linux firewall

# allow outside access to a port.
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT

# allow outside access to a range of ports.
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 4889:4897 -j ACCEPT

# allow a range of outside ipaddresses access to a port. in this case 192.168.0.* to port 1521
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT

# replace a rule
iptables -R INPUT 1 -p tcp -s 192.168.0.0/24 –dport 80 -j ACCEPT

# block icmp traffic, except from 10.10.10.x addresses
# –important– the below rule replaces rule #2 use -A or -I to input or append
# however most times there will already be a rule governing icmp traffic thus you should replace (-R)
iptables -R INPUT 2 -p icmp -s 10.10.10.0/24 -j ACCEPT

# my fire wall rules
iptables -R INPUT 2 -p icmp -s 10.10.10.0/24 -j ACCEPT #–this updates a pre-existing default rule (#2), the others are additions
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 1159 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 4889:4897 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 4899:4908 -j ACCEPT
iptables -A INPUT -s 10.10.10.0/255.255.255.0 -p tcp -m state –state NEW -m tcp –dport 7803 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp -s 10.10.10.0/255.255.255.0 –dport 7803 -j ACCEPT
iptables -A INPUT -j REJECT –reject-with icmp-host-prohibited

/etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Tue Feb 12 12:20:18 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [85971:45164444]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 1159 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 4889:4897 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 4899:4908 -j ACCEPT
-A INPUT -s 10.10.10.0/24 -p tcp -m state –state NEW -m tcp –dport 7803 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Feb 12 12:20:18 2013

# it might be this rule…
iptables -A INPUT -p tcp -m state –state NEW -m tcp -s 10.10.10.0/255.255.255.0 –dport 7803 -j ACCEPT

move dblinks from one database to another

Get metadata from a dblink (or anything else) using dbms_metadata. One of the nice things about this is that it will pull the dblink password and set it in the new database with the ‘BY VALUES’ keywords.

SELECT owner, db_link, DBMS_METADATA.GET_DDL(‘DB_LINK’,DB_LINK, OWNER) as DDL FROM dba_db_links;

Code for stig program

Schedule the job.

BEGIN
– Job defined entirely by the CREATE JOB procedure.
DBMS_SCHEDULER.create_job(
  job_name => ‘Monthly_Stig_Run’,
  job_type => ‘PLSQL_BLOCK’,
  job_action => ‘BEGIN sys.aa_stig_pkg.run_job_proc; END;’,
  start_date => SYSTIMESTAMP,
  repeat_interval => ‘freq=monthly; bymonthday=1′,
  end_date => NULL,
  enabled => TRUE,
  comments => ‘Job defined entirely by the CREATE JOB procedure’);
END;

create or replace
PACKAGE AA_STIG_PKG AS
  
  PROCEDURE CHECK_STIG_PROC;
  PROCEDURE CREATE_TABLE_PROC;
  PROCEDURE LOAD_DEF_USR_PROC;
  PROCEDURE LOAD_VUL_PROC;
  PROCEDURE CREATE_REPORT_PROC;
  PROCEDURE DELETE_CHECKS_PROC;
  PROCEDURE RUN_JOB_PROC;

END AA_STIG_PKG;

create or replace
PACKAGE BODY AA_STIG_PKG
AS
 
  PROCEDURE RUN_JOB_PROC AS
    BEGIN
   
    DECLARE
   
    BEGIN
   
     CHECK_STIG_PROC();
     CREATE_REPORT_PROC();
     DELETE_CHECKS_PROC();
   
    END;
 
  END RUN_JOB_PROC;
 
  PROCEDURE CREATE_REPORT_PROC AS
    BEGIN
   
    DECLARE
   
    BEGIN
   
    insert into dbsrrreport(dgno, findingstatus, rec_date, severity, vmskey)
     select unique dgno, findingstatus, rec_date, severity, vmskey from dbsrrstats;
    
   
    EXCEPTION
     WHEN OTHERS THEN
     dbms_output.put_line(‘something did not work’);
   
    END;
 
  END CREATE_REPORT_PROC;
 
  PROCEDURE DELETE_CHECKS_PROC AS
    BEGIN
   
    DECLARE
   
    BEGIN
   
    execute immediate ‘delete from dbsrrstats’;
    dbms_output.put_line(‘Table DBSRRSTATS cleared…’);
   
    
   
    EXCEPTION
     WHEN OTHERS THEN
     dbms_output.put_line(‘something did not work’);
   
    END;
 
  END DELETE_CHECKS_PROC;
 
