UCF STIG Viewer Logo

The DBMS must have transaction journaling enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-61691 O121-C2-012100 SV-76181r1_rule Medium
Description
Application recovery and reconstitution constitutes executing an information system contingency plan that is comprised of activities that restore essential missions and business functions. Database management systems and transaction-based processing systems are examples of information systems that are transaction-based. Transaction rollback and transaction journaling are examples of mechanisms supporting transaction recovery. The maintenance of data integrity involves preservation and control of not only the data contents, but the relationships between two or more related data items and the actions taken on one that may affect others. A DBMS provides data integrity that may be affected by incomplete or interrupted transactions by means of logging transaction events. This allows the database to recover data content to a point where the data content and its relationships are known to be intact. This data integrity is maintained when the data is undergoing a change or update event. Most DBMS's enable transaction rollback or recovery by default and as an automatic feature of database recovery.
STIG Date
Oracle Database 12c Security Technical Implementation Guide 2015-12-21

Details

Check Text ( C-62567r2_chk )
Review DBMS settings that enable or disable transaction journaling.

If the DBMS is not capable of transaction journaling, or if journaling is disabled, this is a finding.

- - - - -
Check to see what the current settings are in the database for creating a transaction journal, called the Oracle archive log.

$ sqlplus / as sysdba

--If issuing this command and the database log mode is "No Archive Mode", transaction journaling is not enabled and this is a finding.

SQL> archive log list
Database log mode No Archive Mode
Automatic archival Disabled
Archive destination USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence 427
Current log sequence 429
Fix Text (F-67605r1_fix)
Enable transaction journaling for the database.

- - - - -
Check to see what the current settings are in the database for creating a transaction journal, called the Oracle archive log.

$ sqlplus / as sysdba

--If issuing this command and the database log mode is "No Archive Mode", transaction journaling is not enabled, and this is a finding. Complete the following steps to make sure Oracle transaction journaling is enabled.
SQL> archive log list
Database log mode No Archive Mode
Automatic archival Disabled
Archive destination USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence 427
Current log sequence 429

--Force a checkpoint to help and speed the database shutdown
SQL> alter system checkpoint;
System altered.

--Shut down the database
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.

--Start the database in mount mode
SQL> startup mount
ORACLE instance started.
Total System Global Area 456146944 bytes
Fixed Size 1344840 bytes
Variable Size 373295800 bytes
Database Buffers 75497472 bytes
Redo Buffers 6008832 bytes
Database mounted.

--Enable archivelog on the database
SQL> alter database archivelog;
Database altered.

--Open the database
SQL> alter database open;
Database altered.

--Check the current archivelog mode in the database
SQL> archive log list
Database log mode Archive Mode
Automatic archival Enabled
Archive destination USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence 427
Next log sequence to archive 429
Current log sequence 429