x000D_
If the parameter 'AUDIT_SYS_OPERATIONS' is 'FALSE', all statements except for
Startup/Shutdown and Logon by 'SYSDBA'/'SYSOPER' users are not audited.

The 'utl_file_dir' setting allows packages like 'utl_file' to access

(read/write/modify/delete) files specified in 'utl_file_dir'. This setting should have an
empty value._x000D_
_x000D_
Rationale:_x000D_
Using the 'utl_file_dir' to create directories allows the manipulation of files in these
directories.
The 'SEC_CASE_SENSITIVE_LOGON' information determines whether or not case-
sensitivity is required for passwords during login._x000D_
_x000D_
Rationale:_x000D_
Oracle database password case-sensitivity increases the pool of characters that can
be chosen for the passwords, making brute-force password attacks quite difficult.

The 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' parameter determines how many failed

login attempts are allowed before Oracle closes the login connection._x000D_
_x000D_
Rationale:_x000D_
Allowing an unlimited number of login attempts for a user connection can facilitate
both brute-force login attacks and the occurrence of denial-of-service.

The 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' setting determines the Oracle's

server's response to bad/malformed packets received from the client. This setting
should have a value of 'DROP,3', which will cause a connection to be dropped after
three bad/malformed packets._x000D_
_x000D_
Rationale:_x000D_
Bad packets received from the client can potentially indicate packet-based attacks on
the system, such as 'TCP SYN Flood' or 'Smurf' attacks, which could result in a denial-
of-service condition, this value should be set according to the needs of the
organization.

The 'SEC_PROTOCOL_ERROR_TRACE_ACTION' setting determines the Oracle's

server's logging response level to bad/malformed packets received from the client by
generating 'ALERT', 'LOG', or 'TRACE' levels of detail in the log files. This setting should
have a value of 'LOG' unless the organization has a compelling reason to use a
different value because 'LOG' should cause the necessary information to be logged.
Setting the value as 'TRACE' can generate an enormous amount of log output and
should be reserved for debugging only._x000D_
_x000D_
Rationale:_x000D_
Bad packets received from the client can potentially indicate packet-based attacks on
the system, which could result in a denial-of-service condition.

The information about patch/update release number provides information about the
exact patch/update release that is currently running on the database. This is sensitive
information that should not be revealed to anyone who requests it._x000D_
_x000D_
Rationale:_x000D_
Allowing the database to return information about the patch/update release number
could facilitate unauthorized users' attempts to gain access based upon known patch
weaknesses.

The 'SQL92_SECURITY' parameter setting 'TRUE' requires that a user must also be
granted the 'SELECT' object privilege before being able to perform 'UPDATE' or
'DELETE' operations on tables that have 'WHERE' or 'SET' clauses. The setting should
have a value of TRUE._x000D_
_x000D_
Rationale:_x000D_
A user without 'SELECT' privilege can still infer the value stored in a column by
referring to that column in a 'DELETE' or 'UPDATE' statement. This setting prevents
inadvertent information disclosure by ensuring that only users who already have
'SELECT' privilege can execute the statements that would allow them to infer the
stored values.
The '_trace_files_public' setting determines whether or not the system's trace file is
world readable. This setting should have a value of FALSE to restrict trace file
access._x000D_
_x000D_
Rationale:_x000D_
Making the file world readable means anyone can read the instance's trace file, which
could contain sensitive information about instance operations.

'RESOURCE_LIMIT' determines whether resource limits are enforced in database

profiles. This setting should have a value of 'TRUE'._x000D_
_x000D_
Rationale:_x000D_
If 'RESOURCE_LIMIT' is set to 'FALSE', none of the system resource limits that are set
in any database profiles are enforced. If 'RESOURCE_LIMIT' is set to 'TRUE', the limits
set in database profiles are enforced.

The 'audit_trail' setting determines whether or not Oracle's basic audit features are
enabled. It can be set to 'Operating System'('OS'); 'DB'; 'DB,EXTENDED'; 'XML'; or
'XML,EXTENDED'. The value should be set according to the needs of the organization.

Rationale:
Enabling the basic auditing features for the Oracle instance permits the collection of
data to troubleshoot problems, as well as provides valuable forensic logs in the case
of a system breach this value should be set according to the needs of the
organization.

The 'global_names' setting requires that the name of a database link matches that of
the remote database it will connect to. This setting should have a value of
'TRUE'._x000D_
_x000D_
Rationale:_x000D_
Not requiring database connections to match the domain that is being called
remotely could allow unauthorized domain sources to potentially connect via brute-
force tactics.

The 'O7_dictionary_accessibility' setting is a database initialization parameter that

allows/disallows access to objects with the '* ANY *' privileges ('SELECT ANY TABLE',
'DELETE ANY TABLE', 'EXECUTE ANY PROCEDURE', etc.). This functionality was created
for the ease of migration from Oracle 7 databases to later versions. The setting should
have a value of 'FALSE'._x000D_
_x000D_
Rationale:_x000D_
Leaving the 'SYS' schema so open to connection could permit unauthorized access to
critical data structures.

The 'os_roles' setting permits externally created groups to be applied to database

management._x000D_
_x000D_
Rationale:_x000D_
Allowing the OS to use external groups for database management could cause
privilege overlaps and generally weaken security.
The 'remote_listener' setting determines whether or not a valid listener can be
established on a system separate from the database instance. This setting should be
empty unless the organization specifically needs a valid listener on a separate
system._x000D_
_x000D_
Rationale:_x000D_
Permitting a remote listener for connections to the database instance can allow for
the potential spoofing of connections and that could compromise data confidentiality
and integrity.

The 'remote_login_passwordfile' setting specifies whether or not Oracle checks for a

password file during login and how many databases can use the password file. The
setting should have a value of 'NONE'._x000D_
_x000D_
Rationale:_x000D_
The use of this sort of password login file could permit unsecured, privileged
connections to the database.

The 'remote_os_authent' setting determines whether or not OS 'roles' with the

attendant privileges are allowed for remote client connections. This setting should
have a value of 'FALSE'._x000D_
_x000D_
Rationale:_x000D_
Permitting OS roles for database connections to can allow the spoofing of connections
and permit granting the privileges of an OS role to unauthorized users to make
connections, this value should be restricted according to the needs of the
organization.

The 'remote_os_roles' setting permits remote users' OS roles to be applied to

database management. This setting should have a value of 'FALSE'._x000D_
_x000D_
Rationale:_x000D_
Allowing remote clients OS roles to have permissions for database management could
cause privilege overlaps and generally weaken security.

