Threat Finder

Threat ID
2490
Threat Date
12/30/2011
Threat Name
Parameter SEC_USER_AUDIT_ACTION_BANNER not set
CVE Reference
CVE-NO-MATCH
CCE Reference
CCE-NO-MATCH
Risk
Informational
Database Type
Oracle
Category
Informational
Versions
Oracle 11 and up
Summary
A banner should be set to warn a user about the possible audit actions that are taken when using the system. Set this parameter to the complete path to the file that contains the warning text.
Overview
Oracle enables the capability to set up a banner text to warn users that their connections are being audited. To configure these banners to display, set the SEC_USER_AUDIT_ACTION_BANNER sqlnet.ora parameter on the database server side to point to a text file that contains the banner information, and modify the client application to call OCI_ATTR_AUDIT_BANNER to retrieve audit banner text from the server.
References
http://docs.oracle.com/cd/E11882_01/network.112/e10835/sqlnet.htm#NETRF182
http://oracle.su/docs/11g/network.112/e10835/sqlnet.htm#BIIICDCD
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by