Schedule the job.
BEGIN
– Job defined entirely by the CREATE JOB procedure.
DBMS_SCHEDULER.create_job(
job_name => ‘Monthly_Stig_Run’,
job_type => ‘PLSQL_BLOCK’,
job_action => ‘BEGIN sys.aa_stig_pkg.run_job_proc; END;’,
start_date => SYSTIMESTAMP,
repeat_interval => ‘freq=monthly; bymonthday=1′,
end_date => NULL,
enabled => TRUE,
comments => ‘Job defined entirely by the CREATE JOB procedure’);
END;
create or replace
PACKAGE AA_STIG_PKG AS
PROCEDURE CHECK_STIG_PROC;
PROCEDURE CREATE_TABLE_PROC;
PROCEDURE LOAD_DEF_USR_PROC;
PROCEDURE LOAD_VUL_PROC;
PROCEDURE CREATE_REPORT_PROC;
PROCEDURE DELETE_CHECKS_PROC;
PROCEDURE RUN_JOB_PROC;
END AA_STIG_PKG;
create or replace
PACKAGE BODY AA_STIG_PKG
AS
PROCEDURE RUN_JOB_PROC AS
BEGIN
DECLARE
BEGIN
CHECK_STIG_PROC();
CREATE_REPORT_PROC();
DELETE_CHECKS_PROC();
END;
END RUN_JOB_PROC;
PROCEDURE CREATE_REPORT_PROC AS
BEGIN
DECLARE
BEGIN
insert into dbsrrreport(dgno, findingstatus, rec_date, severity, vmskey)
select unique dgno, findingstatus, rec_date, severity, vmskey from dbsrrstats;
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line(‘something did not work’);
END;
END CREATE_REPORT_PROC;
PROCEDURE DELETE_CHECKS_PROC AS
BEGIN
DECLARE
BEGIN
execute immediate ‘delete from dbsrrstats’;
dbms_output.put_line(‘Table DBSRRSTATS cleared…’);
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line(‘something did not work’);
END;
END DELETE_CHECKS_PROC;
PROCEDURE LOAD_DEF_USR_PROC AS
BEGIN
DECLARE
BEGIN
insert into defusers values (‘AASH’,”,’9B52488370BB3D77′);
insert into defusers values (‘ABA1′,”,’30FD307004F350DE’);
insert into defusers values (‘ABM’,”,’D0F2982F121C7840′);
insert into defusers values (‘AD_MONITOR’,”,’54F0C83F51B03F49′);
insert into defusers values (‘ADAMS’,”,’72CDEF4A3483F60D’);
insert into defusers values (‘ADS’,”,’D23F0F5D871EB69F’);
insert into defusers values (‘ADSEUL_US’,”,’4953B2EB6FCB4339′);
insert into defusers values (‘AHL’,”,’7910AE63C9F7EEEE’);
insert into defusers values (‘AHM’,”,’33C2E27CF5E401A4′);
insert into defusers values (‘AK’,”,’8FCB78BBA8A59515′);
insert into defusers values (‘AL’,”,’384B2C568DE4C2B5′);
insert into defusers values (‘ALA1′,”,’90AAC5BD7981A3BA’);
insert into defusers values (‘ALLUSERS’,”,’42F7CD03B7D2CA0F’);
insert into defusers values (‘ALR’,”,’BE89B24F9F8231A9′);
insert into defusers values (‘AMA1′,”,’585565C23AB68F71′);
insert into defusers values (‘AMA2′,”,’37E458EE1688E463′);
insert into defusers values (‘AMA3′,”,’81A66D026DC5E2ED’);
insert into defusers values (‘AMA4′,”,’194CCC94A481DCDE’);
insert into defusers values (‘AMF’,”,’EC9419F55CDC666B’);
insert into defusers values (‘AMS’,”,’BD821F59270E5F34′);
insert into defusers values (‘AMS1′,”,’DB8573759A76394B’);
insert into defusers values (‘AMS2′,”,’EF611999C6AD1FD7′);
insert into defusers values (‘AMS3′,”,’41D1084F3F966440′);
insert into defusers values (‘AMS4′,”,’5F5903367FFFB3A3′);
insert into defusers values (‘AMSYS’,”,’4C1EF14ECE13B5DE’);
insert into defusers values (‘AMV’,”,’38BC87EB334A1AC4′);
insert into defusers values (‘AMW’,”,’0E123471AACA2A62′);
insert into defusers values (‘ANNE’,”,’1EEA3E6F588599A6′);
insert into defusers values (‘ANONYMOUS’,”,’94C33111FD9C66F3′);
insert into defusers values (‘AOLDEMO’,”,’D04BBDD5E643C436′);
insert into defusers values (‘AP’,”,’EED09A552944B6AD’);
insert into defusers values (‘APA1′,”,’D00197BF551B2A79′);
insert into defusers values (‘APA2′,”,’121C6F5BD4674A33′);
insert into defusers values (‘APA3′,”,’5F843C0692560518′);
insert into defusers values (‘APA4′,”,’BF21227532D2794A’);
insert into defusers values (‘APPLEAD’,”,’5331DB9C240E093B’);
insert into defusers values (‘APPLSYS’,”,’0F886772980B8C79′);
insert into defusers values (‘APPLSYSPUB’,”,’D2E3EF40EE87221E’);
insert into defusers values (‘APPLSYS’,”,’E153FFF4DAE6C9F7′);
insert into defusers values (‘APPS’,”,’D728438E8A5925E0′);
insert into defusers values (‘APS1′,”,’F65751C55EA079E6′);
insert into defusers values (‘APS2′,”,’5CACE7B928382C8B’);
insert into defusers values (‘APS3′,”,’C786695324D7FB3B’);
insert into defusers values (‘APS4′,”,’F86074C4F4F82D2C’);
insert into defusers values (‘AQDEMO’,”,’5140E342712061DD’);
insert into defusers values (‘AQJAVA’,”,’8765D2543274B42E’);
insert into defusers values (‘AQUSER’,”,’4CF13BDAC1D7511C’);
insert into defusers values (‘AR’,”,’BBBFE175688DED7E’);
insert into defusers values (‘ARA1′,”,’4B9F4E0667857EB8′);
insert into defusers values (‘ARA2′,”,’F4E52BFBED4652CD’);
insert into defusers values (‘ARA3′,”,’E3D8D73AE399F7FE’);
insert into defusers values (‘ARA4′,”,’758FD31D826E9143′);
insert into defusers values (‘ARS1′,”,’433263ED08C7A4FD’);
insert into defusers values (‘ARS2′,”,’F3AF9F26D0213538′);
insert into defusers values (‘ARS3′,”,’F6755F08CC1E7831′);
insert into defusers values (‘ARS4′,”,’452B5A381CABB241′);
insert into defusers values (‘ART’,”,’665168849666C4F3′);
insert into defusers values (‘ASF’,”,’B6FD427D08619EEE’);
insert into defusers values (‘ASG’,”,’1EF8D8BD87CF16BE’);
insert into defusers values (‘ASL’,”,’03B20D2C323D0BFE’);
insert into defusers values (‘ASN’,”,’1EE6AEBD9A23D4E0′);
insert into defusers values (‘ASO’,”,’F712D80109E3C9D8′);
insert into defusers values (‘ASP’,”,’CF95D2C6C85FF513′);
insert into defusers values (‘AST’,”,’F13FF949563EAB3C’);
insert into defusers values (‘AUC_GUEST’,”,’8A59D349DAEC26F7′);
insert into defusers values (‘AURORA$ORB$UNAUTHENTICATED’,”,’80C099F0EADF877E’);
insert into defusers values (‘AUTHORIA’,”,’CC78120E79B57093′);
insert into defusers values (‘AX’,”,’0A8303530E86FCDD’);
insert into defusers values (‘AZ’,”,’AAA18B5D51B0D5AC’);
insert into defusers values (‘B2B’,”,’CC387B24E013C616′);
insert into defusers values (‘BAM’,”,’031091A1D1A30061′);
insert into defusers values (‘BCA1′,”,’398A69209360BD9D’);
insert into defusers values (‘BCA2′,”,’801D9C90EBC89371′);
insert into defusers values (‘BEN’,”,’9671866348E03616′);
insert into defusers values (‘BIC’,”,’E84CC95CBBAC1B67′);
insert into defusers values (‘BIL’,”,’BF24BCE2409BE1F7′);
insert into defusers values (‘BIM’,”,’6026F9A8A54B9468′);
insert into defusers values (‘BIS’,”,’7E9901882E5F3565′);
insert into defusers values (‘BIV’,”,’2564B34BE50C2524′);
insert into defusers values (‘BIX’,”,’3DD36935EAEDE2E3′);
insert into defusers values (‘BLAKE’,”,’9435F2E60569158E’);
insert into defusers values (‘BMEADOWS’,”,’2882BA3D3EE1F65A’);
insert into defusers values (‘BNE’,”,’080B5C7EE819BF78′);
insert into defusers values (‘BOM’,”,’56DB3E89EAE5788E’);
insert into defusers values (‘BP01′,”,’612D669D2833FACD’);
insert into defusers values (‘BP02′,”,’FCE0C089A3ECECEE’);
insert into defusers values (‘BP03′,”,’0723FFEEFBA61545′);
insert into defusers values (‘BP04′,”,’E5797698E0F8934E’);
insert into defusers values (‘BP05′,”,’58FFC821F778D7E9′);
insert into defusers values (‘BP06′,”,’2F358909A4AA6059′);
insert into defusers values (‘BSC’,”,’EC481FD7DCE6366A’);
insert into defusers values (‘BUYACCT’,”,’D6B388366ECF2F61′);
insert into defusers values (‘BUYAPPR1′,”,’CB04931693309228′);
insert into defusers values (‘BUYAPPR2′,”,’3F98A3ADC037F49C’);
insert into defusers values (‘BUYAPPR3′,”,’E65D8AD3ACC23DA3′);
insert into defusers values (‘BUYER’,”,’547BDA4286A2ECAE’);
insert into defusers values (‘BUYMTCH’,”,’0DA5E3B504CC7497′);
insert into defusers values (‘CAMRON’,”,’4384E3F9C9C9B8F1′);
insert into defusers values (‘CANDICE’,”,’CF458B3230215199′);
insert into defusers values (‘CARL’,”,’99ECCC664FFDFEA2′);
insert into defusers values (‘CARLY’,”,’F7D90C099F9097F1′);
insert into defusers values (‘CARMEN’,”,’46E23E1FD86A4277′);
insert into defusers values (‘CARRIECONYERS’,”,’9BA83B1E43A5885B’);
insert into defusers values (‘CATADMIN’,”,’AF9AB905347E004F’);
insert into defusers values (‘CE’,”,’E7FDFE26A524FE39′);
insert into defusers values (‘CEASAR’,”,’E69833B8205D5DD7′);
insert into defusers values (‘CENTRA’,”,’63BF5FFE5E3EA16D’);
insert into defusers values (‘CFD’,”,’667B018D4703C739′);
insert into defusers values (‘CHANDRA’,”,’184503FA7786C82D’);
insert into defusers values (‘CHARLEY’,”,’E500DAA705382E8D’);
insert into defusers values (‘CHRISBAKER’,”,’52AFB6B3BE485F81′);
insert into defusers values (‘CHRISTIE’,”,’C08B79CCEC43E798′);
insert into defusers values (‘CINDY’,”,’3AB2C717D1BD0887′);
insert into defusers values (‘CLARK’,”,’74DF527800B6D713′);
insert into defusers values (‘CLAUDE’,”,’C6082BCBD0B69D20′);
insert into defusers values (‘CLARK’,”,’7AAFE7D01511D73F’);
insert into defusers values (‘CLINT’,”,’163FF8CCB7F11691′);
insert into defusers values (‘CLN’,”,’A18899D42066BFCA’);
insert into defusers values (‘CN’,”,’73F284637A54777D’);
insert into defusers values (‘CNCADMIN’,”,’C7C8933C678F7BF9′);
insert into defusers values (‘CONNIE’,”,’982F4C420DD38307′);
insert into defusers values (‘CONNOR’,”,’52875AEB74008D78′);
insert into defusers values (‘CORY’,”,’93CE4CCE632ADCD2′);
insert into defusers values (‘CRM1′,”,’6966EA64B0DFC44E’);
insert into defusers values (‘CRM2′,”,’B041F3BEEDA87F72′);
insert into defusers values (‘CRP’,”,’F165BDE5462AD557′);
insert into defusers values (‘CRPB733′,”,’2C9AB93FF2999125′);
insert into defusers values (‘CRPCTL’,”,’4C7A200FB33A531D’);
insert into defusers values (‘CRPDTA’,”,’6665270166D613BC’);
insert into defusers values (‘CS’,”,’DB78866145D4E1C3′);
insert into defusers values (‘CSADMIN’,”,’94327195EF560924′);
insert into defusers values (‘CSAPPR1′,”,’47D841B5A01168FF’);
insert into defusers values (‘CSC’,”,’EDECA9762A8C79CD’);
insert into defusers values (‘CSD’,”,’144441CEBAFC91CF’);
insert into defusers values (‘CSDUMMY’,”,’7A587C459B93ACE4′);
insert into defusers values (‘CSE’,”,’D8CC61E8F42537DA’);
insert into defusers values (‘CSF’,”,’684E28B3C899D42C’);
insert into defusers values (‘CSI’,”,’71C2B12C28B79294′);
insert into defusers values (‘CSL’,”,’C4D7FE062EFB85AB’);
insert into defusers values (‘CSM’,”,’94C24FC0BE22F77F’);
insert into defusers values (‘CSMIG’,”,’09B4BB013FBD0D65′);
insert into defusers values (‘CSP’,”,’5746C5E077719DB4′);
insert into defusers values (‘CSR’,”,’0E0F7C1B1FE3FA32′);
insert into defusers values (‘CSS’,”,’3C6B8C73DDC6B04F’);
insert into defusers values (‘CTXDEMO’,”,’CB6B5E9D9672FE89′);
insert into defusers values (‘CTXSYS’,”,’24ABAB8B06281B4C’);
insert into defusers values (‘CTXTEST’,”,’064717C317B551B6′);
insert into defusers values (‘CTXSYS’,”,’71E687F036AD56E5′);
insert into defusers values (‘CUA’,”,’CB7B2E6FFDD7976F’);
insert into defusers values (‘CUE’,”,’A219FE4CA25023AA’);
insert into defusers values (‘CUF’,”,’82959A9BD2D51297′);
insert into defusers values (‘CUG’,”,’21FBCADAEAFCC489′);
insert into defusers values (‘CUI’,”,’AD7862E01FA80912′);
insert into defusers values (‘CUN’,”,’41C2D31F3C85A79D’);
insert into defusers values (‘CUP’,”,’C03082CD3B13EC42′);
insert into defusers values (‘CUS’,”,’00A12CC6EBF8EDB8′);
insert into defusers values (‘CZ’,”,’9B667E9C5A0D21A6′);
insert into defusers values (‘DAVIDMORGAN’,”,’B717BAB262B7A070′);
insert into defusers values (‘DBSNMP’,”,’E066D214D5421CCC’);
insert into defusers values (‘DCM’,”,’45CCF86E1058D3A5′);
insert into defusers values (‘DD7333′,”,’44886308CF32B5D4′);
insert into defusers values (‘DD7334′,”,’D7511E19D9BD0F90′);
insert into defusers values (‘DD810′,”,’0F9473D8D8105590′);
insert into defusers values (‘DD811′,”,’D8084AE609C9A2FD’);
insert into defusers values (‘DD812′,”,’AB71915CF21E849E’);
insert into defusers values (‘DD9′,”,’E81821D03070818C’);
insert into defusers values (‘DDB733′,”,’7D11619CEE99DE12′);
insert into defusers values (‘DDD’,”,’6CB03AF4F6DD133D’);
insert into defusers values (‘DEMO8′,”,’0E7260738FDFD678′);
insert into defusers values (‘DES’,”,’ABFEC5AC2274E54D’);
insert into defusers values (‘DES2K’,”,’611E7A73EC4B425A’);
insert into defusers values (‘DEV2000_DEMOS’,”,’18A0C8BD6B13BEE2′);
insert into defusers values (‘DEVB733′,”,’7500DF89DC99C057′);
insert into defusers values (‘DEVUSER’,”,’C10B4A80D00CA7A5′);
insert into defusers values (‘DGRAY’,”,’5B76A1EB8F212B85′);
insert into defusers values (‘DIP’,”,’CE4A36B8E06CA59C’);
insert into defusers values (‘DISCOVERER5′,”,’AF0EDB66D914B731′);
insert into defusers values (‘DKING’,”,’255C2B0E1F0912EA’);
insert into defusers values (‘DLD’,”,’4454B932A1E0E320′);
insert into defusers values (‘DMADMIN’,”,’E6681A8926B40826′);
insert into defusers values (‘DMATS’,”,’8C692701A4531286′);
insert into defusers values (‘DMS’,”,’1351DC7ED400BD59′);
insert into defusers values (‘DMSYS’,”,’BFBA5A553FD9E28A’);
insert into defusers values (‘DOM’,”,’51C9F2BECA78AE0E’);
insert into defusers values (‘DPOND’,”,’79D6A52960EEC216′);
insert into defusers values (‘DSGATEWAY’,”,’6869F3CFD027983A’);
insert into defusers values (‘DV7333′,”,’36AFA5CD674BA841′);
insert into defusers values (‘DV7334′,”,’473B568021BDB428′);
insert into defusers values (‘DV810′,”,’52C38F48C99A0352′);
insert into defusers values (‘DV811′,”,’B6DC5AAB55ECB66C’);
insert into defusers values (‘DV812′,”,’7359E6E060B945BA’);
insert into defusers values (‘DV9′,”,’07A1D03FD26E5820′);
insert into defusers values (‘DVP1′,”,’0559A0D3DE0759A6′);
insert into defusers values (‘EAA’,”,’A410B2C5A0958CDF’);
insert into defusers values (‘EAM’,”,’CE8234D92FCFB563′);
insert into defusers values (‘EC’,”,’6A066C462B62DD46′);
insert into defusers values (‘ECX’,”,’0A30645183812087′);
insert into defusers values (‘EDR’,”,’5FEC29516474BB3A’);
insert into defusers values (‘EDWEUL_US’,”,’5922BA2E72C49787′);
insert into defusers values (‘EDWREP’,”,’79372B4AB748501F’);
insert into defusers values (‘EGC1′,”,’D78E0F2BE306450D’);
insert into defusers values (‘EGD1′,”,’DA6D6F2089885BA6′);
insert into defusers values (‘EGM1′,”,’FB949D5E4B5255C0′);
insert into defusers values (‘EGO’,”,’B9D919E5F5A9DA71′);
insert into defusers values (‘EGR1′,”,’BB636336ADC5824A’);
insert into defusers values (‘END1′,”,’688499930C210B75′);
insert into defusers values (‘ENG’,”,’4553A3B443FB3207′);
insert into defusers values (‘ENI’,”,’05A92C0958AFBCBC’);
insert into defusers values (‘ENM1′,”,’3BDABFD1246BFEA2′);
insert into defusers values (‘ENS1′,”,’F68A5D0D6D2BB25B’);
insert into defusers values (‘ENTMGR_CUST’,”,’45812601EAA2B8BD’);
insert into defusers values (‘ENTMGR_PRO’,”,’20002682991470B3′);
insert into defusers values (‘ENTMGR_TRAIN’,”,’BE40A3BE306DD857′);
insert into defusers values (‘EOPP_PORTALADM’,”,’B60557FD8C45005A’);
insert into defusers values (‘EOPP_PORTALMGR’,”,’9BB3CF93F7DE25F1′);
insert into defusers values (‘EOPP_USER’,”,’13709991FC4800A1′);
insert into defusers values (‘EUL_US’,”,’28AEC22561414B29′);
insert into defusers values (‘EVM’,”,’137CEDC20DE69F71′);
insert into defusers values (‘EXA1′,”,’091BCD95EE112EE3′);
insert into defusers values (‘EXA2′,”,’E4C0A21DBD06B890′);
insert into defusers values (‘EXA3′,”,’40DC4FA801A73560′);
insert into defusers values (‘EXA4′,”,’953885D52BDF5C86′);
insert into defusers values (‘EXFSYS’,”,’66F4EF5650C20355′);
insert into defusers values (‘EXS1′,”,’C5572BAB195817F0′);
insert into defusers values (‘EXS2′,”,’8FAA3AC645793562′);
insert into defusers values (‘EXS3′,”,’E3050174EE1844BA’);
insert into defusers values (‘EXS4′,”,’E963BFE157475F7D’);
insert into defusers values (‘FA’,”,’21A837D0AED8F8E5′);
insert into defusers values (‘FEM’,”,’BD63D79ADF5262E7′);
insert into defusers values (‘FIA1′,”,’2EB76E07D3E094EC’);
insert into defusers values (‘FII’,”,’CF39DE29C08F71B9′);
insert into defusers values (‘FLM’,”,’CEE2C4B59E7567A3′);
insert into defusers values (‘FNI1′,”,’308839029D04F80C’);
insert into defusers values (‘FNI2′,”,’05C69C8FEAB4F0B9′);
insert into defusers values (‘FPA’,”,’9FD6074B9FD3754C’);
insert into defusers values (‘FPT’,”,’73E3EC9C0D1FAECF’);
insert into defusers values (‘FRM’,”,’9A2A7E2EBE6E4F71′);
insert into defusers values (‘FTA1′,”,’65FF9AB3A49E8A13′);
insert into defusers values (‘FTE’,”,’2FB4D2C9BAE2CCCA’);
insert into defusers values (‘FUN’,”,’8A7055CA462DB219′);
insert into defusers values (‘FV’,”,’907D70C0891A85B1′);
insert into defusers values (‘FVP1′,”,’6CC7825EADF994E8′);
insert into defusers values (‘GALLEN’,”,’F8E8ED9F15842428′);
insert into defusers values (‘GCA1′,”,’47DA9864E018539B’);
insert into defusers values (‘GCA2′,”,’FD6E06F7DD50E868′);
insert into defusers values (‘GCA3′,”,’4A4B9C2E9624C410′);
insert into defusers values (‘GCA9′,”,’48A7205A4C52D6B5′);
insert into defusers values (‘GCMGR1′,”,’14A1C1A08EA915D6′);
insert into defusers values (‘GCMGR2′,”,’F4F11339A4221A4D’);
insert into defusers values (‘GCMGR3′,”,’320F0D4258B9D190′);
insert into defusers values (‘GCS’,”,’7AE34CA7F597EBF7′);
insert into defusers values (‘GCS1′,”,’2AE8E84D2400E61D’);
insert into defusers values (‘GCS2′,”,’C242D2B83162FF3D’);
insert into defusers values (‘GCS3′,”,’DCCB4B49C68D77E2′);
insert into defusers values (‘GEORGIAWINE’,”,’F05B1C50A1C926DE’);
insert into defusers values (‘GL’,”,’CD6E99DACE4EA3A6′);
insert into defusers values (‘GLA1′,”,’86C88007729EB36F’);
insert into defusers values (‘GLA2′,”,’807622529F170C02′);
insert into defusers values (‘GLA3′,”,’863A20A4EFF7386B’);
insert into defusers values (‘GLA4′,”,’DB882CF89A758377′);
insert into defusers values (‘GLS1′,”,’7485C6BD564E75D1′);
insert into defusers values (‘GLS2′,”,’319E08C55B04C672′);
insert into defusers values (‘GLS3′,”,’A7699C43BB136229′);
insert into defusers values (‘GLS4′,”,’7C171E6980BE2DB9′);
insert into defusers values (‘GM_AWDA’,”,’4A06A107E7A3BB10′);
insert into defusers values (‘GM_COPI’,”,’03929AE296BAAFF2′);
insert into defusers values (‘GM_DPHD’,”,’0519252EDF68FA86′);
insert into defusers values (‘GM_MLCT’,”,’24E8B569E8D1E93E’);
insert into defusers values (‘GM_PLADMA’,”,’2946218A27B554D8′);
insert into defusers values (‘GM_PLADMH’,”,’2F6EDE96313AF1B7′);
insert into defusers values (‘GM_PLCCA’,”,’7A99244B545A038D’);
insert into defusers values (‘GM_PLCCH’,”,’770D9045741499E6′);
insert into defusers values (‘GM_PLCOMA’,”,’91524D7DE2B789A8′);
insert into defusers values (‘GM_PLCOMH’,”,’FC1C6E0864BF0AF2′);
insert into defusers values (‘GM_PLCONA’,”,’1F531397B19B1E05′);
insert into defusers values (‘GM_PLCONH’,”,’C5FE216EB8FCD023′);
insert into defusers values (‘GM_PLNSCA’,”,’DB9DD2361D011A30′);
insert into defusers values (‘GM_PLNSCH’,”,’C80D557351110D51′);
insert into defusers values (‘GM_PLSCTA’,”,’3A778986229BA20C’);
insert into defusers values (‘GM_PLSCTH’,”,’9E50865473B63347′);
insert into defusers values (‘GM_PLVET’,”,’674885FDB93D34B9′);
insert into defusers values (‘GM_SPO’,”,’E57D4BD77DAF92F0′);
insert into defusers values (‘GM_STKH’,”,’C498A86BE2663899′);
insert into defusers values (‘GMA’,”,’DC7948E807DFE242′);
insert into defusers values (‘GMD’,”,’E269165256F22F01′);
insert into defusers values (‘GME’,”,’B2F0E221F45A228F’);
insert into defusers values (‘GMF’,”,’A07F1956E3E468E1′);
insert into defusers values (‘GMI’,”,’82542940B0CF9C16′);
insert into defusers values (‘GML’,”,’5F1869AD455BBA73′);
insert into defusers values (‘GMP’,”,’450793ACFCC7B58E’);
insert into defusers values (‘GMS’,”,’E654261035504804′);
insert into defusers values (‘GR’,”,’F5AB0AA3197AEE42′);
insert into defusers values (‘GUEST’,”,’1C0A090E404CECD0′);
insert into defusers values (‘HCC’,”,’25A25A7FEFAC17B6′);
insert into defusers values (‘HHCFO’,”,’62DF37933FB35E9F’);
insert into defusers values (‘HR’,”,’4C6D73C3E8B0F0DA’);
insert into defusers values (‘HRI’,”,’49A3A09B8FC291D0′);