The 'FAILED_LOGIN_ATTEMPTS' setting determines how many failed login attempts

are permitted before the system locks the user's account. While different profiles can
have different and more restrictive settings, such as 'USERS' and 'APPS', the
minimum(s) recommended here should be set on the 'DEFAULT' profile._x000D_
_x000D_
Rationale:_x000D_
Repeated failed login attempts can indicate the initiation of a brute-force login attack,
this value should be set according to the needs of the organization. (See the Notes for
a warning on a known bug that can make this security measure backfire.)

Upon creation database users are assigned to the DEFAULT profile unless otherwise
specified._x000D_
_x000D_
It is recommended that users be created with function-appropriate profiles. The
DEFAULT profile, being defined by Oracle, is subject to change at any time (e.g. by
patch or version update).
TheDEFAULTprofilehasunlimitedsettingsthatareoftenrequiredbytheSYSuser when
patching; such unlimited settings should be tightly reserved and not applied to
unnecessary users.
The 'PASSWORD_LOCK_TIME' setting determines how many days must pass for the
user's account to be unlocked after the set number of failed login attempts has
occurred. The suggested value for this is one day or greater._x000D_
_x000D_
Rationale:_x000D_
Locking the user account after repeated failed login attempts can block further brute-
force login attacks, but can create administrative headaches as this account unlocking
process always requires DBA intervention.

The 'PASSWORD_LIFE_TIME' setting determines how long a password may be used

before the user is required to be change it. The suggested value for this is 90 days or
less._x000D_
_x000D_
Rationale:_x000D_
Allowing passwords to remain unchanged for long periods makes the success of
brute-force login attacks more likely.

The 'PASSWORD_REUSE_MAX' setting determines how many different passwords

must be used before the user is allowed to reuse a prior password. The suggested
value for this is 20 passwords or greater._x000D_
_x000D_
Rationale:_x000D_
Allowing reuse of a password within a short period of time after the password's initial
use can make the success of both social-engineering and brute-force password-based
attacks more likely.

The 'PASSWORD_REUSE_TIME' setting determines the amount of time in days that

must pass before the same password may be reused. The suggested value for this is
365 days or greater._x000D_
_x000D_
Rationale:_x000D_
Reusing the same password after only a short period of time has passed makes the
success of brute-force login attacks more likely.

The 'PASSWORD_GRACE_TIME' setting determines how many days can pass after the
user's password expires before the user's login capability is automatically locked out.
The suggested value for this is five days or less._x000D_
_x000D_
Rationale:_x000D_
Locking the user account after the expiration of the password change requirement's
grace period can help prevent password-based attacks against any forgotten or
disused accounts, while still allowing the account and its information to be accessible
by DBA intervention.

The 'password='EXTERNAL'' setting determines whether or not a user can be

authenticated by a remote OS to allow access to the database with full authorization.
This setting should not be used._x000D_
_x000D_
Rationale:_x000D_
Allowing remote OS authentication of a user to the database can potentially allow
supposed 'privileged users' to connect as 'authenticated,' even when the remote
system is compromised.

The 'PASSWORD_VERIFY_FUNCTION' determines password settings requirements

when a user password is changed at the SQL command prompt. It should be set for all
profiles. Note that this setting does not apply for users managed by the Oracle
password file._x000D_
_x000D_
Rationale:_x000D_
Requiring users to apply the 12c security features in password creation, such as
forcing mixed-case complexity, blocking of simple combinations, and enforcing
change/history settings can potentially thwart logins by an unauthorized user.
The 'SESSIONS_PER_USER' setting determines the maximum number of user sessions
that are allowed to be open concurrently. The suggested value for this is 10 or
less._x000D_
_x000D_
Rationale:_x000D_
Limiting the number of the 'SESSIONS_PER_USER' can help prevent memory resource
exhaustion by poorly formed requests or intentional denial-of-service attacks.

The Oracle database 'DBMS_ADVISOR' package can be used to write files located on
the server where the Oracle instance is installed. The user 'PUBLIC' should not be able
to execute 'DBMS_ADVISOR'._x000D_
_x000D_
Rationale:_x000D_
Use of the 'DBMS_ADVISOR' package could allow an unauthorized user to corrupt
operating system files on the instance's host.

The Oracle database 'DBMS_SCHEDULER' package schedules and manages the

database and operating system jobs. The user 'PUBLIC' should not be able to execute
'DBMS_SCHEDULER'._x000D_
_x000D_
Rationale:_x000D_
Use of the 'DBMS_SCHEDULER' package could allow an unauthorized user to run
database or operating system jobs.

The Oracle database 'DBMS_SQL' package is used for running dynamic SQL
statements. The user 'PUBLIC' should not be able to execute 'DBMS_SQL'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_SQL' package could allow privilege escalation if input validation is not
done properly.

The 'DBMS_XMLGEN' package takes an arbitrary SQL query as input, converts it to

XML format, and returns the result as a 'CLOB'. The user 'PUBLIC' should not be able
to execute 'DBMS_XMLGEN'._x000D_
_x000D_
Rationale:_x000D_
The package 'DBMS_XMLGEN' can be used to search the entire database for sensitive
information like credit card numbers.

The Oracle package 'DBMS_XMLQUERY' takes an arbitrary SQL query, converts it to

XML format, and returns the result. This package is similar to 'DBMS_XMLGEN'. The
user 'PUBLIC' should not be able to execute 'DBMS_XMLQUERY'._x000D_
_x000D_
Rationale:_x000D_
The package 'DBMS_XMLQUERY' can be used to search the entire database for
sensitive information like credit card numbers. Malicious users may be able to exploit
this package as an auxiliary inject function in a SQL injection attack.

The Oracle database 'UTL_FILE' package can be used to read/write files located on the
server where the Oracle instance is installed. The user 'PUBLIC' should not be able to
execute 'UTL_FILE'._x000D_
_x000D_
Rationale:_x000D_
Use of the 'UTL_FILE' package could allow an user to read OS files. These files could
contain sensitive information (e.g. passwords in '.bash_history').
The Oracle database 'UTL_INADDR' package can be used to create specially crafted
error messages or send information via DNS to the outside. The user 'PUBLIC' should
not be able to execute 'UTL_INADDR'._x000D_
_x000D_
Rationale:_x000D_
The 'UTL_INADDR' package is often used in SQL injection attacks from the web it
should be revoked from public.

The Oracle database 'UTL_TCP' package can be used to read/write file to TCP sockets
on the server where the Oracle instance is installed. The user 'PUBLIC' should not be
able to execute 'UTL_TCP'._x000D_
_x000D_
Rationale:_x000D_
The 'UTL_TCP' package could allow an unauthorized user to corrupt the TCP stream
used to carry the protocols that communicate with the instance's external
communications.

