ora_secured
Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
- Puppet >= 5.0.0 < 8.0.0
- , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'enterprisemodules-ora_secured', '4.3.0'
Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
Overview
This module allows you to secure your databases according to the CIS benchmark. We are also adding other security frameworks.
It is part of our family of Puppet modules to install, manage and secure Oracle databases with Puppet. Besides this module, this family also contains:
- ora_install For installing an Oracle database and other database related Oracle products
- ora_config For configuring every aspect of your Oracle database
- ora_profile The ora_profile module allows an easy path from first simple installation to a fully customized Enterprise setup.
All of these modules support Oracle versions 11, 12, 18 and 19.
Want to try?
You don't want to read about it, but really want to try it? You can! You can explore our Puppet modules for Oracle by checking out our playgrounds. Here we guide you around in some of the functionality of our modules.
License
This is a commercially licensed module. But you can use the module on VirtualBox based development systems for FREE. When used on real systems a license is required.
You can license our modules in multiple ways. Our basic licensing model requires a subscription per node. But contact us for details.
Check the License for details.
Description
Let’s first dive into the question: “What configuration settings are needed to get my system secure?”. Many people have asked themselves this question. The Center for Internet Security (CIS) is one of the means to get an answer. CIS also has a security baseline for Oracle 12: CIS Oracle Database Server 12c Benchmark v2.0.0. We have taken this baseline and Puppetized it for you to use.
It is called ora_secured
and contains an implementation of all rules in the CIS benchmark that describe a configuration setting inside of the database.
On a Puppet run, the module will inspect all settings described in the CIS rules and apply changes to them if they deviate from the standard. (If you have started the Puppet run with a noop
, it will do nothing but report all changes that would have been made. ). All changes will be reported to the Puppet master and on the console, you get an overview of the changes. Because the Puppet agent runs every 20 minutes (or different if you set it to a different interval), every 20 minutes, your database configuration is checked against the CIS benchmark, and you can sleep well and be assured your data is safe.
Check the documentation here
Setup
Requirements
The ora_secured
module requires:
- Puppet module
enterprisemodules-easy_type
installed. - Puppet version 4.0 or higher. Can be Puppet Enterprise or Puppet Open Source
- Oracle 12 higher
- A valid Oracle license
- A valid Enterprise Modules license for usage.
- Runs on most Linux systems.
- Runs on Solaris
Installing the ora_secured module
To install these modules, you can use a Puppetfile
mod 'enterprisemodules/ora_secured' ,'x.x.x'
Then use the librarian-puppet
or r10K
to install the software.
You can also install the software using the puppet module
command:
puppet module install enterprisemodules-ora_secured
Usage
The scope of securing your Oracle database is enormous. The number of security controls in the CIS benchmark is huge. This might make you think that it is not easy to get started, but actually, it is very simple.
Enabling CIS for your database
To enable the CIS benchmark on your database, you just have to add this line to your puppet code:
ora_secured::apply_cis{'DB1':
product_version => 'db19c',
doc_version => 'V1.0.0'
}
This will activate the CIS benchmark V1.0.0 for Oracle 19c on your databases DB1
. The ora_secured
puppet module takes care of checking all of the security settings in the benchmark and ensuring they are set in a secure way.
Skipping some controls
The scope of the CIS benchmark for Oracle is pretty extensive. So extensive that enabling all controls, probably ensures that your application doesn't work anymore. So you need to customize the controls you want to enable.
There are four ways the ora_secured
module allows you to skip controls.
- Add a list of controls to skip when calling the
ora_secured
defined type. - Add
ora_secured::controls::name_of_the_control: skip
to your hiera data. This will skip the control on ALL databases. - Add
ora_secured::controls::name_of_the_control::dbname: skip
to your hiera data. This will skip the control on the database with siddbname
. - Add an entry with the content
name_of_the_control
to the array valueora_secured::skip_list
in your hiera data.
Method 1 is a good way to create your own baseline based on the standard ora_secured
code.
Method 2 and 3 are a perfect way to use when you need to override the applicability of control on an individual database or set of database. Just put this data in the hiera for this node or group of databases.
Method 4 is the perfect way to setup a base level. A level you want to be skipped on all of your databases.
You can combine all of these methods to fit your use case.
Reference
Here you can find some more information regarding this puppet module:
Here are related blog posts:
- How to ensure you only use Oracle features you paid for
- Oracle 12.2 support added to our Oracle modules
- Secure your Oracle Database
- Manage Oracle containers with Puppet
- Manage your oracle users with Puppet
- Reaching into your Oracle Database with Puppet
- Manage your Oracle database schemas with Puppet
- Managing your Oracle database size with Puppet
- Using Puppet to manage Oracle
Limitations
This module runs on Solaris and most Linux versions. It requires a puppet version 5 or higher. The module does NOT run on windows systems.
Reference
Table of Contents
Defined types
ora_secured::controls::access_to_dbms_software_files_and_directories_must_not_be_granted_to_unauthorized_users
: For UNIX Systems:ora_secured::controls::access_to_default_accounts_used_to_support_replication_must_be_restricted_to_authorized_dbas
: From SQL*Plus:ora_secured::controls::access_to_external_executables_must_be_disabled_or_restricted
: Review the System Security Plan to determine if the use of the external procedure agent is authorized.ora_secured::controls::admin_restrictions_is_set_to_on
: Theadmin_restrictions_<listener_name>
setting in the `listener.ora_secured::controls::administrative_privileges_must_be_assigned_to_database_accounts_via_database_roles
: Review accounts for direct assignment of administrative privileges.ora_secured::controls::admins_must_utilize_a_separate_distinct_administrative_accnt_when_performing_administrative_act_a
: Review permissions for objects owned by DBA or other administrative accounts.ora_secured::controls::all_audit_option_on_sys_aud_is_enabled
: The logging of attempts to alter the audit trail in the `SYS.ora_secured::controls::all_default_passwords_are_changed
: Default passwords should not be used by Oracle database users.ora_secured::controls::all_is_revoked_from_unauthorized_grantee_on_aud
: The Oracle database `SYS.ora_secured::controls::all_is_revoked_from_unauthorized_grantee_on_dba
: The Oracle databaseDBA_
views show all information which is relevant toora_secured::controls::all_is_revoked_on_sensitive_tables
: The Oracle database tables listed below may contain sensitive information, andora_secured::controls::all_sample_data_and_users_have_been_removed
: Oracle sample schemas can be used to create sample usersora_secured::controls::all_use_of_privileged_accounts_must_be_audited
: Review auditing configuration.ora_secured::controls::allocate_audit_record_storage_capacity_in_acc_with_org_def_audit_record_storage_reqs
: Review the DBMS settings to determine whether audit logging is configured to produce logs consistent with the amount of space allocated for logging.ora_secured::controls::allow_designated_org_personnel_to_select_which_auditable_events_are_to_be_audited_by_db
: Check DBMS settings and documentation to determine whether designated personnel are able to select which auditable events are being audited.ora_secured::controls::alter_database_link_action_audit_is_enabled
: Oracle database links are used to establish database-to-database connections toora_secured::controls::alter_procedure_function_package_package_body_action_audit_is_enabled
: Oracle database procedures, functions, packages, and package bodies, which areora_secured::controls::alter_profile_action_audit_is_enabled
: Oracle database profiles are used to enforce resource usage limits and implementora_secured::controls::alter_role_action_audit_is_enabled
: An Oracle database role is a collection or set of privileges that can be grantedora_secured::controls::alter_synonym_action_audit_is_enabled
: An Oracle database synonym is used to create an alternative name for a databaseora_secured::controls::alter_system_audit_option_is_enabled
:ALTER SYSTEM
allows one to change instance settings, including security settingsora_secured::controls::alter_system_is_revoked_from_unauthorized_grantee
: The Oracle databaseALTER SYSTEM
privilege allows the designated user toora_secured::controls::alter_system_privilege_audit_is_enabled
: TheALTER SYSTEM
privilege allows the user to change instance settings whichora_secured::controls::alter_trigger_action_audit_is_enabled
: Oracle database triggers are executed automatically when specified conditions onora_secured::controls::alter_user_action_audit_is_enabled
: TheALTER USER
statement is used to change database users’ password, lockora_secured::controls::any_is_revoked_from_unauthorized_grantee
: The Oracle databaseANY
keyword provides the user the capability to alter anyora_secured::controls::app_object_owner_accnts_must_be_disabled_when_not_performing_installation_or_maint_actions
: Run the SQL query:ora_secured::controls::app_user_priv_assignment_must_be_reviewed_monthly_or_more_frequently_to_ensure_compliance_with_le
: Review policy, procedures and implementation evidence to determine if periodic reviews of user privileges by the ISSO are being performed.ora_secured::controls::application_owner_accounts_must_have_a_dedicated_application_tablespace
: Run the SQL query:ora_secured::controls::application_role_permissions_must_not_be_assigned_to_the_oracle_public_role
: From SQL*Plus:ora_secured::controls::apps_must_obscure_feedback_of_auth_info_during_auth_proc_to_prot_info_frm_possible_exploitation_u
