Predefines sets

Currently, we have the following sets predefined:

• ALL
• BASIC
• AUDIT_ONLY

ALL

As the name implies, this applies all controls to your database. Here is a list of the security controls in this set:

• secure_control_is_set_in_listener_ora
• secure_register_is_set_to_tcps_or_ipc
• audit_sys_operations_is_set_to_true
• audit_trail_is_set_to_db_xml_os_dbextended_or_xmlextended
• global_names_is_set_to_true
• o7_dictionary_accessibility_is_set_to_false
• os_roles_is_set_to_false
• remote_listener_is_empty
• remote_login_passwordfile_is_set_to_none
• remote_os_authent_is_set_to_false
• remote_os_roles_is_set_to_false
• utl_file_dir_is_empty
• sec_case_sensitive_logon_is_set_to_true
• sec_max_failed_login_attempts_is_3_or_less
• sec_protocol_error_further_action_is_set_to_drop3
• sec_protocol_error_trace_action_is_set_to_log
• sec_return_server_release_banner_is_set_to_false
• sql92_security_is_set_to_true
• trace_files_public_is_set_to_false
• resource_limit_is_set_to_true
• failed_login_attempts_is_less_than_or_equal_to_5
• password_lock_time_is_greater_than_or_equal_to_1
• password_life_time_is_less_than_or_equal_to_90
• password_reuse_max_is_greater_than_or_equal_to_20
• password_reuse_time_is_greater_than_or_equal_to_365
• password_grace_time_is_less_than_or_equal_to_5
• password_verify_function_is_set_for_all_profiles
• sessions_per_user_is_less_than_or_equal_to_10
• inactive_account_time_is_less_than_or_equal_to_120
• all_default_passwords_are_changed
• all_sample_data_and_users_have_been_removed
• dba_users_authentication_type_is_not_set_to_external_for_any_user
• no_users_are_assigned_the_default_profile
• sys_user_mig_has_been_dropped
• no_public_database_links_exist
• execute_is_revoked_from_public_on_network_packages
• execute_is_revoked_from_public_on_file_system_packages
• execute_is_revoked_from_public_on_encryption_packages
• execute_is_revoked_from_public_on_java_packages
• execute_is_revoked_from_public_on_job_scheduler_packages
• execute_is_revoked_from_public_on_sql_injection_helper_packages
• execute_is_not_granted_to_public_on_non_default_packages
• all_is_revoked_from_unauthorized_grantee_on_aud
• all_is_revoked_from_unauthorized_grantee_on_dba
• all_is_revoked_on_sensitive_tables
• any_is_revoked_from_unauthorized_grantee
• dba_sys_privs_is_revoked_from_unauthorized_grantee_with_admin_option_set_to_yes
• execute_any_procedure_is_revoked_from_outln
• execute_any_procedure_is_revoked_from_dbsnmp
• select_any_dictionary_is_revoked_from_unauthorized_grantee
• select_any_table_is_revoked_from_unauthorized_grantee
• audit_system_is_revoked_from_unauthorized_grantee
• exempt_access_policy_is_revoked_from_unauthorized_grantee
• become_user_is_revoked_from_unauthorized_grantee
• create_procedure_is_revoked_from_unauthorized_grantee
• alter_system_is_revoked_from_unauthorized_grantee
• create_any_library_is_revoked_from_unauthorized_grantee
• create_library_is_revoked_from_unauthorized_grantee
• grant_any_object_privilege_is_revoked_from_unauthorized_grantee
• grant_any_role_is_revoked_from_unauthorized_grantee
• grant_any_privilege_is_revoked_from_unauthorized_grantee
• delete_catalog_role_is_revoked_from_unauthorized_grantee
• select_catalog_role_is_revoked_from_unauthorized_grantee
• execute_catalog_role_is_revoked_from_unauthorized_grantee
• dba_is_revoked_from_unauthorized_grantee
• user_audit_option_is_enabled
• role_audit_option_is_enabled
• system_grant_audit_option_is_enabled
• profile_audit_option_is_enabled
• database_link_audit_option_is_enabled
• public_database_link_audit_option_is_enabled
• public_synonym_audit_option_is_enabled
• synonym_audit_option_is_enabled
• directory_audit_option_is_enabled
• select_any_dictionary_audit_option_is_enabled
• grant_any_object_privilege_audit_option_is_enabled
• grant_any_privilege_audit_option_is_enabled
• drop_any_procedure_audit_option_is_enabled
• all_audit_option_on_sys_aud_is_enabled
• procedure_audit_option_is_enabled
• alter_system_audit_option_is_enabled
• trigger_audit_option_is_enabled
• create_session_audit_option_is_enabled
• create_user_action_audit_is_enabled
• alter_user_action_audit_is_enabled
• drop_user_audit_option_is_enabled
• create_role_action_audit_is_enabled
• alter_role_action_audit_is_enabled
• drop_role_action_audit_is_enabled
• grant_action_audit_is_enabled
• revoke_action_audit_is_enabled
• create_profile_action_audit_is_enabled
• alter_profile_action_audit_is_enabled
• drop_profile_action_audit_is_enabled
• create_database_link_action_audit_is_enabled
• alter_database_link_action_audit_is_enabled
• drop_database_link_action_audit_is_enabled
• create_synonym_action_audit_is_enabled
• alter_synonym_action_audit_is_enabled
• drop_synonym_action_audit_is_enabled
• select_any_dictionary_privilege_audit_is_enabled
• audsys_aud_unified_access_audit_is_enabled
• create_procedure_function_package_package_body_action_audit_is_enabled
• alter_procedure_function_package_package_body_action_audit_is_enabled
• drop_procedure_function_package_package_body_action_audit_is_enabled
• alter_system_privilege_audit_is_enabled
• create_trigger_action_audit_is_enabled
• alter_trigger_action_audit_is_enabled
• drop_trigger_action_audit_is_enabled
• logon_and_logoff_actions_audit_is_enabled