  PROCEDURE LOAD_DEF_USR_PROC AS
    BEGIN
   
    DECLARE
   
    BEGIN
   
     insert into defusers values (‘AASH’,”,’9B52488370BB3D77′);
     insert into defusers values (‘ABA1′,”,’30FD307004F350DE’);
     insert into defusers values (‘ABM’,”,’D0F2982F121C7840′);
     insert into defusers values (‘AD_MONITOR’,”,’54F0C83F51B03F49′);
     insert into defusers values (‘ADAMS’,”,’72CDEF4A3483F60D’);
     insert into defusers values (‘ADS’,”,’D23F0F5D871EB69F’);
     insert into defusers values (‘ADSEUL_US’,”,’4953B2EB6FCB4339′);
     insert into defusers values (‘AHL’,”,’7910AE63C9F7EEEE’);
     insert into defusers values (‘AHM’,”,’33C2E27CF5E401A4′);
     insert into defusers values (‘AK’,”,’8FCB78BBA8A59515′);
     insert into defusers values (‘AL’,”,’384B2C568DE4C2B5′);
     insert into defusers values (‘ALA1′,”,’90AAC5BD7981A3BA’);
     insert into defusers values (‘ALLUSERS’,”,’42F7CD03B7D2CA0F’);
     insert into defusers values (‘ALR’,”,’BE89B24F9F8231A9′);
     insert into defusers values (‘AMA1′,”,’585565C23AB68F71′);
     insert into defusers values (‘AMA2′,”,’37E458EE1688E463′);
     insert into defusers values (‘AMA3′,”,’81A66D026DC5E2ED’);
     insert into defusers values (‘AMA4′,”,’194CCC94A481DCDE’);
     insert into defusers values (‘AMF’,”,’EC9419F55CDC666B’);
     insert into defusers values (‘AMS’,”,’BD821F59270E5F34′);
     insert into defusers values (‘AMS1′,”,’DB8573759A76394B’);
     insert into defusers values (‘AMS2′,”,’EF611999C6AD1FD7′);
     insert into defusers values (‘AMS3′,”,’41D1084F3F966440′);
     insert into defusers values (‘AMS4′,”,’5F5903367FFFB3A3′);
     insert into defusers values (‘AMSYS’,”,’4C1EF14ECE13B5DE’);
     insert into defusers values (‘AMV’,”,’38BC87EB334A1AC4′);
     insert into defusers values (‘AMW’,”,’0E123471AACA2A62′);
     insert into defusers values (‘ANNE’,”,’1EEA3E6F588599A6′);
     insert into defusers values (‘ANONYMOUS’,”,’94C33111FD9C66F3′);
     insert into defusers values (‘AOLDEMO’,”,’D04BBDD5E643C436′);
     insert into defusers values (‘AP’,”,’EED09A552944B6AD’);
     insert into defusers values (‘APA1′,”,’D00197BF551B2A79′);
     insert into defusers values (‘APA2′,”,’121C6F5BD4674A33′);
     insert into defusers values (‘APA3′,”,’5F843C0692560518′);
     insert into defusers values (‘APA4′,”,’BF21227532D2794A’);
     insert into defusers values (‘APPLEAD’,”,’5331DB9C240E093B’);
     insert into defusers values (‘APPLSYS’,”,’0F886772980B8C79′);
     insert into defusers values (‘APPLSYSPUB’,”,’D2E3EF40EE87221E’);
     insert into defusers values (‘APPLSYS’,”,’E153FFF4DAE6C9F7′);
     insert into defusers values (‘APPS’,”,’D728438E8A5925E0′);
     insert into defusers values (‘APS1′,”,’F65751C55EA079E6′);
     insert into defusers values (‘APS2′,”,’5CACE7B928382C8B’);
     insert into defusers values (‘APS3′,”,’C786695324D7FB3B’);
     insert into defusers values (‘APS4′,”,’F86074C4F4F82D2C’);
     insert into defusers values (‘AQDEMO’,”,’5140E342712061DD’);
     insert into defusers values (‘AQJAVA’,”,’8765D2543274B42E’);
     insert into defusers values (‘AQUSER’,”,’4CF13BDAC1D7511C’);
     insert into defusers values (‘AR’,”,’BBBFE175688DED7E’);
     insert into defusers values (‘ARA1′,”,’4B9F4E0667857EB8′);
     insert into defusers values (‘ARA2′,”,’F4E52BFBED4652CD’);
     insert into defusers values (‘ARA3′,”,’E3D8D73AE399F7FE’);
     insert into defusers values (‘ARA4′,”,’758FD31D826E9143′);
     insert into defusers values (‘ARS1′,”,’433263ED08C7A4FD’);
     insert into defusers values (‘ARS2′,”,’F3AF9F26D0213538′);
     insert into defusers values (‘ARS3′,”,’F6755F08CC1E7831′);
     insert into defusers values (‘ARS4′,”,’452B5A381CABB241′);
     insert into defusers values (‘ART’,”,’665168849666C4F3′);
     insert into defusers values (‘ASF’,”,’B6FD427D08619EEE’);
     insert into defusers values (‘ASG’,”,’1EF8D8BD87CF16BE’);
     insert into defusers values (‘ASL’,”,’03B20D2C323D0BFE’);
     insert into defusers values (‘ASN’,”,’1EE6AEBD9A23D4E0′);
     insert into defusers values (‘ASO’,”,’F712D80109E3C9D8′);
     insert into defusers values (‘ASP’,”,’CF95D2C6C85FF513′);
     insert into defusers values (‘AST’,”,’F13FF949563EAB3C’);
     insert into defusers values (‘AUC_GUEST’,”,’8A59D349DAEC26F7′);
     insert into defusers values (‘AURORA$ORB$UNAUTHENTICATED’,”,’80C099F0EADF877E’);
     insert into defusers values (‘AUTHORIA’,”,’CC78120E79B57093′);
     insert into defusers values (‘AX’,”,’0A8303530E86FCDD’);
     insert into defusers values (‘AZ’,”,’AAA18B5D51B0D5AC’);
     insert into defusers values (‘B2B’,”,’CC387B24E013C616′);
     insert into defusers values (‘BAM’,”,’031091A1D1A30061′);
     insert into defusers values (‘BCA1′,”,’398A69209360BD9D’);
     insert into defusers values (‘BCA2′,”,’801D9C90EBC89371′);
     insert into defusers values (‘BEN’,”,’9671866348E03616′);
     insert into defusers values (‘BIC’,”,’E84CC95CBBAC1B67′);
     insert into defusers values (‘BIL’,”,’BF24BCE2409BE1F7′);
     insert into defusers values (‘BIM’,”,’6026F9A8A54B9468′);
     insert into defusers values (‘BIS’,”,’7E9901882E5F3565′);
     insert into defusers values (‘BIV’,”,’2564B34BE50C2524′);
     insert into defusers values (‘BIX’,”,’3DD36935EAEDE2E3′);
     insert into defusers values (‘BLAKE’,”,’9435F2E60569158E’);
     insert into defusers values (‘BMEADOWS’,”,’2882BA3D3EE1F65A’);
     insert into defusers values (‘BNE’,”,’080B5C7EE819BF78′);
     insert into defusers values (‘BOM’,”,’56DB3E89EAE5788E’);
     insert into defusers values (‘BP01′,”,’612D669D2833FACD’);
     insert into defusers values (‘BP02′,”,’FCE0C089A3ECECEE’);
     insert into defusers values (‘BP03′,”,’0723FFEEFBA61545′);
     insert into defusers values (‘BP04′,”,’E5797698E0F8934E’);
     insert into defusers values (‘BP05′,”,’58FFC821F778D7E9′);
     insert into defusers values (‘BP06′,”,’2F358909A4AA6059′);
     insert into defusers values (‘BSC’,”,’EC481FD7DCE6366A’);
     insert into defusers values (‘BUYACCT’,”,’D6B388366ECF2F61′);
     insert into defusers values (‘BUYAPPR1′,”,’CB04931693309228′);
     insert into defusers values (‘BUYAPPR2′,”,’3F98A3ADC037F49C’);
     insert into defusers values (‘BUYAPPR3′,”,’E65D8AD3ACC23DA3′);
     insert into defusers values (‘BUYER’,”,’547BDA4286A2ECAE’);
     insert into defusers values (‘BUYMTCH’,”,’0DA5E3B504CC7497′);
     insert into defusers values (‘CAMRON’,”,’4384E3F9C9C9B8F1′);
     insert into defusers values (‘CANDICE’,”,’CF458B3230215199′);
     insert into defusers values (‘CARL’,”,’99ECCC664FFDFEA2′);
     insert into defusers values (‘CARLY’,”,’F7D90C099F9097F1′);
     insert into defusers values (‘CARMEN’,”,’46E23E1FD86A4277′);
     insert into defusers values (‘CARRIECONYERS’,”,’9BA83B1E43A5885B’);
     insert into defusers values (‘CATADMIN’,”,’AF9AB905347E004F’);
     insert into defusers values (‘CE’,”,’E7FDFE26A524FE39′);
     insert into defusers values (‘CEASAR’,”,’E69833B8205D5DD7′);
     insert into defusers values (‘CENTRA’,”,’63BF5FFE5E3EA16D’);
     insert into defusers values (‘CFD’,”,’667B018D4703C739′);
     insert into defusers values (‘CHANDRA’,”,’184503FA7786C82D’);
     insert into defusers values (‘CHARLEY’,”,’E500DAA705382E8D’);
     insert into defusers values (‘CHRISBAKER’,”,’52AFB6B3BE485F81′);
     insert into defusers values (‘CHRISTIE’,”,’C08B79CCEC43E798′);
     insert into defusers values (‘CINDY’,”,’3AB2C717D1BD0887′);
     insert into defusers values (‘CLARK’,”,’74DF527800B6D713′);
     insert into defusers values (‘CLAUDE’,”,’C6082BCBD0B69D20′);
     insert into defusers values (‘CLARK’,”,’7AAFE7D01511D73F’);
     insert into defusers values (‘CLINT’,”,’163FF8CCB7F11691′);
     insert into defusers values (‘CLN’,”,’A18899D42066BFCA’);
     insert into defusers values (‘CN’,”,’73F284637A54777D’);
     insert into defusers values (‘CNCADMIN’,”,’C7C8933C678F7BF9′);
     insert into defusers values (‘CONNIE’,”,’982F4C420DD38307′);
     insert into defusers values (‘CONNOR’,”,’52875AEB74008D78′);
     insert into defusers values (‘CORY’,”,’93CE4CCE632ADCD2′);
     insert into defusers values (‘CRM1′,”,’6966EA64B0DFC44E’);
     insert into defusers values (‘CRM2′,”,’B041F3BEEDA87F72′);
     insert into defusers values (‘CRP’,”,’F165BDE5462AD557′);
     insert into defusers values (‘CRPB733′,”,’2C9AB93FF2999125′);
     insert into defusers values (‘CRPCTL’,”,’4C7A200FB33A531D’);
     insert into defusers values (‘CRPDTA’,”,’6665270166D613BC’);
     insert into defusers values (‘CS’,”,’DB78866145D4E1C3′);
     insert into defusers values (‘CSADMIN’,”,’94327195EF560924′);
     insert into defusers values (‘CSAPPR1′,”,’47D841B5A01168FF’);
     insert into defusers values (‘CSC’,”,’EDECA9762A8C79CD’);
     insert into defusers values (‘CSD’,”,’144441CEBAFC91CF’);
     insert into defusers values (‘CSDUMMY’,”,’7A587C459B93ACE4′);
     insert into defusers values (‘CSE’,”,’D8CC61E8F42537DA’);
     insert into defusers values (‘CSF’,”,’684E28B3C899D42C’);
     insert into defusers values (‘CSI’,”,’71C2B12C28B79294′);
     insert into defusers values (‘CSL’,”,’C4D7FE062EFB85AB’);
     insert into defusers values (‘CSM’,”,’94C24FC0BE22F77F’);
     insert into defusers values (‘CSMIG’,”,’09B4BB013FBD0D65′);
     insert into defusers values (‘CSP’,”,’5746C5E077719DB4′);
     insert into defusers values (‘CSR’,”,’0E0F7C1B1FE3FA32′);
     insert into defusers values (‘CSS’,”,’3C6B8C73DDC6B04F’);
     insert into defusers values (‘CTXDEMO’,”,’CB6B5E9D9672FE89′);
     insert into defusers values (‘CTXSYS’,”,’24ABAB8B06281B4C’);
     insert into defusers values (‘CTXTEST’,”,’064717C317B551B6′);
     insert into defusers values (‘CTXSYS’,”,’71E687F036AD56E5′);
     insert into defusers values (‘CUA’,”,’CB7B2E6FFDD7976F’);
     insert into defusers values (‘CUE’,”,’A219FE4CA25023AA’);
     insert into defusers values (‘CUF’,”,’82959A9BD2D51297′);
     insert into defusers values (‘CUG’,”,’21FBCADAEAFCC489′);
     insert into defusers values (‘CUI’,”,’AD7862E01FA80912′);
     insert into defusers values (‘CUN’,”,’41C2D31F3C85A79D’);
     insert into defusers values (‘CUP’,”,’C03082CD3B13EC42′);
     insert into defusers values (‘CUS’,”,’00A12CC6EBF8EDB8′);
     insert into defusers values (‘CZ’,”,’9B667E9C5A0D21A6′);
     insert into defusers values (‘DAVIDMORGAN’,”,’B717BAB262B7A070′);
     insert into defusers values (‘DBSNMP’,”,’E066D214D5421CCC’);
     insert into defusers values (‘DCM’,”,’45CCF86E1058D3A5′);
     insert into defusers values (‘DD7333′,”,’44886308CF32B5D4′);
     insert into defusers values (‘DD7334′,”,’D7511E19D9BD0F90′);
     insert into defusers values (‘DD810′,”,’0F9473D8D8105590′);
     insert into defusers values (‘DD811′,”,’D8084AE609C9A2FD’);
     insert into defusers values (‘DD812′,”,’AB71915CF21E849E’);
     insert into defusers values (‘DD9′,”,’E81821D03070818C’);
     insert into defusers values (‘DDB733′,”,’7D11619CEE99DE12′);
     insert into defusers values (‘DDD’,”,’6CB03AF4F6DD133D’);
     insert into defusers values (‘DEMO8′,”,’0E7260738FDFD678′);
     insert into defusers values (‘DES’,”,’ABFEC5AC2274E54D’);
     insert into defusers values (‘DES2K’,”,’611E7A73EC4B425A’);
     insert into defusers values (‘DEV2000_DEMOS’,”,’18A0C8BD6B13BEE2′);
     insert into defusers values (‘DEVB733′,”,’7500DF89DC99C057′);
     insert into defusers values (‘DEVUSER’,”,’C10B4A80D00CA7A5′);
     insert into defusers values (‘DGRAY’,”,’5B76A1EB8F212B85′);
     insert into defusers values (‘DIP’,”,’CE4A36B8E06CA59C’);
     insert into defusers values (‘DISCOVERER5′,”,’AF0EDB66D914B731′);
     insert into defusers values (‘DKING’,”,’255C2B0E1F0912EA’);
     insert into defusers values (‘DLD’,”,’4454B932A1E0E320′);
     insert into defusers values (‘DMADMIN’,”,’E6681A8926B40826′);
     insert into defusers values (‘DMATS’,”,’8C692701A4531286′);
     insert into defusers values (‘DMS’,”,’1351DC7ED400BD59′);
     insert into defusers values (‘DMSYS’,”,’BFBA5A553FD9E28A’);
     insert into defusers values (‘DOM’,”,’51C9F2BECA78AE0E’);
     insert into defusers values (‘DPOND’,”,’79D6A52960EEC216′);
     insert into defusers values (‘DSGATEWAY’,”,’6869F3CFD027983A’);
     insert into defusers values (‘DV7333′,”,’36AFA5CD674BA841′);
     insert into defusers values (‘DV7334′,”,’473B568021BDB428′);
     insert into defusers values (‘DV810′,”,’52C38F48C99A0352′);
     insert into defusers values (‘DV811′,”,’B6DC5AAB55ECB66C’);
     insert into defusers values (‘DV812′,”,’7359E6E060B945BA’);
     insert into defusers values (‘DV9′,”,’07A1D03FD26E5820′);
     insert into defusers values (‘DVP1′,”,’0559A0D3DE0759A6′);
     insert into defusers values (‘EAA’,”,’A410B2C5A0958CDF’);
     insert into defusers values (‘EAM’,”,’CE8234D92FCFB563′);
     insert into defusers values (‘EC’,”,’6A066C462B62DD46′);
     insert into defusers values (‘ECX’,”,’0A30645183812087′);
     insert into defusers values (‘EDR’,”,’5FEC29516474BB3A’);
     insert into defusers values (‘EDWEUL_US’,”,’5922BA2E72C49787′);
     insert into defusers values (‘EDWREP’,”,’79372B4AB748501F’);
     insert into defusers values (‘EGC1′,”,’D78E0F2BE306450D’);
     insert into defusers values (‘EGD1′,”,’DA6D6F2089885BA6′);
     insert into defusers values (‘EGM1′,”,’FB949D5E4B5255C0′);
     insert into defusers values (‘EGO’,”,’B9D919E5F5A9DA71′);
     insert into defusers values (‘EGR1′,”,’BB636336ADC5824A’);
     insert into defusers values (‘END1′,”,’688499930C210B75′);
     insert into defusers values (‘ENG’,”,’4553A3B443FB3207′);
     insert into defusers values (‘ENI’,”,’05A92C0958AFBCBC’);
     insert into defusers values (‘ENM1′,”,’3BDABFD1246BFEA2′);
     insert into defusers values (‘ENS1′,”,’F68A5D0D6D2BB25B’);
     insert into defusers values (‘ENTMGR_CUST’,”,’45812601EAA2B8BD’);
     insert into defusers values (‘ENTMGR_PRO’,”,’20002682991470B3′);
     insert into defusers values (‘ENTMGR_TRAIN’,”,’BE40A3BE306DD857′);
     insert into defusers values (‘EOPP_PORTALADM’,”,’B60557FD8C45005A’);
     insert into defusers values (‘EOPP_PORTALMGR’,”,’9BB3CF93F7DE25F1′);
     insert into defusers values (‘EOPP_USER’,”,’13709991FC4800A1′);
     insert into defusers values (‘EUL_US’,”,’28AEC22561414B29′);
     insert into defusers values (‘EVM’,”,’137CEDC20DE69F71′);
     insert into defusers values (‘EXA1′,”,’091BCD95EE112EE3′);
     insert into defusers values (‘EXA2′,”,’E4C0A21DBD06B890′);
     insert into defusers values (‘EXA3′,”,’40DC4FA801A73560′);
     insert into defusers values (‘EXA4′,”,’953885D52BDF5C86′);
     insert into defusers values (‘EXFSYS’,”,’66F4EF5650C20355′);
     insert into defusers values (‘EXS1′,”,’C5572BAB195817F0′);
     insert into defusers values (‘EXS2′,”,’8FAA3AC645793562′);
     insert into defusers values (‘EXS3′,”,’E3050174EE1844BA’);
     insert into defusers values (‘EXS4′,”,’E963BFE157475F7D’);
     insert into defusers values (‘FA’,”,’21A837D0AED8F8E5′);
     insert into defusers values (‘FEM’,”,’BD63D79ADF5262E7′);
     insert into defusers values (‘FIA1′,”,’2EB76E07D3E094EC’);
     insert into defusers values (‘FII’,”,’CF39DE29C08F71B9′);
     insert into defusers values (‘FLM’,”,’CEE2C4B59E7567A3′);
     insert into defusers values (‘FNI1′,”,’308839029D04F80C’);
     insert into defusers values (‘FNI2′,”,’05C69C8FEAB4F0B9′);
     insert into defusers values (‘FPA’,”,’9FD6074B9FD3754C’);
     insert into defusers values (‘FPT’,”,’73E3EC9C0D1FAECF’);
     insert into defusers values (‘FRM’,”,’9A2A7E2EBE6E4F71′);
     insert into defusers values (‘FTA1′,”,’65FF9AB3A49E8A13′);
     insert into defusers values (‘FTE’,”,’2FB4D2C9BAE2CCCA’);
     insert into defusers values (‘FUN’,”,’8A7055CA462DB219′);
     insert into defusers values (‘FV’,”,’907D70C0891A85B1′);
     insert into defusers values (‘FVP1′,”,’6CC7825EADF994E8′);
     insert into defusers values (‘GALLEN’,”,’F8E8ED9F15842428′);
     insert into defusers values (‘GCA1′,”,’47DA9864E018539B’);
     insert into defusers values (‘GCA2′,”,’FD6E06F7DD50E868′);
     insert into defusers values (‘GCA3′,”,’4A4B9C2E9624C410′);
     insert into defusers values (‘GCA9′,”,’48A7205A4C52D6B5′);
     insert into defusers values (‘GCMGR1′,”,’14A1C1A08EA915D6′);
     insert into defusers values (‘GCMGR2′,”,’F4F11339A4221A4D’);
     insert into defusers values (‘GCMGR3′,”,’320F0D4258B9D190′);
     insert into defusers values (‘GCS’,”,’7AE34CA7F597EBF7′);
     insert into defusers values (‘GCS1′,”,’2AE8E84D2400E61D’);
     insert into defusers values (‘GCS2′,”,’C242D2B83162FF3D’);
     insert into defusers values (‘GCS3′,”,’DCCB4B49C68D77E2′);
     insert into defusers values (‘GEORGIAWINE’,”,’F05B1C50A1C926DE’);
     insert into defusers values (‘GL’,”,’CD6E99DACE4EA3A6′);
     insert into defusers values (‘GLA1′,”,’86C88007729EB36F’);
     insert into defusers values (‘GLA2′,”,’807622529F170C02′);
     insert into defusers values (‘GLA3′,”,’863A20A4EFF7386B’);
     insert into defusers values (‘GLA4′,”,’DB882CF89A758377′);
     insert into defusers values (‘GLS1′,”,’7485C6BD564E75D1′);
     insert into defusers values (‘GLS2′,”,’319E08C55B04C672′);
     insert into defusers values (‘GLS3′,”,’A7699C43BB136229′);
     insert into defusers values (‘GLS4′,”,’7C171E6980BE2DB9′);
     insert into defusers values (‘GM_AWDA’,”,’4A06A107E7A3BB10′);
     insert into defusers values (‘GM_COPI’,”,’03929AE296BAAFF2′);
     insert into defusers values (‘GM_DPHD’,”,’0519252EDF68FA86′);
     insert into defusers values (‘GM_MLCT’,”,’24E8B569E8D1E93E’);
     insert into defusers values (‘GM_PLADMA’,”,’2946218A27B554D8′);
     insert into defusers values (‘GM_PLADMH’,”,’2F6EDE96313AF1B7′);
     insert into defusers values (‘GM_PLCCA’,”,’7A99244B545A038D’);
     insert into defusers values (‘GM_PLCCH’,”,’770D9045741499E6′);
     insert into defusers values (‘GM_PLCOMA’,”,’91524D7DE2B789A8′);
     insert into defusers values (‘GM_PLCOMH’,”,’FC1C6E0864BF0AF2′);
     insert into defusers values (‘GM_PLCONA’,”,’1F531397B19B1E05′);
     insert into defusers values (‘GM_PLCONH’,”,’C5FE216EB8FCD023′);
     insert into defusers values (‘GM_PLNSCA’,”,’DB9DD2361D011A30′);
     insert into defusers values (‘GM_PLNSCH’,”,’C80D557351110D51′);
     insert into defusers values (‘GM_PLSCTA’,”,’3A778986229BA20C’);
     insert into defusers values (‘GM_PLSCTH’,”,’9E50865473B63347′);
     insert into defusers values (‘GM_PLVET’,”,’674885FDB93D34B9′);
     insert into defusers values (‘GM_SPO’,”,’E57D4BD77DAF92F0′);
     insert into defusers values (‘GM_STKH’,”,’C498A86BE2663899′);
     insert into defusers values (‘GMA’,”,’DC7948E807DFE242′);
     insert into defusers values (‘GMD’,”,’E269165256F22F01′);
     insert into defusers values (‘GME’,”,’B2F0E221F45A228F’);
     insert into defusers values (‘GMF’,”,’A07F1956E3E468E1′);
     insert into defusers values (‘GMI’,”,’82542940B0CF9C16′);
     insert into defusers values (‘GML’,”,’5F1869AD455BBA73′);
     insert into defusers values (‘GMP’,”,’450793ACFCC7B58E’);
     insert into defusers values (‘GMS’,”,’E654261035504804′);
     insert into defusers values (‘GR’,”,’F5AB0AA3197AEE42′);
     insert into defusers values (‘GUEST’,”,’1C0A090E404CECD0′);
     insert into defusers values (‘HCC’,”,’25A25A7FEFAC17B6′);
     insert into defusers values (‘HHCFO’,”,’62DF37933FB35E9F’);
     insert into defusers values (‘HR’,”,’4C6D73C3E8B0F0DA’);
     insert into defusers values (‘HRI’,”,’49A3A09B8FC291D0′);
     insert into defusers values (‘HXC’,”,’4CEA0BF02214DA55′);
     insert into defusers values (‘HXT’,”,’169018EB8E2C4A77′);
     insert into defusers values (‘IA’,”,’42C7EAFBCEEC09CC’);
     insert into defusers values (‘IBA’,”,’0BD475D5BF449C63′);
     insert into defusers values (‘IBC’,”,’9FB08604A30A4951′);
     insert into defusers values (‘IBE’,”,’9D41D2B3DD095227′);
     insert into defusers values (‘IBP’,”,’840267B7BD30C82E’);
     insert into defusers values (‘IBU’,”,’0AD9ABABC74B3057′);
     insert into defusers values (‘IBY’,”,’F483A48F6A8C51EC’);
     insert into defusers values (‘ICX’,”,’7766E887AF4DCC46′);
     insert into defusers values (‘IEB’,”,’A695699F0F71C300′);
     insert into defusers values (‘IEC’,”,’CA39F929AF0A2DEC’);
     insert into defusers values (‘IEM’,”,’37EF7B2DD17279B5′);
     insert into defusers values (‘IEO’,”,’E93196E9196653F1′);
     insert into defusers values (‘IES’,”,’30802533ADACFE14′);
     insert into defusers values (‘IEU’,”,’5D0E790B9E882230′);
     insert into defusers values (‘IEX’,”,’6CC978F56D21258D’);
     insert into defusers values (‘IGC’,”,’D33CEB8277F25346′);
     insert into defusers values (‘IGF’,”,’1740079EFF46AB81′);
     insert into defusers values (‘IGI’,”,’8C69D50E9D92B9D0′);
     insert into defusers values (‘IGS’,”,’DAF602231281B5AC’);
     insert into defusers values (‘IGW’,”,’B39565F4E3CF744B’);
     insert into defusers values (‘IMC’,”,’C7D0B9CDE0B42C73′);
     insert into defusers values (‘IMT’,”,’E4AAF998653C9A72′);
     insert into defusers values (‘INS1′,”,’2ADC32A0B154F897′);
     insert into defusers values (‘INS2′,”,’EA372A684B790E2A’);
     insert into defusers values (‘INTERNET_APPSERVER_REGISTRY’,”,’A1F98A977FFD73CD’);
     insert into defusers values (‘INV’,”,’ACEAB015589CF4BC’);
     insert into defusers values (‘IP’,”,’D29012C144B58A40′);
     insert into defusers values (‘IPA’,”,’EB265A08759A15B4′);
     insert into defusers values (‘IPD’,”,’066A2E3072C1F2F3′);
     insert into defusers values (‘ISC’,”,’373F527DC0CFAE98′);
     insert into defusers values (‘ISTEWARD’,”,’8735CA4085DE3EEA’);
     insert into defusers values (‘ITG’,”,’D90F98746B68E6CA’);
     insert into defusers values (‘JA’,”,’9AC2B58153C23F3D’);
     insert into defusers values (‘JD7333′,”,’FB5B8A12AE623D52′);
     insert into defusers values (‘JD7334′,”,’322810FCE43285D9′);
     insert into defusers values (‘JD9′,”,’9BFAEC92526D027B’);
     insert into defusers values (‘JDE’,”,’7566DC952E73E869′);
     insert into defusers values (‘JDEDBA’,”,’B239DD5313303B1D’);
     insert into defusers values (‘JE’,”,’FBB3209FD6280E69′);
     insert into defusers values (‘JG’,”,’37A99698752A1CF1′);
     insert into defusers values (‘JL’,”,’489B61E488094A8D’);
     insert into defusers values (‘JOHNINARI’,”,’B3AD4DA00F9120CE’);
     insert into defusers values (‘JONES’,”,’B9E99443032F059D’);
     insert into defusers values (‘JTF’,”,’5C5F6FC2EBB94124′);
     insert into defusers values (‘JTI’,”,’B8F03D3E72C96F71′);
     insert into defusers values (‘JTM’,”,’6D79A2259D5B4B5A’);
     insert into defusers values (‘JTR’,”,’B4E2BE38B556048F’);
     insert into defusers values (‘JTS’,”,’4087EE6EB7F9CD7C’);
     insert into defusers values (‘JUNK_PS’,”,’BBC38DB05D2D3A7A’);
     insert into defusers values (‘JUSTOSHUM’,”,’53369CD63902FAAA’);
     insert into defusers values (‘KELLYJONES’,”,’DD4A3FF809D2A6CF’);
     insert into defusers values (‘KEVINDONS’,”,’7C6D9540B45BBC39′);
     insert into defusers values (‘KPN’,”,’DF0AED05DE318728′);
     insert into defusers values (‘LADAMS’,”,’AE542B99505CDCD2′);
     insert into defusers values (‘LBA’,”,’18E5E15A436E7157′);
     insert into defusers values (‘LBACSYS’,”,’AC9700FD3F1410EB’);
     insert into defusers values (‘LDQUAL’,”,’1274872AB40D4FCD’);
     insert into defusers values (‘LHILL’,”,’E70CA2CA0ED555F5′);
     insert into defusers values (‘LNS’,”,’F8D2BC61C10941B2′);
     insert into defusers values (‘LQUINCY’,”,’13F9B9C1372A41B6′);
     insert into defusers values (‘LSA’,”,’2D5E6036E3127B7E’);
     insert into defusers values (‘MDDATA’,”,’DF02A496267DEE66′);
     insert into defusers values (‘MDSYS’,”,’72979A94BAD2AF80′);
     insert into defusers values (‘ME’,”,’E5436F7169B29E4D’);
     insert into defusers values (‘MDSYS’,”,’9AAEB2214DCC9A31′);
     insert into defusers values (‘MFG’,”,’FC1B0DD35E790847′);
     insert into defusers values (‘MGR1′,”,’E013305AB0185A97′);
     insert into defusers values (‘MGR2′,”,’5ADE358F8ACE73E8′);
     insert into defusers values (‘MGR3′,”,’05C365C883F1251A’);
     insert into defusers values (‘MGR4′,”,’E229E942E8542565′);
     insert into defusers values (‘MIKEIKEGAMI’,”,’AAF7A168C83D5C47′);
     insert into defusers values (‘MJONES’,”,’EE7BB3FEA50A21C5′);
     insert into defusers values (‘MLAKE’,”,’7EC40274AC1609CA’);
     insert into defusers values (‘MM1′,”,’4418294570E152E7′);
     insert into defusers values (‘MM2′,”,’C06B5B28222E1E62′);
     insert into defusers values (‘MM3′,”,’A975B1BD0C093DA3′);
     insert into defusers values (‘MM4′,”,’88256901EB03A012′);
     insert into defusers values (‘MM5′,”,’4CEA62CBE776DCEC’);
     insert into defusers values (‘MMARTIN’,”,’D52F60115FE87AA4′);
     insert into defusers values (‘MOBILEADMIN’,”,’253922686A4A45CC’);
     insert into defusers values (‘MRP’,”,’B45D4DF02D4E0C85′);
     insert into defusers values (‘MSC’,”,’89A8C104725367B2′);
     insert into defusers values (‘MSD’,”,’6A29482069E23675′);
     insert into defusers values (‘MSO’,”,’3BAA3289DB35813C’);
     insert into defusers values (‘MSR’,”,’C9D53D00FE77D813′);