: Interview the DBA to determine if any applications that access the database allow for entry of the account name and password on the command line.ora_secured::controls::attempts_to_bypass_access_controls_must_be_audited
: Review any audit settings for:ora_secured::controls::audit_sys_operations_is_set_to_true
: TheAUDIT_SYS_OPERATIONS
setting provides for the auditing of all userora_secured::controls::audit_system_is_revoked_from_unauthorized_grantee
: The Oracle databaseAUDIT SYSTEM
privilege allows changes to auditing activities on the system.ora_secured::controls::audit_trail_data_must_be_retained_for_at_least_one_year
: Review and verify the implementation of an audit trail retention policy.ora_secured::controls::audit_trail_data_must_be_reviewed_daily_or_more_frequently
: If the database being reviewed is not a production database, this check is not a finding.ora_secured::controls::audit_trail_is_set_to_db_xml_os_dbextended_or_xmlextended
: Theaudit_trail
setting determines whether or not Oracle's basic audit featuresora_secured::controls::audsys_aud_unified_access_audit_is_enabled
: The `AUDSYS.ora_secured::controls::autom_term_emergency_accnts_after_an_org_def_time_period_for_each_type_of_accnt
: If the organization has a policy, consistently enforced, forbidding the creation of emergency or temporary accounts, this is not a finding.ora_secured::controls::automatically_audit_account_creation
: Check Oracle settings (and also OS settings and/or enterprise-level authentication/access mechanisms settings) to determine if account creation is being audited.ora_secured::controls::automatically_audit_account_disabling_actions_to_the_extent_such_information_is_available
: Check Oracle settings (and also OS settings and/or enterprise-level authentication/access mechanisms settings) to determine if account disabling actions are being audited.ora_secured::controls::automatically_audit_account_modification
: Check Oracle settings (and also OS settings and/or enterprise-level authentication/access mechanisms settings) to determine if account modification is being audited.ora_secured::controls::automatically_audit_account_termination
: Check Oracle settings (and also OS settings and/or enterprise-level authentication/access mechanisms settings) to determine if account termination actions are being audited.ora_secured::controls::be_prot_frm_unauth_acc_by_devs_on_shared_prod_dev_host_syss
: Identify whether any hosts contain both development and production databases.ora_secured::controls::be_protected_from_unauthorized_access_by_developers
: Check the production system to ensure no developer accounts have rights to modify the production database structure or alter production data.ora_secured::controls::become_user_is_revoked_from_unauthorized_grantee
: The Oracle databaseBECOME USER
privilege allows the designated user toora_secured::controls::changes_to_configuration_options_must_be_audited
: From SQL*Plus:ora_secured::controls::changes_to_dbms_security_labels_must_be_audited
: If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this is not a finding.ora_secured::controls::check_the_validity_of_data_inputs
: Review DBMS code, settings, field definitions, constraints, and triggers to determine whether or not data being input into the database is validated.ora_secured::controls::conduct_backups_of_sys_level_info_per_org_def_frequency_that_is_consistent_with_recovery_time_and
: Review DBMS and OS backup configuration to determine that system-level data is backed up in according with organization-defined frequency.ora_secured::controls::connss_by_mid_tr_web_and_app_syss_to_orcl_dbms_frm_a_dmz_or_ext_netw_must_be_encrpted
: Review the System Security Plan for remote applications that access and use the database.ora_secured::controls::create_any_library_is_revoked_from_unauthorized_grantee
: The Oracle databaseCREATE ANY LIBRARY
privilege allows the designated user toora_secured::controls::create_database_link_action_audit_is_enabled
: Oracle database links are used to establish database-to-database connections toora_secured::controls::create_library_is_revoked_from_unauthorized_grantee
: The Oracle databaseCREATE LIBRARY
privilege allows the designated user toora_secured::controls::create_procedure_function_package_package_body_action_audit_is_enabled
: Oracle database procedures, function, packages, and package bodies, which areora_secured::controls::create_procedure_is_revoked_from_unauthorized_grantee
: The Oracle databaseCREATE PROCEDURE
privilege allows the designated user toora_secured::controls::create_profile_action_audit_is_enabled
: Oracle database profiles are used to enforce resource usage limits and implementora_secured::controls::create_role_action_audit_is_enabled
: An Oracle database role is a collection or set of privileges that can be grantedora_secured::controls::create_session_audit_option_is_enabled
: Enabling this audit option will cause auditing of all attempts to connect to theora_secured::controls::create_synonym_action_audit_is_enabled
: An Oracle database synonym is used to create an alternative name for a databaseora_secured::controls::create_trigger_action_audit_is_enabled
: Oracle database triggers are executed automatically when specified conditions onora_secured::controls::create_user_action_audit_is_enabled
: TheCREATE USER
statement is used to create Oracle database accounts andora_secured::controls::creds_strd_and_used_by_dbms_to_acc_rmt_dbs_or_apps_must_be_auth_and_rstrcted_to_auth_users
: Review the list of defined database links generated from the DBMS.ora_secured::controls::database_backup_procedures_must_be_defined_documented_and_implemented
: Review the database backup procedures and implementation evidence.ora_secured::controls::database_data_files_containing_sensitive_information_must_be_encrypted
: If the database does not handle sensitive information, this is not a finding.ora_secured::controls::database_link_audit_option_is_enabled
: Enabling the audit option for theDATABASE LINK
object causes all activities onora_secured::controls::database_must_not_be_directly_accessible_from_public_or_unauthorized_networks
: Review the System Security Plan to determine if the DBMS serves data to users or applications outside the local enclave.ora_secured::controls::database_objects_must_be_owned_by_accounts_authorized_for_ownership
: Review system documentation to identify accounts authorized to own database objects.ora_secured::controls::database_recovery_procedures_must_be_developed_documented_implemented_and_periodically_tested
: Review the testing and verification procedures documented in the system documentation.ora_secured::controls::db_job_batch_queues_must_be_reviewed_regularly_to_detect_unauth_db_job_submissions
: The DBMS_JOB PL/SQL package has been replaced by DBMS_SCHEDULER in Oracle versions 10.ora_secured::controls::db_sw_apps_and_config_files_must_be_mon_to_disc_unauth_changes
: Review monitoring procedures and implementation evidence to verify that monitoring of changes to database software libraries, related applications, and configuration files is done.ora_secured::controls::db_sw_dirs_including_dbms_config_files_must_be_strd_in_dedicated_dirs_or_dasd_pools_separate_frm
: Review the DBMS software library directory and note other root directories located on the same disk directory or any subdirectories.ora_secured::controls::dba_is_revoked_from_unauthorized_grantee
: The Oracle databaseDBA
role is the default database administrator roleora_secured::controls::dba_os_accnts_must_be_grnted_only_those_host_sys_privs_necessary_for_admin_of_dbms
: Review host system privileges assigned to the Oracle DBA group and all individual Oracle DBA accounts.ora_secured::controls::dba_role_must_not_be_assigned_excessive_or_unauthorized_privileges
: Review access permissions for objects owned by application owners or other non-administrative users.ora_secured::controls::dba_sys_privs_is_revoked_from_unauthorized_grantee_with_admin_option_set_to_yes
: The Oracle databaseWITH_ADMIN
privilege allows the designated user to grantora_secured::controls::dba_users_authentication_type_is_not_set_to_external_for_any_user
: Theauthentication_type='EXTERNAL'
setting determines whether or not a userora_secured::controls::dbms_backup_and_restoration_files_must_be_protected_from_unauthorized_access
: Review file protections assigned to online backup and restoration files.ora_secured::controls::dbms_data_files_transaction_logs_and_audit_files_must_be_strd_in_dedicated_dirs_or_disk_partition
: Review the disk/directory specification where database data, transaction log and audit files are stored.ora_secured::controls::dbms_default_accounts_must_be_assigned_custom_passwords
: Use this query to identify the Oracle-supplied accounts that still have their default passwords:ora_secured::controls::dbms_default_accounts_must_be_protected_from_misuse
: Review the use of the essential system accounts with the DBA(s).ora_secured::controls::dbms_host_plfrm_and_other_dependent_apps_must_be_configed_in_compliance_with_applicable_stig_reqs
: If the DBMS host being reviewed is not a production DBMS host, this check is not a finding.ora_secured::controls::dbms_itself_or_logging_or_alerting_mechanism_app_utilizes_must_prov_a_warning_when_allocated_audi
: Review DBMS, OS, or third-party logging application settings to determine whether a warning will be provided when a specific percentage of log storage capacity is reached.ora_secured::controls::dbms_processes_or_services_must_run_under_custom_dedicated_os_accounts
: Check OS settings to determine whether DBMS processes are running under a dedicated OS account.ora_secured::controls::dbms_prod_app_and_data_dirs_must_be_prot_frm_devs_on_shared_prod_dev_dbms_host_syss
: If the DBMS or DBMS host is not shared by production and development activities, this check is not a finding.ora_secured::controls::dbms_pwds_must_not_be_strd_in_compiled_encoded_or_encrpted_batch_jobs_or_compiled_encoded_or_encr
: Review application source code required to be encoded or encrypted for database accounts used by applications or batch jobs to access the database.ora_secured::controls::dbms_software_installation_account_must_be_restricted_to_authorized_users
: Review procedures for controlling and granting access to use of the DBMS software installation account.ora_secured::controls::dbms_software_libraries_must_be_periodically_backed_up
: Review evidence of inclusion of the DBMS libraries in current backup records.ora_secured::controls::dbms_symmetric_keys_must_be_prot_in_acc_with_nsa_or_nist_apprvd_key_mgmt_technology_or_procs