The Oracle database 'UTL_MAIL' package can be used to send email from the server
where the Oracle instance is installed. The user 'PUBLIC' should not be able to
execute 'UTL_MAIL'._x000D_
_x000D_
Rationale:_x000D_
The 'UTL_MAIL' package could allow an unauthorized user to corrupt the SMTP
function to accept or generate junk mail that can result in a denial-of-service
condition due to network saturation.

The Oracle database 'UTL_SMTP' package can be used to send email from the server
where the Oracle instance is installed. The user 'PUBLIC' should not be able to
execute 'UTL_SMTP'._x000D_
_x000D_
Rationale:_x000D_
The 'UTL_SMTP' package could allow an unauthorized user to corrupt the SMTP
function to accept or generate junk mail that can result in a denial-of-service
condition due to network saturation.

The Oracle database 'UTL_DBWS' package can be used to read/write file to web-
based applications on the server where the Oracle instance is installed. This package
is not automatically installed for security reasons. The user 'PUBLIC' should not be
able to execute 'UTL_DBWS'._x000D_
_x000D_
Rationale:_x000D_
The 'UTL_DBWS' package could allow an unauthorized user to corrupt the HTTP
stream used to carry the protocols that communicate for the instance's web-based
external communications.

The 'DBMS_CRYPTO' settings provide a toolset that determines the strength of the
encryption algorithm used to encrypt application data and is part of the 'SYS' schema.
The 'DES' (56-bit key), '3DES' (168-bit key), '3DES-2KEY' (112-bit key), 'AES'
(128/192/256-bit keys), and 'RC4' are available. The user 'PUBLIC' should not be able
to execute 'DBMS_CRYPTO'._x000D_
_x000D_
Rationale:_x000D_
Execution of these cryptography procedures by the user 'PUBLIC' can potentially
endanger portions of or all of the data storage.

The Oracle database 'UTL_ORAMTS' package can be used to perform HTTP requests.
This could be used to send information to the outside. The user 'PUBLIC' should not
be able to execute 'UTL_ORAMTS'._x000D_
_x000D_
Rationale:_x000D_
The 'UTL_ORAMTS' package could be used to send (sensitive) information to external
websites. The use of this package should be restricted according to the needs of the
organization.
The Oracle database 'UTL_HTTP' package can be used to perform HTTP requests. This
could be used to send information to the outside. The user 'PUBLIC' should not be
able to execute 'UTL_HTTP'._x000D_
_x000D_
Rationale:_x000D_
The 'UTL_HTTP' package could be used to send (sensitive) information to external
websites. The use of this package should be restricted according to the needs of the
organization.

The Oracle database 'HTTPURITYPE' object type can be used to perform HTTP
requests. The user 'PUBLIC' should not be able to execute 'HTTPURITYPE'._x000D_
_x000D_
Rationale:_x000D_
The ability to perform HTTP requests could be used to leak information from the
database to an external destination.

The 'DBMS_XLMSTORE' package provides XML functionality. It accepts a table name

and XML as input to perform DML operations against the table. The user 'PUBLIC'
should not be able to execute 'DBMS_XLMSTORE'._x000D_
_x000D_
Rationale:_x000D_
Malicious users may be able to exploit this package as an auxiliary inject function in a
SQL injection attack.

The 'DBMS_XLMSTORE' package provides XML functionality. It accepts a table name

and XML as input and then inserts into or updates that table. The user 'PUBLIC' should
not be able to execute 'DBMS_XLMSAVE'._x000D_
_x000D_
Rationale:_x000D_
Malicious users may be able to exploit this package as an auxiliary inject function in a
SQL injection attack.

The 'DBMS_REDACT' package provides an interface to Oracle Data Redaction, which

enables you to mask (redact) data that is returned from queries issued by low-
privileged users or an application. The user 'PUBLIC' should not be able to execute
'DBMS_REDACT'._x000D_
_x000D_
Rationale:_x000D_
Malicious users may be able to exploit this package as an auxiliary inject function in a
SQL injection attack.

The Oracle database 'DBMS_JAVA' package can run Java classes (e.g. OS commands)
or grant Java privileges. The user 'PUBLIC' should not be able to execute
'DBMS_JAVA'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_JAVA' package could allow an attacker to run OS commands from the
database.

The Oracle database 'DBMS_JAVA_TEST' package can run Java classes (e.g. OS
commands) or grant Java privileges. The user 'PUBLIC' should not be able to execute
'DBMS_JAVA_TEST'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_JAVA_TEST' package could allow an attacker to run operating system
commands from the database.
The Oracle database 'DBMS_JOB' package schedules and manages the jobs sent to
the job queue and has been superseded by the 'DBMS_SCHEDULER' package, even
though 'DBMS_JOB' has been retained for backwards compatibility. The user 'PUBLIC'
should not be able to execute 'DBMS_JOB'._x000D_
_x000D_
Rationale:_x000D_
Use of the 'DBMS_JOB' package could allow an unauthorized user to disable or
overload the job queue. It has been superseded by the 'DBMS_SCHEDULER' package.

The Oracle database 'DBMS_LDAP' package contains functions and procedures that
enable programmers to access data from LDAP servers. The user 'PUBLIC' should not
be able to execute 'DBMS_LDAP'._x000D_
_x000D_
Rationale:_x000D_
Use of the 'DBMS_LDAP' package can be used to create specially crafted error
messages or send information via DNS to the outside.

The Oracle database 'DBMS_LOB' package provides subprograms that can manipulate
and read/write on 'BLOBs', 'CLOBs', 'NCLOBs', 'BFILEs', and temporary 'LOBs'. The user
'PUBLIC' should not be able to execute 'DBMS_LOB'._x000D_
_x000D_
Rationale:_x000D_
Use of the 'DBMS_LOB' package could allow an unauthorized user to manipulate
'BLOBs', 'CLOBs', 'NCLOBs', 'BFILEs', and temporary 'LOBs' on the instance, either
destroying data or causing a denial-of-service condition due to corruption of disk
space.

The 'DBMS_OBFUSCATION_TOOLKIT' provides one of the tools that determine the

strength of the encryption algorithm used to encrypt application data and is part of
the 'SYS' schema. The 'DES' (56-bit key) and '3DES' (168-bit key) are the only two
types available. The user 'PUBLIC' should not be able to execute
'DBMS_OBFUSCATION_TOOLKIT'._x000D_
_x000D_
Rationale:_x000D_
Allowing the 'PUBLIC' user privileges to access this capability can be potentially harm
data storage.

The Oracle database 'DBMS_RANDOM' package is used for generating random

numbers but should not be used for cryptographic purposes. The user 'PUBLIC' should
not be able to execute 'DBMS_RANDOM'._x000D_
_x000D_
Rationale:_x000D_
Use of the 'DBMS_RANDOM' package can allow the unauthorized application of the
random number-generating function.