     insert into defusers values (‘MST’,”,’A96D2408F62BE1BC’);
     insert into defusers values (‘MWA’,”,’1E2F06BE2A1D41A6′);
     insert into defusers values (‘NEILKATSU’,”,’1F625BB9FEBC7617′);
     insert into defusers values (‘OBJ7333′,”,’D7BDC9748AFEDB52′);
     insert into defusers values (‘OBJ7334′,”,’EB6C5E9DB4643CAC’);
     insert into defusers values (‘OBJB733′,”,’61737A9F7D54EF5F’);
     insert into defusers values (‘OCA’,”,’9BC450E4C6569492′);
     insert into defusers values (‘ODM’,”,’C252E8FA117AF049′);
     insert into defusers values (‘ODM_MTR’,”,’A7A32CD03D3CE8D5′);
     insert into defusers values (‘ODS’,”,’89804494ADFC71BC’);
     insert into defusers values (‘ODSCOMMON’,”,’59BBED977430C1A8′);
     insert into defusers values (‘OE’,”,’D1A2DFC623FDA40A’);
     insert into defusers values (‘OKB’,”,’A01A5F0698FC9E31′);
     insert into defusers values (‘OKC’,”,’31C1DDF4D5D63FE6′);
     insert into defusers values (‘OKE’,”,’B7C1BB95646C16FE’);
     insert into defusers values (‘OKI’,”,’991C817E5FD0F35A’);
     insert into defusers values (‘OKL’,”,’DE058868E3D2B966′);
     insert into defusers values (‘OKO’,”,’6E204632EC7CA65D’);
     insert into defusers values (‘OKR’,”,’BB0E28666845FCDC’);
     insert into defusers values (‘OKS’,”,’C2B4C76AB8257DF5′);
     insert into defusers values (‘OKX’,”,’F9FDEB0DE52F5D6B’);
     insert into defusers values (‘OL810′,”,’E2DA59561CBD0296′);
     insert into defusers values (‘OL811′,”,’B3E88767A01403F8′);
     insert into defusers values (‘OL812′,”,’AE8C7989346785BA’);
     insert into defusers values (‘OL9′,”,’17EC83E44FB7DB5B’);
     insert into defusers values (‘OLAPSYS’,”,’3FB8EF9DB538647C’);
     insert into defusers values (‘ONT’,”,’9E3C81574654100A’);
     insert into defusers values (‘OPI’,”,’1BF23812A0AEEDA0′);
     insert into defusers values (‘ORABAM’,”,’D0A4EA93EF21CE25′);
     insert into defusers values (‘ORABAMSAMPLES’,”,’507F11063496F222′);
     insert into defusers values (‘ORABPEL’,”,’26EFDE0C9C051988′);
     insert into defusers values (‘ORAESB’,”,’CC7FCCB3A1719EDA’);
     insert into defusers values (‘ORAOCA_PUBLIC’,”,’FA99021634DDC111′);
     insert into defusers values (‘ORASAGENT’,”,’234B6F4505AD8F25′);
     insert into defusers values (‘ORASSO’,”,’F3701A008AA578CF’);
     insert into defusers values (‘ORASSO_DS’,”,’17DC8E02BC75C141′);
     insert into defusers values (‘ORASSO_PA’,”,’133F8D161296CB8F’);
     insert into defusers values (‘ORASSO_PS’,”,’63BB534256053305′);
     insert into defusers values (‘ORASSO_PUBLIC’,”,’C6EED68A8F75F5D3′);
     insert into defusers values (‘ORDPLUGINS’,”,’88A2B2C183431F00′);
     insert into defusers values (‘ORDSYS’,”,’7EFA02EC7EA6B86F’);
     insert into defusers values (‘OSM’,”,’106AE118841A5D8C’);
     insert into defusers values (‘OTA’,”,’F5E498AC7009A217′);
     insert into defusers values (‘OUTLN’,”,’4A3BA55E08595C81′);
     insert into defusers values (‘OWAPUB’,”,’6696361B64F9E0A9′);
     insert into defusers values (‘OWF_MGR’,”,’3CBED37697EB01D1′);
     insert into defusers values (‘OZF’,”,’970B962D942D0C75′);
     insert into defusers values (‘OZP’,”,’B650B1BB35E86863′);
     insert into defusers values (‘OZS’,”,’0DABFF67E0D33623′);
     insert into defusers values (‘PA’,”,’8CE2703752DB36D8′);
     insert into defusers values (‘PABLO’,”,’5E309CB43FE2C2FF’);
     insert into defusers values (‘PAIGE’,”,’02B6B704DFDCE620′);
     insert into defusers values (‘PAM’,”,’1383324A0068757C’);
     insert into defusers values (‘PARRISH’,”,’79193FDACFCE46F6′);
     insert into defusers values (‘PARSON’,”,’AE28B2BD64720CD7′);
     insert into defusers values (‘PAT’,”,’DD20769D59F4F7BF’);
     insert into defusers values (‘PATORILY’,”,’46B7664BD15859F9′);
     insert into defusers values (‘PATRICKSANCHEZ’,”,’47F74BD3AD4B5F0A’);
     insert into defusers values (‘PATSY’,”,’4A63F91FEC7980B7′);
     insert into defusers values (‘PAUL’,”,’35EC0362643ADD3F’);
     insert into defusers values (‘PAULA’,”,’BB0DC58A94C17805′);
     insert into defusers values (‘PAXTON’,”,’4EB5D8FAD3434CCC’);
     insert into defusers values (‘PCA1′,”,’8B2E303DEEEEA0C0′);
     insert into defusers values (‘PCA2′,”,’7AD6CE22462A5781′);
     insert into defusers values (‘PCA3′,”,’B8194D12FD4F537D’);
     insert into defusers values (‘PCA4′,”,’83AD05F1D0B0C603′);
     insert into defusers values (‘PCS1′,”,’2BE6DD3D1DEA4A16′);
     insert into defusers values (‘PCS2′,”,’78117145145592B1′);
     insert into defusers values (‘PCS3′,”,’F48449F028A065B1′);
     insert into defusers values (‘PCS4′,”,’E1385509C0B16BED’);
     insert into defusers values (‘PD7333′,”,’5FFAD8604D9DC00F’);
     insert into defusers values (‘PD7334′,”,’CDCF262B5EE254E1′);
     insert into defusers values (‘PD810′,”,’EB04A177A74C6BCB’);
     insert into defusers values (‘PD811′,”,’3B3C0EFA4F20AC37′);
     insert into defusers values (‘PD812′,”,’E73A81DB32776026′);
     insert into defusers values (‘PD9′,”,’CACEB3F9EA16B9B7′);
     insert into defusers values (‘PDA1′,”,’C7703B70B573D20F’);
     insert into defusers values (‘PEARL’,”,’E0AFD95B9EBD0261′);
     insert into defusers values (‘PEG’,”,’20577ED9A8DB8D22′);
     insert into defusers values (‘PENNY’,”,’BB6103E073D7B811′);
     insert into defusers values (‘PEOPLE’,”,’613459773123B38A’);
     insert into defusers values (‘PERCY’,”,’EB9E8B33A2DDFD11′);
     insert into defusers values (‘PERRY’,”,’D62B14B93EE176B6′);
     insert into defusers values (‘PETE’,”,’4040619819A9C76E’);
     insert into defusers values (‘PEYTON’,”,’B7127140004677FC’);
     insert into defusers values (‘PHIL’,”,’181446AE258EE2F6′);
     insert into defusers values (‘PJI’,”,’5024B1B412CD4AB9′);
     insert into defusers values (‘PJM’,”,’021B05DBB892D11F’);
     insert into defusers values (‘PM’,”,’72E382A52E89575A’);
     insert into defusers values (‘PMI’,”,’A7F7978B21A6F65E’);
     insert into defusers values (‘PN’,”,’D40D0FEF9C8DC624′);
     insert into defusers values (‘PO’,”,’355CBEC355C10FEF’);
     insert into defusers values (‘POA’,”,’2AB40F104D8517A0′);
     insert into defusers values (‘POLLY’,”,’ABC770C112D23DBE’);
     insert into defusers values (‘POM’,”,’123CF56E05D4EF3C’);
     insert into defusers values (‘PON’,”,’582090FD3CC44DA3′);
     insert into defusers values (‘PORTAL’,”,’A96255A27EC33614′);
     insert into defusers values (‘PORTAL_APP’,”,’831A79AFB0BD29EC’);
     insert into defusers values (‘PORTAL_DEMO’,”,’A0A3A6A577A931A3′);
     insert into defusers values (‘PORTAL_PUBLIC’,”,’70A9169655669CE8′);
     insert into defusers values (‘PORTAL30′,”,’969F9C3839672C6D’);
     insert into defusers values (‘PORTAL30_DEMO’,”,’CFD1302A7F832068′);
     insert into defusers values (‘PORTAL30_PUBLIC’,”,’42068201613CA6E2′);
     insert into defusers values (‘PORTAL30_SSO’,”,’882B80B587FCDBC8′);
     insert into defusers values (‘PORTAL30_SSO_PS’,”,’F2C3DC8003BC90F8′);
     insert into defusers values (‘PORTAL30_SSO_PUBLIC’,”,’98741BDA2AC7FFB2′);
     insert into defusers values (‘POS’,”,’6F6675F272217CF7′);
     insert into defusers values (‘PPM1′,”,’AA4AE24987D0E84B’);
     insert into defusers values (‘PPM2′,”,’4023F995FF78077C’);
     insert into defusers values (‘PPM3′,”,’12F56FADDA87BBF9′);
     insert into defusers values (‘PPM4′,”,’84E17CB7A3B0E769′);
     insert into defusers values (‘PPM5′,”,’804C159C660F902C’);
     insert into defusers values (‘PRISTB733′,”,’1D1BCF8E03151EF5′);
     insert into defusers values (‘PRISTCTL’,”,’78562A983A2F78FB’);
     insert into defusers values (‘PRISTDTA’,”,’3FCBC379C8FE079C’);
     insert into defusers values (‘PRODB733′,”,’9CCD49EB30CB80C4′);
     insert into defusers values (‘PRODCTL’,”,’E5DE2F01529AE93C’);
     insert into defusers values (‘PRODDTA’,”,’2A97CD2281B256BA’);
     insert into defusers values (‘PRODUSER’,”,’752E503EFBF2C2CA’);
     insert into defusers values (‘PROJMFG’,”,’34D61E5C9BC7147E’);
     insert into defusers values (‘PRP’,”,’C1C4328F8862BC16′);
     insert into defusers values (‘PS’,”,’0AE52ADF439D30BD’);
     insert into defusers values (‘PS810′,”,’90C0BEC7CA10777E’);
     insert into defusers values (‘PS810CTL’,”,’D32CCE5BDCD8B9F9′);
     insert into defusers values (‘PS810DTA’,”,’AC0B7353A58FC778′);
     insert into defusers values (‘PS811′,”,’B5A174184403822F’);
     insert into defusers values (‘PS811CTL’,”,’18EDE0C5CCAE4C5A’);
     insert into defusers values (‘PS811DTA’,”,’7961547C7FB96920′);
     insert into defusers values (‘PS812′,”,’39F0304F007D92C8′);
     insert into defusers values (‘PS812CTL’,”,’E39B1CE3456ECBE5′);
     insert into defusers values (‘PS812DTA’,”,’3780281C933FE164′);
     insert into defusers values (‘PSA’,”,’FF4B266F9E61F911′);
     insert into defusers values (‘PSB’,”,’28EE1E024FC55E66′);
     insert into defusers values (‘PSBASS’,”,’F739804B718D4406′);
     insert into defusers values (‘PSEM’,”,’40ACD8C0F1466A57′);
     insert into defusers values (‘PSFT’,”,’7B07F6F3EC08E30D’);
     insert into defusers values (‘PSFTDBA’,”,’E1ECD83073C4E134′);
     insert into defusers values (‘PSP’,”,’4FE07360D435E2F0′);
     insert into defusers values (‘PTADMIN’,”,’4C35813E45705EBA’);
     insert into defusers values (‘PTCNE’,”,’463AEFECBA55BEE8′);
     insert into defusers values (‘PTDMO’,”,’251D71390034576A’);
     insert into defusers values (‘PTE’,”,’380FDDB696F0F266′);
     insert into defusers values (‘PTESP’,”,’5553404C13601916′);
     insert into defusers values (‘PTFRA’,”,’A360DAD317F583E3′);
     insert into defusers values (‘PTG’,”,’7AB0D62E485C9A3D’);
     insert into defusers values (‘PTGER’,”,’C8D1296B4DF96518′);
     insert into defusers values (‘PTJPN’,”,’2159C2EAF20011BF’);
     insert into defusers values (‘PTUKE’,”,’D0EF510BCB2992A3′);
     insert into defusers values (‘PTUPG’,”,’2C27080C7CC57D06′);
     insert into defusers values (‘PTWEB’,”,’8F7F509D4DC01DF6′);
     insert into defusers values (‘PTWEBSERVER’,”,’3C8050536003278B’);
     insert into defusers values (‘PUBLIC’,”,”);
     insert into defusers values (‘PV’,”,’76224BCC80895D3D’);
     insert into defusers values (‘PY7333′,”,’2A9C53FE066B852F’);
     insert into defusers values (‘PY7334′,”,’F3BBFAE0DDC5F7AC’);
     insert into defusers values (‘PY810′,”,’95082D35E94B88C2′);
     insert into defusers values (‘PY811′,”,’DC548D6438E4D6B7′);
     insert into defusers values (‘PY812′,”,’99C575A55E9FDA63′);
     insert into defusers values (‘PY9′,”,’B8D4E503D0C4FCFD’);
     insert into defusers values (‘QA’,”,’C7AEAA2D59EB1EAE’);
     insert into defusers values (‘QOT’,”,’B27D0E5BA4DC8DEA’);
     insert into defusers values (‘QP’,”,’10A40A72991DCA15′);
     insert into defusers values (‘QRM’,”,’098286E4200B22DE’);
     insert into defusers values (‘QS’,”,’4603BCD2744BDE4F’);
     insert into defusers values (‘QS_ADM’,”,’3990FB418162F2A0′);
     insert into defusers values (‘QS_CB’,”,’870C36D8E6CD7CF5′);
     insert into defusers values (‘QS_CBADM’,”,’20E788F9D4F1D92C’);
     insert into defusers values (‘QS_CS’,”,’2CA6D0FC25128CF3′);
     insert into defusers values (‘QS_ES’,”,’9A5F2D9F5D1A9EF4′);
     insert into defusers values (‘QS_OS’,”,’0EF5997DC2638A61′);
     insert into defusers values (‘QS_WS’,”,’0447F2F756B4F460′);
     insert into defusers values (‘RENE’,”,’9AAD141AB0954CF0′);
     insert into defusers values (‘REPADMIN’,”,’915C93F34954F5F8′);
     insert into defusers values (‘REPORTS’,”,’0D9D14FE6653CF69′);
     insert into defusers values (‘REPORTS_USER’,”,’635074B4416CD3AC’);
     insert into defusers values (‘RESTRICTED_US’,”,’E7E67B60CFAFBB2D’);
     insert into defusers values (‘RG’,”,’0FAA06DA0F42F21F’);
     insert into defusers values (‘RHX’,”,’FFDF6A0C8C96E676′);
     insert into defusers values (‘RLA’,”,’C1959B03F36C9BB2′);
     insert into defusers values (‘RLM’,”,’4B16ACDA351B557D’);
     insert into defusers values (‘RM1′,”,’CD43500DAB99F447′);
     insert into defusers values (‘RM2′,”,’2D8EE7F8857D477E’);
     insert into defusers values (‘RM3′,”,’1A95960A95AC2E1D’);
     insert into defusers values (‘RM4′,”,’651BFD4E1DE4B040′);
     insert into defusers values (‘RM5′,”,’FDCC34D74A22517C’);
     insert into defusers values (‘RMAN’,”,’E7B5D92911C831E1′);
     insert into defusers values (‘ROB’,”,’94405F516486CA24′);
     insert into defusers values (‘RPARKER’,”,’CEBFE4C41BBCC306′);
     insert into defusers values (‘RWA1′,”,’B07E53895E37DBBB’);
     insert into defusers values (‘SALLYH’,”,’21457C94616F5716′);
     insert into defusers values (‘SAM’,”,’4B95138CB6A4DB94′);
     insert into defusers values (‘SARAHMANDY’,”,’60BE21D8711EE7D9′);
     insert into defusers values (‘SCM1′,”,’507306749131B393′);
     insert into defusers values (‘SCM2′,”,’CBE8D6FAC7821E85′);
     insert into defusers values (‘SCM3′,”,’2B311B9CDC70F056′);
     insert into defusers values (‘SCM4′,”,’1FDF372790D5A016′);
     insert into defusers values (‘SCOTT’,”,’F894844C34402B67′);
     insert into defusers values (‘SDAVIS’,”,’A9A3B88C6A550559′);
     insert into defusers values (‘SECDEMO’,”,’009BBE8142502E10′);
     insert into defusers values (‘SEDWARDS’,”,’00A2EDFD7835BC43′);
     insert into defusers values (‘SELLCM’,”,’8318F67F72276445′);
     insert into defusers values (‘SELLER’,”,’B7F439E172D5C3D0′);
     insert into defusers values (‘SELLTREAS’,”,’6EE7BA85E9F84560′);
     insert into defusers values (‘SERVICES’,”,’B2BE254B514118A5′);
     insert into defusers values (‘SETUP’,”,’9EA55682C163B9A3′);
     insert into defusers values (‘SH’,”,’54B253CBBAAA8C48′);
     insert into defusers values (‘SI_INFORMTN_SCHEMA’,”,’84B8CBCA4D477FA3′);
     insert into defusers values (‘SID’,”,’CFA11E6EBA79D33E’);
     insert into defusers values (‘SKAYE’,”,’ED671B63BDDB6B50′);
     insert into defusers values (‘SKYTETSUKA’,”,’EB5DA777D1F756EC’);
     insert into defusers values (‘SLSAA’,”,’99064FC6A2E4BBE8′);
     insert into defusers values (‘SLSMGR’,”,’0ED44093917BE294′);
     insert into defusers values (‘SLSREP’,”,’847B6AAB9471B0A5′);
     insert into defusers values (‘SRABBITT’,”,’85F734E71E391DF5′);
     insert into defusers values (‘SRALPHS’,”,’975601AA57CBD61A’);
     insert into defusers values (‘SRAY’,”,’C233B26CFC5DC643′);
     insert into defusers values (‘SRIVERS’,”,’95FE94ADC2B39E08′);
     insert into defusers values (‘SSA1′,”,’DEE6E1BEB962AA8B’);
     insert into defusers values (‘SSA2′,”,’96CA278B20579E34′);
     insert into defusers values (‘SSA3′,”,’C3E8C3B002690CD4′);
     insert into defusers values (‘SSC1′,”,’4F7AC652CC728980′);
     insert into defusers values (‘SSC2′,”,’A1350B328E74AE87′);
     insert into defusers values (‘SSC3′,”,’EE3906EC2DA586D8′);
     insert into defusers values (‘SSOSDK’,”,’7C48B6FF3D54D006′);
     insert into defusers values (‘SSP’,”,’87470D6CE203FB4D’);
     insert into defusers values (‘SSS1′,”,’E78C515C31E83848′);
     insert into defusers values (‘SUPPLIER’,”,’2B45928C2FE77279′);
     insert into defusers values (‘SVM7333′,”,’04B731B0EE953972′);
     insert into defusers values (‘SVM7334′,”,’62E2A2E886945CC8′);
     insert into defusers values (‘SVM810′,”,’0A3DCD8CA3B6ABD9′);
     insert into defusers values (‘SVM811′,”,’2B0CD57B1091C936′);
     insert into defusers values (‘SVM812′,”,’778632974E3947C9′);
     insert into defusers values (‘SVM9′,”,’552A60D8F84441F1′);
     insert into defusers values (‘SVMB733′,”,’DD2BFB14346146FE’);
     insert into defusers values (‘SVP1′,”,’F7BF1FFECE27A834′);
     insert into defusers values (‘SY810′,”,’D56934CED7019318′);
     insert into defusers values (‘SY811′,”,’2FDC83B401477628′);
     insert into defusers values (‘SY812′,”,’812B8D7211E7DEF1′);
     insert into defusers values (‘SY9′,”,’3991E64C4BC2EC5D’);
     insert into defusers values (‘SYS’,”,’43CA255A7916ECFE’);
     insert into defusers values (‘SYS7333′,”,’D7CDB3124F91351E’);
     insert into defusers values (‘SYS’,”,’5638228DAF52805F’);
     insert into defusers values (‘SYS7334′,”,’06959F7C9850F1E3′);
     insert into defusers values (‘SYS’,”,’D4C5016086B2DC6A’);
     insert into defusers values (‘SYSADMIN’,”,’DC86E8DEAA619C1A’);
     insert into defusers values (‘SYSB733′,”,’7A7F5C90BEC02F0E’);
     insert into defusers values (‘SYSMAN’,”,’EB258E708132DD2D’);
     insert into defusers values (‘SYSTEM’,”,’4D27CA6E3E3066E6′);
     insert into defusers values (‘TDEMARCO’,”,’CAB71A14FA426FAE’);
     insert into defusers values (‘SYSTEM’,”,’D4DF7931AB130E37′);
     insert into defusers values (‘TDOS_ICSAP’,”,’7C0900F751723768′);
     insert into defusers values (‘TESTCTL’,”,’205FA8DF03A1B0A6′);
     insert into defusers values (‘TESTDTA’,”,’EEAF97B5F20A3FA3′);
     insert into defusers values (‘TRA1′,”,’BE8EDAE6464BA413′);
     insert into defusers values (‘TRACESVR’,”,’F9DA8977092B7B81′);
     insert into defusers values (‘TRBM1′,”,’B10ED16CD76DBB60′);
     insert into defusers values (‘TRCM1′,”,’530E1F53715105D0′);
     insert into defusers values (‘TRDM1′,”,’FB1B8EF14CF3DEE7′);
     insert into defusers values (‘TRRM1′,”,’4F29D85290E62EBE’);
     insert into defusers values (‘TWILLIAMS’,”,’6BF819CE663B8499′);
     insert into defusers values (‘UDDISYS’,”,’BF5E56915C3E1C64′);
     insert into defusers values (‘VEA’,”,’D38D161C22345902′);
     insert into defusers values (‘VEH’,”,’72A90A786AAE2914′);
     insert into defusers values (‘VIDEO31′,”,’2FA72981199F9B97′);
     insert into defusers values (‘VIDEO4′,”,’9E9B1524C454EEDE’);
     insert into defusers values (‘VIDEO5′,”,’748481CFF7BE98BB’);
     insert into defusers values (‘VP1′,”,’3CE03CD65316DBC7′);
     insert into defusers values (‘VP2′,”,’FCCEFD28824DFEC5′);
     insert into defusers values (‘VP3′,”,’DEA4D8290AA247B2′);
     insert into defusers values (‘VP4′,”,’F4730B0FA4F701DC’);
     insert into defusers values (‘VP5′,”,’7DD67A696734AE29′);
     insert into defusers values (‘VP6′,”,’45660DEE49534ADB’);
     insert into defusers values (‘WAA1′,”,’CF013DC80A9CBEE3′);
     insert into defusers values (‘WAA2′,”,’6160E7A17091741A’);
     insert into defusers values (‘WCRSYS’,”,’090263F40B744BD8′);
     insert into defusers values (‘WEBDB’,”,’D4C4DCDD41B05A5D’);
     insert into defusers values (‘WEBSYS’,”,’54BA0A1CB5994D64′);
     insert into defusers values (‘WENDYCHO’,”,’7E628CDDF051633A’);
     insert into defusers values (‘WH’,”,’91792EFFCB2464F9′);
     insert into defusers values (‘WIP’,”,’D326D25AE0A0355C’);
     insert into defusers values (‘WIRELESS’,”,’1495D279640E6C3A’);
     insert into defusers values (‘WK_TEST’,”,’29802572EB547DBF’);
     insert into defusers values (‘WIRELESS’,”,’EB9615631433603E’);
     insert into defusers values (‘WKPROXY’,”,’AA3CB2A4D9188DDB’);
     insert into defusers values (‘WKSYS’,”,’545E13456B7DDEA0′);
     insert into defusers values (‘WMS’,”,’D7837F182995E381′);
     insert into defusers values (‘WMSYS’,”,’7C9BA362F8314299′);
     insert into defusers values (‘WPS’,”,’50D22B9D18547CF7′);
     insert into defusers values (‘WSH’,”,’D4D76D217B02BD7A’);
     insert into defusers values (‘WSM’,”,’750F2B109F49CC13′);
     insert into defusers values (‘XDB’,”,’88D8364765FCE6AF’);
     insert into defusers values (‘XDO’,”,’E9DDE8ACFA7FE8E4′);
     insert into defusers values (‘XDP’,”,’F05E53C662835FA2′);
     insert into defusers values (‘XLA’,”,’2A8ED59E27D86D41′);
     insert into defusers values (‘XLE’,”,’CEEBE966CC6A3E39′);
     insert into defusers values (‘XNB’,”,’03935918FA35C993′);
     insert into defusers values (‘XNC’,”,’BD8EA41168F6C664′);
     insert into defusers values (‘XNI’,”,’F55561567EF71890′);
     insert into defusers values (‘XNM’,”,’92776EA17B8B5555′);
     insert into defusers values (‘XNP’,”,’3D1FB783F96D1F5E’);
     insert into defusers values (‘XNS’,”,’FABA49C38150455E’);
     insert into defusers values (‘XTR’,”,’A43EE9629FA90CAE’);
     insert into defusers values (‘YCAMPOS’,”,’C3BBC657F099A10F’);
     insert into defusers values (‘YSANCHEZ’,”,’E0C033C4C8CC9D84′);
     insert into defusers values (‘ZFA’,”,’742E092A27DDFB77′);
     insert into defusers values (‘ZPB’,”,’CAF58375B6D06513′);
     insert into defusers values (‘ZSA’,”,’AFD3BD3C7987CBB6′);
     insert into defusers values (‘ZX’,”,’7B06550956254585′);
    –
    — added to include 11g users found in db
    –
     insert into defusers values (‘APEX_030200′,”,’6B653304BCFBC89D’);
     insert into defusers values (‘APEX_PUBLIC_USER’,”,’C8E264D926F001D8′);
     insert into defusers values (‘APPQOSSYS’,”,’519D632B7EE7F63A’);
     insert into defusers values (‘DVF’,”,’2396F000D5101F99′);
     insert into defusers values (‘DVSYS’,”,’32A825F720FB089E’);
     insert into defusers values (‘FLOWS_030000′,”,’B5C7B17C2C983E8F’);
     insert into defusers values (‘FLOWS_FILES’,”,’5CDD1E40E516FE6A’);
     insert into defusers values (‘MGMT_VIEW’,”,’17028530E6D346B4′);
     insert into defusers values (‘ODVOWN’,”,’67FAD2FAF0F826A4′);
     insert into defusers values (‘ORACLE_OCM’,”,’6D17CF1EB1611F94′);
     insert into defusers values (‘ORDDATA’,”,’A93EC937FCD1DC2A’);
     insert into defusers values (‘OWBSYS’,”,’610A3C38F301776F’);
     insert into defusers values (‘OWBSYS_AUDIT’,”,’FD8C3D14F6B60015′);
     insert into defusers values (‘SPATIAL_CSW_ADMIN_USR’,”,’1B290858DD14107E’);
     insert into defusers values (‘SPATIAL_WFS_ADMIN_USR’,”,’7117215D6BEE6E82′);
     insert into defusers values (‘TSMSYS’,”,’3DF26A8B17D0F29F’);
     insert into defusers values (‘XS$NULL’,”,’DC4FCC8CB69A6733′);
    –
    — load default roles
    –
     insert into defroles values (‘ADM_PARALLEL_EXECUTE_TASK’);
     insert into defroles values (‘APEX_ADMINISTRATOR_ROLE’);
     insert into defroles values (‘AQ_ADMINISTRATOR_ROLE’);
     insert into defroles values (‘AQ_USER_ROLE’);
     insert into defroles values (‘AUTHENTICATEDUSER’);
     insert into defroles values (‘CAPI_USER_ROLE’);
     insert into defroles values (‘CONNECT’);
     insert into defroles values (‘CSW_USR_ROLE’);
     insert into defroles values (‘CTXAPP’);
     insert into defroles values (‘CWM_USER’);
     insert into defroles values (‘DATAPUMP_EXP_FULL_DATABASE’);
     insert into defroles values (‘DATAPUMP_IMP_FULL_DATABASE’);
     insert into defroles values (‘DBA’);
     insert into defroles values (‘DBFS_ROLE’);
     insert into defroles values (‘DELETE_CATALOG_ROLE’);
     insert into defroles values (‘DV_ADMIN’);
     insert into defroles values (‘DV_ACCTMGR’);
     insert into defroles values (‘DV_OWNER’);
     insert into defroles values (‘DV_PUBLIC’);
     insert into defroles values (‘DV_REALM_OWNER’);
     insert into defroles values (‘DV_REALM_RESOURCE’);
     insert into defroles values (‘DV_SECANALYST’);
     insert into defroles values (‘EJBCLIENT’);
     insert into defroles values (‘EXECUTE_CATALOG_ROLE’);
     insert into defroles values (‘EXP_FULL_DATABASE’);
     insert into defroles values (‘GATHER_SYSTEM_STATISTICS’);
     insert into defroles values (‘GLOBAL_AQ_USER_ROLE’);
     insert into defroles values (‘HS_ADMIN_EXECUTE_ROLE’);
     insert into defroles values (‘HS_ADMIN_ROLE’);
     insert into defroles values (‘HS_ADMIN_SELECT_ROLE’);
     insert into defroles values (‘IMP_FULL_DATABASE’);
     insert into defroles values (‘JAVADEBUGPRIV’);
     insert into defroles values (‘JAVAIDPRIV’);
     insert into defroles values (‘JAVASYSPRIV’);
     insert into defroles values (‘JAVAUSERPRIV’);
     insert into defroles values (‘JAVA_ADMIN’);
     insert into defroles values (‘JAVA_DEPLOY’);
     insert into defroles values (‘JMXSERVER’);
     insert into defroles values (‘LBAC_DBA’);
     insert into defroles values (‘LOGSTDBY_ADMINISTRATOR’);
     insert into defroles values (‘MGMT_USER’);
     insert into defroles values (‘OEM_ADVISOR’);
     insert into defroles values (‘OEM_MONITOR’);
     insert into defroles values (‘OLAPI_TRACE_USER’);
     insert into defroles values (‘OLAP_DBA’);
     insert into defroles values (‘OLAP_USER’);
     insert into defroles values (‘OLAP_XS_ADMIN’);
     insert into defroles values (‘ORDADMIN’);
     insert into defroles values (‘OWB$CLIENT’);
     insert into defroles values (‘OWB_DESIGNCENTER_VIEW’);
     insert into defroles values (‘OWB_USER’);
     insert into defroles values (‘RECOVERY_CATALOG_OWNER’);
     insert into defroles values (‘RESOURCE’);
     insert into defroles values (‘SCHEDULER_ADMIN’);
     insert into defroles values (‘SELECT_CATALOG_ROLE’);
     insert into defroles values (‘SNMPAGENT’);
     insert into defroles values (‘SPATIAL_CSW_ADMIN’);
     insert into defroles values (‘SPATIAL_WFS_ADMIN’);
     insert into defroles values (‘WFS_USR_ROLE’);
     insert into defroles values (‘WM_ADMIN_ROLE’);
     insert into defroles values (‘WKUSER’);
     insert into defroles values (‘WM_ADMIN_ROLE’);
     insert into defroles values (‘XDBADMIN’);
     insert into defroles values (‘XDB_SET_INVOKER’);
     insert into defroles values (‘XDB_WEBSERVICES’);
     insert into defroles values (‘XDB_WEBSERVICES_OVER_HTTP’);
     insert into defroles values (‘XDB_WEBSERVICES_WITH_PUBLIC’);
   