insert into defusers values (‘HXC’,”,’4CEA0BF02214DA55′);
insert into defusers values (‘HXT’,”,’169018EB8E2C4A77′);
insert into defusers values (‘IA’,”,’42C7EAFBCEEC09CC’);
insert into defusers values (‘IBA’,”,’0BD475D5BF449C63′);
insert into defusers values (‘IBC’,”,’9FB08604A30A4951′);
insert into defusers values (‘IBE’,”,’9D41D2B3DD095227′);
insert into defusers values (‘IBP’,”,’840267B7BD30C82E’);
insert into defusers values (‘IBU’,”,’0AD9ABABC74B3057′);
insert into defusers values (‘IBY’,”,’F483A48F6A8C51EC’);
insert into defusers values (‘ICX’,”,’7766E887AF4DCC46′);
insert into defusers values (‘IEB’,”,’A695699F0F71C300′);
insert into defusers values (‘IEC’,”,’CA39F929AF0A2DEC’);
insert into defusers values (‘IEM’,”,’37EF7B2DD17279B5′);
insert into defusers values (‘IEO’,”,’E93196E9196653F1′);
insert into defusers values (‘IES’,”,’30802533ADACFE14′);
insert into defusers values (‘IEU’,”,’5D0E790B9E882230′);
insert into defusers values (‘IEX’,”,’6CC978F56D21258D’);
insert into defusers values (‘IGC’,”,’D33CEB8277F25346′);
insert into defusers values (‘IGF’,”,’1740079EFF46AB81′);
insert into defusers values (‘IGI’,”,’8C69D50E9D92B9D0′);
insert into defusers values (‘IGS’,”,’DAF602231281B5AC’);
insert into defusers values (‘IGW’,”,’B39565F4E3CF744B’);
insert into defusers values (‘IMC’,”,’C7D0B9CDE0B42C73′);
insert into defusers values (‘IMT’,”,’E4AAF998653C9A72′);
insert into defusers values (‘INS1′,”,’2ADC32A0B154F897′);
insert into defusers values (‘INS2′,”,’EA372A684B790E2A’);
insert into defusers values (‘INTERNET_APPSERVER_REGISTRY’,”,’A1F98A977FFD73CD’);
insert into defusers values (‘INV’,”,’ACEAB015589CF4BC’);
insert into defusers values (‘IP’,”,’D29012C144B58A40′);
insert into defusers values (‘IPA’,”,’EB265A08759A15B4′);
insert into defusers values (‘IPD’,”,’066A2E3072C1F2F3′);
insert into defusers values (‘ISC’,”,’373F527DC0CFAE98′);
insert into defusers values (‘ISTEWARD’,”,’8735CA4085DE3EEA’);
insert into defusers values (‘ITG’,”,’D90F98746B68E6CA’);
insert into defusers values (‘JA’,”,’9AC2B58153C23F3D’);
insert into defusers values (‘JD7333′,”,’FB5B8A12AE623D52′);
insert into defusers values (‘JD7334′,”,’322810FCE43285D9′);
insert into defusers values (‘JD9′,”,’9BFAEC92526D027B’);
insert into defusers values (‘JDE’,”,’7566DC952E73E869′);
insert into defusers values (‘JDEDBA’,”,’B239DD5313303B1D’);
insert into defusers values (‘JE’,”,’FBB3209FD6280E69′);
insert into defusers values (‘JG’,”,’37A99698752A1CF1′);
insert into defusers values (‘JL’,”,’489B61E488094A8D’);
insert into defusers values (‘JOHNINARI’,”,’B3AD4DA00F9120CE’);
insert into defusers values (‘JONES’,”,’B9E99443032F059D’);
insert into defusers values (‘JTF’,”,’5C5F6FC2EBB94124′);
insert into defusers values (‘JTI’,”,’B8F03D3E72C96F71′);
insert into defusers values (‘JTM’,”,’6D79A2259D5B4B5A’);
insert into defusers values (‘JTR’,”,’B4E2BE38B556048F’);
insert into defusers values (‘JTS’,”,’4087EE6EB7F9CD7C’);
insert into defusers values (‘JUNK_PS’,”,’BBC38DB05D2D3A7A’);
insert into defusers values (‘JUSTOSHUM’,”,’53369CD63902FAAA’);
insert into defusers values (‘KELLYJONES’,”,’DD4A3FF809D2A6CF’);
insert into defusers values (‘KEVINDONS’,”,’7C6D9540B45BBC39′);
insert into defusers values (‘KPN’,”,’DF0AED05DE318728′);
insert into defusers values (‘LADAMS’,”,’AE542B99505CDCD2′);
insert into defusers values (‘LBA’,”,’18E5E15A436E7157′);
insert into defusers values (‘LBACSYS’,”,’AC9700FD3F1410EB’);
insert into defusers values (‘LDQUAL’,”,’1274872AB40D4FCD’);
insert into defusers values (‘LHILL’,”,’E70CA2CA0ED555F5′);
insert into defusers values (‘LNS’,”,’F8D2BC61C10941B2′);
insert into defusers values (‘LQUINCY’,”,’13F9B9C1372A41B6′);
insert into defusers values (‘LSA’,”,’2D5E6036E3127B7E’);
insert into defusers values (‘MDDATA’,”,’DF02A496267DEE66′);
insert into defusers values (‘MDSYS’,”,’72979A94BAD2AF80′);
insert into defusers values (‘ME’,”,’E5436F7169B29E4D’);
insert into defusers values (‘MDSYS’,”,’9AAEB2214DCC9A31′);
insert into defusers values (‘MFG’,”,’FC1B0DD35E790847′);
insert into defusers values (‘MGR1′,”,’E013305AB0185A97′);
insert into defusers values (‘MGR2′,”,’5ADE358F8ACE73E8′);
insert into defusers values (‘MGR3′,”,’05C365C883F1251A’);
insert into defusers values (‘MGR4′,”,’E229E942E8542565′);
insert into defusers values (‘MIKEIKEGAMI’,”,’AAF7A168C83D5C47′);
insert into defusers values (‘MJONES’,”,’EE7BB3FEA50A21C5′);
insert into defusers values (‘MLAKE’,”,’7EC40274AC1609CA’);
insert into defusers values (‘MM1′,”,’4418294570E152E7′);
insert into defusers values (‘MM2′,”,’C06B5B28222E1E62′);
insert into defusers values (‘MM3′,”,’A975B1BD0C093DA3′);
insert into defusers values (‘MM4′,”,’88256901EB03A012′);
insert into defusers values (‘MM5′,”,’4CEA62CBE776DCEC’);
insert into defusers values (‘MMARTIN’,”,’D52F60115FE87AA4′);
insert into defusers values (‘MOBILEADMIN’,”,’253922686A4A45CC’);
insert into defusers values (‘MRP’,”,’B45D4DF02D4E0C85′);
insert into defusers values (‘MSC’,”,’89A8C104725367B2′);
insert into defusers values (‘MSD’,”,’6A29482069E23675′);
insert into defusers values (‘MSO’,”,’3BAA3289DB35813C’);
insert into defusers values (‘MSR’,”,’C9D53D00FE77D813′);
insert into defusers values (‘MST’,”,’A96D2408F62BE1BC’);
insert into defusers values (‘MWA’,”,’1E2F06BE2A1D41A6′);
insert into defusers values (‘NEILKATSU’,”,’1F625BB9FEBC7617′);
insert into defusers values (‘OBJ7333′,”,’D7BDC9748AFEDB52′);
insert into defusers values (‘OBJ7334′,”,’EB6C5E9DB4643CAC’);
insert into defusers values (‘OBJB733′,”,’61737A9F7D54EF5F’);
insert into defusers values (‘OCA’,”,’9BC450E4C6569492′);
insert into defusers values (‘ODM’,”,’C252E8FA117AF049′);
insert into defusers values (‘ODM_MTR’,”,’A7A32CD03D3CE8D5′);
insert into defusers values (‘ODS’,”,’89804494ADFC71BC’);
insert into defusers values (‘ODSCOMMON’,”,’59BBED977430C1A8′);
insert into defusers values (‘OE’,”,’D1A2DFC623FDA40A’);
insert into defusers values (‘OKB’,”,’A01A5F0698FC9E31′);
insert into defusers values (‘OKC’,”,’31C1DDF4D5D63FE6′);
insert into defusers values (‘OKE’,”,’B7C1BB95646C16FE’);
insert into defusers values (‘OKI’,”,’991C817E5FD0F35A’);
insert into defusers values (‘OKL’,”,’DE058868E3D2B966′);
insert into defusers values (‘OKO’,”,’6E204632EC7CA65D’);
insert into defusers values (‘OKR’,”,’BB0E28666845FCDC’);
insert into defusers values (‘OKS’,”,’C2B4C76AB8257DF5′);
insert into defusers values (‘OKX’,”,’F9FDEB0DE52F5D6B’);
insert into defusers values (‘OL810′,”,’E2DA59561CBD0296′);
insert into defusers values (‘OL811′,”,’B3E88767A01403F8′);
insert into defusers values (‘OL812′,”,’AE8C7989346785BA’);
insert into defusers values (‘OL9′,”,’17EC83E44FB7DB5B’);
insert into defusers values (‘OLAPSYS’,”,’3FB8EF9DB538647C’);
insert into defusers values (‘ONT’,”,’9E3C81574654100A’);
insert into defusers values (‘OPI’,”,’1BF23812A0AEEDA0′);
insert into defusers values (‘ORABAM’,”,’D0A4EA93EF21CE25′);
insert into defusers values (‘ORABAMSAMPLES’,”,’507F11063496F222′);
insert into defusers values (‘ORABPEL’,”,’26EFDE0C9C051988′);
insert into defusers values (‘ORAESB’,”,’CC7FCCB3A1719EDA’);
insert into defusers values (‘ORAOCA_PUBLIC’,”,’FA99021634DDC111′);
insert into defusers values (‘ORASAGENT’,”,’234B6F4505AD8F25′);
insert into defusers values (‘ORASSO’,”,’F3701A008AA578CF’);
insert into defusers values (‘ORASSO_DS’,”,’17DC8E02BC75C141′);
insert into defusers values (‘ORASSO_PA’,”,’133F8D161296CB8F’);
insert into defusers values (‘ORASSO_PS’,”,’63BB534256053305′);
insert into defusers values (‘ORASSO_PUBLIC’,”,’C6EED68A8F75F5D3′);
insert into defusers values (‘ORDPLUGINS’,”,’88A2B2C183431F00′);
insert into defusers values (‘ORDSYS’,”,’7EFA02EC7EA6B86F’);
insert into defusers values (‘OSM’,”,’106AE118841A5D8C’);
insert into defusers values (‘OTA’,”,’F5E498AC7009A217′);
insert into defusers values (‘OUTLN’,”,’4A3BA55E08595C81′);
insert into defusers values (‘OWAPUB’,”,’6696361B64F9E0A9′);
insert into defusers values (‘OWF_MGR’,”,’3CBED37697EB01D1′);
insert into defusers values (‘OZF’,”,’970B962D942D0C75′);
insert into defusers values (‘OZP’,”,’B650B1BB35E86863′);
insert into defusers values (‘OZS’,”,’0DABFF67E0D33623′);
insert into defusers values (‘PA’,”,’8CE2703752DB36D8′);
insert into defusers values (‘PABLO’,”,’5E309CB43FE2C2FF’);
insert into defusers values (‘PAIGE’,”,’02B6B704DFDCE620′);
insert into defusers values (‘PAM’,”,’1383324A0068757C’);
insert into defusers values (‘PARRISH’,”,’79193FDACFCE46F6′);
insert into defusers values (‘PARSON’,”,’AE28B2BD64720CD7′);
insert into defusers values (‘PAT’,”,’DD20769D59F4F7BF’);
insert into defusers values (‘PATORILY’,”,’46B7664BD15859F9′);
insert into defusers values (‘PATRICKSANCHEZ’,”,’47F74BD3AD4B5F0A’);
insert into defusers values (‘PATSY’,”,’4A63F91FEC7980B7′);
insert into defusers values (‘PAUL’,”,’35EC0362643ADD3F’);
insert into defusers values (‘PAULA’,”,’BB0DC58A94C17805′);
insert into defusers values (‘PAXTON’,”,’4EB5D8FAD3434CCC’);
insert into defusers values (‘PCA1′,”,’8B2E303DEEEEA0C0′);
insert into defusers values (‘PCA2′,”,’7AD6CE22462A5781′);
insert into defusers values (‘PCA3′,”,’B8194D12FD4F537D’);
insert into defusers values (‘PCA4′,”,’83AD05F1D0B0C603′);
insert into defusers values (‘PCS1′,”,’2BE6DD3D1DEA4A16′);
insert into defusers values (‘PCS2′,”,’78117145145592B1′);
insert into defusers values (‘PCS3′,”,’F48449F028A065B1′);
insert into defusers values (‘PCS4′,”,’E1385509C0B16BED’);
insert into defusers values (‘PD7333′,”,’5FFAD8604D9DC00F’);
insert into defusers values (‘PD7334′,”,’CDCF262B5EE254E1′);
insert into defusers values (‘PD810′,”,’EB04A177A74C6BCB’);
insert into defusers values (‘PD811′,”,’3B3C0EFA4F20AC37′);
insert into defusers values (‘PD812′,”,’E73A81DB32776026′);
insert into defusers values (‘PD9′,”,’CACEB3F9EA16B9B7′);
insert into defusers values (‘PDA1′,”,’C7703B70B573D20F’);
insert into defusers values (‘PEARL’,”,’E0AFD95B9EBD0261′);
insert into defusers values (‘PEG’,”,’20577ED9A8DB8D22′);
insert into defusers values (‘PENNY’,”,’BB6103E073D7B811′);
insert into defusers values (‘PEOPLE’,”,’613459773123B38A’);
insert into defusers values (‘PERCY’,”,’EB9E8B33A2DDFD11′);
insert into defusers values (‘PERRY’,”,’D62B14B93EE176B6′);
insert into defusers values (‘PETE’,”,’4040619819A9C76E’);
insert into defusers values (‘PEYTON’,”,’B7127140004677FC’);
insert into defusers values (‘PHIL’,”,’181446AE258EE2F6′);
insert into defusers values (‘PJI’,”,’5024B1B412CD4AB9′);
insert into defusers values (‘PJM’,”,’021B05DBB892D11F’);
insert into defusers values (‘PM’,”,’72E382A52E89575A’);
insert into defusers values (‘PMI’,”,’A7F7978B21A6F65E’);
insert into defusers values (‘PN’,”,’D40D0FEF9C8DC624′);
insert into defusers values (‘PO’,”,’355CBEC355C10FEF’);
insert into defusers values (‘POA’,”,’2AB40F104D8517A0′);
insert into defusers values (‘POLLY’,”,’ABC770C112D23DBE’);
insert into defusers values (‘POM’,”,’123CF56E05D4EF3C’);
insert into defusers values (‘PON’,”,’582090FD3CC44DA3′);
insert into defusers values (‘PORTAL’,”,’A96255A27EC33614′);
insert into defusers values (‘PORTAL_APP’,”,’831A79AFB0BD29EC’);
insert into defusers values (‘PORTAL_DEMO’,”,’A0A3A6A577A931A3′);
insert into defusers values (‘PORTAL_PUBLIC’,”,’70A9169655669CE8′);
insert into defusers values (‘PORTAL30′,”,’969F9C3839672C6D’);
insert into defusers values (‘PORTAL30_DEMO’,”,’CFD1302A7F832068′);
insert into defusers values (‘PORTAL30_PUBLIC’,”,’42068201613CA6E2′);
insert into defusers values (‘PORTAL30_SSO’,”,’882B80B587FCDBC8′);
insert into defusers values (‘PORTAL30_SSO_PS’,”,’F2C3DC8003BC90F8′);
insert into defusers values (‘PORTAL30_SSO_PUBLIC’,”,’98741BDA2AC7FFB2′);
insert into defusers values (‘POS’,”,’6F6675F272217CF7′);
insert into defusers values (‘PPM1′,”,’AA4AE24987D0E84B’);
insert into defusers values (‘PPM2′,”,’4023F995FF78077C’);
insert into defusers values (‘PPM3′,”,’12F56FADDA87BBF9′);
insert into defusers values (‘PPM4′,”,’84E17CB7A3B0E769′);
insert into defusers values (‘PPM5′,”,’804C159C660F902C’);
insert into defusers values (‘PRISTB733′,”,’1D1BCF8E03151EF5′);
insert into defusers values (‘PRISTCTL’,”,’78562A983A2F78FB’);
insert into defusers values (‘PRISTDTA’,”,’3FCBC379C8FE079C’);
insert into defusers values (‘PRODB733′,”,’9CCD49EB30CB80C4′);
insert into defusers values (‘PRODCTL’,”,’E5DE2F01529AE93C’);
insert into defusers values (‘PRODDTA’,”,’2A97CD2281B256BA’);
insert into defusers values (‘PRODUSER’,”,’752E503EFBF2C2CA’);
insert into defusers values (‘PROJMFG’,”,’34D61E5C9BC7147E’);
insert into defusers values (‘PRP’,”,’C1C4328F8862BC16′);
insert into defusers values (‘PS’,”,’0AE52ADF439D30BD’);
insert into defusers values (‘PS810′,”,’90C0BEC7CA10777E’);
insert into defusers values (‘PS810CTL’,”,’D32CCE5BDCD8B9F9′);
insert into defusers values (‘PS810DTA’,”,’AC0B7353A58FC778′);
insert into defusers values (‘PS811′,”,’B5A174184403822F’);
insert into defusers values (‘PS811CTL’,”,’18EDE0C5CCAE4C5A’);
insert into defusers values (‘PS811DTA’,”,’7961547C7FB96920′);
insert into defusers values (‘PS812′,”,’39F0304F007D92C8′);
insert into defusers values (‘PS812CTL’,”,’E39B1CE3456ECBE5′);
insert into defusers values (‘PS812DTA’,”,’3780281C933FE164′);
insert into defusers values (‘PSA’,”,’FF4B266F9E61F911′);
insert into defusers values (‘PSB’,”,’28EE1E024FC55E66′);
insert into defusers values (‘PSBASS’,”,’F739804B718D4406′);
insert into defusers values (‘PSEM’,”,’40ACD8C0F1466A57′);
insert into defusers values (‘PSFT’,”,’7B07F6F3EC08E30D’);
insert into defusers values (‘PSFTDBA’,”,’E1ECD83073C4E134′);
insert into defusers values (‘PSP’,”,’4FE07360D435E2F0′);
insert into defusers values (‘PTADMIN’,”,’4C35813E45705EBA’);
insert into defusers values (‘PTCNE’,”,’463AEFECBA55BEE8′);
insert into defusers values (‘PTDMO’,”,’251D71390034576A’);
insert into defusers values (‘PTE’,”,’380FDDB696F0F266′);
insert into defusers values (‘PTESP’,”,’5553404C13601916′);
insert into defusers values (‘PTFRA’,”,’A360DAD317F583E3′);
insert into defusers values (‘PTG’,”,’7AB0D62E485C9A3D’);
insert into defusers values (‘PTGER’,”,’C8D1296B4DF96518′);
insert into defusers values (‘PTJPN’,”,’2159C2EAF20011BF’);
insert into defusers values (‘PTUKE’,”,’D0EF510BCB2992A3′);
insert into defusers values (‘PTUPG’,”,’2C27080C7CC57D06′);
insert into defusers values (‘PTWEB’,”,’8F7F509D4DC01DF6′);
insert into defusers values (‘PTWEBSERVER’,”,’3C8050536003278B’);
insert into defusers values (‘PUBLIC’,”,”);
insert into defusers values (‘PV’,”,’76224BCC80895D3D’);
insert into defusers values (‘PY7333′,”,’2A9C53FE066B852F’);
insert into defusers values (‘PY7334′,”,’F3BBFAE0DDC5F7AC’);
insert into defusers values (‘PY810′,”,’95082D35E94B88C2′);
insert into defusers values (‘PY811′,”,’DC548D6438E4D6B7′);
insert into defusers values (‘PY812′,”,’99C575A55E9FDA63′);
insert into defusers values (‘PY9′,”,’B8D4E503D0C4FCFD’);
insert into defusers values (‘QA’,”,’C7AEAA2D59EB1EAE’);
insert into defusers values (‘QOT’,”,’B27D0E5BA4DC8DEA’);
insert into defusers values (‘QP’,”,’10A40A72991DCA15′);
insert into defusers values (‘QRM’,”,’098286E4200B22DE’);
insert into defusers values (‘QS’,”,’4603BCD2744BDE4F’);
insert into defusers values (‘QS_ADM’,”,’3990FB418162F2A0′);
insert into defusers values (‘QS_CB’,”,’870C36D8E6CD7CF5′);
insert into defusers values (‘QS_CBADM’,”,’20E788F9D4F1D92C’);
insert into defusers values (‘QS_CS’,”,’2CA6D0FC25128CF3′);
insert into defusers values (‘QS_ES’,”,’9A5F2D9F5D1A9EF4′);
insert into defusers values (‘QS_OS’,”,’0EF5997DC2638A61′);
insert into defusers values (‘QS_WS’,”,’0447F2F756B4F460′);
insert into defusers values (‘RENE’,”,’9AAD141AB0954CF0′);
insert into defusers values (‘REPADMIN’,”,’915C93F34954F5F8′);
insert into defusers values (‘REPORTS’,”,’0D9D14FE6653CF69′);
insert into defusers values (‘REPORTS_USER’,”,’635074B4416CD3AC’);
insert into defusers values (‘RESTRICTED_US’,”,’E7E67B60CFAFBB2D’);
insert into defusers values (‘RG’,”,’0FAA06DA0F42F21F’);
insert into defusers values (‘RHX’,”,’FFDF6A0C8C96E676′);
insert into defusers values (‘RLA’,”,’C1959B03F36C9BB2′);
insert into defusers values (‘RLM’,”,’4B16ACDA351B557D’);
insert into defusers values (‘RM1′,”,’CD43500DAB99F447′);
insert into defusers values (‘RM2′,”,’2D8EE7F8857D477E’);
insert into defusers values (‘RM3′,”,’1A95960A95AC2E1D’);
insert into defusers values (‘RM4′,”,’651BFD4E1DE4B040′);
insert into defusers values (‘RM5′,”,’FDCC34D74A22517C’);
insert into defusers values (‘RMAN’,”,’E7B5D92911C831E1′);
insert into defusers values (‘ROB’,”,’94405F516486CA24′);
insert into defusers values (‘RPARKER’,”,’CEBFE4C41BBCC306′);
insert into defusers values (‘RWA1′,”,’B07E53895E37DBBB’);
insert into defusers values (‘SALLYH’,”,’21457C94616F5716′);
insert into defusers values (‘SAM’,”,’4B95138CB6A4DB94′);
insert into defusers values (‘SARAHMANDY’,”,’60BE21D8711EE7D9′);
insert into defusers values (‘SCM1′,”,’507306749131B393′);
insert into defusers values (‘SCM2′,”,’CBE8D6FAC7821E85′);
insert into defusers values (‘SCM3′,”,’2B311B9CDC70F056′);
insert into defusers values (‘SCM4′,”,’1FDF372790D5A016′);
insert into defusers values (‘SCOTT’,”,’F894844C34402B67′);
insert into defusers values (‘SDAVIS’,”,’A9A3B88C6A550559′);
insert into defusers values (‘SECDEMO’,”,’009BBE8142502E10′);
insert into defusers values (‘SEDWARDS’,”,’00A2EDFD7835BC43′);
insert into defusers values (‘SELLCM’,”,’8318F67F72276445′);
insert into defusers values (‘SELLER’,”,’B7F439E172D5C3D0′);
insert into defusers values (‘SELLTREAS’,”,’6EE7BA85E9F84560′);
insert into defusers values (‘SERVICES’,”,’B2BE254B514118A5′);
insert into defusers values (‘SETUP’,”,’9EA55682C163B9A3′);
insert into defusers values (‘SH’,”,’54B253CBBAAA8C48′);
insert into defusers values (‘SI_INFORMTN_SCHEMA’,”,’84B8CBCA4D477FA3′);
insert into defusers values (‘SID’,”,’CFA11E6EBA79D33E’);
insert into defusers values (‘SKAYE’,”,’ED671B63BDDB6B50′);
insert into defusers values (‘SKYTETSUKA’,”,’EB5DA777D1F756EC’);
insert into defusers values (‘SLSAA’,”,’99064FC6A2E4BBE8′);
insert into defusers values (‘SLSMGR’,”,’0ED44093917BE294′);
insert into defusers values (‘SLSREP’,”,’847B6AAB9471B0A5′);
insert into defusers values (‘SRABBITT’,”,’85F734E71E391DF5′);
insert into defusers values (‘SRALPHS’,”,’975601AA57CBD61A’);
insert into defusers values (‘SRAY’,”,’C233B26CFC5DC643′);
insert into defusers values (‘SRIVERS’,”,’95FE94ADC2B39E08′);
insert into defusers values (‘SSA1′,”,’DEE6E1BEB962AA8B’);
insert into defusers values (‘SSA2′,”,’96CA278B20579E34′);
insert into defusers values (‘SSA3′,”,’C3E8C3B002690CD4′);
insert into defusers values (‘SSC1′,”,’4F7AC652CC728980′);
insert into defusers values (‘SSC2′,”,’A1350B328E74AE87′);
insert into defusers values (‘SSC3′,”,’EE3906EC2DA586D8′);
insert into defusers values (‘SSOSDK’,”,’7C48B6FF3D54D006′);
insert into defusers values (‘SSP’,”,’87470D6CE203FB4D’);
insert into defusers values (‘SSS1′,”,’E78C515C31E83848′);
insert into defusers values (‘SUPPLIER’,”,’2B45928C2FE77279′);
insert into defusers values (‘SVM7333′,”,’04B731B0EE953972′);
insert into defusers values (‘SVM7334′,”,’62E2A2E886945CC8′);
insert into defusers values (‘SVM810′,”,’0A3DCD8CA3B6ABD9′);
insert into defusers values (‘SVM811′,”,’2B0CD57B1091C936′);
insert into defusers values (‘SVM812′,”,’778632974E3947C9′);
insert into defusers values (‘SVM9′,”,’552A60D8F84441F1′);