Remove unneeded privileges from DBSNMP._x000D_

_x000D_
Migrated DBSNMP users have more privileges than required.

The Oracle database 'DBMS_SYS_SQL' package is shipped as undocumented. The user

'PUBLIC' should not be able to execute 'DBMS_SYS_SQL'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_SYS_SQL' package could allow an user to run code as a different user
without entering valid credentials.

The Oracle database 'LTADM' package is shipped as undocumented. It allows privilege

escalation if granted to unprivileged users. The user 'PUBLIC' should not be able to
execute 'LTADM'._x000D_
_x000D_
Rationale:_x000D_
The 'LTADM' package could allow an unauthorized user to run any SQL command as
user 'SYS'.
The Oracle database 'WWV_DBMS_SQL' package is shipped as undocumented. It
allows Oracle Application Express to run dynamic SQL statements._x000D_
_x000D_
Rationale:_x000D_
The 'WWV_DBMS_SQL' package could allow an unauthorized user to run SQL
statements as the Application Express ('APEX') user. The user 'PUBLIC' should not be
able to execute 'WWV_DBMS_SQL'.

The Oracle database 'WWV_EXECUTE_IMMEDIATE' package is shipped as

undocumented. It allows Oracle Application Express to run dynamic SQL statements.
The user 'PUBLIC' should not be able to execute
'WWV_EXECUTE_IMMEDIATE'._x000D_
_x000D_
Rationale:_x000D_
The 'WWV_EXECUTE_IMMEDIATE' package could allow an unauthorized user to run
SQL statements as the Application Express ('APEX') user.

The Oracle database 'DBMS_IJOB' package is shipped as undocumented. It allows a

user to run database jobs in the context of another user. The user 'PUBLIC' should not
be able to execute 'DBMS_IJOB'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_IJOB' package could allow an attacker to change identities by using a
different username to execute a database job.

The Oracle database 'DBMS_FILE_TRANSFER' package allows a user to transfer files

from one database server to another. The user 'PUBLIC' should not be able to execute
'DBMS_FILE_TRANSFER'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_FILE_TRANSFER' package could allow to transfer files from one database
server to another without authorization to do so.

The Oracle database 'DBMS_BACKUP_RESTORE' package is used for applying PL/SQL

commands to the native 'RMAN' sequences. The user 'PUBLIC' should not be able to
execute 'DBMS_BACKUP_RESTORE'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_BACKUP_RESTORE' package can allow access to OS files.

The Oracle database 'DBMS_AQADM_SYSCALLS' package is shipped as

undocumented. The user 'PUBLIC' should not be able to execute
'DBMS_AQADM_SYSCALLS'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_AQADM_SYSCALLS' package could allow an unauthorized user to run SQL
commands as user 'SYS'.

The Oracle database 'DBMS_REPCAT_SQL_UTL' package is shipped as undocumented

and allows to run SQL commands as user 'SYS'. The user 'PUBLIC' should not be able
to execute 'DBMS_REPCAT_SQL_UTL'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_REPCAT_SQL_UTL' package could allow an unauthorized user to run SQL
commands as user 'SYS'.

The Oracle database 'INITJVMAUX' package is shipped as undocumented and allows

to run SQL commands as user 'SYS'. The user 'PUBLIC' should not be able to execute
'INITJVMAUX'._x000D_
_x000D_
Rationale:_x000D_
The 'INITJVMAUX' package could allow an unauthorized user to run SQL commands as
user 'SYS'.
The Oracle database 'DBMS_STREAMS_ADM_UTL' package is shipped as
undocumented and allows to run SQL commands as user 'SYS'. The user 'PUBLIC'
should not be able to execute 'DBMS_STREAMS_ADM_UTL'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_STREAMS_ADM_UTL' package could allow an unauthorized user to run
SQL commands as user 'SYS'.

The Oracle database 'DBMS_AQADM_SYS' package is shipped as undocumented and

allows to run SQL commands as user 'SYS'. The user 'PUBLIC' should not be able to
execute 'DBMS_AQADM_SYS'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_AQADM_SYS' package could allow an unauthorized user to run SQL
commands as user 'SYS'.

The Oracle database 'DBMS_STREAMS_RPC' package is shipped as undocumented

and allows to run SQL commands as user 'SYS'. The user 'PUBLIC' should not be able
to execute 'DBMS_STREAMS_RPC'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_STREAMS_RPC' package could allow an unauthorized user to run SQL
commands as user 'SYS'.

The Oracle database 'DBMS_PRVTAQIM' package is shipped as undocumented and

allows to run SQL commands as user SYS. The user 'PUBLIC' should not be able to
execute 'DBMS_PRVTAQIM'._x000D_
_x000D_
Rationale:_x000D_
The 'DBMS_PRVTAQIM' package could allow an unauthorized user to escalate
privileges because any SQL statements could be executed as user SYS.

The Oracle database 'SELECT ANY DICTIONARY' privilege allows the designated user to
access 'SYS' schema objects. Unauthorized grantees should not have that
privilege._x000D_
_x000D_
Rationale:_x000D_
The Oracle password hashes are part of the 'SYS' schema and can be selected using
'SELECT ANY DICTIONARY' privileges.

The Oracle database 'GRANT ANY OBJECT PRIVILEGE' keyword provides the grantee
the capability to grant access to any single or multiple combinations of objects to any
grantee in the catalog of the database. Unauthorized grantees should not have that
keyword assigned to them._x000D_
_x000D_
Rationale:_x000D_
The 'GRANT ANY OBJECT PRIVILEGE' capability can allow an unauthorized user to
potentially access or change confidential data, or damage the data catalog due to
potential complete instance access.

The Oracle database 'GRANT ANY ROLE' keyword provides the grantee the capability
to grant any single role to any grantee in the catalog of the database. Unauthorized
grantees should not have that keyword assigned to them._x000D_
_x000D_
Rationale:_x000D_
The 'GRANT ANY ROLE' capability can allow an unauthorized user to potentially access
or change confidential data or damage the data catalog due to potential complete
instance access.
The Oracle database 'GRANT ANY PRIVILEGE' keyword provides the grantee the
capability to grant any single privilege to any item in the catalog of the database.
Unauthorized grantees should not have that privilege._x000D_
_x000D_
Rationale:_x000D_
The 'GRANT ANY PRIVILEGE' capability can allow an unauthorized user to potentially
access or change confidential data or damage the data catalog due to potential
complete instance access.

The Oracle database 'SELECT ANY TABLE' privilege allows the designated user to open
any table, except 'SYS', to view it. Unauthorized grantees should not have that
privilege._x000D_
_x000D_
Rationale:_x000D_
Assignment of the 'SELECT ANY TABLE' privilege can allow the unauthorized viewing
of sensitive data.