     commit;
   
    EXCEPTION
     WHEN OTHERS THEN
     dbms_output.put_line(‘something did not work’);
   
    END;
 
  END LOAD_DEF_USR_PROC;
 
  PROCEDURE LOAD_VUL_PROC AS
    BEGIN
    
    DECLARE
     ret_val number;
     strvar2 varchar2(2000);
     oraver varchar2(20);
     oraverno number :=0;
    BEGIN
     ret_val:=0;
     dbms_utility.db_version(oraver,strvar2);
     oraverno:=to_number(substr(oraver,1,instr(oraver,’.’)+1));
   
    — Oracle Installation Vulnerabilities
      insert into dbsrrin values (‘I’,’V0005658′,’DG0001′,’DBMS version support’,’Software not supported by the vendor is not evaluated or patched against newly found vulnerabilities.’,’1′);
    — 10
      if oraverno < 11 then
        insert into dbsrrin values (‘I’,’V0004758′,’DG0002′,’DBMS version upgrade plan’,’An upgrade/migration plan has not been developed to address an unsupported DBMS software version.’,’2′);
      end if;
      insert into dbsrrin values (‘I’,’V0005659′,’DG0003′,’DBMS security patch level’,’The latest security patches have not been installed.’,’2′);
      insert into dbsrrin values (‘I’,’V0006756′,’DG0005′,’DBMS administration OS accounts’,’Unnecessary privileges to the host system have been granted to DBA OS accounts.’,’2′);
      insert into dbsrrin values (‘I’,’V0006767′,’DG0007′,’DBMS security compliance’,’The database has not been secured in accordance with DoD, vendor and commercially accepted practices where applicable.’,’2′);
      insert into dbsrrin values (‘I’,’V0015608′,’DG0009′,’DBMS software library permissions’,’Access to DBMS software files and directories are granted to unauthorized users.’,’2′);
      insert into dbsrrin values (‘I’,’V0002420′,’DG0010′,’DBMS software monitoring’,’Database executable and configuration files are not being monitored for unauthorized modifications.’,’3′);
      insert into dbsrrin values (‘I’,’V0003726′,’DG0011′,’DBMS Configuration Management’,’Configuration management procedures are not defined and implemented for database software modifications.’,’3′);
      insert into dbsrrin values (‘I’,’V0004754′,’DG0012′,’DBMS software storage location’,’Database data files are stored in the same logical storage partition as database application software.’,’2′);
      insert into dbsrrin values (‘I’,’V0015126′,’DG0013′,’Database backup procedures’,’Database backup procedures are not defined, documented or implemented.’,’2′);
      insert into dbsrrin values (‘I’,’V0003728′,’DG0016′,’DBMS unused components’,’Unused database components, database application software or database objects have not been removed from the DBMS system.’,’3′);
      insert into dbsrrin values (‘I’,’V0003803′,’DG0017′,’DBMS shared production/development use’,’System resources and database identifiers are not clearly separated or defined.’,’2′);
      insert into dbsrrin values (‘I’,’V0003805′,’DG0019′,’DBMS software ownership’,’Application software is not owned by a Software Application account.’,’3′);
      insert into dbsrrin values (‘I’,’V0015129′,’DG0020′,’DBMS backup and recovery testing’,’Backup and recovery procedures have not been developed, documented, implemented or periodically tested.’,’2′);
      insert into dbsrrin values (‘I’,’V0003806′,’DG0021′,’DBMS software and configuration baseline’,’A baseline of database application software is not documented or maintained.’,’2′);
      insert into dbsrrin values (‘I’,’V0015610′,’DG0025′,’DBMS encryption compliance’,’Cryptography is not configured to comply with FIPS 140-2 requirements.’,’2′);
      insert into dbsrrin values (‘I’,’V0002422′,’DG0040′,’DBMS software owner account access’,’The DBMS software installation account is not restricted to authorized users.’,’2′);
      insert into dbsrrin values (‘I’,’V0015110′,’DG0041′,’DBMS installation account use logging’,’Use of the DBMS installation account is not logged.’,’2′);
      insert into dbsrrin values (‘I’,’V0015111′,’DG0042′,’DBMS software installation account use’,’Use of the DBMS software installation account is not restricted to DBMS software installation, upgrade and maintenance actions.’,’2′);
      insert into dbsrrin values (‘I’,’V0002423′,’DG0050′,’DBMS software and configuration file monitoring’,’Database software, applications and configuration files are not monitored to discover unauthorized changes.’,’2′);
      insert into dbsrrin values (‘I’,’V0003808′,’DG0051′,’Database job/batch queue monitoring’,’Database job/batch queues are not reviewed regularly to detect unauthorized database job submissions.’,’2′);
      insert into dbsrrin values (‘I’,’V0003807′,’DG0052′,’DBMS software access audit’,’All applications that access the database are not logged in the audit trail.’,’2′);
      insert into dbsrrin values (‘I’,’V0003809′,’DG0053′,’DBMS client connection definition file’,’A single database connection configuration file is used to configure all database clients regardless of differing client access requirements.’,’2′);
      insert into dbsrrin values (‘I’,’V0015611′,’DG0054′,’DBMS software access audit review’,’The audit logs are not periodically monitored to discover DBMS access using unauthorized applications.’,’3′);
      insert into dbsrrin values (‘I’,’V0015107′,’DG0063′,’DBMS restore permissions’,’DBMS privileges to restore database data or other DBMS configurations, features or objects are not restricted to authorized DBMS accounts.’,’2′);
      insert into dbsrrin values (‘I’,’V0015120′,’DG0064′,’DBMS backup and restoration file protection’,’DBMS backup and restoration files are not protected from unauthorized access.’,’2′);
      insert into dbsrrin values (‘I’,’V0003811′,’DG0066′,’DBMS temporary password procedures’,’Procedures for establishing temporary passwords that meet DoD password requirements for new accounts are not defined, documented or implemented.’,’2′);
      insert into dbsrrin values (‘I’,’V0003812′,’DG0067′,’DBMS account password external storage’,’Database passwords used by batch or job processes are not stored in encrypted format.’,’1′);
      insert into dbsrrin values (‘I’,’V0003813′,’DG0068′,’DBMS application password display’,’DBMS tools or applications that echo or require a password entry in clear text are not protected from password display.’,’2′);
      insert into dbsrrin values (‘I’,’V0015140′,’DG0069′,’Production Data Import to Development DBMS’,’Procedures and restrictions for import of production data to development databases are not documented, implemented or followed.’,’2′);
      insert into dbsrrin values (‘I’,’V0015102′,’DG0083′,’DBMS audit report automation’,’Automated notification of suspicious activity detected in the audit trail is not implemented.’,’2′);
      insert into dbsrrin values (‘I’,’V0015106′,’DG0086′,’DBMS DBA role privilege monitoring’,’DBA roles are not periodically monitored to detect assignment of unauthorized or excess privileges.’,’2′);
      insert into dbsrrin values (‘I’,’V0015112′,’DG0088′,’DBMS vulnerability mgmt and IA compliance testing’,’The DBMS is not periodically tested for vulnerability management and IA compliance.’,’3′);
      insert into dbsrrin values (‘I’,’V0015131′,’DG0090′,’DBMS sensitive data identification and encryption’,’Sensitive information stored in the database is not protected by encryption.’,’2′);
      insert into dbsrrin values (‘I’,’V0015132′,’DG0092′,’DBMS data file encryption’,’Database data files containing sensitive information are not encrypted.’,’2′);
      insert into dbsrrin values (‘I’,’V0003825′,’DG0093′,’Remote administration connection encryption’,’Remote adminstrative connections to the database are not encrypted.’,’2′);
      insert into dbsrrin values (‘I’,’V0003827′,’DG0095′,’DBMS audit trail data review’,’Audit trail data is not reviewed daily or more frequently.’,’2′);
      insert into dbsrrin values (‘I’,’V0015138′,’DG0096′,’DBMS IA policy and procedure review’,’The DBMS IA policies and procedures are not reviewed annually or more frequently.’,’3′);
      insert into dbsrrin values (‘I’,’V0015139′,’DG0097′,’DBMS testing plans and procedures’,’Plans and procedures for testing DBMS installations, upgrades and patches are not defined or followed prior to production implementation.’,’2′);
      insert into dbsrrin values (‘I’,’V0015618′,’DG0099′,’DBMS access to external local executables’,’Access to external DBMS executables is not disabled or restricted.’,’2′);
      insert into dbsrrin values (‘I’,’V0015620′,’DG0101′,’DBMS external procedure OS account privileges’,’OS accounts used to execute external procedures are not assigned minimum privileges.’,’2′);
    — 10
      if oraverno < 11 then
        insert into dbsrrin values (‘I’,’V0015141′,’DG0102′,’DBMS services dedicated custom account’,’DBMS processes or services are not run under custom, dedicated OS accounts.’,’2′);
      end if;
      insert into dbsrrin values (‘I’,’V0015621′,’DG0103′,’DBMS Listener network restrictions’,’The DBMS listener does not restrict database access by network address.’,’2′);
      insert into dbsrrin values (‘I’,’V0015622′,’DG0104′,’DBMS service identification’,’DBMS service identification is not unique or does not clearly identify the service.’,’3′);
      insert into dbsrrin values (‘I’,’V0015143′,’DG0106′,’Database data encryption configuration’,’Database data encryption controls are not configured in accordance with application requirements.’,’2′);
      insert into dbsrrin values (‘I’,’V0015144′,’DG0107′,’DBMS sensitive data identification’,’Sensitive data is stored in the database and is not identified in the System Security Plan and AIS Functional Architecture documentation.’,’2′);
      insert into dbsrrin values (‘I’,’V0015145′,’DG0108′,’DBMS restoration priority’,’The DBMS restoration priority has not been assigned.’,’3′);
      insert into dbsrrin values (‘I’,’V0015146′,’DG0109′,’DBMS dedicated host’,’The DBMS is operated without authorization on a host system supporting other application services.’,’2′);
      insert into dbsrrin values (‘I’,’V0015179′,’DG0110′,’DBMS host shared with a security service’,’The DBMS shares a host supporting an independent security service.’,’2′);
      insert into dbsrrin values (‘I’,’V0015147′,’DG0111′,’DBMS dedicated software directories’,’The DBMS data files, transaction logs or audit files are not stored in dedicated directories or disk partitions separate from software or other application files.’,’2′);
      insert into dbsrrin values (‘I’,’V0015625′,’DG0115′,’DBMS trusted recovery’,’Recovery procedures or technical system features do not exist to ensure that recovery is done in a secure and verifiable manner.’,’2′);
      insert into dbsrrin values (‘I’,’V0015127′,’DG0118′,’IAM review of change in DBA assignments’,’The IAM is not reviewing changes to DBA role assignments.’,’2′);
      insert into dbsrrin values (‘I’,’V0015105′,’DG0120′,’DBMS application user access to external objects’,’Unauthorized access to external database objects have not been removed from application user roles.’,’2′);
      insert into dbsrrin values (‘I’,’V0015636′,’DG0129′,’DBMS passwords in transit’,’Passwords are not encrypted when transmitted across the network.’,’1′);
      insert into dbsrrin values (‘I’,’V0015643′,’DG0140′,’DBMS security data access’,’Access to DBMS security data is not audited.’,’2′);
      insert into dbsrrin values (‘I’,’V0015148′,’DG0152′,’DBMS network port, protocol and services (PPS) use’,’DBMS network communications do not comply with PPS usage restrictions.’,’2′);
      insert into dbsrrin values (‘I’,’V0015150′,’DG0154′,’DBMS System Security Plan’,’The DBMS does not have a System Security Plan or the System Security Plan does not contain the required information.’,’3′);
      insert into dbsrrin values (‘I’,’V0015649′,’DG0155′,’DBMS trusted startup’,’The DBMS does not verify trustworthiness of data and configuration files at startup.’,’2′);
      insert into dbsrrin values (‘I’,’V0015651′,’DG0157′,’DBMS remote administration’,’Remote DBMS administration is not documented, not authorized or is not disabled.’,’2′);
      insert into dbsrrin values (‘I’,’V0015652′,’DG0158′,’DBMS remote administration audit’,’DBMS remote administration is not audited.’,’2′);
      insert into dbsrrin values (‘I’,’V0015118′,’DG0159′,’Review of DBMS remote administrative access’,’Remote administrative access to the database is not monitored by the IAO or IAM.’,’2′);
      insert into dbsrrin values (‘I’,’V0015103′,’DG0161′,’DBMS Audit Tool’,’An automated tool that monitors audit data and immediately reports suspicious activity is not employed for the DBMS.’,’2′);
      insert into dbsrrin values (‘I’,’V0015104′,’DG0167′,’Encryption of DBMS sensitive data in transit’,’Sensitive data served by the DBMS is not protected by encryption when transmitted across the network.’,’1′);
      insert into dbsrrin values (‘I’,’V0015656′,’DG0171′,’DBMS interconnections’,’The DBMS has a connection defined to access or be accessed by a DBMS at a different classification level.’,’2′);
      insert into dbsrrin values (‘I’,’V0015116′,’DG0175′,’DBMS host and component STIG compliancy’,’The DBMS host platform and other dependent applications are not configured in compliance with applicable STIG requirements.’,’2′);
      insert into dbsrrin values (‘I’,’V0015117′,’DG0176′,’DBMS audit log backups’,’The DBMS audit logs are not included in backup operations.’,’2′);
      insert into dbsrrin values (‘I’,’V0015658′,’DG0179′,’DBMS warning banner’,’The DBMS warning banner does not meet DoD policy requirements.’,’2′);
      insert into dbsrrin values (‘I’,’V0015122′,’DG0186′,’DBMS network perimeter protection’,’The database is directly accessible from public or unauthorized networks.’,’2′);
      insert into dbsrrin values (‘I’,’V0015121′,’DG0187′,’DBMS software file backups’,’DBMS software libraries are not periodically backed up.’,’2′);
      insert into dbsrrin values (‘I’,’V0015659′,’DG0191′,’DBMS credential protection’,’Credentials used to access remote databases are not protected by encryption and restricted to authorized users.’,’2′);
      insert into dbsrrin values (‘I’,’V0015108′,’DG0194′,’DBMS developer privilege monitoring on shared DBMS’,’Privileges assigned to developers on shared production and development DBMS hosts and the DBMS are not monitored every three months or more frequently for unauthorized changes.’,’2′);
      insert into dbsrrin values (‘I’,’V0015109′,’DG0195′,’DBMS host file privileges assigned to developers’,’DBMS production application and data directories are not protected from developers on shared production/development DBMS host systems.’,’2′);
      insert into dbsrrin values (‘I’,’V0015662′,’DG0198′,’DBMS remote administration encryption’,’Remote administration of the DBMS is not restricted to known, dedicated and encrypted network addresses and ports.’,’2′);
      insert into dbsrrin values (‘I’,’V0003842′,’DO0120′,’Oracle process account host system privileges’,’The Oracle software installation account has been granted excessive host system privileges.’,’2′);
      insert into dbsrrin values (‘I’,’V0003845′,’DO0145′,’Oracle SYSDBA OS group membership’,’OS DBA group membership has not been restricted to authorized accounts.’,’3′);
      insert into dbsrrin values (‘I’,’V0003862′,’DO0286′,’Oracle connection timeout parameter’,’The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters are not set to a value greater than 0.’,’2′);
      insert into dbsrrin values (‘I’,’V0003863′,’DO0287′,’Oracle SQLNET.EXPIRE_TIME parameter’,’The Oracle SQLNET.EXPIRE_TIME parameter is not set to a value greater than 0.’,’2′);
      insert into dbsrrin values (‘I’,’V0003440′,’DO0360′,’DBMS mid-tier application account access’,’Connections by mid-tier web and application systems to the Oracle DBMS are not protected, encrypted or authenticated according to database, web, application, enclave and network requirements.’,’2′);
      insert into dbsrrin values (‘I’,’V0003866′,’DO0430′,’Oracle management agent use’,’The Oracle Management Agent is installed, not required, not authorized or on a database accessible from the Internet.’,’3′);
      insert into dbsrrin values (‘I’,’V0002608′,’DO3630′,’Oracle listener authentication’,’The Oracle Listener is not configured to require administration authentication.’,’1′);
      insert into dbsrrin values (‘I’,’V0002612′,’DO5037′,’Oracle SQLNet and listener log files protection’,’Oracle SQLNet and listener log files are accessible to unauthorized users.’,’2′);
      insert into dbsrrin values (‘I’,’V0003497′,’DO6740′,’Oracle listener ADMIN_RESTRICTIONS parameter’,’The Oracle Listener ADMIN_RESTRICTIONS parameter is present and set to OFF.’,’2′);
      insert into dbsrrin values (‘I’,’V0016031′,’DO6746′,’Oracle Listener host references’,’The Oracle listener.ora file does not specify IP addresses rather than host names to identify hosts.’,’3′);
      insert into dbsrrin values (‘I’,’V0016032′,’DO6747′,’Connection Manager remote administration’,’Remote administration is not disabled for the Oracle connection manager.’,’2′);
    — 11
      if oraverno > 10.2 then
        insert into dbsrrin values (‘I’,’V0016033′,’DO6748′,’Oracle SEC_CASE_SENSITIVE_LOGON parameter’,’Case sensitivity for passwords is not enabled.’,’2′);
      end if;
    — 11
      if oraverno > 10.2 then
        insert into dbsrrin values (‘I’,’V0016035′,’DO6749′,’Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter’,’The Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter is not set to an IAO-approved value between 1 and 3.’,’2′);
      end if;
    — 11
      if oraverno > 10.2 then
        insert into dbsrrin values (‘I’,’V0016053′,’DO6750′,’Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter’,’The Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter is not set to a value of DELAY or DROP.’,’2′);
      end if;
    — 10/11
      if oraverno > 9.2 then
        insert into dbsrrin values (‘I’,’V0016057′,’DO6751′,’SQLNET.ALLOWED_LOGON_VERSION’,’The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter is not set to a value of 10 or higher.’,’2′);
      end if;
    — 11
      if oraverno > 10.2 then
        insert into dbsrrin values (‘I’,’V0016054′,’DO6752′,’Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter’,’The Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter is set to NONE.’,’2′);
      end if;
    — 10/11
      if oraverno > 9.2 then
        insert into dbsrrin values (‘I’,’V0016055′,’DO6753′,’Oracle Application Express’,’Oracle Application Express or Oracle HTML DB is installed on a production database.’,’2′);
      end if;
    — 10/11
      if oraverno > 9.2 then
        insert into dbsrrin values (‘I’,’V0016056′,’DO6754′,’Oracle Configuration Manager’,’Oracle Configuration Manager is installed on a production system.’,’2′);
      end if;
   
    — Oracle Database Vulnerabilities
      insert into dbsrrin values (‘D’,’V0005683′,’DG0004′,’DBMS application object owner accounts’,’Application object owner accounts are not disabled.’,’2′);
      insert into dbsrrin values (‘D’,’V0015607′,’DG0008′,’DBMS application object ownership’,’Application objects are owned by accounts not authorized for ownership.’,’2′);
      insert into dbsrrin values (‘D’,’V0015609′,’DG0014′,’DBMS demonstration and sample databases’,’Default demonstration and sample database objects and applications have not been removed.’,’2′);
      insert into dbsrrin values (‘D’,’V0003727′,’DG0015′,’DBMS data definition language use’,’Database applications are not restricted from using static DDL statements to modify the application schema.’,’3′);
      insert into dbsrrin values (‘D’,’V0005685′,’DG0029′,’Database auditing’,’Required auditing parameters for database auditing are not set.’,’2′);
      insert into dbsrrin values (‘D’,’V0002507′,’DG0030′,’DBMS audit data maintenance’,’Audit trail data is not retained for one year.’,’2′);
      insert into dbsrrin values (‘D’,’V0015133′,’DG0031′,’DBMS audit of changes to data’,’Transaction logs are not periodically reviewed for unauthorized modification of data. Users are not notified of time and date of the last change in data content.’,’2′);
      insert into dbsrrin values (‘D’,’V0005686′,’DG0032′,’DBMS audit record access’,’Audit records are not restricted to authorized individuals.’,’2′);
      insert into dbsrrin values (‘D’,’V0002424′,’DG0060′,’DBMS shared account authorization’,’Database non-interactive, n-tier connection, and shared accounts exist and are not documented or approved by the IAO.’,’2′);
      insert into dbsrrin values (‘D’,’V0002508′,’DG0070′,’DBMS user account authorization’,’Unauthorized user accounts exist.’,’2′);
      insert into dbsrrin values (‘D’,’V0003815′,’DG0071′,’DBMS password change variance’,’New passwords are not required to differ from old passwords by more than four characters.’,’2′);
      insert into dbsrrin values (‘D’,’V0003817′,’DG0073′,’DBMS failed login account lock’,’Database accounts specify account lock times less than the site-approved minimum.’,’2′);
      insert into dbsrrin values (‘D’,’V0015130′,’DG0074′,’DBMS inactive accounts’,’Unapproved inactive or expired database accounts have been found on the database.’,’2′);
      insert into dbsrrin values (‘D’,’V0003818′,’DG0075′,’DBMS links to external databases’,’Unauthorized database links are defined and active.’,’2′);
      insert into dbsrrin values (‘D’,’V0003819′,’DG0076′,’Sensitive data import to development DBMS’,’Sensitive information from production database exports remains unmodified after import to a development database.’,’2′);
      insert into dbsrrin values (‘D’,’V0003820′,’DG0077′,’Production data protection on a shared system’,’Production databases are not protected from unauthorized access by developers on shared production/development host systems.’,’2′);
      insert into dbsrrin values (‘D’,’V0015613′,’DG0078′,’DBMS individual accounts’,’Each database user, application or process does not have an individually assigned account.’,’2′);
      insert into dbsrrin values (‘D’,’V0015152′,’DG0079′,’DBMS password complexity’,’DBMS login account passwords do not meet complexity requirements.’,’2′);
      insert into dbsrrin values (‘D’,’V0003821′,’DG0080′,’DBMS application user privilege assignment review’,’Application user privilege assignment is not reviewed monthly or more frequently to ensure compliance with least privilege and documented policy.’,’2′);
      insert into dbsrrin values (‘D’,’V0015615′,’DG0085′,’Minimum DBA privilege assignment’,’The DBA role is assigned excessive or unauthorized privileges.’,’2′);
      insert into dbsrrin values (‘D’,’V0015616′,’DG0087′,’DBMS sensitive data labeling’,’Sensitive data is not labeled.’,’3′);
      insert into dbsrrin values (‘D’,’V0015114′,’DG0089′,’Developer DBMS privileges on production databases’,’Developers are assigned excessive privileges on production databases.’,’3′);
      insert into dbsrrin values (‘D’,’V0003823′,’DG0091′,’DBMS source code encoding or encryption’,’Custom and GOTS application source code stored in the database has not been protected with encryption or encoding.’,’3′);
      insert into dbsrrin values (‘D’,’V0015617′,’DG0098′,’DBMS access to external local objects’,’Access to external objects has not been disabled and is not required or authorized.’,’2′);
      insert into dbsrrin values (‘D’,’V0015619′,’DG0100′,’DBMS replication account privileges’,’Replication accounts are granted DBA privileges.’,’2′);
      insert into dbsrrin values (‘D’,’V0015128′,’DG0105′,’DBMS application user role privilege assignment’,’DBMS application user roles are assigned unauthorized privileges.’,’2′);
      insert into dbsrrin values (‘D’,’V0015623′,’DG0112′,’DBMS system data file protection’,’DBMS system data files are not stored in dedicated disk directories.’,’2′);
      insert into dbsrrin values (‘D’,’V0015624′,’DG0113′,’DBMS dedicated data files’,’DBMS data files are not dedicated to support individual applications.’,’2′);
      insert into dbsrrin values (‘D’,’V0015626′,’DG0116′,’DBMS privileged role assignments’,’Database privileged role assignments are not restricted to IAO-authorized DBMS accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0015627′,’DG0117′,’DBMS administrative privilege assignment’,’Administrative privileges are not assigned to database accounts via database roles.’,’2′);
      insert into dbsrrin values (‘D’,’V0015628′,’DG0119′,’DBMS application user role privileges’,’DBMS application users are granted administrative privileges to the DBMS.’,’2′);
      insert into dbsrrin values (‘D’,’V0015629′,’DG0121′,’DBMS application user privilege assignment’,’Application users privileges have not been restricted to assignment using application user roles.’,’2′);
      insert into dbsrrin values (‘D’,’V0015630′,’DG0122′,’Sensitive data access’,’Access to sensitive data is not restricted to authorized users identified by the Information Owner.’,’2′);
      insert into dbsrrin values (‘D’,’V0015631′,’DG0123′,’DBMS Administrative data access’,’Access to DBMS system tables and other configuration or metadata is not restricted to DBAs.’,’2′);
      insert into dbsrrin values (‘D’,’V0015632′,’DG0124′,’DBA account use’,’Use of DBA accounts is not restricted to administrative activities.’,’2′);
      insert into dbsrrin values (‘D’,’V0015153′,’DG0125′,’DBMS account password expiration’,’DBMS account passwords are not set to expire every 60 days or more frequently.’,’2′);
      insert into dbsrrin values (‘D’,’V0015633′,’DG0126′,’DBMS account password reuse’,’Password reuse is not prevented where supported by the DBMS.’,’2′);
      insert into dbsrrin values (‘D’,’V0015634′,’DG0127′,’DBMS account password easily guessed’,’DBMS account passwords are set to easily guessed words or values.’,’2′);
      insert into dbsrrin values (‘D’,’V0015635′,’DG0128′,’DBMS default passwords’,’DBMS default accounts have not been assigned custom passwords.’,’1′);
      insert into dbsrrin values (‘D’,’V0015637′,’DG0130′,’DBMS passwords in executables’,’DBMS passwords used by batch jobs or executables are stored in the job or executable files.’,’2′);
      insert into dbsrrin values (‘D’,’V0015639′,’DG0133′,’DBMS Account lock time’,’Unlimited account lock times are not specified for locked accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0015641′,’DG0135′,’DBMS connection alert’,’Users are not alerted upon login of previous successful connections or unsuccessful attempts to access their account.’,’2′);
      insert into dbsrrin values (‘D’,’V0015642′,’DG0138′,’DBMS access to sensitive data’,’Access grants to sensitive data is not restricted to authorized user roles.’,’2′);
      insert into dbsrrin values (‘D’,’V0015644′,’DG0141′,’DBMS access control bypass’,’Attempts to bypass access controls is not audited.’,’2′);
      insert into dbsrrin values (‘D’,’V0015645′,’DG0142′,’DBMS Privileged action audit’,’Changes to configuration options are not audited.’,’2′);
      insert into dbsrrin values (‘D’,’V0015646′,’DG0145′,’DBMS audit record content’,’Audit records do not contain required information.’,’2′);
      insert into dbsrrin values (‘D’,’V0015647′,’DG0146′,’DBMS connection block audit’,’Audit records do not include the reason for blacklisting or disabling DBMS connections or accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0015149′,’DG0153′,’DBMS DBA roles assignment approval’,’DBA roles assignments are not assigned and authorized by the IAO.’,’3′);
      insert into dbsrrin values (‘D’,’V0015654′,’DG0165′,’DBMS symmetric key management’,’DBMS symmetric keys are not protected in accordance with NSA or NIST-approved key management technology or processes.’,’2′);
      insert into dbsrrin values (‘D’,’V0015142′,’DG0166′,’Protection of DBMS asymmetric encryption keys’,’Asymmetric keys do not use DoD PKI Certificates or are not protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes.’,’2′);
      insert into dbsrrin values (‘D’,’V0015657′,’DG0172′,’DBMS classification level audit’,’Changes to DBMS security labels are not audited.’,’2′);
      insert into dbsrrin values (‘D’,’V0015154′,’DG0190′,’DBMS remote system credential use and access’,’Credentials stored and used by the DBMS to access remote databases or applications are not authorized or restricted to authorized users.’,’2′);
      insert into dbsrrin values (‘D’,’V0015660′,’DG0192′,’DBMS fully-qualified name for remote access’,’Remote database or other external access do not use fully-qualified names.’,’3′);
      insert into dbsrrin values (‘D’,’V0002511′,’DO0140′,’Oracle default account access’,’Access to the Oracle SYS and SYSTEM accounts is not restricted to authorized DBAs.’,’2′);
      insert into dbsrrin values (‘D’,’V0003846′,’DO0155′,’Oracle default tablespace assignment’,’Unauthorized accounts have the SYSTEM tablespace specified as the default tablespace.’,’2′);
      insert into dbsrrin values (‘D’,’V0003847′,’DO0157′,’Oracle storage use privileges’,’Database application user accounts have not been denied storage usage for object creation within the database.’,’3′);
      insert into dbsrrin values (‘D’,’V0002515′,’DO0190′,’Oracle audit table ownership’,’The audit table is not owned by SYS or SYSTEM.’,’2′);
      insert into dbsrrin values (‘D’,’V0002516′,’DO0210′,’Oracle shared replication account access’,’Access to default accounts used to support replication are not restricted to authorized DBAs.’,’2′);
      insert into dbsrrin values (‘D’,’V0002517′,’DO0220′,’Oracle instance names’,’Oracle instance names contain Oracle version numbers.’,’2′);
      insert into dbsrrin values (‘D’,’V0003848′,’DO0221′,’Oracle default SID name’,’The Oracle SID is the default SID.’,’3′);
      insert into dbsrrin values (‘D’,’V0003849′,’DO0231′,’Oracle application object owner tablespaces’,’Application owner accounts do not have a dedicated application tablespace.’,’2′);
    — 11
      if oraverno > 10.2 then
        insert into dbsrrin values (‘D’,’V0015747′,’DO0233′,’Oracle DIAGNOSTIC_DEST parameter’,’The directory assigned to the DIAGNOSTIC_DEST parameter is not protected from unauthorized access.’,’2′);
      end if;
      insert into dbsrrin values (‘D’,’V0003850′,’DO0234′,’Oracle AUDIT_FILE_DEST parameter’,’The directory assigned to the AUDIT_FILE_DEST parameter is not protected from unauthorized access.’,’2′);
    — 10
      if oraverno < 11 then
        insert into dbsrrin values (‘D’,’V0003851′,’DO0235′,’Oracle USER_DUMP_DEST parameter’,’The directory assigned to the USER_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
      end if;
    — 10
      if oraverno < 11 then
        insert into dbsrrin values (‘D’,’V0003852′,’DO0236′,’Oracle BACKGROUND_DUMP_DEST parameter’,’The directory assigned to the BACKGROUND_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
      end if;
    — 10
      if oraverno < 11 then
        insert into dbsrrin values (‘D’,’V0003853′,’DO0237′,’Oracle CORE_DUMP_DEST parameter’,’The directory assigned to the CORE_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
      end if;
      insert into dbsrrin values (‘D’,’V0003854′,’DO0238′,’Oracle LOG_ARCHIVE_DEST parameter’,’The directories assigned to the LOG_ARCHIVE_DEST* parameters are not protected from unauthorized access.’,’2′);
      insert into dbsrrin values (‘D’,’V0002519′,’DO0240′,’Oracle OS_ROLES parameter’,’The Oracle OS_ROLES parameter is not set to FALSE.’,’3′);
      insert into dbsrrin values (‘D’,’V0003857′,’DO0243′,’Oracle _TRACE_FILES_PUBLIC parameter’,’The Oracle _TRACE_FILES_PUBLIC parameter is present and not set to FALSE.’,’2′);
      insert into dbsrrin values (‘D’,’V0002520′,’DO0250′,’Oracle database link usage’,’Fixed user and public database links are not authorized for use.’,’2′);
      insert into dbsrrin values (‘D’,’V0002521′,’DO0260′,’Oracle control file availability’,’A minimum of two Oracle control files are not defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.’,’2′);
      insert into dbsrrin values (‘D’,’V0002522′,’DO0270′,’Oracle redo log file availability’,’A minimum of two Oracle redo log groups/files is not defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.’,’2′);
      insert into dbsrrin values (‘D’,’V0003858′,’DO0275′,’Oracle critical file access’,’Oracle critical files should be protected from unauthorized access.’,’2′);
      insert into dbsrrin values (‘D’,’V0003437′,’DO0320′,’Oracle PUBLIC role privileges’,’Application role permissions are assigned to the Oracle PUBLIC role.’,’2′);
      insert into dbsrrin values (‘D’,’V0003438′,’DO0340′,’Oracle Application administration roles enablement’,’Oracle application administration roles are enabled and not required or authorized.’,’2′);
      insert into dbsrrin values (‘D’,’V0003439′,’DO0350′,’Oracle system privilege assignment’,’Oracle system privileges are directly assigned to unauthorized accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0003865′,’DO0420′,’Oracle XML DB’,’The XDB Protocol server is installed and not required and authorized for use.’,’3′);
      insert into dbsrrin values (‘D’,’V0002527′,’DO3440′,’Oracle DBA role assignment’,’The DBA role has been granted to unauthorized user accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0002531′,’DO3447′,’Oracle OS_AUTHENT_PREFIX parameter’,’The Oracle OS_AUTHENT_PREFIX parameter is set to the default value of OPS$.’,’3′);
      insert into dbsrrin values (‘D’,’V0002533′,’DO3451′,’WITH GRANT OPTION privileges’,’The Oracle WITH GRANT OPTION privilege has been granted to non-DBA or non-Application administrator user accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0002539′,’DO3475′,’Oracle PUBLIC access to restricted packages’,’Execute permission should be revoked from PUBLIC for restricted Oracle packages.’,’2′);
      insert into dbsrrin values (‘D’,’V0002552′,’DO3536′,’Oracle IDLE_TIME profile parameter’,’The IDLE_TIME profile parameter is not set for Oracle profiles IAW DoD policy.’,’2′);
      insert into dbsrrin values (‘D’,’V0002554′,’DO3538′,’Oracle REMOTE_OS_AUTHENT parameter’,’The Oracle REMOTE_OS_AUTHENT parameter is not set to FALSE.’,’1′);
      insert into dbsrrin values (‘D’,’V0002555′,’DO3539′,’Oracle REMOTE_OS_ROLES parameter’,’The Oracle REMOTE_OS_ROLES parameter is not set to FALSE.’,’1′);
      insert into dbsrrin values (‘D’,’V0002556′,’DO3540′,’Oracle SQL92_SECURITY parameter’,’The Oracle SQL92_SECURITY parameter is not set to TRUE.’,’2′);
      insert into dbsrrin values (‘D’,’V0002558′,’DO3546′,’Oracle REMOTE_LOGIN_PASSWORDFILE parameter’,’The Oracle REMOTE_LOGIN_PASSWORDFILE parameter is not set to EXCLUSIVE or NONE.’,’2′);
      insert into dbsrrin values (‘D’,’V0002559′,’DO3547′,’Oracle UTL_FILE_DIR parameter’,’The Oracle UTL_FILE_DIR parameter should be modified from the default value of *.’,’1′);
      insert into dbsrrin values (‘D’,’V0002561′,’DO3609′,’System privileges granted WITH ADMIN OPTION’,’System privileges granted using the WITH ADMIN OPTION are granted to unauthorized user accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0002562′,’DO3610′,’Oracle minimum object auditing’,’Required object auditing is not configured.’,’2′);
      insert into dbsrrin values (‘D’,’V0002564′,’DO3612′,’Oracle system privilege assignment’,’System Privileges are granted to PUBLIC.’,’2′);
      insert into dbsrrin values (‘D’,’V0002574′,’DO3622′,’Oracle roles granted WITH ADMIN OPTION’,’Oracle roles granted using the WITH ADMIN OPTION are granted to unauthorized accounts.’,’2′);
      insert into dbsrrin values (‘D’,’V0002586′,’DO3685′,’Oracle O7_DICTIONARY_ACCESSIBILITY parameter’,’The Oracle O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE.’,’3′);
    — 10.1
      if oraverno < 10.2 then
        insert into dbsrrin values (‘D’,’V0002587′,’DO3686′,’Oracle SYS.LINK$ table access’,’Oracle accounts have permission to view the table SYS.LINK$ which contain unencrypted database link passwords.’,’1′);
      end if;
      insert into dbsrrin values (‘D’,’V0002589′,’DO3689′,’Oracle object permission assignment to PUBLIC’,’Object permissions granted to PUBLIC are not restricted.’,’2′);
      insert into dbsrrin values (‘D’,’V0002593′,’DO3696′,’Oracle RESOURCE_LIMIT parameter’,’The Oracle RESOURCE_LIMIT parameter is not set to TRUE.’,’2′);
   