insert into defusers values (‘SVMB733′,”,’DD2BFB14346146FE’);
insert into defusers values (‘SVP1′,”,’F7BF1FFECE27A834′);
insert into defusers values (‘SY810′,”,’D56934CED7019318′);
insert into defusers values (‘SY811′,”,’2FDC83B401477628′);
insert into defusers values (‘SY812′,”,’812B8D7211E7DEF1′);
insert into defusers values (‘SY9′,”,’3991E64C4BC2EC5D’);
insert into defusers values (‘SYS’,”,’43CA255A7916ECFE’);
insert into defusers values (‘SYS7333′,”,’D7CDB3124F91351E’);
insert into defusers values (‘SYS’,”,’5638228DAF52805F’);
insert into defusers values (‘SYS7334′,”,’06959F7C9850F1E3′);
insert into defusers values (‘SYS’,”,’D4C5016086B2DC6A’);
insert into defusers values (‘SYSADMIN’,”,’DC86E8DEAA619C1A’);
insert into defusers values (‘SYSB733′,”,’7A7F5C90BEC02F0E’);
insert into defusers values (‘SYSMAN’,”,’EB258E708132DD2D’);
insert into defusers values (‘SYSTEM’,”,’4D27CA6E3E3066E6′);
insert into defusers values (‘TDEMARCO’,”,’CAB71A14FA426FAE’);
insert into defusers values (‘SYSTEM’,”,’D4DF7931AB130E37′);
insert into defusers values (‘TDOS_ICSAP’,”,’7C0900F751723768′);
insert into defusers values (‘TESTCTL’,”,’205FA8DF03A1B0A6′);
insert into defusers values (‘TESTDTA’,”,’EEAF97B5F20A3FA3′);
insert into defusers values (‘TRA1′,”,’BE8EDAE6464BA413′);
insert into defusers values (‘TRACESVR’,”,’F9DA8977092B7B81′);
insert into defusers values (‘TRBM1′,”,’B10ED16CD76DBB60′);
insert into defusers values (‘TRCM1′,”,’530E1F53715105D0′);
insert into defusers values (‘TRDM1′,”,’FB1B8EF14CF3DEE7′);
insert into defusers values (‘TRRM1′,”,’4F29D85290E62EBE’);
insert into defusers values (‘TWILLIAMS’,”,’6BF819CE663B8499′);
insert into defusers values (‘UDDISYS’,”,’BF5E56915C3E1C64′);
insert into defusers values (‘VEA’,”,’D38D161C22345902′);
insert into defusers values (‘VEH’,”,’72A90A786AAE2914′);
insert into defusers values (‘VIDEO31′,”,’2FA72981199F9B97′);
insert into defusers values (‘VIDEO4′,”,’9E9B1524C454EEDE’);
insert into defusers values (‘VIDEO5′,”,’748481CFF7BE98BB’);
insert into defusers values (‘VP1′,”,’3CE03CD65316DBC7′);
insert into defusers values (‘VP2′,”,’FCCEFD28824DFEC5′);
insert into defusers values (‘VP3′,”,’DEA4D8290AA247B2′);
insert into defusers values (‘VP4′,”,’F4730B0FA4F701DC’);
insert into defusers values (‘VP5′,”,’7DD67A696734AE29′);
insert into defusers values (‘VP6′,”,’45660DEE49534ADB’);
insert into defusers values (‘WAA1′,”,’CF013DC80A9CBEE3′);
insert into defusers values (‘WAA2′,”,’6160E7A17091741A’);
insert into defusers values (‘WCRSYS’,”,’090263F40B744BD8′);
insert into defusers values (‘WEBDB’,”,’D4C4DCDD41B05A5D’);
insert into defusers values (‘WEBSYS’,”,’54BA0A1CB5994D64′);
insert into defusers values (‘WENDYCHO’,”,’7E628CDDF051633A’);
insert into defusers values (‘WH’,”,’91792EFFCB2464F9′);
insert into defusers values (‘WIP’,”,’D326D25AE0A0355C’);
insert into defusers values (‘WIRELESS’,”,’1495D279640E6C3A’);
insert into defusers values (‘WK_TEST’,”,’29802572EB547DBF’);
insert into defusers values (‘WIRELESS’,”,’EB9615631433603E’);
insert into defusers values (‘WKPROXY’,”,’AA3CB2A4D9188DDB’);
insert into defusers values (‘WKSYS’,”,’545E13456B7DDEA0′);
insert into defusers values (‘WMS’,”,’D7837F182995E381′);
insert into defusers values (‘WMSYS’,”,’7C9BA362F8314299′);
insert into defusers values (‘WPS’,”,’50D22B9D18547CF7′);
insert into defusers values (‘WSH’,”,’D4D76D217B02BD7A’);
insert into defusers values (‘WSM’,”,’750F2B109F49CC13′);
insert into defusers values (‘XDB’,”,’88D8364765FCE6AF’);
insert into defusers values (‘XDO’,”,’E9DDE8ACFA7FE8E4′);
insert into defusers values (‘XDP’,”,’F05E53C662835FA2′);
insert into defusers values (‘XLA’,”,’2A8ED59E27D86D41′);
insert into defusers values (‘XLE’,”,’CEEBE966CC6A3E39′);
insert into defusers values (‘XNB’,”,’03935918FA35C993′);
insert into defusers values (‘XNC’,”,’BD8EA41168F6C664′);
insert into defusers values (‘XNI’,”,’F55561567EF71890′);
insert into defusers values (‘XNM’,”,’92776EA17B8B5555′);
insert into defusers values (‘XNP’,”,’3D1FB783F96D1F5E’);
insert into defusers values (‘XNS’,”,’FABA49C38150455E’);
insert into defusers values (‘XTR’,”,’A43EE9629FA90CAE’);
insert into defusers values (‘YCAMPOS’,”,’C3BBC657F099A10F’);
insert into defusers values (‘YSANCHEZ’,”,’E0C033C4C8CC9D84′);
insert into defusers values (‘ZFA’,”,’742E092A27DDFB77′);
insert into defusers values (‘ZPB’,”,’CAF58375B6D06513′);
insert into defusers values (‘ZSA’,”,’AFD3BD3C7987CBB6′);
insert into defusers values (‘ZX’,”,’7B06550956254585′);
–
— added to include 11g users found in db
–
insert into defusers values (‘APEX_030200′,”,’6B653304BCFBC89D’);
insert into defusers values (‘APEX_PUBLIC_USER’,”,’C8E264D926F001D8′);
insert into defusers values (‘APPQOSSYS’,”,’519D632B7EE7F63A’);
insert into defusers values (‘DVF’,”,’2396F000D5101F99′);
insert into defusers values (‘DVSYS’,”,’32A825F720FB089E’);
insert into defusers values (‘FLOWS_030000′,”,’B5C7B17C2C983E8F’);
insert into defusers values (‘FLOWS_FILES’,”,’5CDD1E40E516FE6A’);
insert into defusers values (‘MGMT_VIEW’,”,’17028530E6D346B4′);
insert into defusers values (‘ODVOWN’,”,’67FAD2FAF0F826A4′);
insert into defusers values (‘ORACLE_OCM’,”,’6D17CF1EB1611F94′);
insert into defusers values (‘ORDDATA’,”,’A93EC937FCD1DC2A’);
insert into defusers values (‘OWBSYS’,”,’610A3C38F301776F’);
insert into defusers values (‘OWBSYS_AUDIT’,”,’FD8C3D14F6B60015′);
insert into defusers values (‘SPATIAL_CSW_ADMIN_USR’,”,’1B290858DD14107E’);
insert into defusers values (‘SPATIAL_WFS_ADMIN_USR’,”,’7117215D6BEE6E82′);
insert into defusers values (‘TSMSYS’,”,’3DF26A8B17D0F29F’);
insert into defusers values (‘XS$NULL’,”,’DC4FCC8CB69A6733′);
–
— load default roles
–
insert into defroles values (‘ADM_PARALLEL_EXECUTE_TASK’);
insert into defroles values (‘APEX_ADMINISTRATOR_ROLE’);
insert into defroles values (‘AQ_ADMINISTRATOR_ROLE’);
insert into defroles values (‘AQ_USER_ROLE’);
insert into defroles values (‘AUTHENTICATEDUSER’);
insert into defroles values (‘CAPI_USER_ROLE’);
insert into defroles values (‘CONNECT’);
insert into defroles values (‘CSW_USR_ROLE’);
insert into defroles values (‘CTXAPP’);
insert into defroles values (‘CWM_USER’);
insert into defroles values (‘DATAPUMP_EXP_FULL_DATABASE’);
insert into defroles values (‘DATAPUMP_IMP_FULL_DATABASE’);
insert into defroles values (‘DBA’);
insert into defroles values (‘DBFS_ROLE’);
insert into defroles values (‘DELETE_CATALOG_ROLE’);
insert into defroles values (‘DV_ADMIN’);
insert into defroles values (‘DV_ACCTMGR’);
insert into defroles values (‘DV_OWNER’);
insert into defroles values (‘DV_PUBLIC’);
insert into defroles values (‘DV_REALM_OWNER’);
insert into defroles values (‘DV_REALM_RESOURCE’);
insert into defroles values (‘DV_SECANALYST’);
insert into defroles values (‘EJBCLIENT’);
insert into defroles values (‘EXECUTE_CATALOG_ROLE’);
insert into defroles values (‘EXP_FULL_DATABASE’);
insert into defroles values (‘GATHER_SYSTEM_STATISTICS’);
insert into defroles values (‘GLOBAL_AQ_USER_ROLE’);
insert into defroles values (‘HS_ADMIN_EXECUTE_ROLE’);
insert into defroles values (‘HS_ADMIN_ROLE’);
insert into defroles values (‘HS_ADMIN_SELECT_ROLE’);
insert into defroles values (‘IMP_FULL_DATABASE’);
insert into defroles values (‘JAVADEBUGPRIV’);
insert into defroles values (‘JAVAIDPRIV’);
insert into defroles values (‘JAVASYSPRIV’);
insert into defroles values (‘JAVAUSERPRIV’);
insert into defroles values (‘JAVA_ADMIN’);
insert into defroles values (‘JAVA_DEPLOY’);
insert into defroles values (‘JMXSERVER’);
insert into defroles values (‘LBAC_DBA’);
insert into defroles values (‘LOGSTDBY_ADMINISTRATOR’);
insert into defroles values (‘MGMT_USER’);
insert into defroles values (‘OEM_ADVISOR’);
insert into defroles values (‘OEM_MONITOR’);
insert into defroles values (‘OLAPI_TRACE_USER’);
insert into defroles values (‘OLAP_DBA’);
insert into defroles values (‘OLAP_USER’);
insert into defroles values (‘OLAP_XS_ADMIN’);
insert into defroles values (‘ORDADMIN’);
insert into defroles values (‘OWB$CLIENT’);
insert into defroles values (‘OWB_DESIGNCENTER_VIEW’);
insert into defroles values (‘OWB_USER’);
insert into defroles values (‘RECOVERY_CATALOG_OWNER’);
insert into defroles values (‘RESOURCE’);
insert into defroles values (‘SCHEDULER_ADMIN’);
insert into defroles values (‘SELECT_CATALOG_ROLE’);
insert into defroles values (‘SNMPAGENT’);
insert into defroles values (‘SPATIAL_CSW_ADMIN’);
insert into defroles values (‘SPATIAL_WFS_ADMIN’);
insert into defroles values (‘WFS_USR_ROLE’);
insert into defroles values (‘WM_ADMIN_ROLE’);
insert into defroles values (‘WKUSER’);
insert into defroles values (‘WM_ADMIN_ROLE’);
insert into defroles values (‘XDBADMIN’);
insert into defroles values (‘XDB_SET_INVOKER’);
insert into defroles values (‘XDB_WEBSERVICES’);
insert into defroles values (‘XDB_WEBSERVICES_OVER_HTTP’);
insert into defroles values (‘XDB_WEBSERVICES_WITH_PUBLIC’);
commit;
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line(‘something did not work’);
END;
END LOAD_DEF_USR_PROC;
PROCEDURE LOAD_VUL_PROC AS
BEGIN
DECLARE
ret_val number;
strvar2 varchar2(2000);
oraver varchar2(20);
oraverno number :=0;
BEGIN
ret_val:=0;
dbms_utility.db_version(oraver,strvar2);
oraverno:=to_number(substr(oraver,1,instr(oraver,’.')+1));
— Oracle Installation Vulnerabilities
insert into dbsrrin values (‘I’,'V0005658′,’DG0001′,’DBMS version support’,'Software not supported by the vendor is not evaluated or patched against newly found vulnerabilities.’,’1′);
— 10
if oraverno < 11 then
insert into dbsrrin values (‘I’,'V0004758′,’DG0002′,’DBMS version upgrade plan’,'An upgrade/migration plan has not been developed to address an unsupported DBMS software version.’,’2′);
end if;
insert into dbsrrin values (‘I’,'V0005659′,’DG0003′,’DBMS security patch level’,'The latest security patches have not been installed.’,’2′);
insert into dbsrrin values (‘I’,'V0006756′,’DG0005′,’DBMS administration OS accounts’,'Unnecessary privileges to the host system have been granted to DBA OS accounts.’,’2′);
insert into dbsrrin values (‘I’,'V0006767′,’DG0007′,’DBMS security compliance’,'The database has not been secured in accordance with DoD, vendor and commercially accepted practices where applicable.’,’2′);
insert into dbsrrin values (‘I’,'V0015608′,’DG0009′,’DBMS software library permissions’,'Access to DBMS software files and directories are granted to unauthorized users.’,’2′);
insert into dbsrrin values (‘I’,'V0002420′,’DG0010′,’DBMS software monitoring’,'Database executable and configuration files are not being monitored for unauthorized modifications.’,’3′);
insert into dbsrrin values (‘I’,'V0003726′,’DG0011′,’DBMS Configuration Management’,'Configuration management procedures are not defined and implemented for database software modifications.’,’3′);
insert into dbsrrin values (‘I’,'V0004754′,’DG0012′,’DBMS software storage location’,'Database data files are stored in the same logical storage partition as database application software.’,’2′);
insert into dbsrrin values (‘I’,'V0015126′,’DG0013′,’Database backup procedures’,'Database backup procedures are not defined, documented or implemented.’,’2′);
insert into dbsrrin values (‘I’,'V0003728′,’DG0016′,’DBMS unused components’,'Unused database components, database application software or database objects have not been removed from the DBMS system.’,’3′);
insert into dbsrrin values (‘I’,'V0003803′,’DG0017′,’DBMS shared production/development use’,'System resources and database identifiers are not clearly separated or defined.’,’2′);
insert into dbsrrin values (‘I’,'V0003805′,’DG0019′,’DBMS software ownership’,'Application software is not owned by a Software Application account.’,’3′);
insert into dbsrrin values (‘I’,'V0015129′,’DG0020′,’DBMS backup and recovery testing’,'Backup and recovery procedures have not been developed, documented, implemented or periodically tested.’,’2′);
insert into dbsrrin values (‘I’,'V0003806′,’DG0021′,’DBMS software and configuration baseline’,'A baseline of database application software is not documented or maintained.’,’2′);
insert into dbsrrin values (‘I’,'V0015610′,’DG0025′,’DBMS encryption compliance’,'Cryptography is not configured to comply with FIPS 140-2 requirements.’,’2′);
insert into dbsrrin values (‘I’,'V0002422′,’DG0040′,’DBMS software owner account access’,'The DBMS software installation account is not restricted to authorized users.’,’2′);
insert into dbsrrin values (‘I’,'V0015110′,’DG0041′,’DBMS installation account use logging’,'Use of the DBMS installation account is not logged.’,’2′);
insert into dbsrrin values (‘I’,'V0015111′,’DG0042′,’DBMS software installation account use’,'Use of the DBMS software installation account is not restricted to DBMS software installation, upgrade and maintenance actions.’,’2′);
insert into dbsrrin values (‘I’,'V0002423′,’DG0050′,’DBMS software and configuration file monitoring’,'Database software, applications and configuration files are not monitored to discover unauthorized changes.’,’2′);
insert into dbsrrin values (‘I’,'V0003808′,’DG0051′,’Database job/batch queue monitoring’,'Database job/batch queues are not reviewed regularly to detect unauthorized database job submissions.’,’2′);
insert into dbsrrin values (‘I’,'V0003807′,’DG0052′,’DBMS software access audit’,'All applications that access the database are not logged in the audit trail.’,’2′);
insert into dbsrrin values (‘I’,'V0003809′,’DG0053′,’DBMS client connection definition file’,'A single database connection configuration file is used to configure all database clients regardless of differing client access requirements.’,’2′);
insert into dbsrrin values (‘I’,'V0015611′,’DG0054′,’DBMS software access audit review’,'The audit logs are not periodically monitored to discover DBMS access using unauthorized applications.’,’3′);
insert into dbsrrin values (‘I’,'V0015107′,’DG0063′,’DBMS restore permissions’,'DBMS privileges to restore database data or other DBMS configurations, features or objects are not restricted to authorized DBMS accounts.’,’2′);
insert into dbsrrin values (‘I’,'V0015120′,’DG0064′,’DBMS backup and restoration file protection’,'DBMS backup and restoration files are not protected from unauthorized access.’,’2′);
insert into dbsrrin values (‘I’,'V0003811′,’DG0066′,’DBMS temporary password procedures’,'Procedures for establishing temporary passwords that meet DoD password requirements for new accounts are not defined, documented or implemented.’,’2′);
insert into dbsrrin values (‘I’,'V0003812′,’DG0067′,’DBMS account password external storage’,'Database passwords used by batch or job processes are not stored in encrypted format.’,’1′);
insert into dbsrrin values (‘I’,'V0003813′,’DG0068′,’DBMS application password display’,'DBMS tools or applications that echo or require a password entry in clear text are not protected from password display.’,’2′);
insert into dbsrrin values (‘I’,'V0015140′,’DG0069′,’Production Data Import to Development DBMS’,'Procedures and restrictions for import of production data to development databases are not documented, implemented or followed.’,’2′);
insert into dbsrrin values (‘I’,'V0015102′,’DG0083′,’DBMS audit report automation’,'Automated notification of suspicious activity detected in the audit trail is not implemented.’,’2′);
insert into dbsrrin values (‘I’,'V0015106′,’DG0086′,’DBMS DBA role privilege monitoring’,'DBA roles are not periodically monitored to detect assignment of unauthorized or excess privileges.’,’2′);
insert into dbsrrin values (‘I’,'V0015112′,’DG0088′,’DBMS vulnerability mgmt and IA compliance testing’,'The DBMS is not periodically tested for vulnerability management and IA compliance.’,’3′);
insert into dbsrrin values (‘I’,'V0015131′,’DG0090′,’DBMS sensitive data identification and encryption’,'Sensitive information stored in the database is not protected by encryption.’,’2′);
insert into dbsrrin values (‘I’,'V0015132′,’DG0092′,’DBMS data file encryption’,'Database data files containing sensitive information are not encrypted.’,’2′);
insert into dbsrrin values (‘I’,'V0003825′,’DG0093′,’Remote administration connection encryption’,'Remote adminstrative connections to the database are not encrypted.’,’2′);
insert into dbsrrin values (‘I’,'V0003827′,’DG0095′,’DBMS audit trail data review’,'Audit trail data is not reviewed daily or more frequently.’,’2′);
insert into dbsrrin values (‘I’,'V0015138′,’DG0096′,’DBMS IA policy and procedure review’,'The DBMS IA policies and procedures are not reviewed annually or more frequently.’,’3′);
insert into dbsrrin values (‘I’,'V0015139′,’DG0097′,’DBMS testing plans and procedures’,'Plans and procedures for testing DBMS installations, upgrades and patches are not defined or followed prior to production implementation.’,’2′);
insert into dbsrrin values (‘I’,'V0015618′,’DG0099′,’DBMS access to external local executables’,'Access to external DBMS executables is not disabled or restricted.’,’2′);
insert into dbsrrin values (‘I’,'V0015620′,’DG0101′,’DBMS external procedure OS account privileges’,'OS accounts used to execute external procedures are not assigned minimum privileges.’,’2′);
— 10
if oraverno < 11 then
insert into dbsrrin values (‘I’,'V0015141′,’DG0102′,’DBMS services dedicated custom account’,'DBMS processes or services are not run under custom, dedicated OS accounts.’,’2′);
end if;
insert into dbsrrin values (‘I’,'V0015621′,’DG0103′,’DBMS Listener network restrictions’,'The DBMS listener does not restrict database access by network address.’,’2′);
insert into dbsrrin values (‘I’,'V0015622′,’DG0104′,’DBMS service identification’,'DBMS service identification is not unique or does not clearly identify the service.’,’3′);
insert into dbsrrin values (‘I’,'V0015143′,’DG0106′,’Database data encryption configuration’,'Database data encryption controls are not configured in accordance with application requirements.’,’2′);
insert into dbsrrin values (‘I’,'V0015144′,’DG0107′,’DBMS sensitive data identification’,'Sensitive data is stored in the database and is not identified in the System Security Plan and AIS Functional Architecture documentation.’,’2′);
insert into dbsrrin values (‘I’,'V0015145′,’DG0108′,’DBMS restoration priority’,'The DBMS restoration priority has not been assigned.’,’3′);
insert into dbsrrin values (‘I’,'V0015146′,’DG0109′,’DBMS dedicated host’,'The DBMS is operated without authorization on a host system supporting other application services.’,’2′);
insert into dbsrrin values (‘I’,'V0015179′,’DG0110′,’DBMS host shared with a security service’,'The DBMS shares a host supporting an independent security service.’,’2′);
insert into dbsrrin values (‘I’,'V0015147′,’DG0111′,’DBMS dedicated software directories’,'The DBMS data files, transaction logs or audit files are not stored in dedicated directories or disk partitions separate from software or other application files.’,’2′);
insert into dbsrrin values (‘I’,'V0015625′,’DG0115′,’DBMS trusted recovery’,'Recovery procedures or technical system features do not exist to ensure that recovery is done in a secure and verifiable manner.’,’2′);
insert into dbsrrin values (‘I’,'V0015127′,’DG0118′,’IAM review of change in DBA assignments’,'The IAM is not reviewing changes to DBA role assignments.’,’2′);
