Rule ID
SV-270538r1064892_rule
Version
V1R5
CCIs
Protection of database management system (DBMS) data, transaction and audit data files stored by the host operating system is dependent on OS controls. When different applications share the same database, resource contention and security controls are required to isolate and protect an application's data from other applications. In addition, it is an Oracle best practice to separate data, transaction logs, and audit logs into separate physical directories according to Oracle's Optimal Flexible Architecture (OFA). And finally, DBMS software libraries and configuration files also require differing access control lists.
Review the disk/directory specification where database data, transaction log and audit files are stored. If DBMS data, transaction log or audit data files are stored in the same directory, this is a finding. If multiple applications are accessing the database and the database data files are stored in the same directory, this is a finding. If multiple applications are accessing the database and database data is separated into separate physical directories according to application, this check is not a finding.
Specify dedicated host system disk directories to store database data, transaction and audit files. Example directory structure: /*/app/oracle/oradata/db_name /*/app/oracle/admin/db_name/arch/* /*/app/oracle/oradata/db_name/audit /*/app/oracle/fast_recovery_area/db_name/ When multiple applications are accessing a single database, configure DBMS default file storage according to application to use dedicated disk directories. /*/app/oracle/oradata/db_name/app_name Refer to Oracle Optimal Flexible Architecture: https://docs.oracle.com/en/database/oracle/oracle-database/19/ladbi/optimal-flexible-architecture.html