: If the symmetric key management procedures and configuration settings for the DBMS are not specified in the System Security Plan, this is a finding.ora_secured::controls::dbms_utlzng_dac_must_enforce_a_policy_that_incl_or_excl_acc_to_granularity_of_a_single_user
: Check DBMS settings and documentation to determine if users are able to assign and revoke rights to the objects and information they own.ora_secured::controls::dbms_when_using_pki_based_auth_must_enforce_auth_acc_to_corresponding_private_key
: If PKI is not enabled in Oracle Database, this is not a finding.ora_secured::controls::dbms_when_utlzng_pki_based_auth_must_validate_certificates_by_constructing_a_certification_path_w
: If PKI is not enabled in the Oracle Database, this is not a finding.ora_secured::controls::dbs_employed_to_write_data_to_portable_dig_med_must_use_cryptographic_mechs_to_prot_and_rstrct_ac
: If data is written to portable media, the data must be protected and access restricted via cryptographic mechanisms.ora_secured::controls::dbs_utlzng_dac_must_enforce_a_policy_that_lmts_propagation_of_acc_rights
: Verify the DBMS has the ability to grant permissions without the grantee receiving the right to grant those same permissions to another user.ora_secured::controls::default_demonstration_and_sample_databases_database_objects_and_applications_must_be_removed
: If Oracle is hosted on a server that does not support production systems, and is designated for the deployment of samples and demonstrations, this is not applicable (NA).ora_secured::controls::delete_catalog_role_is_revoked_from_unauthorized_grantee
: **THIS ROLE IS DEPRECATED IN V12.ora_secured::controls::diag_subdir_under_dir_assigned_to_diag_dest_parameter_must_be_prot_frm_unauth_acc
: From SQL*Plus:ora_secured::controls::dir_assigned_to_audit_file_dest_parameter_must_be_prot_frm_unauth_acc_and_must_be_strd_in_a_dedic
: If Standard Auditing is used:ora_secured::controls::directory_audit_option_is_enabled
: TheDIRECTORY
object allows for the creation of a directory object thatora_secured::controls::dirs_assigned_to_log_archive_dest_parameters_must_be_prot_frm_unauth_acc
: From SQL*Plus:ora_secured::controls::disable_user_accounts_after_35_days_of_inactivity
: If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::drop_any_procedure_audit_option_is_enabled
: TheAUDIT DROP ANY PROCEDURE
command is auditing the dropping of procedures.ora_secured::controls::drop_database_link_action_audit_is_enabled
: Oracle database links are used to establish database-to-database connections toora_secured::controls::drop_procedure_function_package_package_body_action_audit_is_enabled
: Oracle database procedures, functions, packages, and package bodies, which areora_secured::controls::drop_profile_action_audit_is_enabled
: Oracle database profiles are used to enforce resource usage limits and implementora_secured::controls::drop_role_action_audit_is_enabled
: An Oracle database role is a collection or set of privileges that can be grantedora_secured::controls::drop_synonym_action_audit_is_enabled
: An Oracle database synonym is used to create an alternative name for a databaseora_secured::controls::drop_trigger_action_audit_is_enabled
: Oracle database triggers are executed automatically when specified conditions onora_secured::controls::drop_user_audit_option_is_enabled
: TheDROP USER
statement is used to drop Oracle database accounts and schemas associated with them.ora_secured::controls::employ_autom_mechs_to_alert_sec_personnel_of_inappr_or_unusual_act_with_sec_implications
: Check DBMS settings to determine whether security personnel are alerted automatically when unusual or security-related activities (threats identified by authoritative sources (e.ora_secured::controls::employ_automated_mechanisms_for_supporting_oracle_user_account_management
: If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::employ_cryptographic_mechs_preventing_unauth_disclosure_of_info_during_transmission_unless_transm
: Check DBMS settings to determine whether cryptographic mechanisms are used to prevent the unauthorized disclosure of information during transmission.ora_secured::controls::employ_cryptographic_mechs_to_prot_int_and_conf_of_nonlocal_maint_and_diag_comms
: Review DBMS configuration to determine if cryptographic mechanisms are being utilized to protect the integrity and confidentiality of nonlocal maintenance and diagnostic communications.ora_secured::controls::employ_strong_ident_and_auth_techs_when_esting_nonlocal_maint_and_diag_sess
: Review DBMS settings to determine whether strong identification and authentication techniques are required for nonlocal maintenance and diagnostic sessions.ora_secured::controls::enforce_apprvd_auths_for_log_acc_to_sys_in_acc_with_applicable_policy
: Check DBMS settings to determine whether users are restricted from accessing objects and data they are not authorized to access.ora_secured::controls::enforce_dac_policy_allowing_users_to_specify_and_control_sharing_by_named_indivs_groups_of_indivs
: Check DBMS settings to determine if users are able to assign and revoke rights to the objects and information that they own.ora_secured::controls::enforce_password_maximum_lifetime_restrictions
: If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::enforce_requirements_for_remote_connections_to_the_information_system
: Review organization's access control policies and procedures addressing remote access to the information system.ora_secured::controls::ensure_rmt_sess_that_acc_an_org_def_lst_of_sec_funcs_and_sec_rel_info_are_audited
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::ensure_users_are_auth_with_an_indiv_authenticator_prior_to_using_a_shared_authenticator
: Review DBMS settings, OS settings, and/or enterprise-level authentication/access mechanism settings to determine whether shared accounts exist.ora_secured::controls::execute_any_procedure_is_revoked_from_dbsnmp
: Remove unneededEXECUTE ANY PROCEDURE
privileges fromDBSNMP
.ora_secured::controls::execute_any_procedure_is_revoked_from_outln
: Remove unneededEXECUTE ANY PROCEDURE
privileges fromOUTLN
.ora_secured::controls::execute_catalog_role_is_revoked_from_unauthorized_grantee
: The Oracle databaseEXECUTE_CATALOG_ROLE
providesEXECUTE
privileges for aora_secured::controls::execute_is_not_granted_to_public_on_non_default_packages
: The packages described in this control are not granted toPUBLIC
by defaultora_secured::controls::execute_is_revoked_from_public_on_encryption_packages
: As described below, Oracle Database PL/SQL "Encryption" packages -ora_secured::controls::execute_is_revoked_from_public_on_file_system_packages
: As described below, Oracle Database PL/SQL "File System" packages -ora_secured::controls::execute_is_revoked_from_public_on_java_packages
: As described below, Oracle Database PL/SQL "Java" packages -DBMS_JAVA
andora_secured::controls::execute_is_revoked_from_public_on_job_scheduler_packages
: As described below, Oracle Database PL/SQL "Job Scheduler" packages -ora_secured::controls::execute_is_revoked_from_public_on_network_packages
: As described below, Oracle Database PL/SQL "Network" packages -DBMS_LDAP
,ora_secured::controls::execute_is_revoked_from_public_on_sql_injection_helper_packages
: As described below, Oracle Database PL/SQL "SQL Injection Helper Packages"ora_secured::controls::exempt_access_policy_is_revoked_from_unauthorized_grantee
: The Oracle databaseEXEMPT ACCESS POLICY
keyword provides the user theora_secured::controls::extproc_is_not_present_in_listener_ora
:extproc
should be removed from the `listener.ora_secured::controls::failed_login_attempts_is_less_than_or_equal_to_5
: TheFAILED_LOGIN_ATTEMPTS
setting determines how many failed login attemptsora_secured::controls::fixed_user_and_public_database_links_must_be_authorized_for_use
: From SQL*Plus:ora_secured::controls::gen_audit_recs_for_dod_selected_lst_of_auditable_events_to_extent_such_info_is_avail
: Check DBMS settings to determine if auditing is being performed on the events on the DoD-selected list of auditable events that lie within the scope of Oracle audit capabilities:ora_secured::controls::global_names_is_set_to_true
: The global_names setting requires that the name of a database link matches thatora_secured::controls::grant_action_audit_is_enabled
:GRANT
statements are used to grant privileges to Oracle database users andora_secured::controls::grant_any_object_privilege_audit_option_is_enabled
:GRANT ANY OBJECT PRIVILEGE
allows the user to grant or revoke any objectora_secured::controls::grant_any_object_privilege_is_revoked_from_unauthorized_grantee
: The Oracle databaseGRANT ANY OBJECT PRIVILEGE
keyword provides the granteeora_secured::controls::grant_any_privilege_audit_option_is_enabled
:GRANT ANY PRIVILEGE
allows a user to grant any system privilege, including theora_secured::controls::grant_any_privilege_is_revoked_from_unauthorized_grantee
: The Oracle databaseGRANT ANY PRIVILEGE
keyword provides the grantee theora_secured::controls::grant_any_role_is_revoked_from_unauthorized_grantee
: The Oracle databaseGRANT ANY ROLE
keyword provides the grantee the capabilityora_secured::controls::have_its_auditing_configured_to_reduce_the_likelihood_of_storage_capacity_being_exceeded
: Review the DBMS settings to determine whether audit logging is configured to produce logs consistent with the amount of space allocated for logging.ora_secured::controls::identify_potentially_security_relevant_error_conditions
: Check DBMS settings to determine whether security-related error conditions are monitored for, and whether appropriate personnel are notified.ora_secured::controls::implement_required_cryptographic_protions_using_cryptographic_modules_complying_with_applicable_f
: If encryption is not required for the database, this is not a finding.ora_secured::controls::implement_separation_of_duties_through_assigned_information_access_authorizations
: Obtain a list of privileges assigned to the DBMS user accounts.ora_secured::controls::inactive_account_time_is_less_than_or_equal_to_120
: TheINACTIVE_ACCOUNT_TIME
setting determines the maximum number of days ofora_secured::controls::incl_org_def_add_more_det_info_in_audit_recs_for_audit_events_idntfd_by_type_location_or_subject
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::isolate_security_functions_from_nonsecurity_functions_by_means_of_separate_security_domains
: Check DBMS settings to determine whether objects or code implementing security functionality are located in a separate security domain, such as a separate database or schema created specifically for security functionality.ora_secured::controls::issm_must_review_changes_to_dba_role_assignments