The Oracle database 'AUDIT SYSTEM' privilege allows changes to auditing activities on
the system. Unauthorized grantees should not have that privilege._x000D_
_x000D_
Rationale:_x000D_
The 'AUDIT SYSTEM' privilege can allow the unauthorized alteration of system audit
activities, such as disabling the creation of audit trails.

The Oracle database 'EXEMPT ACCESS POLICY' keyword provides the user the
capability to access all the table rows regardless of row-level security lockouts.
Unauthorized grantees should not have that keyword assigned to them._x000D_
_x000D_
Rationale:_x000D_
The 'EXEMPT ACCESS POLICY' privilege can allow an unauthorized user to potentially
access and change data.

The Oracle database 'BECOME USER' privilege allows the designated user to inherit
the rights of another user. Unauthorized grantees should not have that
privilege._x000D_
_x000D_
Rationale:_x000D_
The 'BECOME USER' privilege can allow the unauthorized use of another user's
privileges, this capability should be restricted according to the needs of the
organization.

The Oracle database 'CREATE PROCEDURE' privilege allows the designated user to
create a stored procedure that will fire when given the correct command sequence.
Unauthorized grantees should not have that privilege._x000D_
_x000D_
Rationale:_x000D_
The 'CREATE PROCEDURE' privilege can lead to severe problems in unauthorized
hands, such as rogue procedures facilitating data theft or denial-of-service by
corrupting data tables.

The Oracle database 'ALTER SYSTEM' privilege allows the designated user to
dynamically alter the instance's running operations. Unauthorized grantees should
not have that privilege._x000D_
_x000D_
Rationale:_x000D_
The 'ALTER SYSTEM' privilege can lead to severe problems, such as the instance's
session being killed or the stopping of redo log recording, which would make
transactions unrecoverable.
The Oracle database 'CREATE ANY LIBRARY' privilege allows the designated user to
create objects that are associated to the shared libraries. Unauthorized grantees
should not have that privilege._x000D_
_x000D_
Rationale:_x000D_
The 'CREATE ANY LIBRARY' privilege can allow the creation of numerous library-
associated objects and potentially corrupt the libraries' integrity.

The Oracle database 'CREATE LIBRARY' privilege allows the designated user to create
objects that are associated to the shared libraries. Unauthorized grantees should not
have that privilege._x000D_
_x000D_
Rationale:_x000D_
The 'CREATE LIBRARY' privilege can allow the creation of numerous library-associated
objects and potentially corrupt the libraries' integrity.

The Oracle database 'DELETE_CATALOG_ROLE' provides 'DELETE' privileges for the

records in the system's audit table ('AUD$'). Unauthorized grantees should not have
that role._x000D_
_x000D_
Rationale:_x000D_
Permitting unauthorized access to the 'DELETE_CATALOG_ROLE' can allow the
destruction of audit records vital to the forensic investigation of unauthorized
activities.

The Oracle database 'SELECT_CATALOG_ROLE' provides 'SELECT' privileges on all data

dictionary views held in the 'SYS' schema. Unauthorized grantees should not have
that role._x000D_
_x000D_
Rationale:_x000D_
Permitting unauthorized access to the 'SELECT_CATALOG_ROLE' can allow the
disclosure of all dictionary data.

The Oracle database 'EXECUTE_CATALOG_ROLE' provides 'EXECUTE' privileges for a

number of packages and procedures in the data dictionary in the 'SYS' schema.
Unauthorized grantees should not have that role._x000D_
_x000D_
Rationale:_x000D_
Permitting unauthorized access to the 'EXECUTE_CATALOG_ROLE' can allow the
disruption of operations by initialization of rogue procedures, this capability should be
restricted according to the needs of the organization.

The Oracle database 'DBA' role is the default database administrator role provided for
the allocation of administrative privileges. Unauthorized grantees should not have
that role._x000D_
_x000D_
Rationale:_x000D_
Assignment of the 'DBA' role to an ordinary user can provide a great number of
unnecessary privileges to that user and open the door to data breaches, integrity
violations, and denial-of-service conditions.

The Oracle database 'SYS.AUD$' table contains all the audit records for the database
of the non-Data Manipulation Language (DML) events, such as 'ALTER', 'DROP', and
'CREATE', and so forth. (DML changes need trigger-based audit events to record data
alterations.) Unauthorized grantees should not have full access to that table._x000D_
_x000D_
Rationale:_x000D_
Permitting non-privileged users the authorization to manipulate the 'SYS.AUD$' table
can allow distortion of the audit records, hiding unauthorized activities.
The Oracle database 'SYS.USER_HISTORY$' table contains all the audit records for the
user's password change history. (This table gets updated by password changes if the
user has an assigned profile that has a password reuse limit set, e.g.,
'PASSWORD_REUSE_TIME' set to other than 'UNLIMITED'.) Unauthorized grantees
should not have full access to that table._x000D_
_x000D_
Rationale:_x000D_
Permitting non-privileged users the authorization to manipulate the records in the
'SYS.USER_HISTORY$' table can allow distortion of the audit trail, potentially hiding
unauthorized data confidentiality attacks or integrity changes.

The Oracle database 'SYS.LINK$' table contains all the user's password information
and data table link information. Unauthorized grantees should not have full access to
that table._x000D_
_x000D_
Rationale:_x000D_
Permitting non-privileged users to manipulate or view the 'SYS.LINK$' table can allow
capture of password information and/or corrupt the primary database linkages.

The Oracle database 'SYS.USER$' table contains the users' hashed password
information. Unauthorized grantees should not have full access to that table._x000D_
_x000D_
Rationale:_x000D_
Permitting non-privileged users the authorization to open the 'SYS.USER$' table can
allow the capture of password hashes for the later application of password cracking
algorithms to breach confidentiality.

The Oracle database 'DBA_' views show all information which is relevant to
administrative accounts. Unauthorized grantees should not have full access to those
views._x000D_
_x000D_
Rationale:_x000D_
Permitting users the authorization to manipulate the 'DBA_' views can expose
sensitive data.

The Oracle database 'SCHEDULER$_CREDENTIAL' table contains the database

scheduler credential information. Unauthorized grantees should not have full access
to that table._x000D_
_x000D_
Rationale:_x000D_
Permitting non-privileged users the authorization to open the
'SYS.SCHEDULER$_CREDENTIAL' table could expose the credentials to compromise
and reuse.

The table 'sys.user$mig' is created during migration and contains the Oracle password
hashes before the migration starts. This table should be dropped._x000D_
_x000D_
Rationale:_x000D_
The table 'sys.user$mig' is not deleted after the migration. An attacker could access
the table containing the Oracle password hashes.

