← Back to Oracle Database 11.2g Security Technical Implementation Guide

V-219702

CAT I (High)

The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE.

Rule ID

SV-219702r961863_rule

STIG

Oracle Database 11.2g Security Technical Implementation Guide

Version

V2R5

CCIs

CCI-000366

Discussion

Setting this value to TRUE allows operating system authentication over an unsecured connection. Trusting remote operating systems can allow a user to impersonate another operating system user and connect to the database without having to supply a password. If REMOTE_OS_AUTHENT is set to true, the only information a remote user needs to connect to the database is the name of any user whose account is setup to be authenticated by the operating system.

Check Content

From SQL*Plus:

select value from v$parameter where name = 'remote_os_authent';

If the value returned does not equal FALSE, this is a Finding.

Fix Text

Document remote OS authentication in the System Security Plan.

If not required or not mitigated to an acceptable level, disable remote OS authentication.

From SQL*Plus:

alter system set remote_os_authent = FALSE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.