: Review policy and procedures documented or noted in the System Security Plan as well as evidence of implementation for monitoring changes to DBA role assignments and procedures for notifying the ISSM of the changes for review.ora_secured::controls::lmt_number_of_concurrent_sess_for_each_sys_accnt_to_an_org_def_number_of_sess
: Retrieve the settings for concurrent sessions for each profile with the query:ora_secured::controls::lmt_use_of_resources_by_prio_and_not_impede_host_frm_servicing_procs_designated_as_a_higher_prio
: Review DBMS settings and documentation to determine if the DBMS restricts resource usage by priority.ora_secured::controls::logic_modules_within_db_to_incl_pkgs_procs_funcs_and_trggrs_must_be_mon_to_disc_unauth_changes
: Review monitoring procedures and implementation evidence to verify that monitoring of changes to database logic modules is done.ora_secured::controls::logon_and_logoff_actions_audit_is_enabled
: Oracle database users log on to the database to perform their work.ora_secured::controls::manage_resources_to_lmt_effects_of_info_flooding_types_of_denial_of_service_dos_incidents
: Review Oracle user profiles.ora_secured::controls::map_the_authenticated_identity_to_the_user_account_using_pki_based_authentication
: Review DBMS configuration to verify DBMS user accounts are being mapped directly to authenticated identity information being passed via the PKI.ora_secured::controls::minimum_of_two_orcl_control_files_must_be_def_and_configed_to_be_strd_on_separate_archived_disks
: From SQL*Plus:ora_secured::controls::minimum_of_two_orcl_redo_log_groups_files_must_be_def_and_configed_to_be_strd_on_separate_archive
: From SQL*Plus:ora_secured::controls::network_access_to_the_dbms_must_be_restricted_to_authorized_personnel
: IP address restriction may be defined for the database listener, by use of the Oracle Connection Manager or by an external network device.ora_secured::controls::network_client_connections_must_be_restricted_to_supported_versions
: ora_secured::controls::network_client_connections_must_be_restricted_to_supported_versions Note: The SQLNET.ALLOWED_LOGON_VERSION parameterora_secured::controls::no_public_database_links_exist
: Public Database links are used to allow connections between databases.ora_secured::controls::no_users_are_assigned_the_default_profile
: Upon creation database users are assigned to theDEFAULT
profile unlessora_secured::controls::not_share_a_host_supporting_an_independent_security_service
: Review the services and processes active on the DBMS host system.ora_secured::controls::notify_appropriate_individuals_when_account_disabling_actions_are_taken
: Check DBMS settings to determine whether it will notify appropriate individuals when account disabling actions are taken.ora_secured::controls::notify_appropriate_individuals_when_accounts_are_created
: Check DBMS settings to determine whether it will notify appropriate individuals when accounts are created.ora_secured::controls::notify_appropriate_individuals_when_accounts_are_modified
: Check DBMS settings to determine whether it will notify appropriate individuals when accounts are modified.ora_secured::controls::notify_appropriate_individuals_when_accounts_are_terminated
: Check DBMS settings to determine whether it will notify appropriate individuals when accounts are terminated.ora_secured::controls::o7_dictionary_accessibility_is_set_to_false
: TheO7_dictionary_accessibility
setting is a database initialization parameterora_secured::controls::object_permissions_granted_to_public_must_be_restricted
: A default Oracle Database installation provides a set of predefined administrative accounts and non-administrative accounts.ora_secured::controls::only_auth_sys_accnts_must_have_sys_tablespace_specified_as_default_tablespace
: Run the query:ora_secured::controls::only_gen_error_messages_that_prov_info_necessary_for_corrective_actions_without_revealing_org_def
: Check DBMS settings and custom database and application code to verify error messages do not contain information beyond what is needed for troubleshooting the issue.ora_secured::controls::oracle_application_administration_roles_must_be_disabled_if_not_required_and_authorized
: Run the SQL query:ora_secured::controls::oracle_instance_names_must_not_contain_oracle_version_numbers
: From SQL*Plus:ora_secured::controls::oracle_listener_must_be_configured_to_require_administration_authentication
: If a listener is not running on the local database host server, this check is not a finding.ora_secured::controls::oracle_must_back_up_user_level_information_per_a_defined_frequency
: Review DBMS settings and site documentation to determine whether Oracle is configured to back up user-level data according to a defined frequency.ora_secured::controls::oracle_remote_os_authent_parameter_must_be_set_to_false
: From SQL*Plus:ora_secured::controls::oracle_remote_os_roles_parameter_must_be_set_to_false
: From SQL*Plus:ora_secured::controls::oracle_roles_granted_using_the_with_admin_option_must_not_be_granted_to_unauthorized_accounts
: A default Oracle Database installation provides a set of predefined administrative accounts and non-administrative accounts.ora_secured::controls::oracle_software_must_be_evaluated_and_patched_against_newly_found_vulnerabilities
: When the Quarterly CPU is released, check the CPU Notice and note the specific patch number for the system.ora_secured::controls::oracle_sql92_security_parameter_must_be_set_to_true
: From SQL*Plus:ora_secured::controls::oracle_trace_files_public_parameter_if_present_must_be_set_to_false
: From SQL*Plus:ora_secured::controls::orcl_db_must_off_load_audit_data_to_a_separate_log_mgmt_facility_this_must_be_continuous_and_in_n
: Review the system documentation for a description of how audit records are off-loaded.ora_secured::controls::orcl_pwd_file_ownership_and_permissions_should_be_lmted_and_rmt_login_pwdfile_parameter_must_be_s
: From SQL*Plus:ora_secured::controls::orcl_with_grnt_option_priv_must_not_be_grnted_to_non_dba_or_non_app_admin_user_accnts
: Execute the query:ora_secured::controls::os_accounts_utilized_to_run_external_procedures_called_by_the_dbms_must_have_limited_privileges
: Determine which OS accounts are used by the DBMS to run external procedures.ora_secured::controls::os_must_lmt_privs_to_change_dbms_sw_resident_within_sw_libs_including_privd_programs
: Review permissions that control access to the DBMS software libraries.ora_secured::controls::os_roles_is_set_to_false
: Theos_roles
setting permits externally created groups to be applied to database management.ora_secured::controls::owners_of_privileged_accounts_must_use_non_privileged_accounts_for_non_administrative_activities
: Review procedures and practices.ora_secured::controls::password_grace_time_is_less_than_or_equal_to_5
: ThePASSWORD_GRACE_TIME
setting determines how many days can pass after theora_secured::controls::password_life_time_is_less_than_or_equal_to_90
: ThePASSWORD_LIFE_TIME
setting determines how long a password may be usedora_secured::controls::password_lock_time_is_greater_than_or_equal_to_1
: ThePASSWORD_LOCK_TIME
setting determines how many days must pass for theora_secured::controls::password_reuse_max_is_greater_than_or_equal_to_20
: ThePASSWORD_REUSE_MAX
setting determines how many different passwords must beora_secured::controls::password_reuse_time_is_greater_than_or_equal_to_365
: ThePASSWORD_REUSE_TIME
setting determines the amount of time in days thatora_secured::controls::password_verify_function_is_set_for_all_profiles
: ThePASSWORD_VERIFY_FUNCTION
determines password settings requirements when aora_secured::controls::plans_and_procs_for_testing_dbms_installations_upgrades_and_patches_must_be_def_and_followed_prio
: Review policy and procedures documented or noted in the System Security Plan and evidence of implementation for testing DBMS installations, upgrades and patches prior to production deployment.ora_secured::controls::preserve_any_organization_defined_system_state_information_in_the_event_of_a_system_failure
: If the database is used solely for transient data (such as one dedicated to Extract-Transform-Load (ETL)), and a clear plan exists for the recovery of the database by means other than archiving, this is not a finding.ora_secured::controls::prevent_presentation_of_info_sys_mgmt_related_functionality_at_an_interface_utilized_by_general_i
: Check DBMS settings and vendor documentation to verify administrative functionality is separate from user functionality.ora_secured::controls::prevent_unauthorized_and_unintended_information_transfer_via_shared_system_resources
: Verify there are proper procedures in place for the refreshing of development/test data from production.ora_secured::controls::procedure_audit_option_is_enabled
: In this statement audit,PROCEDURE
means any procedure, function, package orora_secured::controls::procs_and_rstctns_for_import_of_prod_data_to_dev_dbs_must_be_doc_impl_and_followed
: If the database being reviewed is not a production database or does not contain sensitive data, this check is not a finding.ora_secured::controls::procs_for_esting_tmp_pwds_that_meet_dod_pwd_reqs_for_new_accnts_must_be_def_doc_and_impl
: If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::procs_services_apps_etc_that_connect_to_dbms_independently_of_indiv_users_must_use_valid_current
: Review configuration to confirm that accounts used by processes to connect to the DBMS are authenticated using valid, current DoD-issued PKI certificates.ora_secured::controls::produce_audit_records_containing_sufficient_information_to_establish_where_the_events_occurred
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::produce_audit_recs_cont_suff_info_to_est_id_of_any_user_subject_or_proc_ass_with_event
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::produce_audit_recs_cont_suff_info_to_est_outcome_success_or_failure_of_events
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::produce_audit_recs_cont_suff_info_to_est_sources_origins_of_events
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::produce_audit_recs_cont_suff_info_to_est_what_type_of_events_occurred
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::produce_audit_recs_cont_suff_info_to_est_when_date_and_time_events_occurred
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::profile_audit_option_is_enabled
: ThePROFILE
object allows for the creation of a set of database resourceora_secured::controls::prot_against_an_indiv_who_uses_a_shared_accnt_falsely_denying_having_perfd_a_particular_action
