Oracle® Database 2 Day + Security Guide 11g Release 2 (11.2) Part Number E10575-01 |
|
|
View PDF |
This chapter contains:
Guidelines for Securing Operating System Access to Oracle Database
Initialization Parameters Used for Installation and Configuration Security
After you install Oracle Database, you should secure the database installation and configuration. The methods in this chapter describe commonly used ways to do this, all of which involve restricting permissions to specific areas of the database files.
Oracle Database is available on several operating systems. Consult the following guides for detailed platform-specific information about Oracle Database:
Oracle Database Administrator's Reference for Linux and UNIX
Oracle Database Installation Guide for your platform
When you create a new database, Oracle Database provides the following default security settings:
Enables default auditing settings. See "Using Default Auditing for Security-Relevant SQL Statements and Privileges" for detailed information.
Creates stronger enforcements for new or changed passwords. "Requirements for Creating Passwords" describes the new password requirements.
Removes the CREATE EXTERNAL JOB privilege from PUBLIC. For greater security, grant the CREATE EXTERNAL JOB
privilege only to SYS
, database administrators, and those trusted users who need it.
Sets security-related initialization parameter settings. Table 2-1 lists the modified initialization parameter settings.
Table 2-1 Default Security Settings for Initialization Parameters
Setting | Previous Setting | New Setting |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Note:
If your applications use the default password security settings from Oracle Database 10g Release 2 (10.2), then you can revert to these settings until you modify them to use the Release 11g password security settings. To do so, run theundopwd.sql
script.
After you have modified your applications to conform to the Release 11g password security settings, you can manually update your database to use the password security configuration that suits your business needs, or you can run the secconf.sql
script to apply the Release 11g default password settings.
The undopwd.sql
and secconf.sql
scripts are in the $ORACLE_HOME/rdbms/admin
directory. The undopwd.sql
script affects password settings only, and the secconf.sql
script affects both password and audit settings. They have no effect on other security settings.
This section describes how you can secure the data dictionary. The data dictionary is a set of database tables that provide information about the database, such as schema definitions or default values.
This section contains:
The Oracle data dictionary is a set of database tables that provides information about the database. A data dictionary has the following contents:
The names of Oracle Database users
Privileges and roles granted to each user
The definitions of all schema objects in the database (tables, views, indexes, clusters, synonyms, sequences, procedures, functions, packages, triggers, and so on)
The amount of space allocated for, and is currently used by, the schema objects
Default values for columns
Integrity constraint information
Auditing information, such as who has accessed or updated various schema objects
Other general database information
The data dictionary tables and views for a given database are stored in the SYSTEM
tablespace for that database. All the data dictionary tables and views for a given database are owned by the user SYS. Connecting to the database with the SYSDBA
privilege gives full access to the data dictionary. Oracle strongly recommends limiting access to the SYSDBA privilege to only those operations necessary such as patching and other administrative operations. The data dictionary is central to every Oracle database.
You can view the contents of the data dictionary by querying data dictionary views, which are described in Oracle Database Reference. Be aware that not all objects in the data dictionary are exposed to users. A subset of data dictionary objects, such as those beginning with USER_%
are exposed as read only to all database users.
Example 2-1 shows how you can find a list of database views specific to the data dictionary by querying the DICTIONARY
view.
You can protect the data dictionary by setting the O7_DICTIONARY_ACCESSIBILITY
initialization parameter to FALSE
. This parameter prevents users who have the ANY
system privilege from using those privileges on the data dictionary, that is, on objects in the SYS
schema.
Oracle Database provides highly granular privileges. One such privilege, commonly referred to as the ANY
privilege, is typically granted to only application owners and individual database administrators. For example, you could grant the DROP ANY TABLE
privilege to an application owner. You can protect the Oracle data dictionary from accidental or malicious use of the ANY
privilege by turning on or off the 07_DICTIONARY_ACCESSIBILITY
initialization parameter.
To enable data dictionary protection:
Start Oracle Enterprise Manager Database Control (Database Control).
See Oracle Database 2 Day DBA for instructions about how to start Database Control.
Log in as SYS
and connect with the SYSDBA
privilege.
User Name: Enter the name of a user who has administrative privileges. In this case, you enter SYS
.
Password: Enter the SYS
user's password.
Connect As: From the list, select SYSDBA.
The Oracle Enterprise Manager Database Home page (Database Home page) appears.
Click Server to display the Server subpage.
In the Database Configuration section, click Initialization Parameters.
The Initialization Parameters page appears.