    END;

  END LOAD_VUL_PROC;
 
  PROCEDURE CREATE_TABLE_PROC AS
    BEGIN
   
    DECLARE
    
     ret_val number;
     i integer := 0;
     j integer := 0;
     k integer := 0;
     m integer := 0;
     c integer := 0;
     tbsname varchar2(30);
    BEGIN
     ret_val := 0;
     select count(*) into k from dba_tablespaces where tablespace_name = ‘USERS’;
     if k = 0 then
      dbms_output.put_line(‘Tablespace USERS does not exist…’);
      tbsname := ‘DISATEMP_TS’;
     else
      dbms_output.put_line(‘Tablespace USERS exists…’);
      tbsname := ‘USERS’;
     end if;
   
     if tbsname = ‘DISATEMP_TS’ then
       select count(*) into m from dba_tablespaces where tablespace_name = ‘DISATEMP_TS’;
       if m = 0 then
         execute immediate ‘create tablespace disatemp_ts datafile’||
         ‘ ”disatemp_ts.ora” size 20M reuse’;
         dbms_output.put_line(‘Tablespace DISATEMP_TS created…’);
       end if;
     end if; 
  
    –
    — CHECK TABLE DBSRRREPORT;
    –
   
     select count(*) into i from dba_tables where table_name = ‘DBSRRREPORT’;
     if i = 1 then
       execute immediate ‘delete from dbsrrreport’;
       dbms_output.put_line(‘Table DBSRRREPORT cleared…’);
     else
      execute immediate ‘create table dbsrrreport (SEVERITY VARCHAR2(30 BYTE), ‘||
      ‘FINDINGSTATUS VARCHAR2(10 BYTE), DGNO VARCHAR2(10 BYTE), VMSKEY VARCHAR2(10 BYTE),’||
      ‘REC_DATE DATE ) tablespace ‘||tbsname;
      dbms_output.put_line(‘Table DBSRRREPORT created…’);
     end if;
    
    
    –
    — CHECK TABLE DBSRRSTATS;
    –
   
     select count(*) into i from dba_tables where table_name = ‘DBSRRSTATS’;
     if i = 1 then
       execute immediate ‘delete from dbsrrstats’;
       dbms_output.put_line(‘Table DBSRRSTATS cleared…’);
     else
      execute immediate ‘create table dbsrrstats (SEVERITY VARCHAR2(30 BYTE), ‘||
      ‘FINDINGSTATUS VARCHAR2(10 BYTE), DGNO VARCHAR2(10 BYTE), VMSKEY VARCHAR2(10 BYTE),’||
      ‘REC_DATE DATE ) tablespace ‘||tbsname;
      dbms_output.put_line(‘Table DBSRRSTATS created…’);
     end if;
    
    –
    — CHECK TABLE DBSRRIN;
    –
   
     select count(*) into i from dba_tables where table_name = ‘DBSRRIN’;
     if i = 1 then
       execute immediate ‘delete from dbsrrin’;
       dbms_output.put_line(‘Table DBSRRIN cleared…’);
     else
      execute immediate ‘create table dbsrrin (DIFlag char, VMSkey varchar2(30), ‘||
       ‘sdid varchar2(15), shortdesc varchar2(255), findings varchar2(4000), ‘||
       ‘severity varchar2(5)) tablespace ‘||tbsname;
      dbms_output.put_line(‘Table DBSRRIN created…’);
     end if;
   
    –
    — CHECK TABLE DEFUSERS;
    –
   
     select count(*) into i from dba_tables where table_name = ‘DEFUSERS’;
     if i = 1 then
      execute immediate ‘delete from defusers’;
      dbms_output.put_line(‘Table DEFUSERS cleared…’);
     else
      execute immediate ‘create table defusers (uname varchar2(30), ‘||
       ‘pswdtext varchar2(30), pswdhash varchar2(30)) ‘||
       ‘tablespace ‘||tbsname;
      dbms_output.put_line(‘Table DEFUSERS created…’);
     end if;
   
    –
    — CHECK TABLE DEFROLES;
    –
   
     select count(*) into i from dba_tables where table_name = ‘DEFROLES’;
     if i = 1 then
      execute immediate ‘delete from defroles’;
      dbms_output.put_line(‘Table DEFROLES cleared…’);
     else
      execute immediate ‘create table defroles (rname varchar2(30)) ‘||
       ‘tablespace ‘||tbsname;
      dbms_output.put_line(‘Table DEFROLES created…’);
     end if;
   
    –
    — CHECK TABLE DBSRROWN;
    –
   
     select count(*) into i from dba_tables where table_name = ‘DBSRROWN’;
     if i = 1 then
      execute immediate ‘delete from dbsrrown’;
      dbms_output.put_line(‘Table DBSRROWN cleared…’);
     else
      execute immediate ‘create table dbsrrown (owner varchar2(30)) ‘||
       ‘tablespace ‘||tbsname;
      dbms_output.put_line(‘Table DBSRROWN created…’);
     end if;
   
     execute immediate ‘insert into dbsrrown (select distinct owner from dba_objects)’;
     dbms_output.put_line(‘Table DBSRROWN populated…’);
   
    EXCEPTION
     WHEN OTHERS THEN
      ret_val := 1;
   
    END;
 
  END CREATE_TABLE_PROC;