: If there are no shared accounts available to more than one user, this is not a finding.ora_secured::controls::prot_against_or_lmt_effects_of_org_def_types_of_denial_of_service_dos_attacks
: Review DBMS settings to verify the DBMS implements measures to limit the effects of the organization-defined types of Denial of Service (DoS) attacks.ora_secured::controls::prot_audit_recs_gen_as_a_result_of_rmt_acc_to_privd_accnts_and_execution_of_privd_funcs
: If Standard Auditing is used:ora_secured::controls::protect_audit_data_records_and_integrity_by_using_cryptographic_mechanisms
: Review DBMS settings to determine whether the DBMS is using cryptographic mechanisms to protect audit data records and integrity.ora_secured::controls::protect_audit_information_from_any_type_of_unauthorized_access
: Review locations of audit logs, both internal to the database and database audit logs located at the operating system-level.ora_secured::controls::protect_audit_information_from_unauthorized_deletion
: Review locations of audit logs, both internal to the database and database audit logs located at the operating system-level.ora_secured::controls::protect_audit_information_from_unauthorized_modification
: Review locations of audit logs, both internal to the database and database audit logs located at the operating system-level.ora_secured::controls::protect_audit_tools_from_unauthorized_access
: Review access permissions to tools used to view or modify audit log data.ora_secured::controls::protect_audit_tools_from_unauthorized_deletion
: Review access permissions to tools used to view or modify audit log data.ora_secured::controls::protect_audit_tools_from_unauthorized_modification
: Review access permissions to tools used to view or modify audit log data.ora_secured::controls::protect_the_integrity_of_publicly_available_information_and_applications
: Determine whether the database houses and distributes information to the public.ora_secured::controls::prov_a_mechanism_to_autom_identify_accnts_designated_as_tmp_or_emergency_accnts
: : If the organization has a policy, consistently enforced, forbidding the creation of emergency or temporary accounts, this is not a finding.ora_secured::controls::prov_audit_record_generation_cap_for_org_def_auditable_events_within_db
: Verify, using vendor and system documentation if necessary, that the DBMS is configured to use Oracle's auditing features, or that a third-party product or custom code is deployed and configured to satisfy this requirement.ora_secured::controls::prov_cap_to_autom_proc_audit_recs_for_events_of_interest_based_upon_selectable_event_criteria
: Review the system (OS, applications external to Oracle, and/or a separate log aggregation and query server) to determine whether it provides the ability to automatically process audit records for events based on selectable event criteria.ora_secured::controls::provide_a_mechanism_to_automatically_remove_or_disable_temporary_user_accounts_after_72_hours
: If the organization has a policy, consistently enforced, forbidding the creation of emergency or temporary accounts, this is not a finding.ora_secured::controls::provide_a_real_time_alert_when_organization_defined_audit_failure_events_occur
: Review Oracle Corp.ora_secured::controls::provide_a_report_generation_capability_for_audit_reduction_data
: Verify that audit reduction capabilities are in place for the Oracle audit data.ora_secured::controls::provide_an_audit_log_reduction_capability
: Verify that audit reduction capabilities are in place for the Oracle audit data.ora_secured::controls::public_database_link_audit_option_is_enabled
: ThePUBLIC DATABASE LINK
object allows for the creation of a public link forora_secured::controls::public_synonym_audit_option_is_enabled
: ThePUBLIC SYNONYM
object allows for the creation of an alternate description ofora_secured::controls::recovery_procs_and_technical_sys_features_must_exist_to_ensure_recovery_is_done_in_a_secure_and_v
: Review DBMS recovery procedures and technical system features to determine if mechanisms exist and are in place to specify use of trusted files during DBMS recovery.ora_secured::controls::remote_administration_must_be_disabled_for_the_oracle_connection_manager
: View the cman.ora_secured::controls::remote_administrative_access_to_the_database_must_be_monitored_by_the_isso_or_issm
: If remote administrative access to the database is prohibited and is disabled, this check is not a finding.ora_secured::controls::remote_database_or_other_external_access_must_use_fully_qualified_names
: From SQL*Plus:ora_secured::controls::remote_dbms_administration_must_be_documented_and_authorized_or_disabled
: Review the System Security Plan for authorization, assignments and usage procedures for remote DBMS administration.ora_secured::controls::remote_listener_is_empty
: Theremote_listener
setting determines whether or not a valid listener can beora_secured::controls::remote_login_passwordfile_is_set_to_none
: Theremote_login_passwordfile
setting specifies whether or not Oracle checksora_secured::controls::remote_os_authent_is_set_to_false
: Theremote_os_authent
setting determines whether or not OS 'roles' with theora_secured::controls::remote_os_roles_is_set_to_false
: Theremote_os_roles
setting permits remote users' OS roles to be applied toora_secured::controls::replication_accounts_must_not_be_granted_dba_privileges
: If a review of the System Security Plan confirms the use of replication is not required, not permitted and the database is not configured for replication, this check is not a finding.ora_secured::controls::resource_limit_is_set_to_true
:RESOURCE_LIMIT
determines whether resource limits are enforced in databaseora_secured::controls::restrict_error_messages_so_only_authorized_personnel_may_view_them
: Check DBMS settings and custom database code to determine if error messages are ever displayed to unauthorized individuals:ora_secured::controls::restrict_grants_to_sensitive_information_to_authorized_user_roles
: Obtain a list of privileges assigned to user accounts.ora_secured::controls::revoke_action_audit_is_enabled
:REVOKE
statements are used to revoke privileges from Oracle database users andora_secured::controls::role_audit_option_is_enabled
: TheROLE
object allows for the creation of a set of privileges that can beora_secured::controls::rstrct_ability_of_users_to_launch_denial_of_service_dos_attacks_against_other_info_syss_or_netws
: Review DBMS settings and custom database code to determine whether the DBMS or database application code could be used to launch DoS attacks.ora_secured::controls::rstrct_acc_to_sys_tables_and_other_config_info_or_metadata_to_dbas_or_other_auth_users
: Review user privileges to system tables and configuration data stored in the Oracle database.ora_secured::controls::sec_case_sensitive_logon_is_set_to_true
: TheSEC_CASE_SENSITIVE_LOGON
information determines whether or notora_secured::controls::sec_max_failed_login_attempts_is_3_or_less
: TheSEC_MAX_FAILED_LOGIN_ATTEMPTS
parameter determines how many failed loginora_secured::controls::sec_protocol_error_further_action_is_set_to_drop3
: TheSEC_PROTOCOL_ERROR_FURTHER_ACTION
setting determines the Oracle server'sora_secured::controls::sec_protocol_error_trace_action_is_set_to_log
: TheSEC_PROTOCOL_ERROR_TRACE_ACTION
setting determines the Oracle's server'sora_secured::controls::sec_return_server_release_banner_is_set_to_false
: The information about patch/update release number provides information about theora_secured::controls::secure_control_is_set_in_listener_ora
: TheSECURE_CONTROL_<listener_name>
setting determines the type of controlora_secured::controls::secure_register_is_set_to_tcps_or_ipc
: TheSECURE_REGISTER_<listener_name>
setting specifies the protocols used toora_secured::controls::select_any_dictionary_audit_option_is_enabled
: TheSELECT ANY DICTIONARY
capability allows the user to view the definitions ofora_secured::controls::select_any_dictionary_is_revoked_from_unauthorized_grantee
: The Oracle databaseSELECT ANY DICTIONARY
privilege allows the designated userora_secured::controls::select_any_dictionary_privilege_audit_is_enabled
: TheSELECT ANY DICTIONARY
system privilege allows the user to view theora_secured::controls::select_any_table_is_revoked_from_unauthorized_grantee
: The Oracle databaseSELECT ANY TABLE
privilege allows the designated user toora_secured::controls::select_catalog_role_is_revoked_from_unauthorized_grantee
: The Oracle databaseSELECT_CATALOG_ROLE
providesSELECT
privileges on allora_secured::controls::sensitive_data_strd_in_db_must_be_idntfd_in_sys_sec_plan_and_ais_functional_arch_doc
: If no sensitive or classified data is stored in the database, listed in the System Security Plan and listed in the AIS Functional Architecture documentation, this check is not a finding.ora_secured::controls::sensitive_info_frm_prod_db_exports_must_be_modified_before_import_to_a_dev_db
: If the database being reviewed is a production database, this check is not a finding.ora_secured::controls::separate_user_functionality_including_user_interface_services_frm_db_mgmt_functionality
: Check DBMS settings and vendor documentation to verify administrative functionality is separate from user functionality.ora_secured::controls::sessions_per_user_is_less_than_or_equal_to_10
: TheSESSIONS_PER_USER
setting determines the maximum number of user sessionsora_secured::controls::set_the_maximum_number_of_consecutive_invalid_logon_attempts_to_three
: The limit on the number of consecutive failed logon attempts is defined in the profile assigned to a user.ora_secured::controls::single_database_connection_configuration_file_must_not_be_used_to_configure_all_database_clients
: Review procedures for providing database connection information to users/user workstations.ora_secured::controls::sql92_security_is_set_to_true
: TheSQL92_SECURITY
parameter settingTRUE
requires that a user must also beora_secured::controls::supp_enforcement_of_log_acc_rstctns_ass_with_changes_to_dbms_config_and_to_db_itself
: Review DBMS settings and vendor documentation to ensure the database supports and does not interfere with enforcement of logical access restrictions associated with changes to the DBMS configuration and to the database itself.ora_secured::controls::supp_org_reqs_to_encrpt_info_strd_in_db_and_info_extr_or_dervd_frm_db_and_strd_on_dig_med
: If encryption is not required for the database and data derived from it, this is not a finding.ora_secured::controls::supp_org_reqs_to_enforce_number_of_characters_that_get_changed_when_pwds_are_changed