In the list, search for O7_DICTIONARY_ACCESSIBILITY
.
In the Name field, enter O7_
(the letter O
), and then click Go. You can enter the first few characters of a parameter name. In this case, O7_
displays the O7_DICTIONARY_ACCESSIBILTY
parameter.
Depending on the parameter, you may have to modify the value from the SPFile subpage. Click the SPFile tab to display the SPFile subpage.
Set the value for O7_DICTIONARY_ACCESSIBILTY
to FALSE
.
Click Apply.
Restart the Oracle Database instance.
Click the Database Instance link.
Click Home to display the Database Control home page.
Under General, click Shutdown.
In the Startup/Shutdown Credentials page, enter your credentials.
See Oracle Database 2 Day DBA for more information.
After the shutdown completes, click Startup.
Note:
In a default installation, the O7_DICTIONARY_ACCESSIBILITY
parameter is set to FALSE
.
The SELECT ANY DICTIONARY
privilege is not included in the GRANT ALL PRIVILEGES
statement, but you can grant it through a role. Roles are described in "Guideline for Granting Roles to Users" and Oracle Database 2 Day DBA.
You can secure access to Oracle Database on the operating system level by following these guidelines:
Limit the privileges of the operating system accounts (administrative, root-privileged, or DBA) on the Oracle Database host (physical computer). Only grant the user the least number of privileges needed to perform his or her tasks.
Restrict the ability to modify the default file and directory permissions for the Oracle Database home (installation) directory or its contents. Even privileged operating system users and the Oracle owner should not modify these permissions, unless instructed otherwise by Oracle.
Restrict symbolic links. Ensure that when you provide a path or file to the database, neither the file nor any part of the path is modifiable by an untrusted user. The file and all components of the path should be owned by the database administrator or some trusted account, such as root.
This recommendation applies to all types of files: data files, log files, trace files, external tables, BFILEs, and so on.
Many Oracle Database products use run-time facilities such as Oracle Java Virtual Machine (OJVM). Do not assign all permissions to a database run-time facility. Instead, grant specific permissions to the explicit document root file paths for facilities that might run files and packages outside the database.
Here is an example of a vulnerable run-time call, in which an individual file (in bold typeface) is specified:
call dbms_java.grant_permission('wsmith',
'SYS:java.io.FilePermission','filename','read');
The following example is a better (more secure) run-time call, because by specifying a directory path (in bold typeface), it protects all files within the directory.
call dbms_java.grant_permission('wsmith',
'SYS:java.io.FilePermission','directory_path','read');
Table 2-2 lists initialization parameters that you can set to better secure your Oracle Database installation and configuration.
Table 2-2 Initialization Parameters Used for Installation and Configuration Security
Initialization Parameter | Default Setting | Description |
---|---|---|
|
|
Controls the display of the product version information, such as the release number, in a client connection. An intruder could use the database release number to find information about security vulnerabilities that may be present in the database software. You can enable or disable the detailed product version display by setting this parameter. See Oracle Database Security Guide for more information about this and similar parameters. Oracle Database Reference describes this parameter in detail. |
|
|
Controls restrictions on |
See Also:
Oracle Database Reference for more information about initialization parametersThis section explains how to use Database Control to modify the value of an initialization parameter. To find detailed information about the initialization parameters available, see Oracle Database Reference.
To modify the value of an initialization parameter:
Start Database Control.
Log in as user SYS
with the SYSDBA
privilege.
User Name: SYS
Password: Enter your password.
Connect As: SYSDBA
Click Server to display the Server subpage.
In the Database Configuration section, click Initialization Parameters.
The Initialization Parameters page appears.
In the Name field, enter the name of the parameter to change, and then click Go.
You can enter the first few letters of the parameter, for example, SEC_RETURN
if you are searching for the SEC_RETURN_SERVER_RELEASE_NUMBER
parameter. Alternatively, you can scroll down the list of parameters to find the parameter you want to change.
Depending on the parameter, you might have to modify the value from the SPFile subpage. Click the SPFile tab to display the SPFile subpage.
In the Value field, either enter the new value or if a list is presented, select from the list.
Click Apply.
If the parameter is static, restart the Oracle Database instance.
To find out if an initialization parameter is static, check its description in Oracle Database Reference. If the Modifiable setting in its summary table shows No, then you must restart the database instance.
Click the Database Instance link.
Click Home to display the Database Control home page.
Under General, click Shutdown.
In the Startup/Shutdown Credentials page, enter your credentials.
See Oracle Database 2 Day DBA for more information.
After the shutdown completes, click Startup.