  PROCEDURE CHECK_STIG_PROC AS
    ret_val NUMBER := 0;
    my_code NUMBER;
    my_errm VARCHAR2(3200);
    errloc  VARCHAR2(30) :=’declare’;
    –
    scriptver VARCHAR2(40) :=’V8R1.8′;
    –
    opencat1  INTEGER := 0;
    opencat2  INTEGER := 0;
    opencat3  INTEGER := 0;
    cat1      INTEGER := 0;
    cat2      INTEGER := 0;
    cat3      INTEGER := 0;
    notrevwd  INTEGER := 0;
    notapplic INTEGER := 0;
    i         INTEGER := 0;
    j         INTEGER := 0;
    k         INTEGER := 0;
    l         INTEGER := 0;
    m         INTEGER := 0;
    rptnum    INTEGER := 0;
    expnum    INTEGER := 1;
    outfinding VARCHAR2(2);
    type outfindings_tbl IS TABLE OF VARCHAR2(4000);
    type scriptresults_tbl IS TABLE OF VARCHAR2(4000);
    outfindings outfindings_tbl    :=outfindings_tbl(‘ ‘);
    scriptresults scriptresults_tbl:=scriptresults_tbl(‘ ‘);
    find_idx INTEGER;
    –
    outseverity VARCHAR2(50);
    –
    strvar1   VARCHAR2(6000);
    strvar2   VARCHAR2(4000);
    strvar3   VARCHAR2(2000);
    strvar4   VARCHAR2(2000);
    oraver    VARCHAR2(20);
    oraverno  NUMBER := 0;
    osver     VARCHAR2(100);
    inst_name VARCHAR2(30);
    db_name   VARCHAR2(30);
    defmax    VARCHAR2(10);
    deftime   VARCHAR2(10);
    –
    CURSOR cursor_pdi IS — pdi input data
       SELECT * FROM dbsrrin ORDER BY DIFlag, sdid;
    BEGIN
      ret_val := 0;
      errloc  := ‘set up’;
      dbms_utility.db_version(oraver,strvar2);
      oraverno := to_number(SUBSTR(oraver,1,instr(oraver,’.’)+1));
      osver    := dbms_utility.port_string;
       SELECT instance_name
         INTO inst_name
         FROM v$instance;
       SELECT value
         INTO db_name
         FROM v$parameter
        WHERE name = ‘db_name’;
      –
      dbms_output.enable(20000);
      –
      –insert into dbsrrrpt values (1, ‘*******************************************’);
      errloc := ‘set up complete’;
      –
      FOR pdis IN cursor_pdi
      LOOP
        BEGIN
          outfinding := ‘NR’;
          outfindings.delete;
          outfindings.extend;
          scriptresults.delete;
          scriptresults.extend;
          find_idx              := 1;
          outfindings(find_idx) := pdis.findings;
          –
          IF pdis.sdid = ‘DG0001′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0001
            –      **  DBMS version support
            –      *************************************************
            IF oraverno NOT IN (10.1,10.2,11.1,11.2) THEN
              outfinding    := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1) := ‘The Oracle version ‘||oraver||’ is not a ‘||
              ‘vendor-supported version.’;
              scriptresults(1) := oraver;
            elsif oraverno     IN (10.1) THEN
              outfinding       := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1) := ‘Review the Oracle version ‘||oraver||’ as ‘||
              ‘generated. Ensure an extended support contract is in place ‘||
              ‘for vendor-supported Oracle versions where Premier Support ‘||
              ‘has ended and accept as Documentable in VMS.’;
              scriptresults(1) := oraver;
            ELSE
              outfinding := ‘NF’;
            END IF;
            IF oraver NOT IN (’10.1.0.5.0′, ’10.2.0.4.0′, ’11.1.0.7.0′, ’11.2.0.1.0′, ’11.2.0.3.0′) THEN
              outfinding  := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              find_idx              := find_idx + 1;
              outfindings(find_idx) := ‘The Oracle version ‘||oraver||’ is not at a ‘||
              ‘supported service patchset level.’;
              scriptresults(find_idx) := oraver;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0002′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0002
            –      **  DBMS version upgrade plan
            –      *************************************************
            IF oraverno   > 10.1 THEN
              outfinding := ‘NF’;
            ELSE
              outfinding := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1) := ‘Review the Oracle version ‘||oraver||’ as ‘||
              ‘generated. Ensure documentation proof exists for an upgrade ‘||
              ‘to a supported version and is in progress where extended ‘||
              ‘support ends within 6 months and accept as Documentable in VMS.’;
              scriptresults(1) := oraver;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0015′ THEN
            –      *************************************************
            –      **  Process DB Check DG0015
            –      **  Data Definition Language use
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0015
              IS –DG0015
                 SELECT created, owner, object_name, object_type
                   FROM dba_objects
                  WHERE owner NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND object_type <> ‘SYNONYM’
             ORDER BY created, owner, object_name;
            BEGIN
              FOR objs IN cursor_DG0015
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := objs.created||’.’||objs.owner||’.’||objs.object_name||’ ‘||
                objs.object_type;
                scriptresults(find_idx) := objs.created||’.’||objs.owner||’.’||objs.object_name||’ ‘||
                objs.object_type;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the object owner accounts, ‘||
                ‘creation dates and objects as generated. Confirm the ‘||
                ‘objects are documented, authorized to remain and accept ‘|| ‘as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0051′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0051
            –      **  Database job/batch queue monitoring
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0051A
              IS –DG0051
                 SELECT job, next_date, next_sec, failures, broken
                   FROM dba_jobs
               ORDER BY job;
            BEGIN
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name = ‘job_queue_processes’;
              outfindings.extend;
              find_idx              := find_idx + 1;
              outfindings(find_idx) := ‘The job queue processes parameter value is : ‘||strvar2;
              FOR dbajobs           IN cursor_DG0051A
              LOOP
                outfindings.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := ‘Review the job queue information below: ‘;
                outfindings.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := dbajobs.job||’ ‘||dbajobs.next_date||’ ‘||dbajobs.next_sec||
                ‘ ‘|| dbajobs.failures||’ ‘||dbajobs.broken;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘MR’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0071′ THEN
            –      *************************************************
            –      **  Process DB Check DG0071
            –      **  Password change variance
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0071A
              IS –DG0071
                 SELECT profile, limit
                   FROM dba_profiles
                  WHERE resource_name = ‘PASSWORD_VERIFY_FUNCTION’ AND limit NOT IN (‘NULL’, ‘DEFAULT’)
               ORDER BY profile;
              CURSOR cursor_DG0071B
              IS –DG0071
                 SELECT profile, limit
                   FROM dba_profiles
                  WHERE resource_name = ‘PASSWORD_VERIFY_FUNCTION’ AND limit IN (‘NULL’)
               ORDER BY profile;
            BEGIN
              FOR pwdutils IN cursor_DG0071A
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := pwdutils.profile||’:’||pwdutils.limit;
                scriptresults(find_idx) := pwdutils.profile||’:’||pwdutils.limit;
                outfindings(1)          := ‘Review the profile and limit as ‘||
                ‘generated. Confirm the limit identifies a valid ‘||
                ‘password verify function containing the required code ‘||
                ‘is documented, authorized and accept as Documentable in VMS.’;
              END LOOP;
              FOR pwdutils IN cursor_DG0071B
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := ‘Profiles that do not have a password ‘|| ‘verify function: ‘
                ||pwdutils.profile||’:’||pwdutils.limit;
                scriptresults(find_idx) := pwdutils.profile||’:’||pwdutils.limit;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0075′ THEN
            –      *************************************************
            –      **  Process DB Check DG0075
            –      **  DBMS links to external databases
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0075
              IS –DG0075
                 SELECT db_link, host
                   FROM dba_db_links;
            BEGIN
               SELECT COUNT(*)
                 INTO i
                 FROM dba_db_links;
              IF i          = 0 THEN
                outfinding := ‘NF’;
              ELSE
                outfinding  := ‘O’;
                FOR dblinks IN cursor_DG0075
                LOOP
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                := find_idx + 1;
                  outfindings(find_idx)   := dblinks.db_link||’:’||dblinks.host;
                  scriptresults(find_idx) := dblinks.db_link||’:’||dblinks.host;
                  outfindings(1)          := ‘Review the DB link name and host as ‘||
                  ‘generated. Confirm the link is documented, authorized and ‘||
                  ‘accept as Documentable in VMS.’;
                END LOOP;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0077′ THEN
            –      *************************************************
            –      **  Process DB Check DG0077
            –      **  Production data protection on a shared system
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0077
              IS –DG0077
                 SELECT grantee, privilege
                   FROM dba_sys_privs
                  WHERE ((privilege LIKE ‘CREATE%’ OR privilege LIKE ‘ALTER%’ OR privilege LIKE ‘DROP%’
                  ) AND privilege <> ‘CREATE SESSION’) AND grantee NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND grantee NOT IN
                (SELECT rname
                   FROM defroles
                )
             ORDER BY grantee;
            BEGIN
              FOR devers IN cursor_DG0077
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := devers.grantee||’:’||devers.privilege;
                scriptresults(find_idx) := devers.grantee||’:’||devers.privilege;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts and privileges as ‘||
                ‘generated. Confirm the account(s) and privileges are ‘||
                ‘documented, authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0090′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0090
            –      **  Sensitive data identification and encryption
            –      *************************************************
            DECLARE
              –     procedure colcrypt as
              –      cursor cursor_DG0090A is  –DG0090
              –       select owner, table_name, column_name
              –       from dba_encrypted_columns
              –       order by owner, table_name;
              –     BEGIN
              –      for colcrypts in cursor_DG0090A loop
              –       outfindings.extend;
              –       find_idx := find_idx + 1;
              –       outfindings(find_idx) := ‘Review the list of encrypted columns below: ‘;
              –       outfindings.extend;
              –       find_idx := find_idx + 1;
              –       outfindings(find_idx) :=
              –        colcrypts.owner||’ ‘||colcrypts.table_name||’ ‘||colcrypts.column_name;
              –      end loop;
              –     END;
              –     procedure tablecrypt as
              –      cursor cursor_DG0090B is  –DG0090
              –       select tablespace_name from dba_tablespaces
              –       where encrypted = ‘YES’
              –       order by tablespace_name;
              –     BEGIN
              –      for tabcrypts in cursor_DG0090B loop
              –       outfindings.extend;
              –       find_idx := find_idx + 1;
              –       outfindings(find_idx) := ‘Review the list of encrypted tablespaces below: ‘;
              –       outfindings.extend;
              –       find_idx := find_idx + 1;
              –       outfindings(find_idx) := tabcrypts.tablespace_name;
              –      end loop;
              –     END;
            BEGIN
              –     if oraverno > 10.1 then
              –      colcrypt;
              –     end if;
              –     if oraverno > 10.2 then
              –      tablecrypt;
              –     end if;
              IF find_idx   > 1 THEN
                outfinding := ‘MR’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0091′ THEN
            –      *************************************************
            –      **  Process DB Check DG0091
            –      **  DBMS source code encoding or encryption
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0091
              IS –DG0091
                 SELECT owner, name
                   FROM dba_source
                  WHERE line = 1 AND owner NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND owner NOT LIKE ‘OEM%’ AND text NOT LIKE ‘%wrapped%’ AND type IN (‘PROCEDURE’,
                ‘FUNCTION’, ‘PACKAGE BODY’);
            BEGIN
              FOR procs IN cursor_DG0091
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := procs.owner||’.’||procs.name;
                scriptresults(find_idx) := procs.owner||’.’||procs.name;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts and objects as ‘||
                ‘generated. Confirm the objects are documented, authorized ‘||
                ‘and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0103′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0103
            –      **  DBMS listener network restrictions
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name = ‘service_names’;
            outfinding  := ‘MR’;
            outfindings.extend;
            find_idx              := find_idx + 1;
            outfindings(find_idx) := ‘Your service name is: ‘||upper(strvar2);
            –
          ELSIF pdis.sdid = ‘DG0117′ THEN
            –      *************************************************
            –      **  Process DB Check DG0117
            –      **  DBMS administrative privilege assignment
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0117
              IS –DG0117
                 SELECT grantee, privilege
                   FROM dba_sys_privs
                  WHERE grantee NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND grantee NOT IN
                (SELECT DISTINCT granted_role
                   FROM dba_role_privs
                ) AND privilege <> ‘UNLIMITED TABLESPACE’
             ORDER BY grantee;
            BEGIN
              FOR privs IN cursor_DG0117
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := privs.grantee||’:’||privs.privilege;
                scriptresults(find_idx) := privs.grantee||’:’||privs.privilege;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0133′ THEN
            –      *************************************************
            –      **  Process DB Check DG0133
            –      **  DBMS Account lock time
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0133
              IS –DG0133
                 SELECT profile, limit
                   FROM dba_profiles
                  WHERE resource_name = ‘PASSWORD_LOCK_TIME’ AND limit NOT IN (‘UNLIMITED’, ‘DEFAULT’);
            BEGIN
              FOR proflocks IN cursor_DG0133
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := proflocks.profile||’:’||proflocks.limit;
                scriptresults(find_idx) := proflocks.profile||’:’||proflocks.limit;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0176′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0176
            –      **  DBMS audit log backups
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name = ‘audit_trail’;
            outfinding  := ‘MR’;
            outfindings.extend;
            find_idx              := find_idx + 1;
            outfindings(find_idx) := ‘Your audit_trail setting is: ‘||upper(strvar2);
            –
          ELSIF pdis.sdid = ‘DG0191′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0191
            –      **  DBMS credential protection
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name = ‘remote_login_passwordfile’;
            outfinding  := ‘MR’;
            outfindings.extend;
            find_idx              := find_idx + 1;
            outfindings(find_idx) := ‘Your remote_login_passwordfile parameter is set to: ‘||upper(
            strvar2);
            –
          ELSIF pdis.sdid = ‘DG0008′ THEN
            –      *************************************************
            –      **  Process DB Check DG0008
            –      **  DBMS application object ownership
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0008
              IS –DG0008
                 SELECT owner
                   FROM dbsrrown
                  WHERE owner NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND owner NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                );
            BEGIN
              FOR owners IN cursor_DG0008
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := owners.owner;
                scriptresults(find_idx) := owners.owner;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the object owner accounts as ‘||
                ‘generated. Confirm the account(s) are documented, ‘||
                ‘authorized to own database objects and accept as ‘|| ‘Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0155′ THEN
            –      *************************************************
            –      **  Process DB Check DO0155
            –      **  Oracle default tablespace assignment
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0155
              IS –DO0155
                 SELECT username
                   FROM dba_users
                  WHERE (default_tablespace = ‘SYSTEM’ OR temporary_tablespace = ‘SYSTEM’) AND username
                  NOT                      IN
                  (SELECT uname
                     FROM defusers
                  );
            BEGIN
              FOR users IN cursor_DO0155
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := users.username;
                scriptresults(find_idx) := users.username;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘The following user accounts have the SYSTEM tablespace ‘||
                ‘specified as the default tablespace: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0157′ THEN
            –      *************************************************
            –      **  Process DB Check DO0157
            –      **  Oracle storage use privileges
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0157
              IS –DO0157
                 SELECT username, tablespace_name
                   FROM dba_ts_quotas
                  WHERE username NOT IN
                  (SELECT owner
                     FROM dbsrrown
                  ) AND username NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                );
            BEGIN
              FOR users IN cursor_DO0157
              LOOP
                IF instr(strvar2,users.username||’:’||users.tablespace_name) = 0 THEN
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                := find_idx + 1;
                  outfindings(find_idx)   := users.username||’:’||users.tablespace_name;
                  scriptresults(find_idx) := users.username||’:’||users.tablespace_name;
                END IF;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the list of accounts and tablespaces ‘||
                ‘as generated. Confirm accounts assigned tablespace quotas are ‘||
                ‘documented, authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0004′ THEN
            –      *************************************************
            –      **  Process DB Check DG0004
            –      **  DBMS application object owner accounts
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0004
              IS –DG0004
                 SELECT owner
                   FROM dbsrrown, dba_users
                  WHERE owner NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND owner IN
                (SELECT DISTINCT owner
                   FROM dba_objects
                  WHERE object_type <> ‘SYNONYM’
                ) AND owner          = username AND upper(account_status) NOT LIKE ‘%LOCKED%’;
            BEGIN
              FOR owners IN cursor_DG0004
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := owners.owner;
                scriptresults(find_idx) := owners.owner;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the object owner accounts as ‘||
                ‘generated. Confirm the account(s) are documented, ‘||
                ‘authorized to remain enabled and accept as Documentable ‘|| ‘in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0116′ THEN
            –      *************************************************
            –      **  Process DB Check DG0116
            –      **  DBMS privileged role assignments
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0116
              IS –DG0116
                 SELECT grantee, granted_role
                   FROM dba_role_privs
                  WHERE grantee NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND grantee NOT IN (‘DBA’, ‘OLAP_USER’, ‘IP’, ‘ORASSO_PUBLIC’, ‘PORTAL_PUBLIC’,
                ‘DATAPUMP_EXP_FULL_DATABASE’, ‘DATAPUMP_IMP_FULL_DATABASE’, ‘EXP_FULL_DATABASE’,
                ‘IMP_FULL_DATABASE’, ‘OLAP_DBA’, ‘EXECUTE_CATALOG_ROLE’, ‘SELECT_CATALOG_ROLE’,
                ‘JAVASYSPRIV’) AND grantee NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                ) AND grantee NOT   IN
                (SELECT owner
                   FROM dbsrrown
                ) AND granted_role IN
                (SELECT rname
                   FROM defroles
                ) AND granted_role NOT IN (‘CONNECT’, ‘RESOURCE’, ‘AUTHENTICATEDUSER’)
             ORDER BY grantee;
            BEGIN
              FOR grants IN cursor_DG0116
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := grants.grantee||’:’||grants.granted_role;
                scriptresults(find_idx) := grants.grantee||’:’||grants.granted_role;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts and role assignments ‘||
                ‘as generated. Confirm the account(s) and role assignments ‘||
                ‘are documented, authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0190′ THEN
            –      *************************************************
            –      **  Process DB Check DO0190
            –      **  Oracle audit table ownership
            –      *************************************************
             SELECT COUNT(*)
               INTO i
               FROM dba_tables
              WHERE table_name = ‘AUD$’;
            IF i              <> 0 THEN
               SELECT owner
                 INTO strvar2
                 FROM dba_tables
                WHERE table_name = ‘AUD$’ AND rownum = 1;
              IF strvar2         = ‘SYS’ OR strvar2 = ‘SYSTEM’ THEN
                outfinding      := ‘NF’;
              ELSE
                outfinding := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1)   := ‘The AUD$ table is not owned by SYS or SYSTEM. ‘;
                scriptresults(1) := strvar2;
              END IF;
            ELSE
              outfinding := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The AUD$ table does not exist. ‘;
              scriptresults(1) := i;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0221′ THEN
            –      *************************************************
            –      **  Process DB Check DO0221
            –      **  Oracle default SID name
            –      *************************************************
            IF upper(inst_name) = ‘ORCL’ THEN
              outfinding       := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The Oracle instance name is set to the default ‘|| ‘name of ORCL.’;
              scriptresults(1) := upper(inst_name);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0231′ THEN
            –      *************************************************
            –      **  Process DB Check DO0231
            –      **  Oracle application object owner tablespaces
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0231
              IS –DO0231
                SELECT DISTINCT owner, tablespace_name
                   FROM dba_tables
                  WHERE owner NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND tablespace_name IS NOT NULL AND (owner, table_name) NOT IN
                (SELECT owner, table_name
                   FROM dba_external_tables
                )
             ORDER BY tablespace_name;
            BEGIN
              FOR users IN cursor_DO0231
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := users.owner||’:’||users.tablespace_name;
                scriptresults(find_idx) := users.owner||’:’||users.tablespace_name;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the list of accounts and tablespaces ‘||
                ‘as generated. Confirm accounts are documented, authorized and ‘||
                ‘accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0233′ THEN
            –      *************************************************
            –      **  Process DB Check DO0233
            –      **  Oracle DIAGNOSTIC_DEST parameter
            –      *************************************************
            IF oraverno   < 11 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name = ‘diagnostic_dest’;
              outfinding  := ‘MR’;
              find_idx    := find_idx + 1;
              outfindings.extend;
              outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0235′ THEN
            –      *************************************************
            –      **  Process DB Check DO0235
            –      **  Oracle USER_DUMP_DEST parameter
            –      *************************************************
            IF oraverno   > 10.2 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name = ‘user_dump_dest’;
              outfinding  := ‘MR’;
              find_idx    := find_idx + 1;
              outfindings.extend;
              outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0236′ THEN
            –      *************************************************
            –      **  Process DB Check DO0236
            –      **  Oracle BACKGROUND_DUMP_DEST parameter
            –      *************************************************
            IF oraverno   > 10.2 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name = ‘background_dump_dest’;
              outfinding  := ‘MR’;
              find_idx    := find_idx + 1;
              outfindings.extend;
              outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0237′ THEN
            –      *************************************************
            –      **  Process DB Check DO0237
            –      **  Oracle CORE_DUMP_DEST parameter
            –      *************************************************
            IF oraverno   > 10.2 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name = ‘core_dump_dest’;
              outfinding  := ‘MR’;
              find_idx    := find_idx + 1;
              outfindings.extend;
              outfindings(find_idx) := ‘Review the host permissions for directory ‘||strvar2;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0238′ THEN
            –      *************************************************
            –      **  Process DB Check DO0238
            –      **  Oracle LOG_ARCHIVE_DEST parameter
            –      *************************************************
             SELECT log_mode
               INTO strvar2
               FROM v$database;
            IF strvar2    = ‘NOARCHIVELOG’ THEN
              outfinding := ‘NF’;
            ELSE
               SELECT COUNT(*)
                 INTO i
                 FROM v$parameter
                WHERE name = ‘log_archive_dest’ AND value IS NULL;
               SELECT COUNT(*)
                 INTO j
                 FROM v$parameter
                WHERE name = ‘log_archive_duplex_dest’ AND value IS NULL;
               SELECT COUNT(*)
                 INTO k
                 FROM v$parameter
                WHERE name LIKE ‘log_archive_dest_%’ AND value IS NULL;
              IF (i                                             = 1 AND j = 1 AND k = 10) THEN
                outfinding                                     := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1)   := ‘Archiving is active with no defined logging destinations.’;
                scriptresults(1) := i||’ ‘||j||’ ‘||k;
              elsif ( i           = 0 AND k > 10) THEN
                outfinding       := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1)   := ‘Archiving is active with conflicting logging destinations.’;
                scriptresults(1) := i||’ ‘||k;
              ELSE
                 SELECT value
                   INTO strvar3
                   FROM v$parameter
                  WHERE name = ‘log_archive_dest’;
                 SELECT value
                   INTO strvar4
                   FROM v$parameter
                  WHERE name = ‘log_archive_dest_1′;
                outfinding  := ‘MR’;
                find_idx    := find_idx + 1;
                outfindings.extend;
                outfindings(find_idx) := ‘Review the host permissions for directories ‘||SUBSTR(strvar3
                ,1,1950)||’ and ‘||SUBSTR(strvar4,1,1950);
              END IF;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0240′ THEN
            –      *************************************************
            –      **  Process DB Check DO0240
            –      **  Oracle OS_ROLES parameter
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘os_roles’;
            IF upper(strvar2) = ‘TRUE’ THEN
              outfinding     := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The OS_Roles parameter is not set to FALSE.’;
              scriptresults(1) := upper(strvar2);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0142′ THEN
            –      *************************************************
            –      **  Process DB Check DG0142
            –      **  DBMS Privileged action audit
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘audit_sys_operations’;
            IF upper(strvar2) = ‘FALSE’ THEN
              outfinding     := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The AUDIT_SYS_OPERATIONS parameter is not set ‘|| ‘to TRUE.’;
              scriptresults(1) := upper(strvar2);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0192′ THEN
            –      *************************************************
            –      **  Process DB Check DG0192
            –      **  DBMS fully-qualified name for remote access
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘global_names’;
            IF upper(strvar2) = ‘FALSE’ THEN
              outfinding     := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The GLOBAL_NAMES parameter is not set to TRUE.’;
              scriptresults(1) := upper(strvar2);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0243′ THEN
            –      *************************************************
            –      **  Process DB Check DO0243
            –      **  Oracle _TRACE_FILES_PUBLIC parameter
            –      *************************************************
             SELECT COUNT(*)
               INTO i
               FROM v$parameter
              WHERE name  = ‘_trace_files_public’;
            IF i          = 0 THEN
              outfinding := ‘NF’;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name      = ‘_trace_files_public’;
              IF upper(strvar2) = ‘TRUE’ THEN
                outfinding     := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1)   := ‘The _TRACE_FILES_PUBLIC parameter is not set ‘|| ‘to FALSE.’;
                scriptresults(1) := upper(strvar2);
              ELSE
                outfinding := ‘NF’;
              END IF;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0250′ THEN
            –      *************************************************
            –      **  Process DB Check DO0250
            –      **  Oracle database link usage
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0250
              IS –DO0250
                 SELECT owner, db_link
                   FROM dba_db_links;
            BEGIN
               SELECT COUNT(*)
                 INTO i
                 FROM dba_db_links;
              IF i          = 0 THEN
                outfinding := ‘NF’;
              ELSE
                FOR dblinks IN cursor_DO0250
                LOOP
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                := find_idx + 1;
                  outfindings(find_idx)   := dblinks.owner||’:’||dblinks.db_link;
                  scriptresults(find_idx) := dblinks.owner||’:’||dblinks.db_link;
                END LOOP;
                IF find_idx   > 1 THEN
                  outfinding := ‘O’;
                  outfindings.extend;
                  outfindings(1) := ‘Review the list of accounts and database ‘||
                  ‘links as generated. Confirm database links are documented, ‘||
                  ‘authorized and accept as Documentable in VMS. Confirm ‘||
                  ‘database links used for replication are documented, ‘||
                  ‘authorized and accept as Documentable in VMS.’;
                END IF;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0260′ THEN
            –      *************************************************
            –      **  Process DB Check DO0260
            –      **  Oracle control file availability
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name            = ‘control_files’;
            IF instr(strvar2,’,’,1) = 0 THEN
              outfinding           := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘Two or more control files have not been defined.’;
              scriptresults(1) := strvar2;
            ELSE
              outfinding := ‘MR’;
              outfindings.extend;
              outfindings(1) := ‘Review the location of files ‘||strvar2||’ on host.’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0270′ THEN
            –      *************************************************
            –      **  Process DB Check DO0270
            –      **  Oracle redo log file availability
            –      *************************************************
             SELECT COUNT(*)
               INTO i
               FROM v$log;
             SELECT COUNT(*)
               INTO j
               FROM v$log
              WHERE members > 1;
            IF i            > 1 AND j > 1 THEN
              outfinding   := ‘NF’;
            ELSE
              outfinding := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1) := ‘Two (2) or more redo log groups ‘||
              ‘with one or more members each should be defined ‘||
              ‘on a RAID-enabled storage device (or) Two (2) or ‘||
              ‘more redo log groups with two or more members ‘||
              ‘each should be defined on a non-RAID storage device.’;
              scriptresults(1) := i||’,’||j;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0009′ THEN
            –      *************************************************
            –      **  Process DB Home Check DG0009
            –      **  DBMS software library permissions
            –      *************************************************
            IF ((instr(osver,’WIN’,1) > 0) OR (instr(osver,’MVS’,1) > 0)) THEN
              outfinding             := ‘NA’;
            ELSE
              outfinding := ‘MR’;
              find_idx   := find_idx + 1;
              outfindings.extend;
              outfindings(find_idx) := ‘Check umask setting on host for Oracle ‘|| ‘owner account.’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0123′ THEN
            –      *************************************************
            –      **  Process DB Check DG0123
            –      **  DBMS Administrative data access
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0123
              IS –DG0123
                 SELECT grantee, privilege, owner, table_name
                   FROM dba_tab_privs
                  WHERE (owner = ‘SYS’ OR table_name LIKE ‘DBA_%’) AND privilege <> ‘EXECUTE’ AND
                  grantee NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND grantee NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                ) AND grantee NOT   IN
                (SELECT rname
                   FROM defroles
                )
             ORDER BY grantee;
            BEGIN
              FOR grantees IN cursor_DG0123
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := grantees.grantee||’:’||grantees.privilege||’ to ‘||
                grantees.table_name;
                scriptresults(find_idx) := grantees.grantee||’:’||grantees.privilege||’ to ‘||
                grantees.table_name;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts, privileges, object ‘||
                ‘owners and objects as generated. Confirm the account(s) ‘||
                ‘and privilege assignments to the objects are documented, ‘||
                ‘authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0320′ THEN
            –      *************************************************
            –      **  Process DB Check DO0320
            –      **  Oracle PUBLIC role privileges
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0320
              IS –DO0320
                 SELECT granted_role
                   FROM dba_role_privs
                  WHERE grantee = ‘PUBLIC’;
            BEGIN
              FOR pubroles IN cursor_DO0320
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := pubroles.granted_role;
                scriptresults(find_idx) := pubroles.granted_role;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘PUBLIC has been granted the following roles: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0340′ THEN
            –      *************************************************
            –      **  Process DB Check DO0340
            –      **  Oracle application administration roles enablement
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0340
              IS –DO0340
                 SELECT grantee, granted_role
                   FROM dba_role_privs
                  WHERE default_role                         = ‘YES’ AND grantee NOT IN (‘DBA’, ‘SYS’, ‘SYSTEM’) AND
                  granted_role NOT                                                   IN (‘CTXSYS’, ‘DBA’, ‘IMP_FULL_DATABASE’,
                  ‘MDSYS’, ‘SYS’, ‘WKSYS’) AND granted_role                          IN
                  (SELECT grantee
                     FROM dba_sys_privs
                    WHERE privilege LIKE ‘%USER’
                  ) AND grantee NOT IN
                (SELECT DISTINCT owner
                   FROM dba_tables
                ) AND grantee NOT IN
                (SELECT DISTINCT username
                   FROM dba_users
                  WHERE upper(account_status) LIKE ‘%LOCKED%’
                );
            BEGIN
              FOR grantees IN cursor_DO0340
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := grantees.grantee||’:’||grantees.granted_role;
                scriptresults(find_idx) := grantees.grantee||’:’||grantees.granted_role;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts and roles as generated. ‘||
                ‘Confirm the account(s) and role assignments are documented, ‘||
                ‘authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0350′ THEN
            –      *************************************************
            –      **  Process DB Check DO0350
            –      **  Oracle system privilege assignment
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0350
              IS –DO0350
                 SELECT grantee, privilege
                   FROM dba_sys_privs
                  WHERE privilege <> ‘CREATE SESSION’ AND grantee NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND grantee NOT IN
                (SELECT rname
                   FROM defroles
                ) AND grantee NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                ) AND grantee NOT   IN
                (SELECT username
                   FROM dba_users
                  WHERE account_status LIKE ‘%LOCKED%’
                );
            BEGIN
              FOR grantees IN cursor_DO0350
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := grantees.grantee||’:’||grantees.privilege;
                scriptresults(find_idx) := grantees.grantee||’:’||grantees.privilege;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts and roles as generated. ‘||
                ‘Confirm the account(s) and role assignments are documented, ‘||
                ‘authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0360′ THEN
            –      *************************************************
            –      **  Process DB Home Check DO0360
            –      **  DBMS mid-tier application account access
            –      *************************************************
            DECLARE
              CURSOR cursor_DO0360
              IS –DO0360
                 SELECT name, ext_username
                   FROM user$
                  WHERE ext_username <> NULL;
            BEGIN
               SELECT COUNT(*)
                 INTO i
                 FROM user$
                WHERE ext_username <> NULL;
              IF i                  = 0 THEN
                outfinding         := ‘NF’;
              ELSE
                FOR users IN cursor_DO0360
                LOOP
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                := find_idx + 1;
                  outfindings(find_idx)   := users.name||’:’||users.ext_username;
                  scriptresults(find_idx) := users.name||’:’||users.ext_username;
                END LOOP;
                IF find_idx   > 1 THEN
                  outfinding := ‘O’;
                  outfindings.extend;
                  outfindings(1) := ‘Review the accounts and external account  ‘||
                  ‘names as generated. Confirm the external account(s) utilize ‘||
                  ‘PKI authentication, are documented, authorized and accept as ‘||
                  ‘Documentable in VMS.’;
                END IF;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0085′ THEN
            –      *************************************************
            –      **  Process DB Check DG0085
            –      **  Minimum DBA privilege assignment
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0085
              IS –DG0085
                 SELECT username
                   FROM v$pwfile_users
                  WHERE username NOT IN
                  (SELECT grantee
                     FROM dba_role_privs
                    WHERE granted_role = ‘DBA’
                  ) AND username      <> ‘INTERNAL’ AND (sysdba = ‘TRUE’ OR sysoper = ‘TRUE’);
            BEGIN
              FOR pwusers IN cursor_DG0085
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := pwusers.username;
                scriptresults(find_idx) := pwusers.username;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts as generated. Confirm ‘||
                ‘the account(s) are documented, authorized and accept as ‘|| ‘Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0014′ THEN
            –      *************************************************
            –      **  Process DB Check DG0014
            –      **  DBMS demonstration and sample databases
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0014
              IS –DG0014
                 SELECT username
                   FROM dba_users
                  WHERE username IN (‘ALLUSERS’, ‘AOLDEMO’, ‘AQDEMO’, ‘AQJAVA’, ‘AQUSER’, ‘AUC_GUEST’,
                  ‘BI’, ‘CTXDEMO’, ‘DEMO8′, ‘DEV2000_DEMOS’, ‘HR’, ‘IX’, ‘OE’, ‘ORABAMSAMPLES’, ‘PM’,
                  ‘PORTAL_DEMO’, ‘PORTAL30_DEMO’, ‘QS’, ‘SCOTT’, ‘SECDEMO’, ‘SH’, ‘WK_TEST’) OR
                  username LIKE ‘QS_%’;
            BEGIN
              FOR demos IN cursor_DG0014
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := demos.username;
                scriptresults(find_idx) := demos.username;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the object owner accounts as ‘||
                ‘generated. Confirm the account(s) are documented, ‘||
                ‘authorized to remain and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO0420′ THEN
            –      *************************************************
            –      **  Process DB Check DO0420
            –      **  Oracle XML DB
            –      *************************************************
             SELECT COUNT(*)
               INTO i
               FROM v$parameter
              WHERE name = ‘dispatchers’ AND value LIKE ‘%XDB%’;
             SELECT COUNT(*)
               INTO j
               FROM dba_users
              WHERE username = ‘XDB’;
            IF j             = 0 THEN
              outfinding    := ‘NF’;
            elsif i          = 0 THEN
              outfinding    := ‘NF’;
            ELSE
              outfinding := ‘MR’;
              find_idx   := find_idx + 1;
              outfindings.extend;
              outfindings(find_idx) := ‘Confirm the use of XML DB dispatchers is ‘||
              ‘documented in the System Security Plan and authorized by the IAO.’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO0430′ THEN
            –      *************************************************
            –      **  Process DB Home Check DO0430
            –      **  Oracle management agent use
            –      *************************************************
             SELECT COUNT(*)
               INTO i
               FROM dba_users
              WHERE upper(username) = ‘DBSNMP’;
            IF i                    = 0 THEN
              outfinding           := ‘NF’;
            ELSE
               SELECT account_status
                 INTO strvar2
                 FROM dba_users
                WHERE upper(username) = ‘DBSNMP’;
              IF upper(strvar2)      <> ‘OPEN’ THEN
                outfinding           := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘SNMP Management agent is installed but not in use. ‘||
                ‘Uninstall if not documented in the System Security Plan and ‘||
                ‘authorized by the IAO.’;
              ELSE
                outfinding := ‘MR’;
                find_idx   := find_idx + 1;
                outfindings.extend;
                outfindings(find_idx) := ‘Confirm the use of Oracle Management Agent is ‘||
                ‘documented in the System Security Plan and authorized by the IAO.’;
              END IF;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0029′ THEN
            –      *************************************************
            –      **  Process DB Check DG0029
            –      **  Database auditing
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘audit_trail’;
            IF upper(strvar2) = ‘NONE’ THEN
              outfinding     := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘Auditing is not enabled.’;
              scriptresults(1) := upper(strvar2);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3440′ THEN
            –      *************************************************
            –      **  Process DB Check DO3440
            –      **  Oracle DBA role assignment
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3440
              IS –DO3440
                 SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’ AND grantee NOT IN (‘SYS’, ‘SYSTEM’, ‘SYSMAN’, ‘CTXSYS’,
                  ‘WKSYS’);
            BEGIN
              FOR grantees IN cursor_DO3440
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := grantees.grantee;
                scriptresults(find_idx) := grantees.grantee;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts as generated. Confirm ‘||
                ‘the account(s) and role assignments are documented, ‘||
                ‘authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0128′ THEN
            –      *************************************************
            –      **  Process DB Check DG0128
            –      **  DBMS default passwords
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0128A
              IS –DG0128
                 SELECT DECODE(type#,0,’ROLE’,1,’USER’) type, name, DECODE(astatus, 0, ‘OPEN’, 1,
                  ‘EXPIRED’, 2, ‘EXPIRED(GRACE)’, 4, ‘LOCKED(TIMED)’, 8, ‘LOCKED’, 5,
                  ‘EXPIRED and LOCKED(TIMED)’, 6, ‘EXPIRED(GRACE) and LOCKED(TIMED)’, 9,
                  ‘EXPIRED and LOCKED’, 10, ‘EXPIRED(GRACE) and LOCKED’) account_status
                   FROM user$, defusers
                  WHERE user$.name = defusers.uname AND user$.password = defusers.pswdhash AND
                  user$.astatus    < 4;