insert into dbsrrin values (‘I’,'V0015105′,’DG0120′,’DBMS application user access to external objects’,'Unauthorized access to external database objects have not been removed from application user roles.’,’2′);
insert into dbsrrin values (‘I’,'V0015636′,’DG0129′,’DBMS passwords in transit’,'Passwords are not encrypted when transmitted across the network.’,’1′);
insert into dbsrrin values (‘I’,'V0015643′,’DG0140′,’DBMS security data access’,'Access to DBMS security data is not audited.’,’2′);
insert into dbsrrin values (‘I’,'V0015148′,’DG0152′,’DBMS network port, protocol and services (PPS) use’,'DBMS network communications do not comply with PPS usage restrictions.’,’2′);
insert into dbsrrin values (‘I’,'V0015150′,’DG0154′,’DBMS System Security Plan’,'The DBMS does not have a System Security Plan or the System Security Plan does not contain the required information.’,’3′);
insert into dbsrrin values (‘I’,'V0015649′,’DG0155′,’DBMS trusted startup’,'The DBMS does not verify trustworthiness of data and configuration files at startup.’,’2′);
insert into dbsrrin values (‘I’,'V0015651′,’DG0157′,’DBMS remote administration’,'Remote DBMS administration is not documented, not authorized or is not disabled.’,’2′);
insert into dbsrrin values (‘I’,'V0015652′,’DG0158′,’DBMS remote administration audit’,'DBMS remote administration is not audited.’,’2′);
insert into dbsrrin values (‘I’,'V0015118′,’DG0159′,’Review of DBMS remote administrative access’,'Remote administrative access to the database is not monitored by the IAO or IAM.’,’2′);
insert into dbsrrin values (‘I’,'V0015103′,’DG0161′,’DBMS Audit Tool’,'An automated tool that monitors audit data and immediately reports suspicious activity is not employed for the DBMS.’,’2′);
insert into dbsrrin values (‘I’,'V0015104′,’DG0167′,’Encryption of DBMS sensitive data in transit’,'Sensitive data served by the DBMS is not protected by encryption when transmitted across the network.’,’1′);
insert into dbsrrin values (‘I’,'V0015656′,’DG0171′,’DBMS interconnections’,'The DBMS has a connection defined to access or be accessed by a DBMS at a different classification level.’,’2′);
insert into dbsrrin values (‘I’,'V0015116′,’DG0175′,’DBMS host and component STIG compliancy’,'The DBMS host platform and other dependent applications are not configured in compliance with applicable STIG requirements.’,’2′);
insert into dbsrrin values (‘I’,'V0015117′,’DG0176′,’DBMS audit log backups’,'The DBMS audit logs are not included in backup operations.’,’2′);
insert into dbsrrin values (‘I’,'V0015658′,’DG0179′,’DBMS warning banner’,'The DBMS warning banner does not meet DoD policy requirements.’,’2′);
insert into dbsrrin values (‘I’,'V0015122′,’DG0186′,’DBMS network perimeter protection’,'The database is directly accessible from public or unauthorized networks.’,’2′);
insert into dbsrrin values (‘I’,'V0015121′,’DG0187′,’DBMS software file backups’,'DBMS software libraries are not periodically backed up.’,’2′);
insert into dbsrrin values (‘I’,'V0015659′,’DG0191′,’DBMS credential protection’,'Credentials used to access remote databases are not protected by encryption and restricted to authorized users.’,’2′);
insert into dbsrrin values (‘I’,'V0015108′,’DG0194′,’DBMS developer privilege monitoring on shared DBMS’,'Privileges assigned to developers on shared production and development DBMS hosts and the DBMS are not monitored every three months or more frequently for unauthorized changes.’,’2′);
insert into dbsrrin values (‘I’,'V0015109′,’DG0195′,’DBMS host file privileges assigned to developers’,'DBMS production application and data directories are not protected from developers on shared production/development DBMS host systems.’,’2′);
insert into dbsrrin values (‘I’,'V0015662′,’DG0198′,’DBMS remote administration encryption’,'Remote administration of the DBMS is not restricted to known, dedicated and encrypted network addresses and ports.’,’2′);
insert into dbsrrin values (‘I’,'V0003842′,’DO0120′,’Oracle process account host system privileges’,'The Oracle software installation account has been granted excessive host system privileges.’,’2′);
insert into dbsrrin values (‘I’,'V0003845′,’DO0145′,’Oracle SYSDBA OS group membership’,'OS DBA group membership has not been restricted to authorized accounts.’,’3′);
insert into dbsrrin values (‘I’,'V0003862′,’DO0286′,’Oracle connection timeout parameter’,'The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters are not set to a value greater than 0.’,’2′);
insert into dbsrrin values (‘I’,'V0003863′,’DO0287′,’Oracle SQLNET.EXPIRE_TIME parameter’,'The Oracle SQLNET.EXPIRE_TIME parameter is not set to a value greater than 0.’,’2′);
insert into dbsrrin values (‘I’,'V0003440′,’DO0360′,’DBMS mid-tier application account access’,'Connections by mid-tier web and application systems to the Oracle DBMS are not protected, encrypted or authenticated according to database, web, application, enclave and network requirements.’,’2′);
insert into dbsrrin values (‘I’,'V0003866′,’DO0430′,’Oracle management agent use’,'The Oracle Management Agent is installed, not required, not authorized or on a database accessible from the Internet.’,’3′);
insert into dbsrrin values (‘I’,'V0002608′,’DO3630′,’Oracle listener authentication’,'The Oracle Listener is not configured to require administration authentication.’,’1′);
insert into dbsrrin values (‘I’,'V0002612′,’DO5037′,’Oracle SQLNet and listener log files protection’,'Oracle SQLNet and listener log files are accessible to unauthorized users.’,’2′);
insert into dbsrrin values (‘I’,'V0003497′,’DO6740′,’Oracle listener ADMIN_RESTRICTIONS parameter’,'The Oracle Listener ADMIN_RESTRICTIONS parameter is present and set to OFF.’,’2′);
insert into dbsrrin values (‘I’,'V0016031′,’DO6746′,’Oracle Listener host references’,'The Oracle listener.ora file does not specify IP addresses rather than host names to identify hosts.’,’3′);
insert into dbsrrin values (‘I’,'V0016032′,’DO6747′,’Connection Manager remote administration’,'Remote administration is not disabled for the Oracle connection manager.’,’2′);
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,'V0016033′,’DO6748′,’Oracle SEC_CASE_SENSITIVE_LOGON parameter’,'Case sensitivity for passwords is not enabled.’,’2′);
end if;
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,'V0016035′,’DO6749′,’Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter’,'The Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter is not set to an IAO-approved value between 1 and 3.’,’2′);
end if;
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,'V0016053′,’DO6750′,’Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter’,'The Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter is not set to a value of DELAY or DROP.’,’2′);
end if;
— 10/11
if oraverno > 9.2 then
insert into dbsrrin values (‘I’,'V0016057′,’DO6751′,’SQLNET.ALLOWED_LOGON_VERSION’,'The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter is not set to a value of 10 or higher.’,’2′);
end if;
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,'V0016054′,’DO6752′,’Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter’,'The Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter is set to NONE.’,’2′);
end if;
— 10/11
if oraverno > 9.2 then
insert into dbsrrin values (‘I’,'V0016055′,’DO6753′,’Oracle Application Express’,'Oracle Application Express or Oracle HTML DB is installed on a production database.’,’2′);
end if;
— 10/11
if oraverno > 9.2 then
insert into dbsrrin values (‘I’,'V0016056′,’DO6754′,’Oracle Configuration Manager’,'Oracle Configuration Manager is installed on a production system.’,’2′);
end if;
— Oracle Database Vulnerabilities
insert into dbsrrin values (‘D’,'V0005683′,’DG0004′,’DBMS application object owner accounts’,'Application object owner accounts are not disabled.’,’2′);
insert into dbsrrin values (‘D’,'V0015607′,’DG0008′,’DBMS application object ownership’,'Application objects are owned by accounts not authorized for ownership.’,’2′);
insert into dbsrrin values (‘D’,'V0015609′,’DG0014′,’DBMS demonstration and sample databases’,'Default demonstration and sample database objects and applications have not been removed.’,’2′);
insert into dbsrrin values (‘D’,'V0003727′,’DG0015′,’DBMS data definition language use’,'Database applications are not restricted from using static DDL statements to modify the application schema.’,’3′);
insert into dbsrrin values (‘D’,'V0005685′,’DG0029′,’Database auditing’,'Required auditing parameters for database auditing are not set.’,’2′);
insert into dbsrrin values (‘D’,'V0002507′,’DG0030′,’DBMS audit data maintenance’,'Audit trail data is not retained for one year.’,’2′);
insert into dbsrrin values (‘D’,'V0015133′,’DG0031′,’DBMS audit of changes to data’,'Transaction logs are not periodically reviewed for unauthorized modification of data. Users are not notified of time and date of the last change in data content.’,’2′);
insert into dbsrrin values (‘D’,'V0005686′,’DG0032′,’DBMS audit record access’,'Audit records are not restricted to authorized individuals.’,’2′);
insert into dbsrrin values (‘D’,'V0002424′,’DG0060′,’DBMS shared account authorization’,'Database non-interactive, n-tier connection, and shared accounts exist and are not documented or approved by the IAO.’,’2′);
insert into dbsrrin values (‘D’,'V0002508′,’DG0070′,’DBMS user account authorization’,'Unauthorized user accounts exist.’,’2′);
insert into dbsrrin values (‘D’,'V0003815′,’DG0071′,’DBMS password change variance’,'New passwords are not required to differ from old passwords by more than four characters.’,’2′);
insert into dbsrrin values (‘D’,'V0003817′,’DG0073′,’DBMS failed login account lock’,'Database accounts specify account lock times less than the site-approved minimum.’,’2′);
insert into dbsrrin values (‘D’,'V0015130′,’DG0074′,’DBMS inactive accounts’,'Unapproved inactive or expired database accounts have been found on the database.’,’2′);
insert into dbsrrin values (‘D’,'V0003818′,’DG0075′,’DBMS links to external databases’,'Unauthorized database links are defined and active.’,’2′);
insert into dbsrrin values (‘D’,'V0003819′,’DG0076′,’Sensitive data import to development DBMS’,'Sensitive information from production database exports remains unmodified after import to a development database.’,’2′);
insert into dbsrrin values (‘D’,'V0003820′,’DG0077′,’Production data protection on a shared system’,'Production databases are not protected from unauthorized access by developers on shared production/development host systems.’,’2′);
insert into dbsrrin values (‘D’,'V0015613′,’DG0078′,’DBMS individual accounts’,'Each database user, application or process does not have an individually assigned account.’,’2′);
insert into dbsrrin values (‘D’,'V0015152′,’DG0079′,’DBMS password complexity’,'DBMS login account passwords do not meet complexity requirements.’,’2′);
insert into dbsrrin values (‘D’,'V0003821′,’DG0080′,’DBMS application user privilege assignment review’,'Application user privilege assignment is not reviewed monthly or more frequently to ensure compliance with least privilege and documented policy.’,’2′);
insert into dbsrrin values (‘D’,'V0015615′,’DG0085′,’Minimum DBA privilege assignment’,'The DBA role is assigned excessive or unauthorized privileges.’,’2′);
insert into dbsrrin values (‘D’,'V0015616′,’DG0087′,’DBMS sensitive data labeling’,'Sensitive data is not labeled.’,’3′);
insert into dbsrrin values (‘D’,'V0015114′,’DG0089′,’Developer DBMS privileges on production databases’,'Developers are assigned excessive privileges on production databases.’,’3′);
insert into dbsrrin values (‘D’,'V0003823′,’DG0091′,’DBMS source code encoding or encryption’,'Custom and GOTS application source code stored in the database has not been protected with encryption or encoding.’,’3′);
insert into dbsrrin values (‘D’,'V0015617′,’DG0098′,’DBMS access to external local objects’,'Access to external objects has not been disabled and is not required or authorized.’,’2′);
insert into dbsrrin values (‘D’,'V0015619′,’DG0100′,’DBMS replication account privileges’,'Replication accounts are granted DBA privileges.’,’2′);
insert into dbsrrin values (‘D’,'V0015128′,’DG0105′,’DBMS application user role privilege assignment’,'DBMS application user roles are assigned unauthorized privileges.’,’2′);
insert into dbsrrin values (‘D’,'V0015623′,’DG0112′,’DBMS system data file protection’,'DBMS system data files are not stored in dedicated disk directories.’,’2′);
insert into dbsrrin values (‘D’,'V0015624′,’DG0113′,’DBMS dedicated data files’,'DBMS data files are not dedicated to support individual applications.’,’2′);
insert into dbsrrin values (‘D’,'V0015626′,’DG0116′,’DBMS privileged role assignments’,'Database privileged role assignments are not restricted to IAO-authorized DBMS accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0015627′,’DG0117′,’DBMS administrative privilege assignment’,'Administrative privileges are not assigned to database accounts via database roles.’,’2′);
insert into dbsrrin values (‘D’,'V0015628′,’DG0119′,’DBMS application user role privileges’,'DBMS application users are granted administrative privileges to the DBMS.’,’2′);
insert into dbsrrin values (‘D’,'V0015629′,’DG0121′,’DBMS application user privilege assignment’,'Application users privileges have not been restricted to assignment using application user roles.’,’2′);
insert into dbsrrin values (‘D’,'V0015630′,’DG0122′,’Sensitive data access’,'Access to sensitive data is not restricted to authorized users identified by the Information Owner.’,’2′);
insert into dbsrrin values (‘D’,'V0015631′,’DG0123′,’DBMS Administrative data access’,'Access to DBMS system tables and other configuration or metadata is not restricted to DBAs.’,’2′);
insert into dbsrrin values (‘D’,'V0015632′,’DG0124′,’DBA account use’,'Use of DBA accounts is not restricted to administrative activities.’,’2′);
insert into dbsrrin values (‘D’,'V0015153′,’DG0125′,’DBMS account password expiration’,'DBMS account passwords are not set to expire every 60 days or more frequently.’,’2′);
insert into dbsrrin values (‘D’,'V0015633′,’DG0126′,’DBMS account password reuse’,'Password reuse is not prevented where supported by the DBMS.’,’2′);
insert into dbsrrin values (‘D’,'V0015634′,’DG0127′,’DBMS account password easily guessed’,'DBMS account passwords are set to easily guessed words or values.’,’2′);
insert into dbsrrin values (‘D’,'V0015635′,’DG0128′,’DBMS default passwords’,'DBMS default accounts have not been assigned custom passwords.’,’1′);
insert into dbsrrin values (‘D’,'V0015637′,’DG0130′,’DBMS passwords in executables’,'DBMS passwords used by batch jobs or executables are stored in the job or executable files.’,’2′);
insert into dbsrrin values (‘D’,'V0015639′,’DG0133′,’DBMS Account lock time’,'Unlimited account lock times are not specified for locked accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0015641′,’DG0135′,’DBMS connection alert’,'Users are not alerted upon login of previous successful connections or unsuccessful attempts to access their account.’,’2′);
insert into dbsrrin values (‘D’,'V0015642′,’DG0138′,’DBMS access to sensitive data’,'Access grants to sensitive data is not restricted to authorized user roles.’,’2′);
insert into dbsrrin values (‘D’,'V0015644′,’DG0141′,’DBMS access control bypass’,'Attempts to bypass access controls is not audited.’,’2′);
insert into dbsrrin values (‘D’,'V0015645′,’DG0142′,’DBMS Privileged action audit’,'Changes to configuration options are not audited.’,’2′);
insert into dbsrrin values (‘D’,'V0015646′,’DG0145′,’DBMS audit record content’,'Audit records do not contain required information.’,’2′);
insert into dbsrrin values (‘D’,'V0015647′,’DG0146′,’DBMS connection block audit’,'Audit records do not include the reason for blacklisting or disabling DBMS connections or accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0015149′,’DG0153′,’DBMS DBA roles assignment approval’,'DBA roles assignments are not assigned and authorized by the IAO.’,’3′);
insert into dbsrrin values (‘D’,'V0015654′,’DG0165′,’DBMS symmetric key management’,'DBMS symmetric keys are not protected in accordance with NSA or NIST-approved key management technology or processes.’,’2′);
insert into dbsrrin values (‘D’,'V0015142′,’DG0166′,’Protection of DBMS asymmetric encryption keys’,'Asymmetric keys do not use DoD PKI Certificates or are not protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes.’,’2′);
insert into dbsrrin values (‘D’,'V0015657′,’DG0172′,’DBMS classification level audit’,'Changes to DBMS security labels are not audited.’,’2′);
insert into dbsrrin values (‘D’,'V0015154′,’DG0190′,’DBMS remote system credential use and access’,'Credentials stored and used by the DBMS to access remote databases or applications are not authorized or restricted to authorized users.’,’2′);
insert into dbsrrin values (‘D’,'V0015660′,’DG0192′,’DBMS fully-qualified name for remote access’,'Remote database or other external access do not use fully-qualified names.’,’3′);
insert into dbsrrin values (‘D’,'V0002511′,’DO0140′,’Oracle default account access’,'Access to the Oracle SYS and SYSTEM accounts is not restricted to authorized DBAs.’,’2′);
insert into dbsrrin values (‘D’,'V0003846′,’DO0155′,’Oracle default tablespace assignment’,'Unauthorized accounts have the SYSTEM tablespace specified as the default tablespace.’,’2′);
insert into dbsrrin values (‘D’,'V0003847′,’DO0157′,’Oracle storage use privileges’,'Database application user accounts have not been denied storage usage for object creation within the database.’,’3′);
insert into dbsrrin values (‘D’,'V0002515′,’DO0190′,’Oracle audit table ownership’,'The audit table is not owned by SYS or SYSTEM.’,’2′);
insert into dbsrrin values (‘D’,'V0002516′,’DO0210′,’Oracle shared replication account access’,'Access to default accounts used to support replication are not restricted to authorized DBAs.’,’2′);
insert into dbsrrin values (‘D’,'V0002517′,’DO0220′,’Oracle instance names’,'Oracle instance names contain Oracle version numbers.’,’2′);
insert into dbsrrin values (‘D’,'V0003848′,’DO0221′,’Oracle default SID name’,'The Oracle SID is the default SID.’,’3′);
insert into dbsrrin values (‘D’,'V0003849′,’DO0231′,’Oracle application object owner tablespaces’,'Application owner accounts do not have a dedicated application tablespace.’,’2′);
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘D’,'V0015747′,’DO0233′,’Oracle DIAGNOSTIC_DEST parameter’,'The directory assigned to the DIAGNOSTIC_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
insert into dbsrrin values (‘D’,'V0003850′,’DO0234′,’Oracle AUDIT_FILE_DEST parameter’,'The directory assigned to the AUDIT_FILE_DEST parameter is not protected from unauthorized access.’,’2′);
— 10
if oraverno < 11 then
insert into dbsrrin values (‘D’,'V0003851′,’DO0235′,’Oracle USER_DUMP_DEST parameter’,'The directory assigned to the USER_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
— 10
if oraverno < 11 then
insert into dbsrrin values (‘D’,'V0003852′,’DO0236′,’Oracle BACKGROUND_DUMP_DEST parameter’,'The directory assigned to the BACKGROUND_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
— 10
if oraverno < 11 then
insert into dbsrrin values (‘D’,'V0003853′,’DO0237′,’Oracle CORE_DUMP_DEST parameter’,'The directory assigned to the CORE_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