The Oracle database 'ANY' keyword provides the user the capability to alter any item
in the catalog of the database. Unauthorized grantees should not have that keyword
assigned to them._x000D_
_x000D_
Rationale:_x000D_
Authorization to use the 'ANY' expansion of a privilege can allow an unauthorized user
to potentially change confidential data or damage the data catalog.
The Oracle database 'WITH_ADMIN' privilege allows the designated user to grant
another user the same privileges. Unauthorized grantees should not have that
privilege._x000D_
_x000D_
Rationale:_x000D_
Assignment of the 'WITH_ADMIN' privilege can allow the granting of a restricted
privilege to an unauthorized user.

Do not grant privileges other than 'CONNECT' directly to proxy users._x000D_

_x000D_
Rationale:_x000D_
A proxy user should only have the ability to connect to the database or based on the
needs of the organization.

Remove unneeded 'EXECUTE ANY PROCEDURE' privileges from 'OUTLN'._x000D_

_x000D_
Rationale:_x000D_
Migrated 'OUTLN' users have more privileges than required.

The 'USER' object allows for creating accounts that can interact with the database
according to the roles and privileges allotted to the account. It may also own database
objects. Enabling the audit option causes auditing of all activities and requests to
create, drop or alter a user, including a user changing their own password. (The latter
is not audited by 'audit ALTER USER'.)_x000D_
_x000D_
Rationale:_x000D_
Any unauthorized attempts to create, drop or alter a user should cause concern,
whether successful or not. Auditing can also be useful in forensics if an account is
compromised, and auditing is mandated by many common security initiatives. An
abnormally high number of these activities in a given period might be worth
investigation. Any failed attempt to drop a user or create a user may be worth further
review.

The 'SELECT ANY DICTIONARY' capability allows the user to view the definitions of all
schema objects in the database. Enabling the audit option causes all user activities
involving this capability to be audited._x000D_
_x000D_
Rationale:_x000D_
As the logging of user activities involving the capability to access the description of all
schema objects in the database can provide forensic evidence about a pattern of
unauthorized activities, the audit capability should be enabled.

'GRANT ANY OBJECT PRIVILEGE' allows the user to grant or revoke any object
privilege, which includes privileges on tables, directories, mining models, etc. Enabling
this audit option causes auditing of all uses of that privilege._x000D_
_x000D_
Rationale:_x000D_
Logging of privilege grants that can lead to the creation, alteration, or deletion of
critical data, the modification of objects, object privilege propagation and other such
activities can be critical to forensic investigations.
'GRANT ANY PRIVILEGE' allows a user to grant any system privilege, including the
most powerful privileges typically available only to administrators - to change the
security infrastructure, to drop/add/modify users and more._x000D_
_x000D_
Rationale:_x000D_
Auditing the use of this privilege is part of a comprehensive auditing policy that can
help in detecting issues and can be useful in forensics.

The 'AUDIT DROP ANY PROCEDURE' command is auditing the dropping of procedures.
Enabling the option causes auditing of all such activities._x000D_
_x000D_
Rationale:_x000D_
Dropping procedures of another user could be part of a privilege escalation exploit
and should be audited.

The logging of attempts to alter the audit trail in the 'SYS.AUD$' table (open for
read/update/delete/view) will provide a record of any activities that may indicate
unauthorized attempts to access the audit trail. Enabling the audit option will cause
these activities to be audited._x000D_
_x000D_
Rationale:_x000D_
As the logging of attempts to alter the 'SYS.AUD$' table can provide forensic evidence
of the initiation of a pattern of unauthorized activities, this logging capability should
be enabled.

In this statement audit, 'PROCEDURE' means any procedure, function, package or

library. Enabling this audit option causes any attempt, successful or not, to create or
drop any of these types of objects to be audited, regardless of privilege or lack
thereof. Java schema objects (sources, classes, and resources) are considered the
same as procedures for the purposes of auditing SQL statements._x000D_
_x000D_
Rationale:_x000D_
Any unauthorized attempts to create or drop a procedure in another's schema should
cause concern, whether successful or not. Changes to critical stored code can
dramatically change the behavior of the application and produce serious security
consequences, including enabling privilege escalation and introducing SQL injection
vulnerabilities. Audit records of such changes can be helpful in forensics.

'ALTER SYSTEM' allows one to change instance settings, including security settings and
auditing options. Additionally, 'ALTER SYSTEM' can be used to run operating system
commands using undocumented Oracle functionality. Enabling the audit option will
audit all attempts to perform 'ALTER SYSTEM', whether successful or not and
regardless of whether or not the 'ALTER SYSTEM' privilege is held by the user
attempting the action._x000D_
_x000D_
Rationale:_x000D_
Any unauthorized attempt to alter the system should be cause for concern.
Alterations outside of some specified maintenance window may be of concern. In
forensics, these audit records could be quite useful.
A 'TRIGGER' may be used to modify 'DML' actions or invoke other (recursive) actions
when some types of user-initiated actions occur. Enabling this audit option will cause
auditing of any attempt, successful or not, to create, drop, enable or disable any
schema trigger in any schema regardless of privilege or lack thereof. For enabling and
disabling a trigger, it covers both 'ALTER TRIGGER' and 'ALTER TABLE'._x000D_
_x000D_
Rationale:_x000D_
Triggers are often part of schema security, data validation and other critical
constraints upon actions and data. A trigger in another schema may be used to
escalate privileges, redirect operations, transform data and perform other sorts of
perhaps undesired actions. Any unauthorized attempt to create, drop or alter a
trigger in another schema may be cause for investigation.

Enabling this audit option will cause auditing of all attempts to connect to the
database, whether successful or not, as well as audit session disconnects/logoffs. The
commands to audit 'SESSION', 'CONNECT' or 'CREATE SESSION' all accomplish the
same thing - they initiate statement auditing of the connect statement used to create
a database session._x000D_
_x000D_
Rationale:_x000D_
Auditing attempts to connect to the database is basic and mandated by most security
initiatives. Any attempt to logon to a locked account, failed attempts to logon to
default accounts or an unusually high number of failed logon attempts of any sort, for
any user, in a particular time period may indicate an intrusion attempt. In forensics,
the logon record may be first in a chain of evidence and contain information found in
no other type of audit record for the session. Logon and logoff in the audit trail define
the period and duration of the session.

The 'ROLE' object allows for the creation of a set of privileges that can be granted to
users or other roles. Enabling the audit option causes auditing of all attempts,
successful or not, to create, drop, alter or set roles._x000D_
_x000D_
Rationale:_x000D_
Roles are a key database security infrastructure component. Any attempt to create,
drop or alter a role should be audited. This statement auditing option also audits
attempts, successful or not, to set a role in a session. Any unauthorized attempts to
create, drop or alter a role may be worthy of investigation. Attempts to set a role by
users without the role privilege may warrant investigation.