: If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::supp_org_reqs_to_enforce_pwd_complexity_by_number_of_lower_case_characters_used
: If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::supp_org_reqs_to_enforce_pwd_complexity_by_number_of_numeric_characters_used
: If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::supp_org_reqs_to_enforce_pwd_complexity_by_number_of_special_characters_used
: If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::supp_org_reqs_to_enforce_pwd_complexity_by_number_of_upper_case_characters_used
: If all user accounts are managed and authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::supp_org_reqs_to_prhbt_pwd_reuse_for_org_def_number_of_generations
: If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::supp_org_reqs_to_spec_prhbt_or_rstrct_use_of_unauth_funcs_ports_protocols_and_or_services
: Review the DBMS settings for functions, ports, protocols, and services that are not approved.ora_secured::controls::supp_req_to_back_up_audit_data_and_recs_onto_a_diff_sys_or_med_than_sys_being_audited_on_an_org_d
: Check with the database administrator, storage administrator or system administrator, as applicable at the site, to verify that Oracle is configured EITHER to perform backups of the audit data specifically, OR, with appropriate permissions granted, to permit a third-party tool to do so.ora_secured::controls::supp_taking_org_def_lst_of_least_disruptive_actions_to_term_suspicious_events
: Obtain the CC/S/A/FA's list of suspicious event types and the actions to be taken in response, ordered from least disruptive to last resort.ora_secured::controls::support_organizational_requirements_to_enforce_minimum_password_length
: If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.ora_secured::controls::support_organizational_requirements_to_enforce_password_encryption_for_storage
: (Oracle stores and displays its passwords in encrypted form.ora_secured::controls::support_the_disabling_of_network_protocols_deemed_by_the_organization_to_be_nonsecure
: Review the PPSM Technical Assurance List to acquire an up-to-date list of network protocols deemed nonsecure.ora_secured::controls::synonym_audit_option_is_enabled
: TheSYNONYM
operation allows for the creation of an alternative name for aora_secured::controls::sys_privs_grnted_using_with_admin_option_must_not_be_grnted_to_unauth_user_accnts
: A default Oracle Database installation provides a set of predefined administrative accounts and non-administrative accounts.ora_secured::controls::sys_user_mig_has_been_dropped
: The table `sys.ora_secured::controls::system_grant_audit_option_is_enabled
: Enabling the audit option for theSYSTEM GRANT
object causes auditing of anyora_secured::controls::system_privileges_must_not_be_granted_to_public
: From SQL*Plus:ora_secured::controls::take_needed_steps_to_prot_data_at_rest_and_ensure_conf_and_int_of_app_data
: If the application owner and Authorizing Official have determined that encryption of data at rest is NOT required, this is not a finding.ora_secured::controls::term_netw_conns_ass_with_a_comms_session_at_end_of_session_or_15_minutes_of_inactivity
: Review DBMS settings, OS settings, and vendor documentation to verify network connections are terminated when a database communications session is ended or after 15 minutes of inactivity.ora_secured::controls::term_user_sess_upon_user_logoff_or_any_other_org_or_policy_def_session_termination_events_such_as
: Review DBMS settings and vendor documentation to verify user sessions are terminated upon user logout.ora_secured::controls::trace_files_public_is_set_to_false
: The_trace_files_public
setting determines whether or not the system's traceora_secured::controls::trigger_audit_option_is_enabled
: ATRIGGER
may be used to modify DML actions or invoke other (recursive)ora_secured::controls::unauthorized_database_links_must_not_be_defined_and_active
: From SQL*Plus:ora_secured::controls::uniquely_identify_and_authenticate_non_org_users_or_procs_acting_on_behalf_of_non_org_users
: Review DBMS settings to determine whether non-organizational users are uniquely identified and authenticated when logging onto the system.ora_secured::controls::uniquely_identify_and_authenticate_org_users_or_procs_acting_on_behalf_of_org_users
: Review DBMS settings, OS settings, and/or enterprise-level authentication/access mechanism settings, and site practices, to determine whether organizational users are uniquely identified and authenticated when logging on to the system.ora_secured::controls::unused_database_components_dbms_software_and_database_objects_must_be_removed
: Run this query to produce a list of components and features installed with the database:ora_secured::controls::unused_db_components_that_are_integrated_in_dbms_and_cannot_be_uninstalled_must_be_disabled
: Run this query to check to see what integrated components are installed in the database:ora_secured::controls::use_multifactor_authentication_for_local_access_to_non_privileged_accounts
: Review DBMS settings, OS settings, and/or enterprise-level authentication/access mechanism settings to determine whether users logging on to non-privileged accounts locally are required to use multifactor authentication.ora_secured::controls::use_multifactor_authentication_for_local_access_to_privileged_accounts
: Review DBMS settings, OS settings, and/or enterprise-level authentication/access mechanism settings to determine whether users logging on to privileged accounts locally are required to use multifactor authentication.ora_secured::controls::use_multifactor_authentication_for_network_access_to_non_privileged_accounts
: Review DBMS settings, OS settings, and/or enterprise-level authentication/access mechanism settings to determine whether users logging on to non-privileged accounts via a network are required to use multifactor authentication.ora_secured::controls::use_multifactor_authentication_for_network_access_to_privileged_accounts
: Review DBMS settings, OS settings, and/or enterprise-level authentication/access mechanism settings to determine whether users logging on to privileged accounts via a network are required to use multifactor authentication.ora_secured::controls::use_nist_validated_fips_140_2_compliant_cryptography_for_authentication_mechanisms
: Check the following settings to see if FIPS 140-2 authentication/encryption is configured.ora_secured::controls::use_of_external_executables_must_be_authorized
: Review the database for definitions of application executable objects stored external to the database.ora_secured::controls::use_of_the_dbms_installation_account_must_be_logged
: Review documented and implemented procedures for monitoring the use of the DBMS software installation account in the System Security Plan.ora_secured::controls::use_of_the_dbms_software_installation_account_must_be_restricted
: Review system documentation to identify the installation account.ora_secured::controls::use_org_def_replay_resistant_auth_mechs_for_netw_acc_to_non_privd_accnts
: Review DBMS settings to determine whether organization-defined replay-resistant authentication mechanisms for network access to non-privileged accounts exist.ora_secured::controls::use_org_def_replay_resistant_auth_mechs_for_netw_acc_to_privd_accnts
: Review DBMS settings, OS settings, and/or enterprise-level authentication/access mechanism settings to determine whether organization-defined replay-resistant authentication mechanisms for network access to privileged accounts exist.ora_secured::controls::user_audit_option_is_enabled
: TheUSER
object allows for creating accounts that can interact with theora_secured::controls::utl_file_dir_is_empty
ora_secured::controls::verify_account_lockouts_persist_until_reset_by_an_administrator
: The account lockout duration is defined in the profile assigned to a user.ora_secured::controls::verify_there_have_not_been_unauthorized_changes_to_the_dbms_software_and_information
: Verify the DBMS system initialization/parameter files and software is included in the configuration of any third-party software or custom scripting at the OS level to perform integrity verification.ora_secured::controls::when_using_command_line_tools_such_as_orcl_sqlplus_which_can_accept_a_plain_text_pwd_users_must_u
: For Oracle SQL*Plus, which cannot be configured not to accept a plain-text password, and any other essential tool with the same limitation, verify that the system documentation explains the need for the tool, who uses it, and any relevant mitigations; and that AO approval has been obtained.ora_secured::ensure_cis
: defined typeora_secured::ensure_cis
ora_secured::ensure_set
: defined typeora_secured::ensure_set
ora_secured::ensure_stig
: defined typeora_secured
ora_secured::internal::audit_option
: See the file "LICENSE" for the full license governing this code. Set the init.ora param to the specfied value $title audit option incora_secured::internal::audit_policy
: See the file "LICENSE" for the full license governing this code. Set the specific property of a profile $title iprofile setting incluora_secured::internal::parameter
: See the file "LICENSE" for the full license governing this code. Set the init.ora param to the specfied value $title init,.ora parameora_secured::internal::profile_setting
: See the file "LICENSE" for the full license governing this code. Set the specific property of a profile $title iprofile setting incluora_secured::internal::revoke_admin_role_grants
: See the file "LICENSE" for the full license governing this code. Revoke specific system grants to the specfied resources $sid the graora_secured::internal::revoke_admin_user_grants
: See the file "LICENSE" for the full license governing this code. Revoke specific system grants to the specfied resources $sid the graora_secured::internal::revoke_public_grants
: See the file "LICENSE" for the full license governing this code. Revoke public grants to the specfied resources $title the grant inclora_secured::internal::revoke_role_rights
: See the file "LICENSE" for the full license governing this code. Revoke public grants to the specfied resources $title the grant inclora_secured::internal::revoke_specific_system_grant
: See the file "LICENSE" for the full license governing this code. Revoke specific system grants to the specfied resources $sid the graora_secured::internal::revoke_user_rights
: See the file "LICENSE" for the full license governing this code. Revoke public grants to the specfied resources $title the grant incl
Resource types
ora_secured_setup
: Start the setup for applying ora_secured classes.
