Predefines sets
Currently, we have the following sets predefined:
- ALL
- BASIC
- AUDIT_ONLY
ALL
As the name implies, this applies all controls to your database. Here is a list of the security controls in this set:
- secure_control_is_set_in_listener_ora
- secure_register_is_set_to_tcps_or_ipc
- audit_sys_operations_is_set_to_true
- audit_trail_is_set_to_db_xml_os_dbextended_or_xmlextended
- global_names_is_set_to_true
- o7_dictionary_accessibility_is_set_to_false
- os_roles_is_set_to_false
- remote_listener_is_empty
- remote_login_passwordfile_is_set_to_none
- remote_os_authent_is_set_to_false
- remote_os_roles_is_set_to_false
- utl_file_dir_is_empty
- sec_case_sensitive_logon_is_set_to_true
- sec_max_failed_login_attempts_is_3_or_less
- sec_protocol_error_further_action_is_set_to_drop3
- sec_protocol_error_trace_action_is_set_to_log
- sec_return_server_release_banner_is_set_to_false
- sql92_security_is_set_to_true
- trace_files_public_is_set_to_false
- resource_limit_is_set_to_true
- failed_login_attempts_is_less_than_or_equal_to_5
- password_lock_time_is_greater_than_or_equal_to_1
- password_life_time_is_less_than_or_equal_to_90
- password_reuse_max_is_greater_than_or_equal_to_20
- password_reuse_time_is_greater_than_or_equal_to_365
- password_grace_time_is_less_than_or_equal_to_5
- password_verify_function_is_set_for_all_profiles
- sessions_per_user_is_less_than_or_equal_to_10
- inactive_account_time_is_less_than_or_equal_to_120
- all_default_passwords_are_changed
- all_sample_data_and_users_have_been_removed
- dba_users_authentication_type_is_not_set_to_external_for_any_user
- no_users_are_assigned_the_default_profile
- sys_user_mig_has_been_dropped
- no_public_database_links_exist
- execute_is_revoked_from_public_on_network_packages
- execute_is_revoked_from_public_on_file_system_packages
- execute_is_revoked_from_public_on_encryption_packages
- execute_is_revoked_from_public_on_java_packages
- execute_is_revoked_from_public_on_job_scheduler_packages
- execute_is_revoked_from_public_on_sql_injection_helper_packages
- execute_is_not_granted_to_public_on_non_default_packages
- all_is_revoked_from_unauthorized_grantee_on_aud
- all_is_revoked_from_unauthorized_grantee_on_dba
- all_is_revoked_on_sensitive_tables
- any_is_revoked_from_unauthorized_grantee
- dba_sys_privs_is_revoked_from_unauthorized_grantee_with_admin_option_set_to_yes
- execute_any_procedure_is_revoked_from_outln
- execute_any_procedure_is_revoked_from_dbsnmp
- select_any_dictionary_is_revoked_from_unauthorized_grantee
- select_any_table_is_revoked_from_unauthorized_grantee
- audit_system_is_revoked_from_unauthorized_grantee
- exempt_access_policy_is_revoked_from_unauthorized_grantee
- become_user_is_revoked_from_unauthorized_grantee
- create_procedure_is_revoked_from_unauthorized_grantee
- alter_system_is_revoked_from_unauthorized_grantee
- create_any_library_is_revoked_from_unauthorized_grantee
- create_library_is_revoked_from_unauthorized_grantee
- grant_any_object_privilege_is_revoked_from_unauthorized_grantee
- grant_any_role_is_revoked_from_unauthorized_grantee
- grant_any_privilege_is_revoked_from_unauthorized_grantee
- delete_catalog_role_is_revoked_from_unauthorized_grantee
- select_catalog_role_is_revoked_from_unauthorized_grantee
- execute_catalog_role_is_revoked_from_unauthorized_grantee
- dba_is_revoked_from_unauthorized_grantee
- user_audit_option_is_enabled
- role_audit_option_is_enabled
- system_grant_audit_option_is_enabled
- profile_audit_option_is_enabled
- database_link_audit_option_is_enabled
- public_database_link_audit_option_is_enabled
- public_synonym_audit_option_is_enabled
- synonym_audit_option_is_enabled
- directory_audit_option_is_enabled
- select_any_dictionary_audit_option_is_enabled
- grant_any_object_privilege_audit_option_is_enabled