Enabling the audit option for the 'SYSTEM GRANT' object causes auditing of any
attempt, successful or not, to grant or revoke any system privilege or role, regardless
of privilege held by the user attempting the operation._x000D_
_x000D_
Rationale:_x000D_
Logging of all grant and revokes (roles and system privileges) can provide forensic
evidence about a pattern of suspect/unauthorized activities. Any unauthorized
attempt may be cause for further investigation.

The 'PROFILE' object allows for the creation of a set of database resource limits that
can be assigned to a user, so that that user cannot exceed those resource limitations.
Enabling the audit option causes auditing of all attempts, successful or not, to create,
drop or alter any profile._x000D_
_x000D_
Rationale:_x000D_
As profiles are part of the database security infrastructure, auditing the creation,
modification, and deletion of profiles is recommended.
Enabling the audit option for the DATABASE LINK object causes all activities on
database links to be audited._x000D_
_x000D_
Rationale:_x000D_
As the logging of user activities involving the creation or dropping of a 'DATABASE
LINK' can provide forensic evidence about a pattern of unauthorized activities, the
audit capability should be enabled.

The 'PUBLIC DATABASE LINK' object allows for the creation of a public link for an
application-based 'user' to access the database for connections/session creation.
Enabling the audit option causes all user activities involving the creation, alteration, or
dropping of public links to be audited._x000D_
_x000D_
Rationale:_x000D_
As the logging of user activities involving the creation, alteration, or dropping of a
'PUBLIC DATABASE LINK' can provide forensic evidence about a pattern of
unauthorized activities, the audit capability should be enabled.

The 'PUBLIC SYNONYM' object allows for the creation of an alternate description of
an object. Public synonyms are accessible by all users that have the appropriate
privileges to the underlying object. Enabling the audit option causes all user activities
involving the creation or dropping of public synonyms to be audited._x000D_
_x000D_
Rationale:_x000D_
As the logging of user activities involving the creation or dropping of a 'PUBLIC
SYNONYM' can provide forensic evidence about a pattern of unauthorized activities,
the audit capability should be enabled.

The 'SYNONYM' operation allows for the creation of an alternative name for a
database object such as a Java class schema object, materialized view, operator,
package, procedure, sequence, stored function, table, view, user-defined object type,
or even another synonym. This synonym puts a dependency on its target and is
rendered invalid if the target object is changed/dropped. Enabling the audit option
causes all user activities involving the creation or dropping of synonyms to be
audited._x000D_
_x000D_
Rationale:_x000D_
As the logging of user activities involving the creation or dropping of a 'SYNONYM' can
provide forensic evidence about a pattern of suspect/unauthorized activities, the
audit capability should be enabled.

The 'DIRECTORY' object allows for the creation of a directory object that specifies an
alias for a directory on the server file system, where the external binary file 'LOBs'
('BFILEs')/ table data are located. Enabling this audit option causes all user activities
involving the creation or dropping of a directory alias to be audited._x000D_
_x000D_
Rationale:_x000D_
As the logging of user activities involving the creation or dropping of a 'DIRECTORY'
can provide forensic evidence about a pattern of unauthorized activities, the audit
capability should be enabled.
Recommendation
Perform the following step for remediation:_x000D_
_x000D_
Download and apply the latest quarterly Critical Patch Update patches.

To remediate this recommendation, you may perform either of the following

actions:_x000D_
- Manually issue the following SQL statement for each USERNAME returned in the
Audit Procedure:_x000D_
_x000D_
PASSWORD <username>_x000D_
- Execute the following SQL script to assign a randomly generated password to each
account using a default password:_x000D_
_x000D_
begin_x000D_
for r_user in_x000D_
(select username from dba_users_with_defpwd where username not like '%XS$NULL
%')_x000D_
loop_x000D_
DBMS_OUTPUT.PUT_LINE('Password for user '||r_user.username||' will be
changed.');_x000D_
execute immediate 'alter user ''||r_user.username||'' identified by ''||
DBMS_RANDOM.string('a',16)||''account lock password expire';_x000D_
end loop;_x000D_
end;

To remediate this setting, execute the following SQL script._x000D_

_x000D_
$ORACLE_HOME/demo/schema/drop_sch.sql_x000D_
_x000D_
Then, execute the following SQL statement._x000D_
_x000D_
DROP USER SCOTT CASCADE;_x000D_
_x000D_
Note: The 'recyclebin' is not set to 'OFF' within the default drop script, which means
that the data will still be present in your environment until the 'recyclebin' is emptied.

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS = TRUE SCOPE=SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET UTL_FILE_DIR = '' SCOPE = SPFILE;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET SEC_MAX_FAILED_LOGIN_ATTEMPTS = 3 SCOPE = SPFILE;

To remediate this setting, execute one of the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET SEC_PROTOCOL_ERROR_FURTHER_ACTION = 'DROP,3' SCOPE =
SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET SEC_PROTOCOL_ERROR_TRACE_ACTION=LOG SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET SEC_RETURN_SERVER_RELEASE_BANNER = FALSE SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET SQL92_SECURITY = TRUE SCOPE = SPFILE;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
ALTER SYSTEM SET '_trace_files_public' = FALSE SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET RESOURCE_LIMIT = TRUE SCOPE = SPFILE;

To remediate this setting, execute one of the following SQL statements._x000D_

_x000D_
ALTER SYSTEM SET AUDIT_TRAIL = DB, EXTENDED SCOPE = SPFILE;_x000D_
_x000D_
_x000D_
ALTER SYSTEM SET AUDIT_TRAIL = OS SCOPE = SPFILE;_x000D_
_x000D_
_x000D_
ALTER SYSTEM SET AUDIT_TRAIL = XML, EXTENDED SCOPE = SPFILE;_x000D_
_x000D_
_x000D_
ALTER SYSTEM SET AUDIT_TRAIL = DB SCOPE = SPFILE;_x000D_
_x000D_
_x000D_
ALTER SYSTEM SET AUDIT_TRAIL = XML SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET GLOBAL_NAMES = TRUE SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET O7_DICTIONARY_ACCESSIBILITY=FALSE SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET OS_ROLES = FALSE SCOPE = SPFILE;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
ALTER SYSTEM SET REMOTE_LISTENER = '' SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET REMOTE_LOGIN_PASSWORDFILE = 'NONE' SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET REMOTE_OS_AUTHENT = FALSE SCOPE = SPFILE;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
ALTER SYSTEM SET REMOTE_OS_ROLES = FALSE SCOPE = SPFILE;

Remediate this setting by executing the following SQL statement for each 'PROFILE'
returned by the audit procedure._x000D_
_x000D_
ALTER PROFILE \_x000D_
_x000D_
LIMIT FAILED_LOGIN_ATTEMPTS 5;

To remediate this recommendation, execute the following SQL statement for each
user returned by the audit query using a functional-appropriate profile._x000D_
_x000D_
ALTER USER <username> PROFILE <appropriate_profile>
Remediate this setting by executing the following SQL statement for each 'PROFILE'
returned by the audit procedure._x000D_
_x000D_
ALTER PROFILE \_x000D_
_x000D_
LIMIT PASSWORD_LOCK_TIME 1;

Remediate this setting by executing the following SQL statement for each PROFILE
returned by the audit procedure.