insert into dbsrrin values (‘D’,'V0003854′,’DO0238′,’Oracle LOG_ARCHIVE_DEST parameter’,'The directories assigned to the LOG_ARCHIVE_DEST* parameters are not protected from unauthorized access.’,’2′);
insert into dbsrrin values (‘D’,'V0002519′,’DO0240′,’Oracle OS_ROLES parameter’,'The Oracle OS_ROLES parameter is not set to FALSE.’,’3′);
insert into dbsrrin values (‘D’,'V0003857′,’DO0243′,’Oracle _TRACE_FILES_PUBLIC parameter’,'The Oracle _TRACE_FILES_PUBLIC parameter is present and not set to FALSE.’,’2′);
insert into dbsrrin values (‘D’,'V0002520′,’DO0250′,’Oracle database link usage’,'Fixed user and public database links are not authorized for use.’,’2′);
insert into dbsrrin values (‘D’,'V0002521′,’DO0260′,’Oracle control file availability’,'A minimum of two Oracle control files are not defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.’,’2′);
insert into dbsrrin values (‘D’,'V0002522′,’DO0270′,’Oracle redo log file availability’,'A minimum of two Oracle redo log groups/files is not defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.’,’2′);
insert into dbsrrin values (‘D’,'V0003858′,’DO0275′,’Oracle critical file access’,'Oracle critical files should be protected from unauthorized access.’,’2′);
insert into dbsrrin values (‘D’,'V0003437′,’DO0320′,’Oracle PUBLIC role privileges’,'Application role permissions are assigned to the Oracle PUBLIC role.’,’2′);
insert into dbsrrin values (‘D’,'V0003438′,’DO0340′,’Oracle Application administration roles enablement’,'Oracle application administration roles are enabled and not required or authorized.’,’2′);
insert into dbsrrin values (‘D’,'V0003439′,’DO0350′,’Oracle system privilege assignment’,'Oracle system privileges are directly assigned to unauthorized accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0003865′,’DO0420′,’Oracle XML DB’,'The XDB Protocol server is installed and not required and authorized for use.’,’3′);
insert into dbsrrin values (‘D’,'V0002527′,’DO3440′,’Oracle DBA role assignment’,'The DBA role has been granted to unauthorized user accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0002531′,’DO3447′,’Oracle OS_AUTHENT_PREFIX parameter’,'The Oracle OS_AUTHENT_PREFIX parameter is set to the default value of OPS$.’,’3′);
insert into dbsrrin values (‘D’,'V0002533′,’DO3451′,’WITH GRANT OPTION privileges’,'The Oracle WITH GRANT OPTION privilege has been granted to non-DBA or non-Application administrator user accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0002539′,’DO3475′,’Oracle PUBLIC access to restricted packages’,'Execute permission should be revoked from PUBLIC for restricted Oracle packages.’,’2′);
insert into dbsrrin values (‘D’,'V0002552′,’DO3536′,’Oracle IDLE_TIME profile parameter’,'The IDLE_TIME profile parameter is not set for Oracle profiles IAW DoD policy.’,’2′);
insert into dbsrrin values (‘D’,'V0002554′,’DO3538′,’Oracle REMOTE_OS_AUTHENT parameter’,'The Oracle REMOTE_OS_AUTHENT parameter is not set to FALSE.’,’1′);
insert into dbsrrin values (‘D’,'V0002555′,’DO3539′,’Oracle REMOTE_OS_ROLES parameter’,'The Oracle REMOTE_OS_ROLES parameter is not set to FALSE.’,’1′);
insert into dbsrrin values (‘D’,'V0002556′,’DO3540′,’Oracle SQL92_SECURITY parameter’,'The Oracle SQL92_SECURITY parameter is not set to TRUE.’,’2′);
insert into dbsrrin values (‘D’,'V0002558′,’DO3546′,’Oracle REMOTE_LOGIN_PASSWORDFILE parameter’,'The Oracle REMOTE_LOGIN_PASSWORDFILE parameter is not set to EXCLUSIVE or NONE.’,’2′);
insert into dbsrrin values (‘D’,'V0002559′,’DO3547′,’Oracle UTL_FILE_DIR parameter’,'The Oracle UTL_FILE_DIR parameter should be modified from the default value of *.’,’1′);
insert into dbsrrin values (‘D’,'V0002561′,’DO3609′,’System privileges granted WITH ADMIN OPTION’,'System privileges granted using the WITH ADMIN OPTION are granted to unauthorized user accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0002562′,’DO3610′,’Oracle minimum object auditing’,'Required object auditing is not configured.’,’2′);
insert into dbsrrin values (‘D’,'V0002564′,’DO3612′,’Oracle system privilege assignment’,'System Privileges are granted to PUBLIC.’,’2′);
insert into dbsrrin values (‘D’,'V0002574′,’DO3622′,’Oracle roles granted WITH ADMIN OPTION’,'Oracle roles granted using the WITH ADMIN OPTION are granted to unauthorized accounts.’,’2′);
insert into dbsrrin values (‘D’,'V0002586′,’DO3685′,’Oracle O7_DICTIONARY_ACCESSIBILITY parameter’,'The Oracle O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE.’,’3′);
— 10.1
if oraverno < 10.2 then
insert into dbsrrin values (‘D’,'V0002587′,’DO3686′,’Oracle SYS.LINK$ table access’,'Oracle accounts have permission to view the table SYS.LINK$ which contain unencrypted database link passwords.’,’1′);
end if;
insert into dbsrrin values (‘D’,'V0002589′,’DO3689′,’Oracle object permission assignment to PUBLIC’,'Object permissions granted to PUBLIC are not restricted.’,’2′);
insert into dbsrrin values (‘D’,'V0002593′,’DO3696′,’Oracle RESOURCE_LIMIT parameter’,'The Oracle RESOURCE_LIMIT parameter is not set to TRUE.’,’2′);
END;
END LOAD_VUL_PROC;
PROCEDURE CREATE_TABLE_PROC AS
BEGIN
DECLARE
ret_val number;
i integer := 0;
j integer := 0;
k integer := 0;
m integer := 0;
c integer := 0;
tbsname varchar2(30);
BEGIN
ret_val := 0;
select count(*) into k from dba_tablespaces where tablespace_name = ‘USERS’;
if k = 0 then
dbms_output.put_line(‘Tablespace USERS does not exist…’);
tbsname := ‘DISATEMP_TS’;
else
dbms_output.put_line(‘Tablespace USERS exists…’);
tbsname := ‘USERS’;
end if;
if tbsname = ‘DISATEMP_TS’ then
select count(*) into m from dba_tablespaces where tablespace_name = ‘DISATEMP_TS’;
if m = 0 then
execute immediate ‘create tablespace disatemp_ts datafile’||
‘ ”disatemp_ts.ora” size 20M reuse’;
dbms_output.put_line(‘Tablespace DISATEMP_TS created…’);
end if;
end if;
–
— CHECK TABLE DBSRRREPORT;
–
select count(*) into i from dba_tables where table_name = ‘DBSRRREPORT’;
if i = 1 then
execute immediate ‘delete from dbsrrreport’;
dbms_output.put_line(‘Table DBSRRREPORT cleared…’);
else
execute immediate ‘create table dbsrrreport (SEVERITY VARCHAR2(30 BYTE), ‘||
‘FINDINGSTATUS VARCHAR2(10 BYTE), DGNO VARCHAR2(10 BYTE), VMSKEY VARCHAR2(10 BYTE),’||
‘REC_DATE DATE ) tablespace ‘||tbsname;
dbms_output.put_line(‘Table DBSRRREPORT created…’);
end if;
–
— CHECK TABLE DBSRRSTATS;
–
select count(*) into i from dba_tables where table_name = ‘DBSRRSTATS’;
if i = 1 then
execute immediate ‘delete from dbsrrstats’;
dbms_output.put_line(‘Table DBSRRSTATS cleared…’);
else
execute immediate ‘create table dbsrrstats (SEVERITY VARCHAR2(30 BYTE), ‘||
‘FINDINGSTATUS VARCHAR2(10 BYTE), DGNO VARCHAR2(10 BYTE), VMSKEY VARCHAR2(10 BYTE),’||
‘REC_DATE DATE ) tablespace ‘||tbsname;
dbms_output.put_line(‘Table DBSRRSTATS created…’);
end if;
–
— CHECK TABLE DBSRRIN;
–
select count(*) into i from dba_tables where table_name = ‘DBSRRIN’;
if i = 1 then
execute immediate ‘delete from dbsrrin’;
dbms_output.put_line(‘Table DBSRRIN cleared…’);
else
execute immediate ‘create table dbsrrin (DIFlag char, VMSkey varchar2(30), ‘||
‘sdid varchar2(15), shortdesc varchar2(255), findings varchar2(4000), ‘||
‘severity varchar2(5)) tablespace ‘||tbsname;
dbms_output.put_line(‘Table DBSRRIN created…’);
end if;
–
— CHECK TABLE DEFUSERS;
–
select count(*) into i from dba_tables where table_name = ‘DEFUSERS’;
if i = 1 then
execute immediate ‘delete from defusers’;
dbms_output.put_line(‘Table DEFUSERS cleared…’);
else
execute immediate ‘create table defusers (uname varchar2(30), ‘||
‘pswdtext varchar2(30), pswdhash varchar2(30)) ‘||
‘tablespace ‘||tbsname;
dbms_output.put_line(‘Table DEFUSERS created…’);
end if;
–
— CHECK TABLE DEFROLES;
–
select count(*) into i from dba_tables where table_name = ‘DEFROLES’;
if i = 1 then
execute immediate ‘delete from defroles’;
dbms_output.put_line(‘Table DEFROLES cleared…’);
else
execute immediate ‘create table defroles (rname varchar2(30)) ‘||
‘tablespace ‘||tbsname;
dbms_output.put_line(‘Table DEFROLES created…’);
end if;
–
— CHECK TABLE DBSRROWN;
–
select count(*) into i from dba_tables where table_name = ‘DBSRROWN’;
if i = 1 then
execute immediate ‘delete from dbsrrown’;
dbms_output.put_line(‘Table DBSRROWN cleared…’);
else
execute immediate ‘create table dbsrrown (owner varchar2(30)) ‘||
‘tablespace ‘||tbsname;
dbms_output.put_line(‘Table DBSRROWN created…’);
end if;
execute immediate ‘insert into dbsrrown (select distinct owner from dba_objects)’;
dbms_output.put_line(‘Table DBSRROWN populated…’);
EXCEPTION
WHEN OTHERS THEN
ret_val := 1;
END;
END CREATE_TABLE_PROC;
PROCEDURE CHECK_STIG_PROC AS
ret_val NUMBER := 0;
my_code NUMBER;
my_errm VARCHAR2(3200);
errloc VARCHAR2(30) :=’declare’;
–
scriptver VARCHAR2(40) :=’V8R1.8′;
–
opencat1 INTEGER := 0;
opencat2 INTEGER := 0;
opencat3 INTEGER := 0;
cat1 INTEGER := 0;
cat2 INTEGER := 0;
cat3 INTEGER := 0;
notrevwd INTEGER := 0;
notapplic INTEGER := 0;
i INTEGER := 0;
j INTEGER := 0;
k INTEGER := 0;
l INTEGER := 0;
m INTEGER := 0;
rptnum INTEGER := 0;
expnum INTEGER := 1;
outfinding VARCHAR2(2);
type outfindings_tbl IS TABLE OF VARCHAR2(4000);
type scriptresults_tbl IS TABLE OF VARCHAR2(4000);
outfindings outfindings_tbl :=outfindings_tbl(‘ ‘);
scriptresults scriptresults_tbl:=scriptresults_tbl(‘ ‘);
find_idx INTEGER;
–
outseverity VARCHAR2(50);
–
strvar1 VARCHAR2(6000);
strvar2 VARCHAR2(4000);
strvar3 VARCHAR2(2000);
strvar4 VARCHAR2(2000);
oraver VARCHAR2(20);
oraverno NUMBER := 0;
osver VARCHAR2(100);
inst_name VARCHAR2(30);
db_name VARCHAR2(30);
defmax VARCHAR2(10);
deftime VARCHAR2(10);
–
CURSOR cursor_pdi IS — pdi input data
SELECT * FROM dbsrrin ORDER BY DIFlag, sdid;
BEGIN
ret_val := 0;
errloc := ‘set up’;
dbms_utility.db_version(oraver,strvar2);
oraverno := to_number(SUBSTR(oraver,1,instr(oraver,’.')+1));
osver := dbms_utility.port_string;
SELECT instance_name
INTO inst_name
FROM v$instance;
SELECT value
INTO db_name
FROM v$parameter
WHERE name = ‘db_name’;
–
dbms_output.enable(20000);
–
–insert into dbsrrrpt values (1, ‘*******************************************’);
errloc := ‘set up complete’;
–
FOR pdis IN cursor_pdi
LOOP
BEGIN
outfinding := ‘NR’;
outfindings.delete;
outfindings.extend;
scriptresults.delete;
scriptresults.extend;
find_idx := 1;
outfindings(find_idx) := pdis.findings;
–
IF pdis.sdid = ‘DG0001′ THEN
– *************************************************
– ** Process DB Home Check DG0001
– ** DBMS version support
– *************************************************
IF oraverno NOT IN (10.1,10.2,11.1,11.2) THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The Oracle version ‘||oraver||’ is not a ‘||
‘vendor-supported version.’;
scriptresults(1) := oraver;
elsif oraverno IN (10.1) THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘Review the Oracle version ‘||oraver||’ as ‘||
‘generated. Ensure an extended support contract is in place ‘||
‘for vendor-supported Oracle versions where Premier Support ‘||
‘has ended and accept as Documentable in VMS.’;
scriptresults(1) := oraver;
ELSE
outfinding := ‘NF’;
END IF;
IF oraver NOT IN (’10.1.0.5.0′, ’10.2.0.4.0′, ’11.1.0.7.0′, ’11.2.0.1.0′, ’11.2.0.3.0′) THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘The Oracle version ‘||oraver||’ is not at a ‘||
‘supported service patchset level.’;
scriptresults(find_idx) := oraver;
END IF;
–
ELSIF pdis.sdid = ‘DG0002′ THEN
– *************************************************
– ** Process DB Home Check DG0002
– ** DBMS version upgrade plan
– *************************************************
IF oraverno > 10.1 THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘Review the Oracle version ‘||oraver||’ as ‘||
‘generated. Ensure documentation proof exists for an upgrade ‘||
‘to a supported version and is in progress where extended ‘||
‘support ends within 6 months and accept as Documentable in VMS.’;
scriptresults(1) := oraver;
END IF;
–
ELSIF pdis.sdid = ‘DG0015′ THEN
– *************************************************
– ** Process DB Check DG0015
– ** Data Definition Language use
– *************************************************
DECLARE
CURSOR cursor_DG0015
IS –DG0015
SELECT created, owner, object_name, object_type
FROM dba_objects
WHERE owner NOT IN
(SELECT uname
FROM defusers
) AND object_type <> ‘SYNONYM’
ORDER BY created, owner, object_name;
BEGIN
FOR objs IN cursor_DG0015
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := objs.created||’.'||objs.owner||’.'||objs.object_name||’ ‘||
objs.object_type;
scriptresults(find_idx) := objs.created||’.'||objs.owner||’.'||objs.object_name||’ ‘||
objs.object_type;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the object owner accounts, ‘||
‘creation dates and objects as generated. Confirm the ‘||
‘objects are documented, authorized to remain and accept ‘|| ‘as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0051′ THEN
– *************************************************
– ** Process DB Home Check DG0051
– ** Database job/batch queue monitoring
– *************************************************
DECLARE
CURSOR cursor_DG0051A
IS –DG0051
SELECT job, next_date, next_sec, failures, broken
FROM dba_jobs
ORDER BY job;
BEGIN
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘job_queue_processes’;
outfindings.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘The job queue processes parameter value is : ‘||strvar2;
FOR dbajobs IN cursor_DG0051A
LOOP
outfindings.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Review the job queue information below: ‘;
outfindings.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := dbajobs.job||’ ‘||dbajobs.next_date||’ ‘||dbajobs.next_sec||
‘ ‘|| dbajobs.failures||’ ‘||dbajobs.broken;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘MR’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0071′ THEN
– *************************************************
– ** Process DB Check DG0071
– ** Password change variance
– *************************************************
DECLARE
CURSOR cursor_DG0071A
IS –DG0071
SELECT profile, limit
FROM dba_profiles
WHERE resource_name = ‘PASSWORD_VERIFY_FUNCTION’ AND limit NOT IN (‘NULL’, ‘DEFAULT’)
ORDER BY profile;
CURSOR cursor_DG0071B
IS –DG0071
SELECT profile, limit
FROM dba_profiles
WHERE resource_name = ‘PASSWORD_VERIFY_FUNCTION’ AND limit IN (‘NULL’)
ORDER BY profile;
BEGIN
FOR pwdutils IN cursor_DG0071A
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := pwdutils.profile||’:'||pwdutils.limit;
scriptresults(find_idx) := pwdutils.profile||’:'||pwdutils.limit;
outfindings(1) := ‘Review the profile and limit as ‘||
‘generated. Confirm the limit identifies a valid ‘||
‘password verify function containing the required code ‘||
‘is documented, authorized and accept as Documentable in VMS.’;
END LOOP;
FOR pwdutils IN cursor_DG0071B
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profiles that do not have a password ‘|| ‘verify function: ‘
||pwdutils.profile||’:'||pwdutils.limit;
scriptresults(find_idx) := pwdutils.profile||’:'||pwdutils.limit;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0075′ THEN
– *************************************************
– ** Process DB Check DG0075
– ** DBMS links to external databases
– *************************************************
DECLARE
CURSOR cursor_DG0075
IS –DG0075
SELECT db_link, host
FROM dba_db_links;
BEGIN
SELECT COUNT(*)
INTO i
FROM dba_db_links;
IF i = 0 THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
FOR dblinks IN cursor_DG0075
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := dblinks.db_link||’:'||dblinks.host;
scriptresults(find_idx) := dblinks.db_link||’:'||dblinks.host;
outfindings(1) := ‘Review the DB link name and host as ‘||
‘generated. Confirm the link is documented, authorized and ‘||
‘accept as Documentable in VMS.’;
END LOOP;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0077′ THEN
– *************************************************
– ** Process DB Check DG0077
– ** Production data protection on a shared system
– *************************************************
DECLARE
CURSOR cursor_DG0077
IS –DG0077
SELECT grantee, privilege
FROM dba_sys_privs
WHERE ((privilege LIKE ‘CREATE%’ OR privilege LIKE ‘ALTER%’ OR privilege LIKE ‘DROP%’
) AND privilege <> ‘CREATE SESSION’) AND grantee NOT IN
(SELECT uname
FROM defusers
) AND grantee NOT IN
(SELECT rname
FROM defroles
)
ORDER BY grantee;
BEGIN
FOR devers IN cursor_DG0077
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := devers.grantee||’:'||devers.privilege;
scriptresults(find_idx) := devers.grantee||’:'||devers.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts and privileges as ‘||
‘generated. Confirm the account(s) and privileges are ‘||
‘documented, authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0090′ THEN
– *************************************************
– ** Process DB Home Check DG0090
– ** Sensitive data identification and encryption
– *************************************************
DECLARE
– procedure colcrypt as
– cursor cursor_DG0090A is –DG0090
– select owner, table_name, column_name
– from dba_encrypted_columns
– order by owner, table_name;
– BEGIN
– for colcrypts in cursor_DG0090A loop
– outfindings.extend;
– find_idx := find_idx + 1;
– outfindings(find_idx) := ‘Review the list of encrypted columns below: ‘;
– outfindings.extend;
– find_idx := find_idx + 1;
– outfindings(find_idx) :=
– colcrypts.owner||’ ‘||colcrypts.table_name||’ ‘||colcrypts.column_name;
– end loop;
– END;
– procedure tablecrypt as
– cursor cursor_DG0090B is –DG0090
– select tablespace_name from dba_tablespaces
– where encrypted = ‘YES’
– order by tablespace_name;
– BEGIN
– for tabcrypts in cursor_DG0090B loop
– outfindings.extend;
– find_idx := find_idx + 1;
– outfindings(find_idx) := ‘Review the list of encrypted tablespaces below: ‘;
– outfindings.extend;
– find_idx := find_idx + 1;
– outfindings(find_idx) := tabcrypts.tablespace_name;
– end loop;
– END;
BEGIN
– if oraverno > 10.1 then
– colcrypt;
– end if;
– if oraverno > 10.2 then
– tablecrypt;
– end if;
IF find_idx > 1 THEN
outfinding := ‘MR’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0091′ THEN
– *************************************************
– ** Process DB Check DG0091
– ** DBMS source code encoding or encryption
– *************************************************
DECLARE
CURSOR cursor_DG0091
IS –DG0091
SELECT owner, name
FROM dba_source
WHERE line = 1 AND owner NOT IN
(SELECT uname
FROM defusers
) AND owner NOT LIKE ‘OEM%’ AND text NOT LIKE ‘%wrapped%’ AND type IN (‘PROCEDURE’,
‘FUNCTION’, ‘PACKAGE BODY’);
BEGIN
FOR procs IN cursor_DG0091
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := procs.owner||’.'||procs.name;
scriptresults(find_idx) := procs.owner||’.'||procs.name;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts and objects as ‘||
‘generated. Confirm the objects are documented, authorized ‘||
‘and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0103′ THEN
– *************************************************
– ** Process DB Home Check DG0103
– ** DBMS listener network restrictions
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘service_names’;
outfinding := ‘MR’;
outfindings.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Your service name is: ‘||upper(strvar2);
–