- grant_any_privilege_audit_option_is_enabled
- drop_any_procedure_audit_option_is_enabled
- all_audit_option_on_sys_aud_is_enabled
- procedure_audit_option_is_enabled
- alter_system_audit_option_is_enabled
- trigger_audit_option_is_enabled
- create_session_audit_option_is_enabled
- create_user_action_audit_is_enabled
- alter_user_action_audit_is_enabled
- drop_user_audit_option_is_enabled
- create_role_action_audit_is_enabled
- alter_role_action_audit_is_enabled
- drop_role_action_audit_is_enabled
- grant_action_audit_is_enabled
- revoke_action_audit_is_enabled
- create_profile_action_audit_is_enabled
- alter_profile_action_audit_is_enabled
- drop_profile_action_audit_is_enabled
- create_database_link_action_audit_is_enabled
- alter_database_link_action_audit_is_enabled
- drop_database_link_action_audit_is_enabled
- create_synonym_action_audit_is_enabled
- alter_synonym_action_audit_is_enabled
- drop_synonym_action_audit_is_enabled
- select_any_dictionary_privilege_audit_is_enabled
- audsys_aud_unified_access_audit_is_enabled
- create_procedure_function_package_package_body_action_audit_is_enabled
- alter_procedure_function_package_package_body_action_audit_is_enabled
- drop_procedure_function_package_package_body_action_audit_is_enabled
- alter_system_privilege_audit_is_enabled
- create_trigger_action_audit_is_enabled
- alter_trigger_action_audit_is_enabled
- drop_trigger_action_audit_is_enabled
- logon_and_logoff_actions_audit_is_enabled
BASIC
The BASIC
set, is a subset of all of the available controls for your database and CIS document version. This includes only limited repressing security settings. This means that when you apply this set, your application probably will keep on working. The increased auditing might have an impact on your database performance and storage requirements. Here is a list of the security controls in this set:
- secure_control_is_set_in_listener_ora
- secure_register_is_set_to_tcps_or_ipc
- audit_sys_operations_is_set_to_true
- audit_trail_is_set_to_db_xml_os_dbextended_or_xmlextended
- global_names_is_set_to_true
- o7_dictionary_accessibility_is_set_to_false
- os_roles_is_set_to_false
- remote_listener_is_empty
- remote_login_passwordfile_is_set_to_none
- remote_os_authent_is_set_to_false
- remote_os_roles_is_set_to_false
- utl_file_dir_is_empty
- sec_case_sensitive_logon_is_set_to_true
- sec_max_failed_login_attempts_is_3_or_less
- sec_protocol_error_further_action_is_set_to_drop3
- sec_protocol_error_trace_action_is_set_to_log
- sec_return_server_release_banner_is_set_to_false
- sql92_security_is_set_to_true
- trace_files_public_is_set_to_false
- failed_login_attempts_is_less_than_or_equal_to_5
- password_lock_time_is_greater_than_or_equal_to_1
- password_life_time_is_less_than_or_equal_to_90
- password_reuse_max_is_greater_than_or_equal_to_20
- password_reuse_time_is_greater_than_or_equal_to_365
- password_grace_time_is_less_than_or_equal_to_5
- password_verify_function_is_set_for_all_profiles
- sessions_per_user_is_less_than_or_equal_to_10
- inactive_account_time_is_less_than_or_equal_to_120
- all_default_passwords_are_changed
- all_sample_data_and_users_have_been_removed
- no_users_are_assigned_the_default_profile
- sys_user_mig_has_been_dropped
- user_audit_option_is_enabled
- role_audit_option_is_enabled
- system_grant_audit_option_is_enabled
- profile_audit_option_is_enabled
- database_link_audit_option_is_enabled
- public_database_link_audit_option_is_enabled
- public_synonym_audit_option_is_enabled
- synonym_audit_option_is_enabled
- directory_audit_option_is_enabled
- select_any_dictionary_audit_option_is_enabled
- grant_any_object_privilege_audit_option_is_enabled
- grant_any_privilege_audit_option_is_enabled
- drop_any_procedure_audit_option_is_enabled