ALTER PROFILE \

LIMIT PASSWORD_LIFE_TIME 90;

Remediate this setting by executing the following SQL statement for each 'PROFILE'
returned by the audit procedure._x000D_
_x000D_
ALTER PROFILE \_x000D_
_x000D_
LIMIT PASSWORD_REUSE_MAX 20;

Remediate this setting by executing the following SQL statement for each 'PROFILE'
returned by the audit procedure._x000D_
_x000D_
ALTER PROFILE \_x000D_
_x000D_
LIMIT PASSWORD_REUSE_TIME 365;

Remediate this setting by executing the following SQL statement for each 'PROFILE'
returned by the audit procedure._x000D_
_x000D_
ALTER PROFILE \_x000D_
_x000D_
LIMIT PASSWORD_GRACE_TIME 5;

To remediate this setting execute the following SQL statement._x000D_

_x000D_
ALTER USER <username> IDENTIFIED BY <password>;

Create a custom password verification function which fulfills the password

requirements of the organization.
To remediate this setting, execute the following SQL statement for each 'PROFILE'
returned by the audit procedure._x000D_
_x000D_
ALTER PROFILE \_x000D_
_x000D_
LIMIT SESSIONS_PER_USER 10;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_ADVISOR FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_SCHEDULER FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_XMLGEN FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_XMLQUERY FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON UTL_FILE FROM PUBLIC;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON UTL_TCP FROM PUBLIC;

To remediate this setting execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON UTL_MAIL FROM PUBLIC;

To remediate this setting execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON UTL_DBWS FROM 'PUBLIC';

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_CRYPTO FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON UTL_ORAMTS FROM PUBLIC;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC;

To remediate this setting, execute the following SQL statement:_x000D_

_x000D_
_x000D_
REVOKE EXECUTE ON DBMS_XMLSTORE FROM PUBLIC;

To remediate this setting, execute the following SQL statement_x000D_

_x000D_
REVOKE EXECUTE ON DBMS_XMLSAVE FROM PUBLIC;

To remediate this setting, execute the following SQL statement_x000D_

_x000D_
REVOKE EXECUTE ON DBMS_REDACT FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_JAVA FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_JAVA_TEST FROM PUBLIC;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE EXECUTE ON DBMS_JOB FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_LDAP FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_OBFUSCATION_TOOLKIT FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_RANDOM FROM PUBLIC;

To remediate this setting execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ANY PROCEDURE FROM DBSNMP;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_SYS_SQL FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON LTADM FROM PUBLIC;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE EXECUTE ON WWV_DBMS_SQL FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON WWV_EXECUTE_IMMEDIATE FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_IJOB FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_FILE_TRANSFER FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_BACKUP_RESTORE FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_AQADM_SYSCALLS FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
revoke execute on DBMS_REPCAT_SQL_UTL FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON INITJVMAUX FROM PUBLIC;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE EXECUTE ON DBMS_STREAMS_ADM_UTL FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_AQADM_SYS FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_STREAMS_RPC FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ON DBMS_PRVTAQIM FROM PUBLIC;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE SELECT_ANY_DICTIONARY FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE GRANT ANY OBJECT PRIVILEGE FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE GRANT ANY ROLE FROM <grantee>;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE GRANT ANY PRIVILEGE FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE SELECT ANY TABLE FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE AUDIT SYSTEM FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXEMPT ACCESS POLICY FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE BECOME USER FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE CREATE_PROCEDURE FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE ALTER SYSTEM FROM <grantee>;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE CREATE ANY LIBRARY FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE CREATE LIBRARY FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE DELETE_CATALOG_ROLE FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE SELECT_CATALOG_ROLE FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE_CATALOG_ROLE FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE DBA FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE ALL ON AUD$ FROM <grantee>;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE ALL ON USER_HISTORY$ FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE ALL ON LINK$ FROM <grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE ALL ON SYS.USER$ FROM <username>;

Replace <Non-DBA/SYS grantee> in the query below, with the Oracle login(s) or
role(s) returned from the associated audit procedure and execute:_x000D_
_x000D_
REVOKE ALL ON DBA_ FROM <Non-DBA/SYS grantee>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE ALL ON SYS.SCHEDULER$_CREDENTIAL FROM <username>;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
DROP TABLE SYS.USER$MIG;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE '<ANY Privilege>' FROM <grantee>;
To remediate this setting, execute the following SQL statement._x000D_
_x000D_
REVOKE <privilege> FROM <grantee>;

To remediate this setting execute the following SQL statement for each '[PRIVILEGE]'
returned (other than 'CONNECT') by running the audit procedure._x000D_
_x000D_
REVOKE \_x000D_
_x000D_
FROM \_x000D_
_x000D_
;

To remediate this setting, execute the following SQL statement._x000D_

_x000D_
REVOKE EXECUTE ANY PROCEDURE FROM OUTLN;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT USER;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT SELECT ANY DICTIONARY;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT GRANT ANY OBJECT PRIVILEGE;
Execute the following SQL statement to remediate this setting._x000D_
_x000D_
AUDIT GRANT ANY PRIVILEGE;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT DROP ANY PROCEDURE;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT ALL ON SYS.AUD$ BY ACCESS;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT PROCEDURE;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT ALTER SYSTEM;
Execute the following SQL statement to remediate this setting._x000D_
_x000D_
AUDIT TRIGGER;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT SESSION;

Execute the following SQL statement to remediate this setting:_x000D_

_x000D_
AUDIT ROLE;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT SYSTEM GRANT;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT PROFILE;
Execute the following SQL statement to remediate this setting._x000D_
_x000D_
AUDIT DATABASE LINK;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT PUBLIC DATABASE LINK;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT PUBLIC SYNONYM;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT SYNONYM;

Execute the following SQL statement to remediate this setting._x000D_

_x000D_
AUDIT DIRECTORY;