ELSIF pdis.sdid = ‘DG0117′ THEN
– *************************************************
– ** Process DB Check DG0117
– ** DBMS administrative privilege assignment
– *************************************************
DECLARE
CURSOR cursor_DG0117
IS –DG0117
SELECT grantee, privilege
FROM dba_sys_privs
WHERE grantee NOT IN
(SELECT uname
FROM defusers
) AND grantee NOT IN
(SELECT DISTINCT granted_role
FROM dba_role_privs
) AND privilege <> ‘UNLIMITED TABLESPACE’
ORDER BY grantee;
BEGIN
FOR privs IN cursor_DG0117
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := privs.grantee||’:'||privs.privilege;
scriptresults(find_idx) := privs.grantee||’:'||privs.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0133′ THEN
– *************************************************
– ** Process DB Check DG0133
– ** DBMS Account lock time
– *************************************************
DECLARE
CURSOR cursor_DG0133
IS –DG0133
SELECT profile, limit
FROM dba_profiles
WHERE resource_name = ‘PASSWORD_LOCK_TIME’ AND limit NOT IN (‘UNLIMITED’, ‘DEFAULT’);
BEGIN
FOR proflocks IN cursor_DG0133
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := proflocks.profile||’:'||proflocks.limit;
scriptresults(find_idx) := proflocks.profile||’:'||proflocks.limit;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0176′ THEN
– *************************************************
– ** Process DB Home Check DG0176
– ** DBMS audit log backups
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘audit_trail’;
outfinding := ‘MR’;
outfindings.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Your audit_trail setting is: ‘||upper(strvar2);
–
ELSIF pdis.sdid = ‘DG0191′ THEN
– *************************************************
– ** Process DB Home Check DG0191
– ** DBMS credential protection
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘remote_login_passwordfile’;
outfinding := ‘MR’;
outfindings.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Your remote_login_passwordfile parameter is set to: ‘||upper(
strvar2);
–
ELSIF pdis.sdid = ‘DG0008′ THEN
– *************************************************
– ** Process DB Check DG0008
– ** DBMS application object ownership
– *************************************************
DECLARE
CURSOR cursor_DG0008
IS –DG0008
SELECT owner
FROM dbsrrown
WHERE owner NOT IN
(SELECT uname
FROM defusers
) AND owner NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
);
BEGIN
FOR owners IN cursor_DG0008
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := owners.owner;
scriptresults(find_idx) := owners.owner;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the object owner accounts as ‘||
‘generated. Confirm the account(s) are documented, ‘||
‘authorized to own database objects and accept as ‘|| ‘Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0155′ THEN
– *************************************************
– ** Process DB Check DO0155
– ** Oracle default tablespace assignment
– *************************************************
DECLARE
CURSOR cursor_DO0155
IS –DO0155
SELECT username
FROM dba_users
WHERE (default_tablespace = ‘SYSTEM’ OR temporary_tablespace = ‘SYSTEM’) AND username
NOT IN
(SELECT uname
FROM defusers
);
BEGIN
FOR users IN cursor_DO0155
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := users.username;
scriptresults(find_idx) := users.username;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following user accounts have the SYSTEM tablespace ‘||
‘specified as the default tablespace: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0157′ THEN
– *************************************************
– ** Process DB Check DO0157
– ** Oracle storage use privileges
– *************************************************
DECLARE
CURSOR cursor_DO0157
IS –DO0157
SELECT username, tablespace_name
FROM dba_ts_quotas
WHERE username NOT IN
(SELECT owner
FROM dbsrrown
) AND username NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
);
BEGIN
FOR users IN cursor_DO0157
LOOP
IF instr(strvar2,users.username||’:'||users.tablespace_name) = 0 THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := users.username||’:'||users.tablespace_name;
scriptresults(find_idx) := users.username||’:'||users.tablespace_name;
END IF;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the list of accounts and tablespaces ‘||
‘as generated. Confirm accounts assigned tablespace quotas are ‘||
‘documented, authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0004′ THEN
– *************************************************
– ** Process DB Check DG0004
– ** DBMS application object owner accounts
– *************************************************
DECLARE
CURSOR cursor_DG0004
IS –DG0004
SELECT owner
FROM dbsrrown, dba_users
WHERE owner NOT IN
(SELECT uname
FROM defusers
) AND owner IN
(SELECT DISTINCT owner
FROM dba_objects
WHERE object_type <> ‘SYNONYM’
) AND owner = username AND upper(account_status) NOT LIKE ‘%LOCKED%’;
BEGIN
FOR owners IN cursor_DG0004
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := owners.owner;
scriptresults(find_idx) := owners.owner;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the object owner accounts as ‘||
‘generated. Confirm the account(s) are documented, ‘||
‘authorized to remain enabled and accept as Documentable ‘|| ‘in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0116′ THEN
– *************************************************
– ** Process DB Check DG0116
– ** DBMS privileged role assignments
– *************************************************
DECLARE
CURSOR cursor_DG0116
IS –DG0116
SELECT grantee, granted_role
FROM dba_role_privs
WHERE grantee NOT IN
(SELECT uname
FROM defusers
) AND grantee NOT IN (‘DBA’, ‘OLAP_USER’, ‘IP’, ‘ORASSO_PUBLIC’, ‘PORTAL_PUBLIC’,
‘DATAPUMP_EXP_FULL_DATABASE’, ‘DATAPUMP_IMP_FULL_DATABASE’, ‘EXP_FULL_DATABASE’,
‘IMP_FULL_DATABASE’, ‘OLAP_DBA’, ‘EXECUTE_CATALOG_ROLE’, ‘SELECT_CATALOG_ROLE’,
‘JAVASYSPRIV’) AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
) AND grantee NOT IN
(SELECT owner
FROM dbsrrown
) AND granted_role IN
(SELECT rname
FROM defroles
) AND granted_role NOT IN (‘CONNECT’, ‘RESOURCE’, ‘AUTHENTICATEDUSER’)
ORDER BY grantee;
BEGIN
FOR grants IN cursor_DG0116
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grants.grantee||’:'||grants.granted_role;
scriptresults(find_idx) := grants.grantee||’:'||grants.granted_role;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts and role assignments ‘||
‘as generated. Confirm the account(s) and role assignments ‘||
‘are documented, authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0190′ THEN
– *************************************************
– ** Process DB Check DO0190
– ** Oracle audit table ownership
– *************************************************
SELECT COUNT(*)
INTO i
FROM dba_tables
WHERE table_name = ‘AUD$’;
IF i <> 0 THEN
SELECT owner
INTO strvar2
FROM dba_tables
WHERE table_name = ‘AUD$’ AND rownum = 1;
IF strvar2 = ‘SYS’ OR strvar2 = ‘SYSTEM’ THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The AUD$ table is not owned by SYS or SYSTEM. ‘;
scriptresults(1) := strvar2;
END IF;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The AUD$ table does not exist. ‘;
scriptresults(1) := i;
END IF;
–
ELSIF pdis.sdid = ‘DO0221′ THEN
– *************************************************
– ** Process DB Check DO0221
– ** Oracle default SID name
– *************************************************
IF upper(inst_name) = ‘ORCL’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The Oracle instance name is set to the default ‘|| ‘name of ORCL.’;
scriptresults(1) := upper(inst_name);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DO0231′ THEN
– *************************************************
– ** Process DB Check DO0231
– ** Oracle application object owner tablespaces
– *************************************************
DECLARE
CURSOR cursor_DO0231
IS –DO0231
SELECT DISTINCT owner, tablespace_name
FROM dba_tables
WHERE owner NOT IN
(SELECT uname
FROM defusers
) AND tablespace_name IS NOT NULL AND (owner, table_name) NOT IN
(SELECT owner, table_name
FROM dba_external_tables
)
ORDER BY tablespace_name;
BEGIN
FOR users IN cursor_DO0231
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := users.owner||’:'||users.tablespace_name;
scriptresults(find_idx) := users.owner||’:'||users.tablespace_name;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the list of accounts and tablespaces ‘||
‘as generated. Confirm accounts are documented, authorized and ‘||
‘accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0233′ THEN
– *************************************************
– ** Process DB Check DO0233
– ** Oracle DIAGNOSTIC_DEST parameter
– *************************************************
IF oraverno < 11 THEN
outfinding := ‘NA’;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘diagnostic_dest’;
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
END IF;
–
ELSIF pdis.sdid = ‘DO0235′ THEN
– *************************************************
– ** Process DB Check DO0235
– ** Oracle USER_DUMP_DEST parameter
– *************************************************
IF oraverno > 10.2 THEN
outfinding := ‘NA’;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘user_dump_dest’;
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
END IF;
–
ELSIF pdis.sdid = ‘DO0236′ THEN
– *************************************************
– ** Process DB Check DO0236
– ** Oracle BACKGROUND_DUMP_DEST parameter
– *************************************************
IF oraverno > 10.2 THEN
outfinding := ‘NA’;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘background_dump_dest’;
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
END IF;
–
ELSIF pdis.sdid = ‘DO0237′ THEN
– *************************************************
– ** Process DB Check DO0237
– ** Oracle CORE_DUMP_DEST parameter
– *************************************************
IF oraverno > 10.2 THEN
outfinding := ‘NA’;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘core_dump_dest’;
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
END IF;
–
ELSIF pdis.sdid = ‘DO0238′ THEN
– *************************************************
– ** Process DB Check DO0238
– ** Oracle LOG_ARCHIVE_DEST parameter
– *************************************************
SELECT log_mode
INTO strvar2
FROM v$database;
IF strvar2 = ‘NOARCHIVELOG’ THEN
outfinding := ‘NF’;
ELSE
SELECT COUNT(*)
INTO i
FROM v$parameter
WHERE name = ‘log_archive_dest’ AND value IS NULL;
SELECT COUNT(*)
INTO j
FROM v$parameter
WHERE name = ‘log_archive_duplex_dest’ AND value IS NULL;
SELECT COUNT(*)
INTO k
FROM v$parameter
WHERE name LIKE ‘log_archive_dest_%’ AND value IS NULL;
IF (i = 1 AND j = 1 AND k = 10) THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘Archiving is active with no defined logging destinations.’;
scriptresults(1) := i||’ ‘||j||’ ‘||k;
elsif ( i = 0 AND k > 10) THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘Archiving is active with conflicting logging destinations.’;
scriptresults(1) := i||’ ‘||k;
ELSE
SELECT value
INTO strvar3
FROM v$parameter
WHERE name = ‘log_archive_dest’;
SELECT value
INTO strvar4
FROM v$parameter
WHERE name = ‘log_archive_dest_1′;
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Review the host permissions for directories ‘||SUBSTR(strvar3
,1,1950)||’ and ‘||SUBSTR(strvar4,1,1950);
END IF;
END IF;
–
ELSIF pdis.sdid = ‘DO0240′ THEN
– *************************************************
– ** Process DB Check DO0240
– ** Oracle OS_ROLES parameter
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘os_roles’;
IF upper(strvar2) = ‘TRUE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The OS_Roles parameter is not set to FALSE.’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DG0142′ THEN
– *************************************************
– ** Process DB Check DG0142
– ** DBMS Privileged action audit
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘audit_sys_operations’;
IF upper(strvar2) = ‘FALSE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The AUDIT_SYS_OPERATIONS parameter is not set ‘|| ‘to TRUE.’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DG0192′ THEN
– *************************************************
– ** Process DB Check DG0192
– ** DBMS fully-qualified name for remote access
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘global_names’;
IF upper(strvar2) = ‘FALSE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The GLOBAL_NAMES parameter is not set to TRUE.’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DO0243′ THEN
– *************************************************
– ** Process DB Check DO0243
– ** Oracle _TRACE_FILES_PUBLIC parameter
– *************************************************
SELECT COUNT(*)
INTO i
FROM v$parameter
WHERE name = ‘_trace_files_public’;
IF i = 0 THEN
outfinding := ‘NF’;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘_trace_files_public’;
IF upper(strvar2) = ‘TRUE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The _TRACE_FILES_PUBLIC parameter is not set ‘|| ‘to FALSE.’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
END IF;
–
ELSIF pdis.sdid = ‘DO0250′ THEN
– *************************************************
– ** Process DB Check DO0250
– ** Oracle database link usage
– *************************************************
DECLARE
CURSOR cursor_DO0250
IS –DO0250
SELECT owner, db_link
FROM dba_db_links;
BEGIN
SELECT COUNT(*)
INTO i
FROM dba_db_links;
IF i = 0 THEN
outfinding := ‘NF’;
ELSE
FOR dblinks IN cursor_DO0250
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := dblinks.owner||’:'||dblinks.db_link;
scriptresults(find_idx) := dblinks.owner||’:'||dblinks.db_link;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the list of accounts and database ‘||
‘links as generated. Confirm database links are documented, ‘||
‘authorized and accept as Documentable in VMS. Confirm ‘||
‘database links used for replication are documented, ‘||
‘authorized and accept as Documentable in VMS.’;
END IF;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0260′ THEN
– *************************************************
– ** Process DB Check DO0260
– ** Oracle control file availability
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘control_files’;
IF instr(strvar2,’,',1) = 0 THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘Two or more control files have not been defined.’;
scriptresults(1) := strvar2;
ELSE
outfinding := ‘MR’;
outfindings.extend;
outfindings(1) := ‘Review the location of files ‘||strvar2||’ on host.’;
END IF;
–
ELSIF pdis.sdid = ‘DO0270′ THEN
– *************************************************
– ** Process DB Check DO0270
– ** Oracle redo log file availability
– *************************************************
SELECT COUNT(*)
INTO i
FROM v$log;
SELECT COUNT(*)
INTO j
FROM v$log
WHERE members > 1;
IF i > 1 AND j > 1 THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘Two (2) or more redo log groups ‘||
‘with one or more members each should be defined ‘||
‘on a RAID-enabled storage device (or) Two (2) or ‘||
‘more redo log groups with two or more members ‘||
‘each should be defined on a non-RAID storage device.’;
scriptresults(1) := i||’,'||j;
END IF;
–
ELSIF pdis.sdid = ‘DG0009′ THEN
– *************************************************
– ** Process DB Home Check DG0009
– ** DBMS software library permissions
– *************************************************
IF ((instr(osver,’WIN’,1) > 0) OR (instr(osver,’MVS’,1) > 0)) THEN
outfinding := ‘NA’;
ELSE
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Check umask setting on host for Oracle ‘|| ‘owner account.’;
END IF;
–
ELSIF pdis.sdid = ‘DG0123′ THEN
– *************************************************
– ** Process DB Check DG0123
– ** DBMS Administrative data access
– *************************************************
DECLARE
CURSOR cursor_DG0123
IS –DG0123
SELECT grantee, privilege, owner, table_name
FROM dba_tab_privs
WHERE (owner = ‘SYS’ OR table_name LIKE ‘DBA_%’) AND privilege <> ‘EXECUTE’ AND
grantee NOT IN
(SELECT uname
FROM defusers
) AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
) AND grantee NOT IN
(SELECT rname
FROM defroles
)
ORDER BY grantee;
BEGIN
FOR grantees IN cursor_DG0123
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee||’:'||grantees.privilege||’ to ‘||
grantees.table_name;
scriptresults(find_idx) := grantees.grantee||’:'||grantees.privilege||’ to ‘||
grantees.table_name;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts, privileges, object ‘||
‘owners and objects as generated. Confirm the account(s) ‘||
‘and privilege assignments to the objects are documented, ‘||
‘authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0320′ THEN
– *************************************************
– ** Process DB Check DO0320
– ** Oracle PUBLIC role privileges
– *************************************************
DECLARE
CURSOR cursor_DO0320
IS –DO0320
SELECT granted_role
FROM dba_role_privs
WHERE grantee = ‘PUBLIC’;
BEGIN
FOR pubroles IN cursor_DO0320
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := pubroles.granted_role;
scriptresults(find_idx) := pubroles.granted_role;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘PUBLIC has been granted the following roles: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0340′ THEN
– *************************************************
– ** Process DB Check DO0340
– ** Oracle application administration roles enablement
– *************************************************
DECLARE
CURSOR cursor_DO0340
IS –DO0340
SELECT grantee, granted_role
FROM dba_role_privs
WHERE default_role = ‘YES’ AND grantee NOT IN (‘DBA’, ‘SYS’, ‘SYSTEM’) AND
granted_role NOT IN (‘CTXSYS’, ‘DBA’, ‘IMP_FULL_DATABASE’,
‘MDSYS’, ‘SYS’, ‘WKSYS’) AND granted_role IN
(SELECT grantee
FROM dba_sys_privs
WHERE privilege LIKE ‘%USER’
) AND grantee NOT IN
(SELECT DISTINCT owner
FROM dba_tables
) AND grantee NOT IN
(SELECT DISTINCT username
FROM dba_users
WHERE upper(account_status) LIKE ‘%LOCKED%’
);
BEGIN
FOR grantees IN cursor_DO0340
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee||’:'||grantees.granted_role;
scriptresults(find_idx) := grantees.grantee||’:'||grantees.granted_role;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts and roles as generated. ‘||
‘Confirm the account(s) and role assignments are documented, ‘||
‘authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0350′ THEN
– *************************************************
– ** Process DB Check DO0350
– ** Oracle system privilege assignment
– *************************************************
DECLARE
CURSOR cursor_DO0350
IS –DO0350
SELECT grantee, privilege
FROM dba_sys_privs
WHERE privilege <> ‘CREATE SESSION’ AND grantee NOT IN
(SELECT uname
FROM defusers
) AND grantee NOT IN
(SELECT rname
FROM defroles
) AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
) AND grantee NOT IN
(SELECT username
FROM dba_users
WHERE account_status LIKE ‘%LOCKED%’
);
BEGIN
FOR grantees IN cursor_DO0350
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee||’:'||grantees.privilege;
scriptresults(find_idx) := grantees.grantee||’:'||grantees.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts and roles as generated. ‘||
‘Confirm the account(s) and role assignments are documented, ‘||
‘authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0360′ THEN
