Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Oracle REMOTE_LOGIN_PASSWORDFILE parameter must be set to EXCLUSIVE or NONE.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-53981 | O112-BP-022200 | SV-68221r2_rule | Medium |
| Description |
|---|
| The REMOTE_LOGIN_PASSWORDFILE setting of "NONE" disallows remote administration of the database. The REMOTE_LOGIN_PASSWORDFILE setting of "EXCLUSIVE" allows for auditing of individual DBA logins to the SYS account. If not set to "EXCLUSIVE", remote connections to the database as "internal" or "as SYSDBA" are not logged to an individual account. |
| STIG | Date |
|---|---|
| Oracle Database 11.2g Security Technical Implementation Guide | 2018-06-25 |
Details
| Check Text ( C-54771r2_chk ) |
|---|
| From SQL*Plus: select value from v$parameter where upper(name) = 'REMOTE_LOGIN_PASSWORDFILE'; If the value returned does not equal 'EXCLUSIVE' or 'NONE', this is a Finding. |
| Fix Text (F-58821r1_fix) |
|---|
| Disable use of the remote_login_passwordfile where remote administration is not authorized by specifying a value of NONE. If authorized, restrict use of a password file to exclusive use by each database by specifying a value of EXCLUSIVE. From SQL*Plus: alter system set remote_login_passwordfile = 'EXCLUSIVE' scope = spfile; OR alter system set remote_login_passwordfile = 'NONE' scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup. |