BASIC

The BASIC set, is a subset of all of the available controls for your database and CIS document version. This includes only limited repressing security settings. This means that when you apply this set, your application probably will keep on working. The increased auditing might have an impact on your database performance and storage requirements. Here is a list of the security controls in this set:

• secure_control_is_set_in_listener_ora
• secure_register_is_set_to_tcps_or_ipc
• audit_sys_operations_is_set_to_true
• audit_trail_is_set_to_db_xml_os_dbextended_or_xmlextended
• global_names_is_set_to_true
• o7_dictionary_accessibility_is_set_to_false
• os_roles_is_set_to_false
• remote_listener_is_empty
• remote_login_passwordfile_is_set_to_none
• remote_os_authent_is_set_to_false
• remote_os_roles_is_set_to_false
• utl_file_dir_is_empty
• sec_case_sensitive_logon_is_set_to_true
• sec_max_failed_login_attempts_is_3_or_less
• sec_protocol_error_further_action_is_set_to_drop3
• sec_protocol_error_trace_action_is_set_to_log
• sec_return_server_release_banner_is_set_to_false
• sql92_security_is_set_to_true
• trace_files_public_is_set_to_false
• failed_login_attempts_is_less_than_or_equal_to_5
• password_lock_time_is_greater_than_or_equal_to_1
• password_life_time_is_less_than_or_equal_to_90
• password_reuse_max_is_greater_than_or_equal_to_20
• password_reuse_time_is_greater_than_or_equal_to_365
• password_grace_time_is_less_than_or_equal_to_5
• password_verify_function_is_set_for_all_profiles
• sessions_per_user_is_less_than_or_equal_to_10
• inactive_account_time_is_less_than_or_equal_to_120
• all_default_passwords_are_changed
• all_sample_data_and_users_have_been_removed
• no_users_are_assigned_the_default_profile
• sys_user_mig_has_been_dropped
• user_audit_option_is_enabled
• role_audit_option_is_enabled
• system_grant_audit_option_is_enabled
• profile_audit_option_is_enabled
• database_link_audit_option_is_enabled
• public_database_link_audit_option_is_enabled
• public_synonym_audit_option_is_enabled
• synonym_audit_option_is_enabled
• directory_audit_option_is_enabled
• select_any_dictionary_audit_option_is_enabled
• grant_any_object_privilege_audit_option_is_enabled
• grant_any_privilege_audit_option_is_enabled
• drop_any_procedure_audit_option_is_enabled
• all_audit_option_on_sys_aud_is_enabled
• procedure_audit_option_is_enabled
• alter_system_audit_option_is_enabled
• trigger_audit_option_is_enabled
• create_session_audit_option_is_enabled
• create_user_action_audit_is_enabled
• alter_user_action_audit_is_enabled
• drop_user_audit_option_is_enabled
• create_role_action_audit_is_enabled
• alter_role_action_audit_is_enabled
• drop_role_action_audit_is_enabled
• grant_action_audit_is_enabled
• revoke_action_audit_is_enabled
• create_profile_action_audit_is_enabled
• alter_profile_action_audit_is_enabled
• drop_profile_action_audit_is_enabled
• create_database_link_action_audit_is_enabled
• alter_database_link_action_audit_is_enabled
• drop_database_link_action_audit_is_enabled
• create_synonym_action_audit_is_enabled
• alter_synonym_action_audit_is_enabled
• drop_synonym_action_audit_is_enabled
• select_any_dictionary_privilege_audit_is_enabled
• audsys_aud_unified_access_audit_is_enabled
• create_procedure_function_package_package_body_action_audit_is_enabled
• alter_procedure_function_package_package_body_action_audit_is_enabled
• drop_procedure_function_package_package_body_action_audit_is_enabled
• alter_system_privilege_audit_is_enabled
• create_trigger_action_audit_is_enabled
• alter_trigger_action_audit_is_enabled
• drop_trigger_action_audit_is_enabled
• logon_and_logoff_actions_audit_is_enabled