– *************************************************
– ** Process DB Home Check DO0360
– ** DBMS mid-tier application account access
– *************************************************
DECLARE
CURSOR cursor_DO0360
IS –DO0360
SELECT name, ext_username
FROM user$
WHERE ext_username <> NULL;
BEGIN
SELECT COUNT(*)
INTO i
FROM user$
WHERE ext_username <> NULL;
IF i = 0 THEN
outfinding := ‘NF’;
ELSE
FOR users IN cursor_DO0360
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := users.name||’:'||users.ext_username;
scriptresults(find_idx) := users.name||’:'||users.ext_username;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts and external account ‘||
‘names as generated. Confirm the external account(s) utilize ‘||
‘PKI authentication, are documented, authorized and accept as ‘||
‘Documentable in VMS.’;
END IF;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0085′ THEN
– *************************************************
– ** Process DB Check DG0085
– ** Minimum DBA privilege assignment
– *************************************************
DECLARE
CURSOR cursor_DG0085
IS –DG0085
SELECT username
FROM v$pwfile_users
WHERE username NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
) AND username <> ‘INTERNAL’ AND (sysdba = ‘TRUE’ OR sysoper = ‘TRUE’);
BEGIN
FOR pwusers IN cursor_DG0085
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := pwusers.username;
scriptresults(find_idx) := pwusers.username;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts as generated. Confirm ‘||
‘the account(s) are documented, authorized and accept as ‘|| ‘Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0014′ THEN
– *************************************************
– ** Process DB Check DG0014
– ** DBMS demonstration and sample databases
– *************************************************
DECLARE
CURSOR cursor_DG0014
IS –DG0014
SELECT username
FROM dba_users
WHERE username IN (‘ALLUSERS’, ‘AOLDEMO’, ‘AQDEMO’, ‘AQJAVA’, ‘AQUSER’, ‘AUC_GUEST’,
‘BI’, ‘CTXDEMO’, ‘DEMO8′, ‘DEV2000_DEMOS’, ‘HR’, ‘IX’, ‘OE’, ‘ORABAMSAMPLES’, ‘PM’,
‘PORTAL_DEMO’, ‘PORTAL30_DEMO’, ‘QS’, ‘SCOTT’, ‘SECDEMO’, ‘SH’, ‘WK_TEST’) OR
username LIKE ‘QS_%’;
BEGIN
FOR demos IN cursor_DG0014
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := demos.username;
scriptresults(find_idx) := demos.username;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the object owner accounts as ‘||
‘generated. Confirm the account(s) are documented, ‘||
‘authorized to remain and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO0420′ THEN
– *************************************************
– ** Process DB Check DO0420
– ** Oracle XML DB
– *************************************************
SELECT COUNT(*)
INTO i
FROM v$parameter
WHERE name = ‘dispatchers’ AND value LIKE ‘%XDB%’;
SELECT COUNT(*)
INTO j
FROM dba_users
WHERE username = ‘XDB’;
IF j = 0 THEN
outfinding := ‘NF’;
elsif i = 0 THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Confirm the use of XML DB dispatchers is ‘||
‘documented in the System Security Plan and authorized by the IAO.’;
END IF;
–
ELSIF pdis.sdid = ‘DO0430′ THEN
– *************************************************
– ** Process DB Home Check DO0430
– ** Oracle management agent use
– *************************************************
SELECT COUNT(*)
INTO i
FROM dba_users
WHERE upper(username) = ‘DBSNMP’;
IF i = 0 THEN
outfinding := ‘NF’;
ELSE
SELECT account_status
INTO strvar2
FROM dba_users
WHERE upper(username) = ‘DBSNMP’;
IF upper(strvar2) <> ‘OPEN’ THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘SNMP Management agent is installed but not in use. ‘||
‘Uninstall if not documented in the System Security Plan and ‘||
‘authorized by the IAO.’;
ELSE
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) := ‘Confirm the use of Oracle Management Agent is ‘||
‘documented in the System Security Plan and authorized by the IAO.’;
END IF;
END IF;
–
ELSIF pdis.sdid = ‘DG0029′ THEN
– *************************************************
– ** Process DB Check DG0029
– ** Database auditing
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘audit_trail’;
IF upper(strvar2) = ‘NONE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘Auditing is not enabled.’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DO3440′ THEN
– *************************************************
– ** Process DB Check DO3440
– ** Oracle DBA role assignment
– *************************************************
DECLARE
CURSOR cursor_DO3440
IS –DO3440
SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’ AND grantee NOT IN (‘SYS’, ‘SYSTEM’, ‘SYSMAN’, ‘CTXSYS’,
‘WKSYS’);
BEGIN
FOR grantees IN cursor_DO3440
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee;
scriptresults(find_idx) := grantees.grantee;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts as generated. Confirm ‘||
‘the account(s) and role assignments are documented, ‘||
‘authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0128′ THEN
– *************************************************
– ** Process DB Check DG0128
– ** DBMS default passwords
– *************************************************
DECLARE
CURSOR cursor_DG0128A
IS –DG0128
SELECT DECODE(type#,0,’ROLE’,1,’USER’) type, name, DECODE(astatus, 0, ‘OPEN’, 1,
‘EXPIRED’, 2, ‘EXPIRED(GRACE)’, 4, ‘LOCKED(TIMED)’, 8, ‘LOCKED’, 5,
‘EXPIRED and LOCKED(TIMED)’, 6, ‘EXPIRED(GRACE) and LOCKED(TIMED)’, 9,
‘EXPIRED and LOCKED’, 10, ‘EXPIRED(GRACE) and LOCKED’) account_status
FROM user$, defusers
WHERE user$.name = defusers.uname AND user$.password = defusers.pswdhash AND
user$.astatus < 4;
CURSOR cursor_DG0128B
IS –DG0128
SELECT DECODE(type#,0,’ROLE’,1,’USER’) type, name, DECODE(astatus, 0, ‘OPEN’, 1,
‘EXPIRED’, 2, ‘EXPIRED(GRACE)’, 4, ‘LOCKED(TIMED)’, 8, ‘LOCKED’, 5,
‘EXPIRED and LOCKED(TIMED)’, 6, ‘EXPIRED(GRACE) and LOCKED(TIMED)’, 9,
‘EXPIRED and LOCKED’, 10, ‘EXPIRED(GRACE) and LOCKED’) account_status
FROM user$, defusers
WHERE user$.name = defusers.uname AND user$.password = defusers.pswdhash AND
user$.astatus > 3 AND user$.name <> ‘XS$NULL’;
BEGIN
i := 0;
j := 1;
FOR usrs IN cursor_DG0128A
LOOP
i := i + 1;
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
scriptresults(find_idx) := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
END LOOP;
IF i > 0 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following default accounts were found ‘||
‘unlocked with default passwords assigned: ‘;
ELSE
pdis.severity := ’2′;
END IF;
j := j + i; — keep count of how many were found in 3445A
i := 0;
outfindings.extend; — leave a space for heading if any found in 3445B
scriptresults.extend; — leave a space for heading if any found in 3445B
find_idx := find_idx + 1;
FOR usrs IN cursor_DG0128B
LOOP
i := i + 1;
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
scriptresults(find_idx) := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
END LOOP;
IF i > 0 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(j + 1) := ‘The following default accounts were found ‘||
‘locked with the default passwords assigned: ‘;
END IF;
IF i = 0 AND j = 1 THEN
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0032′ THEN
– *************************************************
– ** Process DB Check DG0032
– ** DBMS audit record access
– *************************************************
DECLARE
CURSOR cursor_DG0032
IS –DG0032
SELECT grantee
FROM dba_tab_privs
WHERE table_name = ‘AUD$’ AND grantee NOT IN (‘DELETE_CATALOG_ROLE’) AND grantee NOT
IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
)
ORDER BY grantee;
BEGIN
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘audit_trail’;
IF instr(strvar2,’db’,1) > 0 THEN
FOR grantees IN cursor_DG0032
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee;
scriptresults(find_idx) := grantees.grantee;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts granted access to ‘||
‘the AUD$ table as generated. Confirm the account(s) are ‘||
‘documented, authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3447′ THEN
– *************************************************
– ** Process DB Check DO3447
– ** Oracle OS_AUTHENT_PREFIX parameter
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘os_authent_prefix’;
IF upper(strvar2) = ‘OPS$’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The OS_AUTHENT_PREFIX is not set to a value other than OPS$’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DO3451′ THEN
– *************************************************
– ** Process DB Check DO3451
– ** WITH GRANT OPTION privileges
– *************************************************
DECLARE
CURSOR cursor_DO3451
IS –DO3451
SELECT owner, grantee, table_name
FROM dba_tab_privs
WHERE grantable = ‘YES’ AND grantee NOT IN
(SELECT DISTINCT owner
FROM dba_objects
) AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
) AND grantee NOT IN
(SELECT uname
FROM defusers
)
ORDER BY grantee;
BEGIN
FOR grantees IN cursor_DO3451
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee||’:'||grantees.owner||’.'||
grantees.table_name;
scriptresults(find_idx) := grantees.grantee||’:'||grantees.owner||’.'||
grantees.table_name;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following users have been granted ‘||
‘grantable privileges to the named object: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0119′ THEN
– *************************************************
– ** Process DB Check DG0119
– ** DBMS application user role privileges
– *************************************************
DECLARE
CURSOR cursor_DG0119
IS –DG0119
SELECT grantee, owner, table_name, privilege
FROM dba_tab_privs
WHERE privilege IN (‘ALTER’, ‘REFERENCES’, ‘INDEX’) AND table_name NOT IN (
‘SDO_IDX_TAB_SEQUENCE’, ‘XDB$ACL’, ‘XDB_ADMIN’) AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
) AND grantee NOT IN
(SELECT rname
FROM defroles
) AND grantee NOT IN
(SELECT uname
FROM defusers
) AND grantee NOT IN
(SELECT owner
FROM dbsrrown
);
BEGIN
FOR grantees IN cursor_DG0119
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee||’:'||grantees.owner||’.'||
grantees.table_name||’:'||grantees.privilege;
scriptresults(find_idx) := grantees.grantee||’:'||grantees.owner||’.'||
grantees.table_name||’:'||grantees.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following users have been granted ALTER or REFERENCES ‘||
‘privileges to the specified objects: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3475′ THEN
– *************************************************
– ** Process DB Check DO3475
– ** Oracle PUBLIC access to restricted packages
– *************************************************
DECLARE
CURSOR cursor_DO3475
IS –DO3475
SELECT table_name
FROM dba_tab_privs
WHERE grantee = ‘PUBLIC’ AND privilege = ‘EXECUTE’ AND table_name IN (‘UTL_SMTP’,
‘UTL_TCP’, ‘UTL_HTTP’, ‘UTL_FILE’, ‘DBMS_RANDOM’, ‘DBMS_LOB’, ‘DBMS_SQL’,
‘DBMS_SYS_SQL’, ‘DBMS_JOB’, ‘DBMS_BACKUP_RESTORE’, ‘DBMS_OBFUSCATION_TOOLKIT’);
BEGIN
FOR grantees IN cursor_DO3475
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.table_name;
scriptresults(find_idx) := grantees.table_name;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘PUBLIC has been granted EXECUTE privileges to restricted packages: ‘
;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0125′ THEN
– *************************************************
– ** Process DB Check DG0125
– ** DBMS account password expiration
– *************************************************
DECLARE
CURSOR cursor_DG0125
IS –DG0125
SELECT profile, limit
FROM dba_profiles, (SELECT limit AS def_pwd_life_tm
FROM dba_profiles
WHERE profile = ‘DEFAULT’ AND resource_name = ‘PASSWORD_LIFE_TIME’
)
WHERE resource_name = ‘PASSWORD_LIFE_TIME’ AND ((REPLACE(limit,’DEFAULT’,
def_pwd_life_tm) IN (‘UNLIMITED’, NULL)) OR (lpad(REPLACE(limit,’DEFAULT’,
def_pwd_life_tm),40,’0′) > lpad(’60′,40,’0′)));
BEGIN
FOR profiles IN cursor_DG0125
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := profiles.profile||’:'||profiles.limit;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the profile and limit as generated. ‘||
‘Confirm the limits returned are documented, authorized and ‘||
‘accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0126′ THEN
– *************************************************
– ** Process DB Check DG0126
– ** DBMS account password reuse
– *************************************************
DECLARE
– Get profile, reuse max and reuse time for defined and default profiles
CURSOR cursor_DG0126A
IS –DG0126
SELECT p1.profile profile, p1.limit REUSE_MAX, p2.limit REUSE_TIME
FROM dba_profiles p1, dba_profiles p2
WHERE p1.profile = p2.profile AND p1.profile = ‘DEFAULT’ AND p1.resource_name =
‘PASSWORD_REUSE_MAX’ AND p2.resource_name = ‘PASSWORD_REUSE_TIME’
ORDER BY p1.profile;
CURSOR cursor_DG0126B
IS –DG0126
SELECT p1.profile PROFILE, REPLACE(p1.limit, ‘DEFAULT’, def_pwd_reuse_max) REUSE_MAX,
REPLACE(p2.limit, ‘DEFAULT’, def_pwd_reuse_time) REUSE_TIME
FROM dba_profiles p1, dba_profiles p2, (SELECT p3.limit AS def_pwd_reuse_max
FROM dba_profiles p3
WHERE p3.resource_name = ‘PASSWORD_REUSE_MAX’ AND p3.profile = ‘DEFAULT’
), (SELECT p4.limit AS def_pwd_reuse_time
FROM dba_profiles p4
WHERE p4.resource_name = ‘PASSWORD_REUSE_TIME’ AND p4.profile = ‘DEFAULT’
)
WHERE p1.profile = p2.profile AND p1.profile <> ‘DEFAULT’ AND p1.resource_name =
‘PASSWORD_REUSE_MAX’ AND p2.resource_name = ‘PASSWORD_REUSE_TIME’
ORDER BY p1.profile;
BEGIN
i := 0;
FOR profiles IN cursor_DG0126A
LOOP
— Check the DEFAULT profile for compliance
IF profiles.REUSE_MAX = ‘UNLIMITED’ AND profiles.REUSE_TIME = ‘UNLIMITED’ THEN
i := i + 1;
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
elsif profiles.REUSE_MAX <> ‘UNLIMITED’ AND profiles.REUSE_TIME <> ‘UNLIMITED’ THEN
i := i + 1;
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
END IF;
END LOOP;
FOR profiles IN cursor_DG0126B
LOOP
IF profiles.REUSE_MAX = ‘UNLIMITED’ AND profiles.REUSE_TIME = ‘UNLIMITED’ THEN
i := i + 1;
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
elsif profiles.REUSE_MAX <> ‘UNLIMITED’ AND profiles.REUSE_TIME <> ‘UNLIMITED’ THEN
i := i + 1;
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
END IF;
END LOOP;
IF i > 0 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘ ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0079′ THEN
– *************************************************
– ** Process DB Check DG0079
– ** DBMS password complexity
– *************************************************
DECLARE
CURSOR cursor_DG0079
IS –DG0079
SELECT profile, limit
FROM dba_profiles, (SELECT limit AS def_pwd_verify_func
FROM dba_profiles
WHERE resource_name = ‘PASSWORD_VERIFY_FUNCTION’ AND profile = ‘DEFAULT’
)
WHERE resource_name = ‘PASSWORD_VERIFY_FUNCTION’ AND REPLACE(limit,’DEFAULT’,
def_pwd_verify_func) IN (‘UNLIMITED’, NULL);
BEGIN
FOR profiles IN cursor_DG0079
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := profiles.profile||’:'||profiles.limit;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following profiles were found without ‘||
‘a password complexity function specified: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3536′ THEN
– *************************************************
– ** Process DB Check DO3536
– ** Oracle IDLE_TIME profile parameter
– *************************************************
DECLARE
CURSOR cursor_DO3536A
IS –DO3536
SELECT profile, limit
FROM dba_profiles
WHERE resource_name = ‘IDLE_TIME’ AND profile = ‘DEFAULT’;
CURSOR cursor_DO3536B
IS –DO3536
SELECT profile, limit
FROM dba_profiles
WHERE resource_name = ‘IDLE_TIME’ AND profile <> ‘DEFAULT’;
BEGIN
FOR profiles IN cursor_DO3536A
LOOP
IF profiles.limit = ‘UNLIMITED’ THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘The DEFAULT profile exceeds the maximum of 15 minutes. ‘;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
elsif to_number(profiles.limit) > 15 THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘The DEFAULT profile exceeds the maximum of 15 minutes. ‘;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
END IF;
END LOOP;
FOR profiles IN cursor_DO3536B
LOOP
IF profiles.limit = ‘DEFAULT’ AND find_idx > 1 THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profile ‘||profiles.profile||
‘ points to the DEFAULT profile, which exceeds the maximum’|| ‘ of 15 minutes. ‘;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
elsif profiles.limit = ‘DEFAULT’ AND find_idx = 1 THEN
NULL;
elsif profiles.limit = ‘UNLIMITED’ THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profile ‘||profiles.profile||
‘ exceeds the maximum of 60 minutes. ‘;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
elsif to_number(profiles.limit) > 60 THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘Profile ‘||profiles.profile||
‘ exceeds the maximum of 60 minutes. ‘;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
END IF;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0073′ THEN
– *************************************************
– ** Process DB Check DG0073
– ** DBMS failed login account lock
– *************************************************
DECLARE
CURSOR cursor_DG0073
IS –DG0073
SELECT profile, limit
FROM dba_profiles, (SELECT limit AS def_login_attempts
FROM dba_profiles
WHERE profile = ‘DEFAULT’ AND resource_name = ‘FAILED_LOGIN_ATTEMPTS’
)
WHERE resource_name = ‘FAILED_LOGIN_ATTEMPTS’ AND REPLACE(limit, ‘DEFAULT’,
def_login_attempts) IN (‘UNLIMITED’, NULL) OR resource_name = ‘FAILED_LOGIN_ATTEMPTS’
AND to_number(DECODE(limit, ‘UNLIMITED’, 10, ‘DEFAULT’, 10, limit)) > 3
ORDER BY profile;
BEGIN
FOR profiles IN cursor_DG0073
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := profiles.profile||’:'||profiles.limit;
scriptresults(find_idx) := profiles.profile||’:'||profiles.limit;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the profile and limit as generated. ‘||
‘Confirm the limit for any non-DEFAULT profiles returned are ‘||
‘documented, authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3538′ THEN
– *************************************************
– ** Process DB Check DO3538
– ** Oracle REMOTE_OS_AUTHENT parameter
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘remote_os_authent’;
IF upper(strvar2) = ‘FALSE’ THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The REMOTE_OS_AUTHENT parameter is not set to FALSE.’;
scriptresults(1) := upper(strvar2);
END IF;
–
ELSIF pdis.sdid = ‘DO3539′ THEN
– *************************************************
– ** Process DB Check DO3539
– ** Oracle REMOTE_OS_ROLES parameter
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘remote_os_roles’;
IF upper(strvar2) = ‘FALSE’ THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The REMOTE_OS_ROLES parameter is not set to FALSE.’;
scriptresults(1) := upper(strvar2);
END IF;
–
ELSIF pdis.sdid = ‘DO3540′ THEN
– *************************************************
– ** Process DB Check DO3540
– ** Oracle SQL92_SECURITY parameter
– *************************************************
SELECT COUNT(*)
INTO i
FROM v$parameter
WHERE name = ‘sql92_security’;
IF i = 0 THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The SQL92_SECURITY parameter does not exist.’;
scriptresults(1) := i;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘sql92_security’;
IF upper(strvar2) = ‘TRUE’ THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The SQL92_SECURITY configuration parameter is ‘|| ‘not set to TRUE.’