              CURSOR cursor_DG0128B
              IS –DG0128
                 SELECT DECODE(type#,0,’ROLE’,1,’USER’) type, name, DECODE(astatus, 0, ‘OPEN’, 1,
                  ‘EXPIRED’, 2, ‘EXPIRED(GRACE)’, 4, ‘LOCKED(TIMED)’, 8, ‘LOCKED’, 5,
                  ‘EXPIRED and LOCKED(TIMED)’, 6, ‘EXPIRED(GRACE) and LOCKED(TIMED)’, 9,
                  ‘EXPIRED and LOCKED’, 10, ‘EXPIRED(GRACE) and LOCKED’) account_status
                   FROM user$, defusers
                  WHERE user$.name = defusers.uname AND user$.password = defusers.pswdhash AND
                  user$.astatus    > 3 AND user$.name <> ‘XS$NULL’;
            BEGIN
              i        := 0;
              j        := 1;
              FOR usrs IN cursor_DG0128A
              LOOP
                i := i + 1;
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
                scriptresults(find_idx) := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
              END LOOP;
              IF i          > 0 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘The following default accounts were found ‘||
                ‘unlocked with default passwords assigned: ‘;
              ELSE
                pdis.severity := ’2′;
              END IF;
              j := j + i; — keep count of how many were found in 3445A
              i := 0;
              outfindings.extend;   — leave a space for heading if any found in 3445B
              scriptresults.extend; — leave a space for heading if any found in 3445B
              find_idx := find_idx + 1;
              FOR usrs            IN cursor_DG0128B
              LOOP
                i := i + 1;
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
                scriptresults(find_idx) := usrs.type||’ ‘||usrs.name||’ ‘||usrs.account_status;
              END LOOP;
              IF i          > 0 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(j + 1) := ‘The following default accounts were found ‘||
                ‘locked with the default passwords assigned: ‘;
              END IF;
              IF i          = 0 AND j = 1 THEN
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0032′ THEN
            –      *************************************************
            –      **  Process DB Check DG0032
            –      **  DBMS audit record access
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0032
              IS –DG0032
                 SELECT grantee
                   FROM dba_tab_privs
                  WHERE table_name = ‘AUD$’ AND grantee NOT IN (‘DELETE_CATALOG_ROLE’) AND grantee NOT
                                                            IN
                  (SELECT grantee
                     FROM dba_role_privs
                    WHERE granted_role = ‘DBA’
                  )
             ORDER BY grantee;
            BEGIN
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name             = ‘audit_trail’;
              IF instr(strvar2,’db’,1) > 0 THEN
                FOR grantees          IN cursor_DG0032
                LOOP
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                := find_idx + 1;
                  outfindings(find_idx)   := grantees.grantee;
                  scriptresults(find_idx) := grantees.grantee;
                END LOOP;
                IF find_idx   > 1 THEN
                  outfinding := ‘O’;
                  outfindings.extend;
                  outfindings(1) := ‘Review the accounts granted access to ‘||
                  ‘the AUD$ table as generated. Confirm the account(s) are ‘||
                  ‘documented, authorized and accept as Documentable in VMS.’;
                ELSE
                  outfinding := ‘NF’;
                END IF;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3447′ THEN
            –      *************************************************
            –      **  Process DB Check DO3447
            –      **  Oracle OS_AUTHENT_PREFIX parameter
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘os_authent_prefix’;
            IF upper(strvar2) = ‘OPS$’ THEN
              outfinding     := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The OS_AUTHENT_PREFIX is not set to a value other than OPS$’;
              scriptresults(1) := upper(strvar2);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3451′ THEN
            –      *************************************************
            –      **  Process DB Check DO3451
            –      **  WITH GRANT OPTION privileges
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3451
              IS –DO3451
                 SELECT owner, grantee, table_name
                   FROM dba_tab_privs
                  WHERE grantable = ‘YES’ AND grantee NOT IN
                  (SELECT DISTINCT owner
                     FROM dba_objects
                  ) AND grantee NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                ) AND grantee NOT   IN
                (SELECT uname
                   FROM defusers
                )
             ORDER BY grantee;
            BEGIN
              FOR grantees IN cursor_DO3451
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := grantees.grantee||’:’||grantees.owner||’.’||
                grantees.table_name;
                scriptresults(find_idx) := grantees.grantee||’:’||grantees.owner||’.’||
                grantees.table_name;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘The following users have been granted ‘||
                ‘grantable privileges to the named object: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0119′ THEN
            –      *************************************************
            –      **  Process DB Check DG0119
            –      **  DBMS application user role privileges
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0119
              IS –DG0119
                 SELECT grantee, owner, table_name, privilege
                   FROM dba_tab_privs
                  WHERE privilege                                                 IN (‘ALTER’, ‘REFERENCES’, ‘INDEX’) AND table_name NOT IN (
                  ‘SDO_IDX_TAB_SEQUENCE’, ‘XDB$ACL’, ‘XDB_ADMIN’) AND grantee NOT IN
                  (SELECT grantee
                     FROM dba_role_privs
                    WHERE granted_role = ‘DBA’
                  ) AND grantee NOT   IN
                (SELECT rname
                   FROM defroles
                ) AND grantee NOT IN
                (SELECT uname
                   FROM defusers
                ) AND grantee NOT IN
                (SELECT owner
                   FROM dbsrrown
                );
            BEGIN
              FOR grantees IN cursor_DG0119
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := grantees.grantee||’:’||grantees.owner||’.’||
                grantees.table_name||’:’||grantees.privilege;
                scriptresults(find_idx) := grantees.grantee||’:’||grantees.owner||’.’||
                grantees.table_name||’:’||grantees.privilege;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘The following users have been granted ALTER or REFERENCES ‘||
                ‘privileges to the specified objects: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3475′ THEN
            –      *************************************************
            –      **  Process DB Check DO3475
            –      **  Oracle PUBLIC access to restricted packages
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3475
              IS –DO3475
                 SELECT table_name
                   FROM dba_tab_privs
                  WHERE grantee = ‘PUBLIC’ AND privilege = ‘EXECUTE’ AND table_name IN (‘UTL_SMTP’,
                  ‘UTL_TCP’, ‘UTL_HTTP’, ‘UTL_FILE’, ‘DBMS_RANDOM’, ‘DBMS_LOB’, ‘DBMS_SQL’,
                  ‘DBMS_SYS_SQL’, ‘DBMS_JOB’, ‘DBMS_BACKUP_RESTORE’, ‘DBMS_OBFUSCATION_TOOLKIT’);
            BEGIN
              FOR grantees IN cursor_DO3475
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := grantees.table_name;
                scriptresults(find_idx) := grantees.table_name;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘PUBLIC has been granted EXECUTE privileges to restricted packages: ‘
                ;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0125′ THEN
            –      *************************************************
            –      **  Process DB Check DG0125
            –      **  DBMS account password expiration
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0125
              IS –DG0125
                 SELECT profile, limit
                   FROM dba_profiles, (SELECT limit AS def_pwd_life_tm
                     FROM dba_profiles
                    WHERE profile = ‘DEFAULT’ AND resource_name = ‘PASSWORD_LIFE_TIME’
                  )
                WHERE resource_name      = ‘PASSWORD_LIFE_TIME’ AND ((REPLACE(limit,’DEFAULT’,
                def_pwd_life_tm)        IN (‘UNLIMITED’, NULL)) OR (lpad(REPLACE(limit,’DEFAULT’,
                def_pwd_life_tm),40,’0′) > lpad(’60′,40,’0′)));
            BEGIN
              FOR profiles IN cursor_DG0125
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := profiles.profile||’:’||profiles.limit;
                scriptresults(find_idx) := profiles.profile||’:’||profiles.limit;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the profile and limit as generated. ‘||
                ‘Confirm the limits returned are documented, authorized and ‘||
                ‘accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0126′ THEN
            –      *************************************************
            –      **  Process DB Check DG0126
            –      **  DBMS account password reuse
            –      *************************************************
            DECLARE
              –  Get profile, reuse max and reuse time for defined and default profiles
              CURSOR cursor_DG0126A
              IS –DG0126
                 SELECT p1.profile profile, p1.limit REUSE_MAX, p2.limit REUSE_TIME
                   FROM dba_profiles p1, dba_profiles p2
                  WHERE p1.profile                          = p2.profile AND p1.profile = ‘DEFAULT’ AND p1.resource_name =
                  ‘PASSWORD_REUSE_MAX’ AND p2.resource_name = ‘PASSWORD_REUSE_TIME’
               ORDER BY p1.profile;
              CURSOR cursor_DG0126B
              IS –DG0126
                 SELECT p1.profile PROFILE, REPLACE(p1.limit, ‘DEFAULT’, def_pwd_reuse_max) REUSE_MAX,
                  REPLACE(p2.limit, ‘DEFAULT’, def_pwd_reuse_time) REUSE_TIME
                   FROM dba_profiles p1, dba_profiles p2, (SELECT p3.limit AS def_pwd_reuse_max
                     FROM dba_profiles p3
                    WHERE p3.resource_name = ‘PASSWORD_REUSE_MAX’ AND p3.profile = ‘DEFAULT’
                  ), (SELECT p4.limit AS def_pwd_reuse_time
                   FROM dba_profiles p4
                  WHERE p4.resource_name = ‘PASSWORD_REUSE_TIME’ AND p4.profile = ‘DEFAULT’
                )
                WHERE p1.profile                          = p2.profile AND p1.profile <> ‘DEFAULT’ AND p1.resource_name =
                ‘PASSWORD_REUSE_MAX’ AND p2.resource_name = ‘PASSWORD_REUSE_TIME’
             ORDER BY p1.profile;
            BEGIN
              i            := 0;
              FOR profiles IN cursor_DG0126A
              LOOP
                — Check the DEFAULT profile for compliance
                IF profiles.REUSE_MAX = ‘UNLIMITED’ AND profiles.REUSE_TIME = ‘UNLIMITED’ THEN
                  i                  := i + 1;
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
                  scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
                elsif profiles.REUSE_MAX <> ‘UNLIMITED’ AND profiles.REUSE_TIME <> ‘UNLIMITED’ THEN
                  i                      := i + 1;
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
                  scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
                END IF;
              END LOOP;
              FOR profiles IN cursor_DG0126B
              LOOP
                IF profiles.REUSE_MAX = ‘UNLIMITED’ AND profiles.REUSE_TIME = ‘UNLIMITED’ THEN
                  i                  := i + 1;
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
                  scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to UNLIMITED’;
                elsif profiles.REUSE_MAX <> ‘UNLIMITED’ AND profiles.REUSE_TIME <> ‘UNLIMITED’ THEN
                  i                      := i + 1;
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
                  scriptresults(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ has both PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME set to values’;
                END IF;
              END LOOP;
              IF i          > 0 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘ ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0079′ THEN
            –      *************************************************
            –      **  Process DB Check DG0079
            –      **  DBMS password complexity
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0079
              IS –DG0079
                 SELECT profile, limit
                   FROM dba_profiles, (SELECT limit AS def_pwd_verify_func
                     FROM dba_profiles
                    WHERE resource_name = ‘PASSWORD_VERIFY_FUNCTION’ AND profile = ‘DEFAULT’
                  )
                WHERE resource_name   = ‘PASSWORD_VERIFY_FUNCTION’ AND REPLACE(limit,’DEFAULT’,
                def_pwd_verify_func) IN (‘UNLIMITED’, NULL);
            BEGIN
              FOR profiles IN cursor_DG0079
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := profiles.profile||’:’||profiles.limit;
                scriptresults(find_idx) := profiles.profile||’:’||profiles.limit;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘The following profiles were found without ‘||
                ‘a password complexity function specified: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3536′ THEN
            –      *************************************************
            –      **  Process DB Check DO3536
            –      **  Oracle IDLE_TIME profile parameter
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3536A
              IS –DO3536
                 SELECT profile, limit
                   FROM dba_profiles
                  WHERE resource_name = ‘IDLE_TIME’ AND profile = ‘DEFAULT’;
              CURSOR cursor_DO3536B
              IS –DO3536
                 SELECT profile, limit
                   FROM dba_profiles
                  WHERE resource_name = ‘IDLE_TIME’ AND profile <> ‘DEFAULT’;
            BEGIN
              FOR profiles IN cursor_DO3536A
              LOOP
                IF profiles.limit = ‘UNLIMITED’ THEN
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                     := find_idx + 1;
                  outfindings(find_idx)        := ‘The DEFAULT profile exceeds the maximum of 15 minutes. ‘;
                  scriptresults(find_idx)      := profiles.profile||’:’||profiles.limit;
                elsif to_number(profiles.limit) > 15 THEN
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                := find_idx + 1;
                  outfindings(find_idx)   := ‘The DEFAULT profile exceeds the maximum of 15 minutes. ‘;
                  scriptresults(find_idx) := profiles.profile||’:’||profiles.limit;
                END IF;
              END LOOP;
              FOR profiles IN cursor_DO3536B
              LOOP
                IF profiles.limit = ‘DEFAULT’ AND find_idx > 1 THEN
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ points to the DEFAULT profile, which exceeds the maximum’|| ‘ of 15 minutes. ‘;
                  scriptresults(find_idx) := profiles.profile||’:’||profiles.limit;
                elsif profiles.limit       = ‘DEFAULT’ AND find_idx = 1 THEN
                  NULL;
                elsif profiles.limit = ‘UNLIMITED’ THEN
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ exceeds the maximum of 60 minutes. ‘;
                  scriptresults(find_idx)      := profiles.profile||’:’||profiles.limit;
                elsif to_number(profiles.limit) > 60 THEN
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := ‘Profile ‘||profiles.profile||
                  ‘ exceeds the maximum of 60 minutes. ‘;
                  scriptresults(find_idx) := profiles.profile||’:’||profiles.limit;
                END IF;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0073′ THEN
            –      *************************************************
            –      **  Process DB Check DG0073
            –      **  DBMS failed login account lock
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0073
              IS –DG0073
                 SELECT profile, limit
                   FROM dba_profiles, (SELECT limit AS def_login_attempts
                     FROM dba_profiles
                    WHERE profile = ‘DEFAULT’ AND resource_name = ‘FAILED_LOGIN_ATTEMPTS’
                  )
                WHERE resource_name                                                 = ‘FAILED_LOGIN_ATTEMPTS’ AND REPLACE(limit, ‘DEFAULT’,
                def_login_attempts)                                                IN (‘UNLIMITED’, NULL) OR resource_name = ‘FAILED_LOGIN_ATTEMPTS’
                AND to_number(DECODE(limit, ‘UNLIMITED’, 10, ‘DEFAULT’, 10, limit)) > 3
             ORDER BY profile;
            BEGIN
              FOR profiles IN cursor_DG0073
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := profiles.profile||’:’||profiles.limit;
                scriptresults(find_idx) := profiles.profile||’:’||profiles.limit;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the profile and limit as generated. ‘||
                ‘Confirm the limit for any non-DEFAULT profiles returned are ‘||
                ‘documented, authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3538′ THEN
            –      *************************************************
            –      **  Process DB Check DO3538
            –      **  Oracle REMOTE_OS_AUTHENT parameter
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘remote_os_authent’;
            IF upper(strvar2) = ‘FALSE’ THEN
              outfinding     := ‘NF’;
            ELSE
              outfinding := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The REMOTE_OS_AUTHENT parameter is not set to FALSE.’;
              scriptresults(1) := upper(strvar2);
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3539′ THEN
            –      *************************************************
            –      **  Process DB Check DO3539
            –      **  Oracle REMOTE_OS_ROLES parameter
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘remote_os_roles’;
            IF upper(strvar2) = ‘FALSE’ THEN
              outfinding     := ‘NF’;
            ELSE
              outfinding := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The REMOTE_OS_ROLES parameter is not set to FALSE.’;
              scriptresults(1) := upper(strvar2);
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3540′ THEN
            –      *************************************************
            –      **  Process DB Check DO3540
            –      **  Oracle SQL92_SECURITY parameter
            –      *************************************************
             SELECT COUNT(*)
               INTO i
               FROM v$parameter
              WHERE name  = ‘sql92_security’;
            IF i          = 0 THEN
              outfinding := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The SQL92_SECURITY parameter does not exist.’;
              scriptresults(1) := i;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name      = ‘sql92_security’;
              IF upper(strvar2) = ‘TRUE’ THEN
                outfinding     := ‘NF’;
              ELSE
                outfinding := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1) := ‘The SQL92_SECURITY configuration parameter is ‘|| ‘not set to TRUE.’
                ;
                scriptresults(1) := upper(strvar2);
              END IF;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3546′ THEN
            –      *************************************************
            –      **  Process DB Check DO3546
            –      **  Oracle REMOTE_LOGIN_PASSWORDFILE parameter
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name       = ‘remote_login_passwordfile’;
            IF (upper(strvar2) = ‘EXCLUSIVE’ OR upper(strvar2) = ‘NONE’) THEN
              outfinding      := ‘NF’;
            ELSE
              outfinding := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1) := ‘REMOTE_LOGIN_PASSWORDFILE initialization parameter ‘||
              ‘is not set to EXCLUSIVE or NONE.’;
              scriptresults(1) := upper(strvar2);
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0098′ THEN
            –      *************************************************
            –      **   Process DB Check DG0098
            –      **   DBMS access to external local objects
            –      *************************************************
             SELECT value
               INTO strvar1
               FROM v$parameter
              WHERE name            = ‘utl_file_dir’;
            IF instr(strvar1,’*’,1) > 0 THEN
              outfinding           := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The UTL_FILE_DIR parameter is set to or ‘|| ‘includes “*”.’;
              scriptresults(1) := SUBSTR(strvar1,1,3900);
            ELSE
              outfinding := ‘MR’;
              find_idx   := find_idx + 1;
              outfindings.extend;
              outfindings(find_idx) :=
              ‘Review the host permissions for directories listed for utl_file_dir ‘||SUBSTR(strvar1,1,
              3900);
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3609′ THEN
            –      *************************************************
            –      **  Process DB Check DO3609
            –      **  System privileges granted WITH ADMIN OPTION
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3609
              IS –DO3609
                 SELECT grantee, privilege
                   FROM dba_sys_privs
                  WHERE grantee NOT IN
                  (SELECT uname
                     FROM defusers
                  ) AND admin_option = ‘YES’ AND grantee NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                ) AND grantee NOT   IN
                (SELECT uname
                   FROM defusers
                ) AND grantee NOT IN
                (SELECT rname
                   FROM defroles
                );
            BEGIN
              FOR grantees IN cursor_DO3609
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := grantees.grantee||’:’||grantees.privilege;
                scriptresults(find_idx) := grantees.grantee||’:’||grantees.privilege;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘The following unauthorized users have been ‘||
                ‘granted system privileges with the ADMIN option: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3610′ THEN
            –      *************************************************
            –      **  Process DB Check DO3610
            –      **  Oracle minimum object auditing
            –      *************************************************
            defmax  := ”;
            deftime := ”;
             SELECT COUNT(*)
               INTO i
               FROM all_def_audit_opts
              WHERE ren = ‘A/A’;
            IF i        = 0 THEN
              outfindings.extend;
              scriptresults.extend;
              find_idx                := find_idx + 1;
              outfindings(find_idx)   := ‘RENAME object audit option not specified on default.’;
              scriptresults(find_idx) := i;
            END IF;
             SELECT COUNT(*)
               INTO i
               FROM dba_obj_audit_opts
              WHERE ren = ‘A/A’;
            IF i        = 0 THEN
              outfindings.extend;
              scriptresults.extend;
              find_idx                := find_idx + 1;
              outfindings(find_idx)   := ‘RENAME not audited on application objects.’;
              scriptresults(find_idx) := i;
            END IF;
             SELECT COUNT(*)
               INTO i
               FROM dba_obj_audit_opts
              WHERE object_name = ‘AUD$’ AND object_type = ‘TABLE’ AND (owner = ‘SYSTEM’ OR owner =
              ‘SYS’);
            IF i = 1 THEN
               SELECT upd, del
                 INTO defmax, deftime
                 FROM dba_obj_audit_opts
                WHERE object_name = ‘AUD$’ AND object_type = ‘TABLE’ AND (owner = ‘SYSTEM’ OR owner =
                ‘SYS’);
            ELSE
               SELECT COUNT(*)
                 INTO i
                 FROM dba_obj_audit_opts
                WHERE object_name = ‘AUD$’ AND object_type = ‘VIEW’ AND (owner = ‘SYSTEM’ OR owner =
                ‘SYS’);
              IF i = 1 THEN
                BEGIN
                   SELECT text
                     INTO strvar2
                     FROM dba_views
                    WHERE view_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
                EXCEPTION
                WHEN NO_DATA_FOUND THEN
                  strvar2 := NULL;
                END;
                i                   := instr(upper(strvar2),’FROM’,1) + 5;
                IF i                 > 5 THEN
                  j                 := instr(strvar2,’.’,1);
                  strvar3           := upper(ltrim(SUBSTR(strvar2,i,j – i)));
                  strvar2           := upper(SUBSTR(strvar2,j         + 1,LENGTH(strvar2) – j));
                  strvar4           := SUBSTR(strvar2,LENGTH(strvar2),1);
                  IF (ascii(strvar4) < 32 OR ascii(strvar4) > 174) THEN
                    strvar2         := SUBSTR(strvar2,1,LENGTH(strvar2) – 1);
                  END IF;
                  BEGIN
                     SELECT upd, del
                       INTO defmax, deftime
                       FROM dba_obj_audit_opts
                      WHERE object_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
                  EXCEPTION
                  WHEN NO_DATA_FOUND THEN
                    defmax  := ‘unk’;
                    deftime := ‘unk’;
                  END;
                ELSE
                  defmax  := ‘unk’;
                  deftime := ‘unk’;
                END IF;
              ELSE
                 SELECT COUNT(*)
                   INTO i
                   FROM dba_synonyms
                  WHERE synonym_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
                IF i                 = 1 THEN
                   SELECT table_owner
                     INTO strvar3
                     FROM dba_synonyms
                    WHERE synonym_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
                   SELECT table_name
                     INTO strvar2
                     FROM dba_synonyms
                    WHERE synonym_name = ‘AUD$’ AND (owner = ‘SYSTEM’ OR owner = ‘SYS’);
                  BEGIN
                     SELECT upd, del
                       INTO defmax, deftime
                       FROM dba_obj_audit_opts
                      WHERE object_name = strvar2 AND owner = strvar3;
                  EXCEPTION
                  WHEN NO_DATA_FOUND THEN
                    defmax  := ‘unk’;
                    deftime := ‘unk’;
                  END;
                END IF;
              END IF;
            END IF;
            IF defmax = ‘unk’ THEN
              outfindings.extend;
              scriptresults.extend;
              find_idx              := find_idx + 1;
              outfindings(find_idx) := ‘The underlying table for the audit trail ‘||
              ‘view AUD$ could not be determined. ‘|| ‘Audit trail audit status is unknown.’;
              scriptresults(find_idx) := defmax;
            elsif defmax              <> ‘A/A’ OR deftime <> ‘A/A’ THEN
              outfindings.extend;
              scriptresults.extend;
              find_idx              := find_idx + 1;
              outfindings(find_idx) := ‘ The audit trail ‘||strvar3||’.’||strvar2||
              ‘ is not being audited for update and delete by all users.’;
              scriptresults(find_idx) := defmax||’ ‘||deftime;
            END IF;
            IF find_idx   > 1 THEN
              outfinding := ‘O’;
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3612′ THEN
            –      *************************************************
            –      **  Process DB Check DO3612
            –      **  Oracle system privilege assignment
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3612
              IS –DO3612
                 SELECT privilege
                   FROM dba_sys_privs
                  WHERE grantee = ‘PUBLIC’;
            BEGIN
              FOR privs IN cursor_DO3612
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := privs.privilege;
                scriptresults(find_idx) := privs.privilege;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘The following system privileges have been ‘|| ‘granted to PUBLIC: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3622′ THEN
            –      *************************************************
            –      **  Process DB Check DO3622
            –      **  Oracle roles granted WITH ADMIN OPTION
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3622
              IS –DO3622
                 SELECT grantee, granted_role
                   FROM dba_role_privs
                  WHERE grantee NOT IN (‘DBA’, ‘SYS’, ‘SYSTEM’, ‘WKSYS’, ‘LBACSYS’, ‘WMSYS’, ‘OWBSYS’,
                  ‘CTXSYS’, ‘SPATIAL_CSW_ADMIN_USR’, ‘SPATIAL_WFS_ADMIN_USR’, ‘FLOWS_030000′) AND
                  admin_option = ‘YES’ AND grantee NOT IN
                  (SELECT owner
                     FROM dbsrrown
                  ) AND grantee NOT IN
                (SELECT grantee
                   FROM dba_role_privs
                  WHERE granted_role = ‘DBA’
                )
             ORDER BY grantee;
            BEGIN
              FOR grantees IN cursor_DO3622
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := grantees.grantee||’:’||grantees.granted_role;
                scriptresults(find_idx) := grantees.grantee||’:’||grantees.granted_role;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts and roles as generated.’||
                ‘Confirm the account(s) and role assignments are documented, ‘||
                ‘authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3685′ THEN
            –      *************************************************
            –      **  Process DB Check DO3685
            –      **  Oracle O7_DICTIONARY_ACCESSIBILITY parameter
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘O7_DICTIONARY_ACCESSIBILITY’;
            IF upper(strvar2) = ‘TRUE’ THEN
              outfinding     := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE.’;
              scriptresults(1) := upper(strvar2);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO3686′ THEN
            –      *************************************************
            –      **  Process DB Check DO3686
            –      **  Oracle SYS.LINK$ table access
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3686
              IS –DO3686
                 SELECT grantee, privilege
                   FROM dba_tab_privs
                  WHERE grantee <> ‘DELETE_CATALOG_ROLE’ AND table_name = ‘LINK$’ AND grantee NOT IN
                  (SELECT grantee
                     FROM dba_role_privs
                    WHERE granted_role = ‘DBA’
                  );
            BEGIN
              IF oraverno   > 10.1 THEN
                outfinding := ‘NA’;
              ELSE
                FOR dblinks IN cursor_DO3686
                LOOP
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx                := find_idx + 1;
                  outfindings(find_idx)   := dblinks.grantee||’:’||dblinks.privilege;
                  scriptresults(find_idx) := dblinks.grantee||’:’||dblinks.privilege;
                END LOOP;
                IF find_idx   > 1 THEN
                  outfinding := ‘O’;
                  outfindings.extend;
                  outfindings(1) := ‘The following accounts have been granted ‘||
                  ‘privileges to the SYS.LINK$ table: ‘;
                ELSE
                  outfinding := ‘NF’;
                END IF;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3689′ THEN
            –      *************************************************
            –      **  Process DB Check DO3689
            –      **  Oracle object permission assignment to PUBLIC
            –      *************************************************
            DECLARE
              CURSOR cursor_DO3689
              IS –DO3689
                 SELECT owner, table_name, privilege
                   FROM dba_tab_privs
                  WHERE grantee = ‘PUBLIC’ AND owner NOT IN
                  (SELECT uname
                     FROM defusers
                  );
            BEGIN
              FOR pubgrants IN cursor_DO3689
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx              := find_idx + 1;
                outfindings(find_idx) := pubgrants.owner||’.’||pubgrants.table_name||’:’||
                pubgrants.privilege;
                scriptresults(find_idx) := pubgrants.owner||’.’||pubgrants.table_name||’:’||
                pubgrants.privilege;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Review the accounts, objects, ‘||
                ‘and permissions as generated. Confirm the ‘||
                ‘permissions for the objects are documented, ‘||
                ‘authorized and accept as Documentable in VMS.’;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DG0141′ THEN
            –      *************************************************
            –      **  Process DB Check DG0141
            –      **  DBMS access control bypass
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0141B
              IS –DG0141 for Oracle 10g and higher
                 SELECT name
                   FROM stmt_audit_option_map
                  WHERE name NOT IN
                  (SELECT audit_option
                     FROM dba_stmt_audit_opts
                  ) AND name NOT IN (‘ALL STATEMENTS’, ‘ANALYZE ANY DICTIONARY’, ‘CREATE DIRECTORY’,
                ‘DEBUG CONNECT ANY’, ‘DEBUG CONNECT USER’, ‘DELETE ANY TABLE’, ‘DELETE TABLE’,
                ‘DROP DIRECTORY’, ‘EXECUTE ANY LIBRARY’, ‘EXECUTE ANY PROCEDURE’, ‘EXECUTE ANY TYPE’,
                ‘EXECUTE LIBRARY’, ‘EXECUTE PROCEDURE’, ‘EXISTS’, ‘GRANT LIBRARY’, ‘INSERT ANY TABLE’,
                ‘INSERT TABLE’, ‘LOCK TABLE’, ‘NETWORK’, ‘OUTLINE’, ‘READUP’, ‘READUP DBHIGH’,
                ‘SELECT ANY DICTIONARY’, ‘SELECT ANY SEQUENCE’, ‘SELECT ANY TABLE’,
                ‘SELECT MINING MODEL’, ‘SELECT SEQUENCE’, ‘SELECT TABLE’, ‘UPDATE ANY TABLE’,
                ‘UPDATE TABLE’, ‘USE EDITION’, ‘WRITEDOWN’, ‘WRITEDOWN DBLOW’, ‘WRITEUP’,
                ‘WRITEUP DBHIGH’);
            BEGIN
              FOR aud_opts IN cursor_DG0141B
              LOOP
                outfindings.extend;
                scriptresults.extend;
                find_idx                := find_idx + 1;
                outfindings(find_idx)   := aud_opts.name;
                scriptresults(find_idx) := aud_opts.name;
              END LOOP;
              IF find_idx   > 1 THEN
                outfinding := ‘O’;
                outfindings.extend;
                outfindings(1) := ‘Oracle auditing is not auditing the ‘||
                ‘following required events: ‘;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO3696′ THEN
            –      *************************************************
            –      **  Process DB Check DO3696
            –      **  Oracle RESOURCE_LIMIT parameter
            –      *************************************************
             SELECT value
               INTO strvar2
               FROM v$parameter
              WHERE name      = ‘resource_limit’;
            IF upper(strvar2) = ‘FALSE’ THEN
              outfinding     := ‘O’;
              outfindings.extend;
              scriptresults.extend;
              outfindings(1)   := ‘The RESOURCE_LIMIT parameter is not set to TRUE.’;
              scriptresults(1) := upper(strvar2);
            ELSE
              outfinding := ‘NF’;
            END IF;
            –
          ELSIF pdis.sdid = ‘DG0121′ THEN
            –      *************************************************
            –      **  Process DB Check DG0121
            –      **  DBMS application user privilege assignment
            –      *************************************************
            DECLARE
              CURSOR cursor_DG0121
              IS –DG0121
                 SELECT grantee, privilege, owner, table_name
                   FROM dba_tab_privs
                  WHERE grantee NOT IN
                  (SELECT role
                     FROM dba_roles
                  ) AND grantee NOT IN
                (SELECT uname
                   FROM defusers
                ) AND table_name <> ‘DBMS_REPCAT_INTERNAL_PACKAGE’ AND table_name NOT LIKE ‘%RP’ AND
                grantee NOT      IN
                (SELECT grantee
                   FROM dba_tab_privs
                  WHERE table_name IN (‘DBMS_DEFER’, ‘DEFLOB’)
                ) AND grantee NOT  IN
                (SELECT owner
                   FROM dbsrrown
                );
            BEGIN
               SELECT COUNT(*)
                 INTO i
                 FROM dba_users
                WHERE username NOT IN
                (SELECT uname
                   FROM defusers
                );
              IF i          = 0 THEN
                outfinding := ‘NF’;
              ELSE
                FOR usergrants IN cursor_DG0121
                LOOP
                  outfindings.extend;
                  scriptresults.extend;
                  find_idx              := find_idx + 1;
                  outfindings(find_idx) := usergrants.grantee||’ granted ‘||usergrants.privilege||
                  ‘ to ‘||usergrants.owner||’.’||usergrants.table_name;
                  scriptresults(find_idx) := usergrants.grantee||’ ‘||usergrants.privilege||’ ‘||
                  usergrants.owner||’.’||usergrants.table_name;
                END LOOP;
                IF find_idx   > 1 THEN
                  outfinding := ‘O’;
                  outfindings.extend;
                  outfindings(1) := ‘Review the accounts, privileges, ‘||
                  ‘object owners and objects as generated. Confirm the ‘||
                  ‘account(s) and privilege assignments to the objects ‘||
                  ‘are documented, authorized and accept as ‘|| ‘Documentable in VMS.’;
                ELSE
                  outfinding := ‘NF’;
                END IF;
              END IF;
            END;
            –
          ELSIF pdis.sdid = ‘DO6748′ THEN
            –      *************************************************
            –      **  Process DB Home Check DO6748
            –      **  Oracle SEC_CASE_SENSITIVE_LOGON parameter
            –      *************************************************
            IF oraverno   < 11.1 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name      = ‘sec_case_sensitive_logon’;
              IF upper(strvar2) = ‘FALSE’ THEN
                outfinding     := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1) := ‘The Oracle parameter SEC_CASE_SENSITIVE_LOGON ‘||
                ‘is not set to a value of TRUE’;
                scriptresults(1) := upper(strvar2);
              ELSE
                outfinding := ‘NF’;
              END IF;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO6749′ THEN
            –      *************************************************
            –      **  Process DB Home Check DO6749
            –      **  Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter
            –      *************************************************
            IF oraverno   < 11.1 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT value
                 INTO i
                 FROM v$parameter
                WHERE name  = ‘sec_max_failed_login_attempts’;
              IF (i         = 0 OR i > 3) THEN
                outfinding := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1) := ‘The Oracle parameter SEC_MAX_FAILED_LOGIN_ATTEMPTS ‘||
                ‘is set to a value of 0 or value greater than 3′;
                scriptresults(1) := i;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO6750′ THEN
            –      *************************************************
            –      **  Process DB Home Check DO6750
            –      **  Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter
            –      *************************************************
            IF oraverno   < 11.1 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT instr(upper(value), ‘DROP’, 1, 1)
                 INTO i
                 FROM v$parameter
                WHERE name = ‘sec_protocol_error_further_action’;
               SELECT instr(upper(value), ‘DELAY’, 1, 1)
                 INTO j
                 FROM v$parameter
                WHERE name  = ‘sec_protocol_error_further_action’;
              IF i          = 0 AND j = 0 THEN
                outfinding := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1) := ‘The Oracle parameter SEC_PROTOCOL_ERROR_FURTHER_ACTION ‘||
                ‘is not set to a value of DROP or DELAY’;
                scriptresults(1) := i || ‘:’ || j;
              ELSE
                outfinding := ‘NF’;
              END IF;
            END IF;
            –
          ELSIF pdis.sdid = ‘DO6751′ THEN
            –      *************************************************
            –      **  Process DB Home Check DO6751
            –      **  SQLNET.ALLOWED_LOGON_VERSION
            –      *************************************************
            outfinding := ‘MR’;
            outfindings.extend;
            outfindings(1) :=
            ‘Review the SQLNET.ORA file for the parameter: SQLNET.ALLOWED_LOGON_VERSION.’;
            –
          ELSIF pdis.sdid = ‘DO6752′ THEN
            –      *************************************************
            –      **  Process DB Home Check DO6752
            –      **  Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter
            –      *************************************************
            IF oraverno   < 11.1 THEN
              outfinding := ‘NA’;
            ELSE
               SELECT value
                 INTO strvar2
                 FROM v$parameter
                WHERE name      = ‘sec_protocol_error_trace_action’;
              IF upper(strvar2) = ‘NONE’ THEN
                outfinding     := ‘O’;
                outfindings.extend;
                scriptresults.extend;
                outfindings(1) := ‘The Oracle parameter SEC_PROTOCOL_ERROR_TRACE_ACTION ‘||
                ‘is not set to a value of TRACE, LOG or ALERT’;
                scriptresults(1) := upper(strvar2);
              ELSE
                outfinding := ‘NF’;
              END IF;
            END IF;
            –
          END IF;
          –
          IF outfinding = ‘NA’ THEN
            notapplic  := notapplic + 1;
          END IF;
          IF outfinding = ‘NR’ OR outfinding = ‘MR’ THEN
            notrevwd   := notrevwd + 1;
          END IF;
          IF (pdis.severity    = ’1′ AND outfinding <> ‘NA’) THEN
            cat1              :=cat1+1;
          elsif (pdis.severity = ’2′ AND outfinding <> ‘NA’) THEN
            cat2              :=cat2+1;
          elsif (pdis.severity = ’3′ AND outfinding <> ‘NA’) THEN
            cat3              :=cat3+1;
          END IF;
          dbms_output.put_line(‘Finding: ‘||outfinding||’ for check ‘||pdis.sdid);
          –
          IF pdis.severity = ’1′ THEN
            outseverity   := ‘Category I’;
            IF outfinding            IN (‘O’) THEN
              opencat1    := opencat1 + 1;
            END IF;
          elsif pdis.severity = ’2′ THEN
            outseverity      := ‘Category II’;
            IF outfinding               IN (‘O’) THEN
              opencat2       := opencat2 + 1;
            END IF;
          elsif pdis.severity = ’3′ THEN
            outseverity      := ‘Category III’;
            IF outfinding               IN (‘O’) THEN
              opencat3       := opencat3 + 1;
            END IF;
          ELSE
            dbms_output.put_line(‘bad severity code of ‘||pdis.severity|| ‘ for check ‘||pdis.sdid);
          END IF;
          /**
          rptnum := rptnum + 1;
          insert into dbsrrrpt values (rptnum, ‘Policy Check: ‘||pdis.sdid||
          ‘       VMSkey: ‘||pdis.vmskey);
          rptnum := rptnum + 1;
          insert into dbsrrrpt values (rptnum, ‘Description: ‘);
          rptnum := rptnum + 1;
          strvar2 := rtrim(pdis.shortdesc);
          j := length(strvar2);
          k := 1;
          while k < j loop
          m := instr(substr(strvar2,k,77),’^q’,1);
          i := instr(substr(strvar2,k,77),’ ‘, – 1);
          if (m < i and m <> 0) or (m > 0 and i = 0) then
          i := m;
          else
          i := i + 1;
          if k + 77 >= j then
          i := j – k + 2;
          end if;
          end if;
          strvar3 := ‘  ‘||substr(strvar2,k,i – 1);
          if i > m then
          i := i – 2;
          end if;
          k := k + i + 1;
          insert into dbsrrrpt values (rptnum, strvar3);
          rptnum := rptnum + 1;
          end loop;
          insert into dbsrrrpt values (rptnum, ‘Severity: ‘||outseverity);
          rptnum := rptnum + 1;
          insert into dbsrrrpt values (rptnum, ‘Finding Status: ‘||outfinding);
          rptnum := rptnum + 1;
          insert into dbsrrrpt values (rptnum, ‘  ‘);
          rptnum := rptnum + 1;
          insert into dbsrrrpt values (rptnum, ‘Finding Details: ‘);
          rptnum := rptnum + 1;
          **/
          FOR i IN 1..find_idx
          LOOP
            –insert into dbsrrrpt values (rptnum, ‘  ‘||outfindings(i));
            rptnum := rptnum + 1;
             INSERT
               INTO dbsrrstats(severity, findingstatus, dgno, vmskey, rec_date)
                VALUES(outseverity, outfinding, pdis.sdid, pdis.vmskey, sysdate);
          END LOOP;
          outfindings.delete;
          scriptresults.delete;
          /*
          insert into dbsrrrpt values (rptnum, ‘  ‘);
          rptnum := rptnum + 1;
          insert into dbsrrrpt values (rptnum, ‘*******************************************’);
          rptnum := rptnum + 1;
          */
        EXCEPTION
        WHEN OTHERS THEN
          ret_val := 1;
          my_code := SQLCODE;
          my_errm := SQLERRM;
          dbms_output.put_line(‘Error during processing of check: ‘||pdis.sdid);
          dbms_output.put_line(‘Error code ‘|| my_code ||’:’|| my_errm);
          EXIT;
        END;
      END LOOP;
      –   end of pdi loop, write report finish lines
      /*
      errloc := ‘report finish’;
      i := opencat1 + opencat2 + opencat3;
      j := cat1 + cat2 + cat3;
      insert into dbsrrrpt values (rptnum, ‘Category Count Totals Open / Possible:’);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘        Category   I: ‘||to_char(opencat1,’999′)|| ‘ / ‘||
      to_char(cat1,’999′));
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘        Category  II: ‘||to_char(opencat2,’999′)|| ‘ / ‘||
      to_char(cat2,’999′));
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘        Category III: ‘||to_char(opencat3,’999′)|| ‘ / ‘||
      to_char(cat3,’999′));
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ ‘);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘        Totals      : ‘||to_char(i,’999′)||’ / ‘||to_char(j
      ,’999′));
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ ‘);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘  Total Not Reviewed: ‘||to_char(notrevwd,’999′));
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ ‘);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘Total Not Applicable: ‘||to_char(notapplic,’999′));
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ ‘);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘NOTE: The open count includes checks that may require
      manual check or review of’);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ results. The total check count does not include checks
      that were determined’);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ to be “NA” for this database version. ‘);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ ‘);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ Download and review the Database Oracle Check List at:’);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘    http://iase.disa.mil/stigs/checklist/index.html’);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘ ‘);
      rptnum := rptnum + 1;
      insert into dbsrrrpt values (rptnum, ‘SRR Results for Instance/Database ‘||
      inst_name||’/’||db_name||’ Oracle version: ‘||oraver);
      */
    EXCEPTION
    WHEN OTHERS THEN
      ret_val := 1;
      my_code := SQLCODE;
      my_errm := SQLERRM;
      dbms_output.put_line(‘Error during processing of ‘||errloc);
      dbms_output.put_line(‘Error code ‘|| my_code ||’:’|| my_errm);
      –END;
      –EXIT ret_val
    END CHECK_STIG_PROC;
END AA_STIG_PKG;