AUDIT ONLY

the AUDIT_ONLY set contains all of the controls that manage the specified database’s audit settings. This set does not include any repressing security settings. This means that when you apply this set, your application should keep on working. The increased auditing might have an impact on your database performance and storage requirements. Here is a list of the security controls in this set:

• audit_sys_operations_is_set_to_true
• audit_trail_is_set_to_db_xml_os_dbextended_or_xmlextended
• user_audit_option_is_enabled
• role_audit_option_is_enabled
• system_grant_audit_option_is_enabled
• profile_audit_option_is_enabled
• database_link_audit_option_is_enabled
• public_database_link_audit_option_is_enabled
• public_synonym_audit_option_is_enabled
• synonym_audit_option_is_enabled
• directory_audit_option_is_enabled
• select_any_dictionary_audit_option_is_enabled
• grant_any_object_privilege_audit_option_is_enabled
• grant_any_privilege_audit_option_is_enabled
• drop_any_procedure_audit_option_is_enabled
• all_audit_option_on_sys_aud_is_enabled
• procedure_audit_option_is_enabled
• alter_system_audit_option_is_enabled
• trigger_audit_option_is_enabled
• create_session_audit_option_is_enabled
• create_user_action_audit_is_enabled
• alter_user_action_audit_is_enabled
• drop_user_audit_option_is_enabled
• create_role_action_audit_is_enabled
• alter_role_action_audit_is_enabled
• drop_role_action_audit_is_enabled
• grant_action_audit_is_enabled
• revoke_action_audit_is_enabled
• create_profile_action_audit_is_enabled
• alter_profile_action_audit_is_enabled
• drop_profile_action_audit_is_enabled
• create_database_link_action_audit_is_enabled
• alter_database_link_action_audit_is_enabled
• drop_database_link_action_audit_is_enabled
• create_synonym_action_audit_is_enabled
• alter_synonym_action_audit_is_enabled
• drop_synonym_action_audit_is_enabled
• select_any_dictionary_privilege_audit_is_enabled
• audsys_aud_unified_access_audit_is_enabled
• create_procedure_function_package_package_body_action_audit_is_enabled
• alter_procedure_function_package_package_body_action_audit_is_enabled
• drop_procedure_function_package_package_body_action_audit_is_enabled
• alter_system_privilege_audit_is_enabled
• create_trigger_action_audit_is_enabled
• alter_trigger_action_audit_is_enabled
• drop_trigger_action_audit_is_enabled
• logon_and_logoff_actions_audit_is_enabled