;
scriptresults(1) := upper(strvar2);
END IF;
END IF;
–
ELSIF pdis.sdid = ‘DO3546′ THEN
– *************************************************
– ** Process DB Check DO3546
– ** Oracle REMOTE_LOGIN_PASSWORDFILE parameter
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘remote_login_passwordfile’;
IF (upper(strvar2) = ‘EXCLUSIVE’ OR upper(strvar2) = ‘NONE’) THEN
outfinding := ‘NF’;
ELSE
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘REMOTE_LOGIN_PASSWORDFILE initialization parameter ‘||
‘is not set to EXCLUSIVE or NONE.’;
scriptresults(1) := upper(strvar2);
END IF;
–
ELSIF pdis.sdid = ‘DG0098′ THEN
– *************************************************
– ** Process DB Check DG0098
– ** DBMS access to external local objects
– *************************************************
SELECT value
INTO strvar1
FROM v$parameter
WHERE name = ‘utl_file_dir’;
IF instr(strvar1,’*',1) > 0 THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The UTL_FILE_DIR parameter is set to or ‘|| ‘includes “*”.’;
scriptresults(1) := SUBSTR(strvar1,1,3900);
ELSE
outfinding := ‘MR’;
find_idx := find_idx + 1;
outfindings.extend;
outfindings(find_idx) :=
‘Review the host permissions for directories listed for utl_file_dir ‘||SUBSTR(strvar1,1,
3900);
END IF;
–
ELSIF pdis.sdid = ‘DO3609′ THEN
– *************************************************
– ** Process DB Check DO3609
– ** System privileges granted WITH ADMIN OPTION
– *************************************************
DECLARE
CURSOR cursor_DO3609
IS –DO3609
SELECT grantee, privilege
FROM dba_sys_privs
WHERE grantee NOT IN
(SELECT uname
FROM defusers
) AND admin_option = ‘YES’ AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
) AND grantee NOT IN
(SELECT uname
FROM defusers
) AND grantee NOT IN
(SELECT rname
FROM defroles
);
BEGIN
FOR grantees IN cursor_DO3609
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee||’:'||grantees.privilege;
scriptresults(find_idx) := grantees.grantee||’:'||grantees.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following unauthorized users have been ‘||
‘granted system privileges with the ADMIN option: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3610′ THEN
– *************************************************
– ** Process DB Check DO3610
– ** Oracle minimum object auditing
– *************************************************
defmax := ”;
deftime := ”;
SELECT COUNT(*)
INTO i
FROM all_def_audit_opts
WHERE ren = ‘A/A’;
IF i = 0 THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘RENAME object audit option not specified on default.’;
scriptresults(find_idx) := i;
END IF;
SELECT COUNT(*)
INTO i
FROM dba_obj_audit_opts
WHERE ren = ‘A/A’;
IF i = 0 THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘RENAME not audited on application objects.’;
scriptresults(find_idx) := i;
END IF;
SELECT COUNT(*)
INTO i
FROM dba_obj_audit_opts
WHERE object_name = ‘AUD$’ AND object_type = ‘TABLE’ AND (owner = ‘SYSTEM’ OR owner =
‘SYS’);
IF i = 1 THEN
SELECT upd, del
INTO defmax, deftime
FROM dba_obj_audit_opts
WHERE object_name = ‘AUD$’ AND object_type = ‘TABLE’ AND (owner = ‘SYSTEM’ OR owner =
‘SYS’);
ELSE
SELECT COUNT(*)
INTO i
FROM dba_obj_audit_opts
WHERE object_name = ‘AUD$’ AND object_type = ‘VIEW’ AND (owner = ‘SYSTEM’ OR owner =
‘SYS’);
IF i = 1 THEN
BEGIN
SELECT text
INTO strvar2
FROM dba_views
WHERE view_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
EXCEPTION
WHEN NO_DATA_FOUND THEN
strvar2 := NULL;
END;
i := instr(upper(strvar2),’FROM’,1) + 5;
IF i > 5 THEN
j := instr(strvar2,’.',1);
strvar3 := upper(ltrim(SUBSTR(strvar2,i,j – i)));
strvar2 := upper(SUBSTR(strvar2,j + 1,LENGTH(strvar2) – j));
strvar4 := SUBSTR(strvar2,LENGTH(strvar2),1);
IF (ascii(strvar4) < 32 OR ascii(strvar4) > 174) THEN
strvar2 := SUBSTR(strvar2,1,LENGTH(strvar2) – 1);
END IF;
BEGIN
SELECT upd, del
INTO defmax, deftime
FROM dba_obj_audit_opts
WHERE object_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
EXCEPTION
WHEN NO_DATA_FOUND THEN
defmax := ‘unk’;
deftime := ‘unk’;
END;
ELSE
defmax := ‘unk’;
deftime := ‘unk’;
END IF;
ELSE
SELECT COUNT(*)
INTO i
FROM dba_synonyms
WHERE synonym_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
IF i = 1 THEN
SELECT table_owner
INTO strvar3
FROM dba_synonyms
WHERE synonym_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
SELECT table_name
INTO strvar2
FROM dba_synonyms
WHERE synonym_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
BEGIN
SELECT upd, del
INTO defmax, deftime
FROM dba_obj_audit_opts
WHERE object_name = strvar2 AND owner = strvar3;
EXCEPTION
WHEN NO_DATA_FOUND THEN
defmax := ‘unk’;
deftime := ‘unk’;
END;
END IF;
END IF;
END IF;
IF defmax = ‘unk’ THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘The underlying table for the audit trail ‘||
‘view AUD$ could not be determined. ‘|| ‘Audit trail audit status is unknown.’;
scriptresults(find_idx) := defmax;
elsif defmax <> ‘A/A’ OR deftime <> ‘A/A’ THEN
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := ‘ The audit trail ‘||strvar3||’.'||strvar2||
‘ is not being audited for update and delete by all users.’;
scriptresults(find_idx) := defmax||’ ‘||deftime;
END IF;
IF find_idx > 1 THEN
outfinding := ‘O’;
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DO3612′ THEN
– *************************************************
– ** Process DB Check DO3612
– ** Oracle system privilege assignment
– *************************************************
DECLARE
CURSOR cursor_DO3612
IS –DO3612
SELECT privilege
FROM dba_sys_privs
WHERE grantee = ‘PUBLIC’;
BEGIN
FOR privs IN cursor_DO3612
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := privs.privilege;
scriptresults(find_idx) := privs.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following system privileges have been ‘|| ‘granted to PUBLIC: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3622′ THEN
– *************************************************
– ** Process DB Check DO3622
– ** Oracle roles granted WITH ADMIN OPTION
– *************************************************
DECLARE
CURSOR cursor_DO3622
IS –DO3622
SELECT grantee, granted_role
FROM dba_role_privs
WHERE grantee NOT IN (‘DBA’, ‘SYS’, ‘SYSTEM’, ‘WKSYS’, ‘LBACSYS’, ‘WMSYS’, ‘OWBSYS’,
‘CTXSYS’, ‘SPATIAL_CSW_ADMIN_USR’, ‘SPATIAL_WFS_ADMIN_USR’, ‘FLOWS_030000′) AND
admin_option = ‘YES’ AND grantee NOT IN
(SELECT owner
FROM dbsrrown
) AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
)
ORDER BY grantee;
BEGIN
FOR grantees IN cursor_DO3622
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := grantees.grantee||’:'||grantees.granted_role;
scriptresults(find_idx) := grantees.grantee||’:'||grantees.granted_role;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts and roles as generated.’||
‘Confirm the account(s) and role assignments are documented, ‘||
‘authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3685′ THEN
– *************************************************
– ** Process DB Check DO3685
– ** Oracle O7_DICTIONARY_ACCESSIBILITY parameter
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘O7_DICTIONARY_ACCESSIBILITY’;
IF upper(strvar2) = ‘TRUE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE.’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DO3686′ THEN
– *************************************************
– ** Process DB Check DO3686
– ** Oracle SYS.LINK$ table access
– *************************************************
DECLARE
CURSOR cursor_DO3686
IS –DO3686
SELECT grantee, privilege
FROM dba_tab_privs
WHERE grantee <> ‘DELETE_CATALOG_ROLE’ AND table_name = ‘LINK$’ AND grantee NOT IN
(SELECT grantee
FROM dba_role_privs
WHERE granted_role = ‘DBA’
);
BEGIN
IF oraverno > 10.1 THEN
outfinding := ‘NA’;
ELSE
FOR dblinks IN cursor_DO3686
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := dblinks.grantee||’:'||dblinks.privilege;
scriptresults(find_idx) := dblinks.grantee||’:'||dblinks.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘The following accounts have been granted ‘||
‘privileges to the SYS.LINK$ table: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3689′ THEN
– *************************************************
– ** Process DB Check DO3689
– ** Oracle object permission assignment to PUBLIC
– *************************************************
DECLARE
CURSOR cursor_DO3689
IS –DO3689
SELECT owner, table_name, privilege
FROM dba_tab_privs
WHERE grantee = ‘PUBLIC’ AND owner NOT IN
(SELECT uname
FROM defusers
);
BEGIN
FOR pubgrants IN cursor_DO3689
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := pubgrants.owner||’.'||pubgrants.table_name||’:'||
pubgrants.privilege;
scriptresults(find_idx) := pubgrants.owner||’.'||pubgrants.table_name||’:'||
pubgrants.privilege;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts, objects, ‘||
‘and permissions as generated. Confirm the ‘||
‘permissions for the objects are documented, ‘||
‘authorized and accept as Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DG0141′ THEN
– *************************************************
– ** Process DB Check DG0141
– ** DBMS access control bypass
– *************************************************
DECLARE
CURSOR cursor_DG0141B
IS –DG0141 for Oracle 10g and higher
SELECT name
FROM stmt_audit_option_map
WHERE name NOT IN
(SELECT audit_option
FROM dba_stmt_audit_opts
) AND name NOT IN (‘ALL STATEMENTS’, ‘ANALYZE ANY DICTIONARY’, ‘CREATE DIRECTORY’,
‘DEBUG CONNECT ANY’, ‘DEBUG CONNECT USER’, ‘DELETE ANY TABLE’, ‘DELETE TABLE’,
‘DROP DIRECTORY’, ‘EXECUTE ANY LIBRARY’, ‘EXECUTE ANY PROCEDURE’, ‘EXECUTE ANY TYPE’,
‘EXECUTE LIBRARY’, ‘EXECUTE PROCEDURE’, ‘EXISTS’, ‘GRANT LIBRARY’, ‘INSERT ANY TABLE’,
‘INSERT TABLE’, ‘LOCK TABLE’, ‘NETWORK’, ‘OUTLINE’, ‘READUP’, ‘READUP DBHIGH’,
‘SELECT ANY DICTIONARY’, ‘SELECT ANY SEQUENCE’, ‘SELECT ANY TABLE’,
‘SELECT MINING MODEL’, ‘SELECT SEQUENCE’, ‘SELECT TABLE’, ‘UPDATE ANY TABLE’,
‘UPDATE TABLE’, ‘USE EDITION’, ‘WRITEDOWN’, ‘WRITEDOWN DBLOW’, ‘WRITEUP’,
‘WRITEUP DBHIGH’);
BEGIN
FOR aud_opts IN cursor_DG0141B
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := aud_opts.name;
scriptresults(find_idx) := aud_opts.name;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Oracle auditing is not auditing the ‘||
‘following required events: ‘;
ELSE
outfinding := ‘NF’;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO3696′ THEN
– *************************************************
– ** Process DB Check DO3696
– ** Oracle RESOURCE_LIMIT parameter
– *************************************************
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘resource_limit’;
IF upper(strvar2) = ‘FALSE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The RESOURCE_LIMIT parameter is not set to TRUE.’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
–
ELSIF pdis.sdid = ‘DG0121′ THEN
– *************************************************
– ** Process DB Check DG0121
– ** DBMS application user privilege assignment
– *************************************************
DECLARE
CURSOR cursor_DG0121
IS –DG0121
SELECT grantee, privilege, owner, table_name
FROM dba_tab_privs
WHERE grantee NOT IN
(SELECT role
FROM dba_roles
) AND grantee NOT IN
(SELECT uname
FROM defusers
) AND table_name <> ‘DBMS_REPCAT_INTERNAL_PACKAGE’ AND table_name NOT LIKE ‘%RP’ AND
grantee NOT IN
(SELECT grantee
FROM dba_tab_privs
WHERE table_name IN (‘DBMS_DEFER’, ‘DEFLOB’)
) AND grantee NOT IN
(SELECT owner
FROM dbsrrown
);
BEGIN
SELECT COUNT(*)
INTO i
FROM dba_users
WHERE username NOT IN
(SELECT uname
FROM defusers
);
IF i = 0 THEN
outfinding := ‘NF’;
ELSE
FOR usergrants IN cursor_DG0121
LOOP
outfindings.extend;
scriptresults.extend;
find_idx := find_idx + 1;
outfindings(find_idx) := usergrants.grantee||’ granted ‘||usergrants.privilege||
‘ to ‘||usergrants.owner||’.'||usergrants.table_name;
scriptresults(find_idx) := usergrants.grantee||’ ‘||usergrants.privilege||’ ‘||
usergrants.owner||’.'||usergrants.table_name;
END LOOP;
IF find_idx > 1 THEN
outfinding := ‘O’;
outfindings.extend;
outfindings(1) := ‘Review the accounts, privileges, ‘||
‘object owners and objects as generated. Confirm the ‘||
‘account(s) and privilege assignments to the objects ‘||
‘are documented, authorized and accept as ‘|| ‘Documentable in VMS.’;
ELSE
outfinding := ‘NF’;
END IF;
END IF;
END;
–
ELSIF pdis.sdid = ‘DO6748′ THEN
– *************************************************
– ** Process DB Home Check DO6748
– ** Oracle SEC_CASE_SENSITIVE_LOGON parameter
– *************************************************
IF oraverno < 11.1 THEN
outfinding := ‘NA’;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘sec_case_sensitive_logon’;
IF upper(strvar2) = ‘FALSE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The Oracle parameter SEC_CASE_SENSITIVE_LOGON ‘||
‘is not set to a value of TRUE’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
END IF;
–
ELSIF pdis.sdid = ‘DO6749′ THEN
– *************************************************
– ** Process DB Home Check DO6749
– ** Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter
– *************************************************
IF oraverno < 11.1 THEN
outfinding := ‘NA’;
ELSE
SELECT value
INTO i
FROM v$parameter
WHERE name = ‘sec_max_failed_login_attempts’;
IF (i = 0 OR i > 3) THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The Oracle parameter SEC_MAX_FAILED_LOGIN_ATTEMPTS ‘||
‘is set to a value of 0 or value greater than 3′;
scriptresults(1) := i;
ELSE
outfinding := ‘NF’;
END IF;
END IF;
–
ELSIF pdis.sdid = ‘DO6750′ THEN
– *************************************************
– ** Process DB Home Check DO6750
– ** Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter
– *************************************************
IF oraverno < 11.1 THEN
outfinding := ‘NA’;
ELSE
SELECT instr(upper(value), ‘DROP’, 1, 1)
INTO i
FROM v$parameter
WHERE name = ‘sec_protocol_error_further_action’;
SELECT instr(upper(value), ‘DELAY’, 1, 1)
INTO j
FROM v$parameter
WHERE name = ‘sec_protocol_error_further_action’;
IF i = 0 AND j = 0 THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The Oracle parameter SEC_PROTOCOL_ERROR_FURTHER_ACTION ‘||
‘is not set to a value of DROP or DELAY’;
scriptresults(1) := i || ‘:’ || j;
ELSE
outfinding := ‘NF’;
END IF;
END IF;
–
ELSIF pdis.sdid = ‘DO6751′ THEN
– *************************************************
– ** Process DB Home Check DO6751
– ** SQLNET.ALLOWED_LOGON_VERSION
– *************************************************
outfinding := ‘MR’;
outfindings.extend;
outfindings(1) :=
‘Review the SQLNET.ORA file for the parameter: SQLNET.ALLOWED_LOGON_VERSION.’;
–
ELSIF pdis.sdid = ‘DO6752′ THEN
– *************************************************
– ** Process DB Home Check DO6752
– ** Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter
– *************************************************
IF oraverno < 11.1 THEN
outfinding := ‘NA’;
ELSE
SELECT value
INTO strvar2
FROM v$parameter
WHERE name = ‘sec_protocol_error_trace_action’;
IF upper(strvar2) = ‘NONE’ THEN
outfinding := ‘O’;
outfindings.extend;
scriptresults.extend;
outfindings(1) := ‘The Oracle parameter SEC_PROTOCOL_ERROR_TRACE_ACTION ‘||
‘is not set to a value of TRACE, LOG or ALERT’;
scriptresults(1) := upper(strvar2);
ELSE
outfinding := ‘NF’;
END IF;
END IF;
–
END IF;
–
IF outfinding = ‘NA’ THEN
notapplic := notapplic + 1;
END IF;
IF outfinding = ‘NR’ OR outfinding = ‘MR’ THEN
notrevwd := notrevwd + 1;
END IF;
IF (pdis.severity = ’1′ AND outfinding <> ‘NA’) THEN
cat1 :=cat1+1;
elsif (pdis.severity = ’2′ AND outfinding <> ‘NA’) THEN
cat2 :=cat2+1;
elsif (pdis.severity = ’3′ AND outfinding <> ‘NA’) THEN
cat3 :=cat3+1;
END IF;
dbms_output.put_line(‘Finding: ‘||outfinding||’ for check ‘||pdis.sdid);
–
IF pdis.severity = ’1′ THEN
outseverity := ‘Category I’;
IF outfinding IN (‘O’) THEN
opencat1 := opencat1 + 1;
END IF;
elsif pdis.severity = ’2′ THEN
outseverity := ‘Category II’;
IF outfinding IN (‘O’) THEN
opencat2 := opencat2 + 1;
END IF;
elsif pdis.severity = ’3′ THEN
outseverity := ‘Category III’;
IF outfinding IN (‘O’) THEN
opencat3 := opencat3 + 1;
END IF;
ELSE
dbms_output.put_line(‘bad severity code of ‘||pdis.severity|| ‘ for check ‘||pdis.sdid);
END IF;
/**
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘Policy Check: ‘||pdis.sdid||
‘ VMSkey: ‘||pdis.vmskey);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘Description: ‘);
rptnum := rptnum + 1;
strvar2 := rtrim(pdis.shortdesc);
j := length(strvar2);
k := 1;
while k < j loop
m := instr(substr(strvar2,k,77),’^q’,1);
i := instr(substr(strvar2,k,77),’ ‘, – 1);
if (m < i and m <> 0) or (m > 0 and i = 0) then
i := m;
else
i := i + 1;
if k + 77 >= j then
i := j – k + 2;
end if;
end if;
strvar3 := ‘ ‘||substr(strvar2,k,i – 1);
if i > m then
i := i – 2;
end if;
k := k + i + 1;
insert into dbsrrrpt values (rptnum, strvar3);
rptnum := rptnum + 1;
end loop;
insert into dbsrrrpt values (rptnum, ‘Severity: ‘||outseverity);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘Finding Status: ‘||outfinding);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘Finding Details: ‘);
rptnum := rptnum + 1;
**/
FOR i IN 1..find_idx
LOOP
–insert into dbsrrrpt values (rptnum, ‘ ‘||outfindings(i));
rptnum := rptnum + 1;
INSERT
INTO dbsrrstats(severity, findingstatus, dgno, vmskey, rec_date)
VALUES(outseverity, outfinding, pdis.sdid, pdis.vmskey, sysdate);
END LOOP;
outfindings.delete;
scriptresults.delete;
/*
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘*******************************************’);
rptnum := rptnum + 1;
*/
EXCEPTION
WHEN OTHERS THEN
ret_val := 1;
my_code := SQLCODE;
my_errm := SQLERRM;
dbms_output.put_line(‘Error during processing of check: ‘||pdis.sdid);
dbms_output.put_line(‘Error code ‘|| my_code ||’:'|| my_errm);
EXIT;
END;
END LOOP;
– end of pdi loop, write report finish lines
/*
errloc := ‘report finish’;
i := opencat1 + opencat2 + opencat3;
j := cat1 + cat2 + cat3;
insert into dbsrrrpt values (rptnum, ‘Category Count Totals Open / Possible:’);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ Category I: ‘||to_char(opencat1,’999′)|| ‘ / ‘||
to_char(cat1,’999′));
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ Category II: ‘||to_char(opencat2,’999′)|| ‘ / ‘||
to_char(cat2,’999′));
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ Category III: ‘||to_char(opencat3,’999′)|| ‘ / ‘||
to_char(cat3,’999′));
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ Totals : ‘||to_char(i,’999′)||’ / ‘||to_char(j
,’999′));
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ Total Not Reviewed: ‘||to_char(notrevwd,’999′));
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘Total Not Applicable: ‘||to_char(notapplic,’999′));
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘NOTE: The open count includes checks that may require
manual check or review of’);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ results. The total check count does not include checks
that were determined’);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ to be “NA” for this database version. ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ Download and review the Database Oracle Check List at:’);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ http://iase.disa.mil/stigs/checklist/index.html’);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘ ‘);
rptnum := rptnum + 1;
insert into dbsrrrpt values (rptnum, ‘SRR Results for Instance/Database ‘||
inst_name||’/'||db_name||’ Oracle version: ‘||oraver);
*/
EXCEPTION
WHEN OTHERS THEN
ret_val := 1;
my_code := SQLCODE;
my_errm := SQLERRM;
dbms_output.put_line(‘Error during processing of ‘||errloc);
dbms_output.put_line(‘Error code ‘|| my_code ||’:'|| my_errm);
–END;
–EXIT ret_val
END CHECK_STIG_PROC;
END AA_STIG_PKG;