Functions
ora_secured::default_doc_version
: Determins the CIS default doc_version based on the product_version.ora_secured::default_product_version
: : determine the benchmark to be used for the manifestora_secured::filter_controls
: Filter the list of controls based on the which database it will be applied toora_secured::lookup_setting
: This function uses its current scope te infer what CIS rule is called on what SID.ora_secured::random_id
: Create a random id based on letters.ora_secured::validate_cis_versions
: Validate if the specified product_version and doc_version is an existing combination.ora_secured::validate_stig_versions
: Validate if the specified product_version and doc_version is an existing combination.
Defined types
ora_secured::controls::access_to_dbms_software_files_and_directories_must_not_be_granted_to_unauthorized_users
ora_secured::controls::access_to_dbms_software_files_and_directories_must_not_be_granted_to_unauthorized_users
log on using the Oracle software owner account and enter the command:
umask
If the value returned is 022 or more restrictive, this is not a finding.
If the value returned is less restrictive than 022, this is a finding.
The first number sets the mask for user/owner file permissions. The second number sets the mask for group file permissions. The third number sets file permission mask for other users. The list below shows the available settings:
0 = read/write/execute 1 = read/write 2 = read/execute 3 = read 4 = write/execute 5 = write 6 = execute 7 = no permissions
Setting the umask to 022 effectively sets files for user/owner to read/write, group to read and other to read. Directories are set for user/owner to read/write/execute, group to read/execute and other to read/execute.
For Windows Systems: Review the permissions that control access to the Oracle installation software directories (e.g. \Program Files\Oracle).
DBA accounts, the DBMS process account, the DBMS software installation/maintenance account, SA accounts if access by them is required for some operational level of support such as backups, and the host system itself require access.
Compare the access control employed with that documented in the System Security Plan.
If access controls do not match the documented requirement, this is a finding.
If access controls appear excessive without justification, this is a finding.
Set the umask of the Oracle software owner account to 022. Determine the shell being used for the Oracle software owner account:
env | grep -i shell
Startup files for each shell are as follows (located in users $HOME directory):
C-Shell (CSH) = .cshrc Bourne Shell (SH) = .profile Korn Shell (KSH) = .kshrc TC Shell (TCS) = .tcshrc BASH Shell = .bash_profile or .bashrc
Edit the shell startup file for the account and add or modify the line:
umask 022
Log off and logon, then enter the umask command to confirm the setting.
Note: To effect this change for all Oracle processes, a reboot of the DBMS server may be required.
For Windows Systems: Restrict access to the DBMS software libraries to the fewest accounts that clearly require access based on job function.
Document authorized access controls and justify any access grants that do not fall under DBA, DBMS process, ownership, or SA accounts.
Skipping
To deliberately skip this control (e.g. meaning don't use Puppet to enforce this setting), we provide you with three ways:
1) Add ora_secured::controls::access_to_dbms_software_files_and_directories_must_not_be_granted_to_unauthorized_users: skip
to your hiera data. This will skip this control for ALL databases.
2) Add ora_secured::controls::access_to_dbms_software_files_and_directories_must_not_be_granted_to_unauthorized_users::dbname: skip
to your hiera data. This will skip this control for specified database only.
3) Add an entry with the content access_to_dbms_software_files_and_directories_must_not_be_granted_to_unauthorized_users
to the array value ora_secured::skip_list
in your hiera data.
Benchmarks
This control is used in the following benchmarks:
- Oracle Database 12c CIS V1 - id V-61511
See the file "LICENSE" for the full license governing this code.
Parameters
The following parameters are available in the ora_secured::controls::access_to_dbms_software_files_and_directories_must_not_be_granted_to_unauthorized_users
defined type:
title
The SID to apply the control to. All controls need an SID to apply the control to. Here is a simple example:
ora_secured::controls::control_name { 'DBSID':}
In this example, the string DBSID is the sid to apply the control to.
ora_secured::controls::access_to_default_accounts_used_to_support_replication_must_be_restricted_to_authorized_dbas
ora_secured::controls::access_to_default_accounts_used_to_support_replication_must_be_restricted_to_authorized_dbas
select 'The number of replication objects defined is: '|| count(*) from all_tables where table_name like 'REPCAT%';
If the count returned is 0, then Oracle Replication is not installed and this check is not a finding.
Otherwise:
select count(*) from sys.dba_repcatlog;
If the count returned is 0, then Oracle Replication is not in use and this check is not a finding.
If any results are returned, ask the ISSO or DBA if the replication account (the default is REPADMIN, but may be customized) is restricted to ISSO-authorized personnel only.
If it is not, this is a finding.
If there are multiple replication accounts, confirm that all are justified and documented with the ISSO.
If they are not, this is a finding.
Note: Oracle Database Advanced Replication is deprecated in Oracle Database 12c. Use Oracle GoldenGate to replace all features of Advanced Replication, including multimaster replication, updatable materialized views, hierarchical materialized views, and deployment templates.
Change the password for default and custom replication accounts and provide the password to ISSO-authorized users only.
Skipping
To deliberately skip this control (e.g. meaning don't use Puppet to enforce this setting), we provide you with three ways:
1) Add ora_secured::controls::access_to_default_accounts_used_to_support_replication_must_be_restricted_to_authorized_dbas: skip
to your hiera data. This will skip this control for ALL databases.
2) Add ora_secured::controls::access_to_default_accounts_used_to_support_replication_must_be_restricted_to_authorized_dbas::dbname: skip
to your hiera data. This will skip this control for specified database only.
3) Add an entry with the content access_to_default_accounts_used_to_support_replication_must_be_restricted_to_authorized_dbas
to the array value ora_secured::skip_list
in your hiera data.
Benchmarks
This control is used in the following benchmarks:
- Oracle Database 12c CIS V1 - id V-61411
See the file "LICENSE" for the full license governing this code.
Parameters
The following parameters are available in the ora_secured::controls::access_to_default_accounts_used_to_support_replication_must_be_restricted_to_authorized_dbas
defined type:
title
The SID to apply the control to. All controls need an SID to apply the control to. Here is a simple example:
ora_secured::controls::control_name { 'DBSID':}
In this example, the string DBSID is the sid to apply the control to.
ora_secured::controls::access_to_external_executables_must_be_disabled_or_restricted
ora_secured::controls::access_to_external_executables_must_be_disabled_or_restricted
Review the ORACLE_HOME/bin directory or search the ORACLE_BASE path for the executable extproc (UNIX) or extproc.exe (Windows).
If external procedure agent is not authorized for use in the System Security Plan and the executable file does not exist or is restricted, this is not a finding.
If external procedure agent is not authorized for use in the System Security Plan and the executable file exists and is not restricted, this is a finding.
If use of the external procedure agent is authorized, ensure extproc is restricted to execution of authorized applications.
External jobs are run using the account nobody by default.
Review the contents of the file ORACLE_HOME/rdbms/admin/externaljob.ora for the lines run_user= and run_group=.
If the user assigned to these parameters is not "nobody", this is a finding.
For versions 11.1 and later, the external procedure agent (extproc executable) is available directly from the database and does not require definition in the listener.ora file for use.
Review the contents of the file ORACLE_HOME/hs/admin/extproc.ora.
If the file does not exist, this is a finding.
If the following entry does not appear in the file, this is a finding:
EXTPROC_DLLS=ONLY:[dll full file name1]:[dll full file name2]:..
[dll full file name] represents a full path and file name.
This list of file names is separated by ":".
