DBMS service identification should be unique and clearly identifies the service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15622 | DG0104-ORACLE10 | SV-24413r1_rule | DCFA-1 | Low |
| Description |
|---|
| Local or network services that do not employ unique or clearly identifiable targets can lead to inadvertent or unauthorized connections. |
| STIG | Date |
|---|---|
| Oracle Database 10g Installation STIG | 2014-04-02 |
Details
| Check Text ( C-29308r1_chk ) |
|---|
| Review the Oracle instance names on the DBMS host: On UNIX platforms: Solaris: cat /var/opt/oracle/oratab Other UNIX: cat /etc/oratab The format of lines in the oratab file is: sid:oracle_home_directory:Y or N The instance name is the sid. On Windows platforms: Go to Start / Administrative Tools / Services View service names that begin with "OracleService". The remainder of the service name is the instance name. Example: OracleServicesalesDB -- where salesDB is the instance name If instance names are listed and do not clearly identify the use of the instance or clearly differentiate individual instances, this is a Finding. An example of instance naming that meets the requirement: prdinv01 (Production Inventory Database #1), dvsales02 (Development Sales Database #2), orfindb1 (Oracle Financials Database #1). Examples of instance naming that do not meet the requirement: Instance1, MyInstance, orcl, 10gdb1 Interview the DBA to get an understanding of the naming scheme used to determine if the names are clear differentiations. |
| Fix Text (F-26340r1_fix) |
|---|
| Follow the instructions in Oracle Doc ID: 15390.1 to change the SID without re-creating the database. Set the value so that it does not identify the Oracle version and clearly identifies its purpose. |