- all_audit_option_on_sys_aud_is_enabled
- procedure_audit_option_is_enabled
- alter_system_audit_option_is_enabled
- trigger_audit_option_is_enabled
- create_session_audit_option_is_enabled
- create_user_action_audit_is_enabled
- alter_user_action_audit_is_enabled
- drop_user_audit_option_is_enabled
- create_role_action_audit_is_enabled
- alter_role_action_audit_is_enabled
- drop_role_action_audit_is_enabled
- grant_action_audit_is_enabled
- revoke_action_audit_is_enabled
- create_profile_action_audit_is_enabled
- alter_profile_action_audit_is_enabled
- drop_profile_action_audit_is_enabled
- create_database_link_action_audit_is_enabled
- alter_database_link_action_audit_is_enabled
- drop_database_link_action_audit_is_enabled
- create_synonym_action_audit_is_enabled
- alter_synonym_action_audit_is_enabled
- drop_synonym_action_audit_is_enabled
- select_any_dictionary_privilege_audit_is_enabled
- audsys_aud_unified_access_audit_is_enabled
- create_procedure_function_package_package_body_action_audit_is_enabled
- alter_procedure_function_package_package_body_action_audit_is_enabled
- drop_procedure_function_package_package_body_action_audit_is_enabled
- alter_system_privilege_audit_is_enabled
- create_trigger_action_audit_is_enabled
- alter_trigger_action_audit_is_enabled
- drop_trigger_action_audit_is_enabled
- logon_and_logoff_actions_audit_is_enabled
AUDIT ONLY
the AUDIT_ONLY
set contains all of the controls that manage the specified database’s audit settings. This set does not include any repressing security settings. This means that when you apply this set, your application should keep on working. The increased auditing might have an impact on your database performance and storage requirements. Here is a list of the security controls in this set:
- audit_sys_operations_is_set_to_true
- audit_trail_is_set_to_db_xml_os_dbextended_or_xmlextended
- user_audit_option_is_enabled
- role_audit_option_is_enabled
- system_grant_audit_option_is_enabled
- profile_audit_option_is_enabled
- database_link_audit_option_is_enabled
- public_database_link_audit_option_is_enabled
- public_synonym_audit_option_is_enabled
- synonym_audit_option_is_enabled
- directory_audit_option_is_enabled
- select_any_dictionary_audit_option_is_enabled
- grant_any_object_privilege_audit_option_is_enabled
- grant_any_privilege_audit_option_is_enabled
- drop_any_procedure_audit_option_is_enabled
- all_audit_option_on_sys_aud_is_enabled
- procedure_audit_option_is_enabled
- alter_system_audit_option_is_enabled
- trigger_audit_option_is_enabled
- create_session_audit_option_is_enabled
- create_user_action_audit_is_enabled
- alter_user_action_audit_is_enabled
- drop_user_audit_option_is_enabled
- create_role_action_audit_is_enabled
- alter_role_action_audit_is_enabled
- drop_role_action_audit_is_enabled
- grant_action_audit_is_enabled
- revoke_action_audit_is_enabled
- create_profile_action_audit_is_enabled
- alter_profile_action_audit_is_enabled
- drop_profile_action_audit_is_enabled
- create_database_link_action_audit_is_enabled
- alter_database_link_action_audit_is_enabled
- drop_database_link_action_audit_is_enabled
- create_synonym_action_audit_is_enabled
- alter_synonym_action_audit_is_enabled
- drop_synonym_action_audit_is_enabled
- select_any_dictionary_privilege_audit_is_enabled
- audsys_aud_unified_access_audit_is_enabled
- create_procedure_function_package_package_body_action_audit_is_enabled
- alter_procedure_function_package_package_body_action_audit_is_enabled
- drop_procedure_function_package_package_body_action_audit_is_enabled
- alter_system_privilege_audit_is_enabled
- create_trigger_action_audit_is_enabled
- alter_trigger_action_audit_is_enabled
- drop_trigger_action_audit_is_enabled
- logon_and_logoff_actions_audit_is_enabled