DBMS_SCHEDULER

Useful documentation for DBMS_SCHEDULER taken from http://www.dba-oracle.com/t_dbms_scheduler_examples.htm. There is also very good information on the repeat_interval aspect of the scheduler.

freq=secondly, minutely, weekly, monthly or yearly
interval=30 (or whatever)
bymonth, byweekno, byyearday, bymonthday, byday, byhour, byminute, bysecond

So to schedule something to run every 30 min.
repeat_interval => ‘freq=minutely; interval=30′

 
BEGIN
- – Job defined entirely by the CREATE JOB procedure.
DBMS_SCHEDULER.create_job (
job_name => ‘test_full_job_definition’,
job_type => ‘PLSQL_BLOCK’,
job_action => ‘BEGIN my_job_proc(”CREATE_PROGRAM (BLOCK)”); END;’,
start_date => SYSTIMESTAMP,
repeat_interval => ‘freq=hourly; byminute=0′,
end_date => NULL,
enabled => TRUE,
comments => ‘Job defined entirely by the CREATE JOB procedure.’);
END;
/
BEGIN
– Job defined by an existing program and schedule.
DBMS_SCHEDULER.create_job (
job_name => ‘test_prog_sched_job_definition’,
program_name => ‘test_plsql_block_prog’,
schedule_name => ‘test_hourly_schedule’,
enabled => TRUE,
comments => ‘Job defined by an existing program and schedule.’);
END;
/
BEGIN
– Job defined by an existing program and inline schedule.
DBMS_SCHEDULER.create_job (
job_name => ‘test_prog_job_definition’,
program_name => ‘test_plsql_block_prog’,
start_date => SYSTIMESTAMP,
repeat_interval => ‘freq=hourly; byminute=0′,
end_date => NULL,
enabled => TRUE,
comments => ‘Job defined by existing program and inline schedule.’);
END;
/
BEGIN
– Job defined by existing schedule and inline program.
DBMS_SCHEDULER.create_job (
job_name => ‘test_sched_job_definition’,
schedule_name => ‘test_hourly_schedule’,
job_type => ‘PLSQL_BLOCK’,
job_action => ‘BEGIN my_job_proc(”CREATE_PROGRAM (BLOCK)”); END;’,
enabled => TRUE,
comments => ‘Job defined by existing schedule and inline program.’);
END;
/

Hello world!

Welcome to WordPress.com. After you read this, you should delete and write your own post, with a new title above. Or hit Add New on the left (of the admin dashboard) to start a fresh post.

Here are some suggestions for your first post.

  1. You can find new ideas for what to blog about by reading the Daily Post.
  2. Add PressThis to your browser. It creates a new blog post for you about any interesting  page you read on the web.
  3. Make some changes to this page, and then hit preview on the right. You can always preview any post or edit it before you share it to the world.