History
17-03-2022 Version 4.3.0
- [release] Add support for AlmaLinux and Rocky
02-12-2021 Version 4.2.0
- [facts] Cleanup no more used facts
- [core] Don’t use ora_maintained facts for exclusions
11-11-2021 Version 4.1.0
- [core] Add a safety check to all controls
28-09-2021 Version 4.0.7
- [facts] Fix listener facts when oratab is empty
30-07-2021 Version 4.0.6
- [docs] Add REFERENCE.md
15-07-2021 Version 4.0.5
- [cis] Fix common revokes for with_admin grants
08-07-2021 Version 4.0.4
- [cis] common user and role privileges are also revoked now
05-07-2021 Version 4.0.3
- [password_lock_time_is_greater_than_or_equal_to_1] Fix acceptance test
- [cis] bugfix on dba_users_authentication_type_is_not_set_to_external_for_any_user
- [cis] only used profiles are altered by controls
- [cis] manage database parameters with resource_value
- [cis] bugfix on control dba_sys_privs_is_revoked_from_unauthorized_grantee_with_admin_option_set_to_yes
- [cis] bugfix on control dba_is_revoked_from_unauthorized_grantee
- [cis] bugfix on control select_any_table_is_revoked_from_unauthorized_grantee
- [cis] bugfix on control any_is_revoked_from_unauthorized_grantee
- [cis] bugfix on dba_users_authentication_type_is_not_set_to_external_for_any_user
- [core] Simplify hiera lookup
- [core] Fix lookup of default document version
- [stig] Added db12c stig V1
18-05-2021 Version 4.0.2
- [secure_register_is_set_in_listener_ora] Skip when Oracle not yet running
- [admin_restrictions_is_set_to_on] Skip when Oracle not yet running
17-05-2021 Version 4.0.1
- [secure_control_is_set_in_listener_ora] Skip when Oracle not yet running
17-05-2021 Version 4.0.0
- [core] Rename to ora_secured
21-04-2021 Version 3.2.0
- [secure_register_is_set_to_tcps_or_ipc] Initial implementation
- [secure_control_is_set_in_listener_ora] Initial implementation
- [admin_restrictions_is_set_to_on] Initial implementation
- [all_audit_option_on_sys_aud_is_enabled] Add delete auditing
- [audsys_aud_unified_access_audit_is_enabled] Fix implementation
16-04-2021 Version 3.1.0
- [apply] Initial implementation
- [audsys_aud_unified_access_audit_is_enabled] Improved operation on initial run
- [no_users_are_assigned_the_default_profile] Use ORA12C_STRONG_VERIFY_FUNCTION for CIS_PROFILE
- [ora_secured] Nor warning on pdb when control in skip list
13-04-2021 Version 3.0.0
- [release] Totaly new release with support for multiple versions of CIS benchmark for multiple db versions
21-12-2020 Version 2.20
- [release] Add puppet 7 support to metadata
19-09-2019 Version 2.1.2
- [release] Add AIX support to metadata
- [rule_2_2_5] Fix error when Oracle not yet installed
08-05-2019 Version 2.1.1
- [rule_2_2_5] Add check for Oracle 19. On Oracle 19 this is obsolete
- [core] Allow override of unsafe values in other manifest parts
- [develop] Update Gemfile with pdk
26-03-2019 Version 2.1.0
- [core] Add support for running in container and pluggable databases
- [r_3_9] Add support for names profiles only (only parameter)
- [r_3_8] Add support for names profiles only (only parameter)
- [r_3_6] Add support for names profiles only (only parameter)
- [r_3_5] Add support for names profiles only (only parameter)
- [r_3_4] Add support for names profiles only (only parameter)
- [r_3_3] Add support for names profiles only (only parameter)
- [r_3_2] Add support for names profiles only (only parameter)
- [r_3_1] Add support for names profiles only (only parameter)
- [core] Add support for managing only named profiles (only parameter)
20-09-2018 Version 2.0.0
- [core] Add support for Puppet 6
- [core] Add Puppet 6 unit tests
12-09-2018 Version 1.1.2
- [core] Add GSM_PROF to exclude list for profile operations
- [r_3_10] Remove GSM_PROF from the skip list
12-09-2018 Version 1.1.1
- [r_3_10] Add GSM_PROF to skip list
28-08-2018 Version 1.1.0
- [r_3_10] Add Oracle 18 support
- [facts] Fix duplicate resource error in Oracle18
10-08-2018 Version 1.0.11
- [facts] Generate empty facts when Oracle not running
10-08-2018 Version 1.0.10
- [core] Use scoped functions
- [facts] Only run facts when oracle is running.
15-06-2018 Version 1.0.9
- [release] Add explicit support for Suse Linux
- [r_1_2] Exclude XS$NULL from test
27-05-2018 Version 1.0.8
- [r_3_8] Fix when used on initial run.
26-05-2018 Version 1.0.7
- [r_2_2_14] Use internal value oracle uses in stead of CIS documented value
- [acceptance] Fix tests for r_4_5_3
- [rule 4.5.5] Use the new ora_config feature with wildcard tables
- [core] Fix metadata
- [core] Add support for running on Oracle 11
04-04-2018 Version 1.0.6
- [rules::r_4_5_7] Fix duplicate declaration
- [test] Update tested Puppet versions
- [core] Change Rakefile
- [sync] Apply module_sync changes
- [sync] Add .sync.yml file
27-02-2018 Version 1.0.5
- [tasks] Add apply_rule task
- [type] Add rule alias to check available rules
- [release] Fix link to license in readme
25-01-2018 Version 1.0.4
- [release] Change text of license
- [quality] Only check once every week
24-01-2018 Version 1.0.3
- [rule_4_5_7] Fixed implementation
- [rule_4_5_7] Fix implementation
- [rule_4_5_6] Fix implementation
- [rule_4_5_5] Fix implementation
- [facts] Fix facts return multiple values for same user
- [revoke_role_righs] Don’t use an array value
- [revoke_user_rights] Don’t use an array value
- [rule_4_4_3] revoke rights from both users and roles
- [rule_4_4_1] revoke rights from both users and roles
- [rule_4_4_4] revoke rights from both users and roles
- [rule_4_4_2] revoke rights from both users and roles
- [rule_4_3_6] revoke rights from both users and roles
- [core] Fixed type in parameter description
- [rule_4_7] Fixed implementation
- [quality] Add acceptance tests
- [quality] Add checks on metadata
19-01-2018 Version 1.0.2
- [core] Add license notice to files
- [README] Updated for publishing on the forge
09-02-2017 Version 1.0.1
- [functions] Fix calling of on_sid function
Dependencies
- enterprisemodules/easy_type (>= 2.28.0 < 3.0.0)
- enterprisemodules/ora_config (>= 3.16.1 < 4.0.0)
Enterprise Modules License d.d. January 2018 This license (“License”) governs the terms and conditions under which ora_secured module (“the Software”) is licensed by Enterprise Modules B.V, a limited liability company in the Netherlands, registered in the Dutch Chamber of Commerce: 63689537 (“Licensor”), to the user of the Software (“Licensee”). Article 1. Grant of license 1.1 Licensor hereby grants to Licensee the right to use the Software for its internal business purposes. 1.2 The license granted in the previous paragraph is limited to the use on VirtualBox Virtual machines. For further use a commercial license must be directly obtained from Licensor. Article 2. License limitations 2.1 All right, title and interest to the Software, the accompanying documentation and all modifications and extensions thereto rest and remain with Licensor. Licensee only has the rights and permissions explicitly granted by this License or granted in writing otherwise. Licensee shall not use, copy, modify, distribute or publish the Software in any other manner. Nothing in this License is intended to, and shall not be construed to, transfer to Licensee any rights in intellectual property developed by Licensor. 2.2 In particular, Licensee shall not: a) provide copies of the Software to third parties, including to entities controlling, controlled by or under common control with Licensee; b) sublicense the Software or otherwise make available the Software to such third parties, including by rental, Software-as-a-Service models or otherwise; c) remove indications of Licensor as copyright holder of the Software or to remove or render illegible any part thereof. 2.3 The Software comprises third-party open source software. The respective third-party rights holders grant Licensee the rights indicated in the applicable open source licenses. These licenses can be found in the documentation. The License does not apply to this open source software, and nothing in this License shall be construed as a limitation of any right granted under an open source license. Article 3. Trademark 3.1 This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Software. Article 4. Limitation of Liability 4.1 Licensor provides the Software on an "AS IS" basis, and expressly disclaims all conditions, representations or warranties, express or implied, including without limitation any implied warranties of merchantability, fitness for a particular purpose, and non-infringement of third party rights regarding the Software. Licensor is solely responsible for determining the appropriateness of using the Software and assume any risks associated arising out of or in connection with the Software and this License. 4.2 Licensor shall not be liable for any damages, including consequential, special, punitive and/or incidental damages or fines imposed by regulatory bodies, arising out of or in connection with the Software and this License. 4.3 Licensee shall release, defend, indemnify and hold harmless Licensor from and against any and all claims, damages and liability arising in connection with the Software, including from claims, damages or liability from customers of Licensee. Article 5. Miscellaneous 5.1 Licensor reserves the right to change any or all parts of this License without prior notice. 5.2 The law of the Netherlands governs this License and the terms and conditions therein. 5.3 Any disputes arising between Licensor and Licensee in connection with the License will be settled by the competent courts in the Netherlands for the principal place of business of the Licensor.