2 Securing the Database Installation and Configuration

This chapter contains:

About Securing the Database Installation and Configuration
Using the Default Security Settings
Securing the Oracle Data Dictionary
Guidelines for Securing Operating System Access to Oracle Database
Guideline for Granting Permissions to Run-Time Facilities
Initialization Parameters Used for Installation and Configuration Security

About Securing the Database Installation and Configuration

After you install Oracle Database, you should secure the database installation and configuration. The methods in this chapter describe commonly used ways to do this, all of which involve restricting permissions to specific areas of the database files.

Oracle Database is available on several operating systems. Consult the following guides for detailed platform-specific information about Oracle Database:

Oracle Database Platform Guide for Microsoft Windows
Oracle Database Administrator's Reference for Linux and UNIX-Based Operating Systems
Oracle Database Installation Guide for your platform

Using the Default Security Settings

When you create a new database, Oracle Database provides the following default security settings:

Enables default auditing settings. See "Using Default Auditing for Security-Relevant SQL Statements and Privileges" for detailed information.
Creates stronger enforcements for new or changed passwords. "Requirements for Creating Passwords" describes the new password requirements.
Removes the CREATE EXTERNAL JOB privilege from the PUBLIC role. For greater security, grant the CREATE EXTERNAL JOB privilege only to SYS, database administrators, and those trusted users who need it.

Sets security-related initialization and profile parameter settings. Table 2-1 lists the modified parameter settings.

Table 2-1 Default Security Settings for Initialization and Profile Parameters

Setting	10g Default	11g Default
`AUDIT_TRAIL`	`NONE`	`DB`
`O7_DICTIONARY_ACCESSIBILITY`	`FALSE`	`FALSE`
`PASSWORD_GRACE_TIME`	`UNLIMITED`	`7`
`PASSWORD_LOCK_TIME`	`UNLIMITED`	`1`
`FAILED_LOGIN_ATTEMPTS`	`10`	`10`
`PASSWORD_LIFE_TIME`	`UNLIMITED`	`180`
`PASSWORD_REUSE_MAX`	`UNLIMITED`	`UNLIMITED`
`PASSWORD_REUSE_TIME`	`UNLIMITED`	`UNLIMITED`
`REMOTE_OS_ROLES`	`FALSE`	`FALSE`

Note:

If your applications use the default password security settings from Oracle Database 10g Release 2 (10.2), then you can revert to these settings until you modify them to use the Release 11g password security settings. To do so, run the undopwd.sql script.

After you have modified your applications to conform to the Release 11g password security settings, you can manually update your database to use the password security configuration that suits your business needs, or you can run the secconf.sql script to apply the Release 11g default password settings.

The undopwd.sql and secconf.sql scripts are in the $ORACLE_HOME/rdbms/admin directory. The undopwd.sql script affects password settings only, and the secconf.sql script affects both password and audit settings. They have no effect on other security settings.

Securing the Oracle Data Dictionary

This section describes how you can secure the data dictionary. The data dictionary is a set of database tables that provide information about the database, such as schema definitions or default values.

This section contains:

About the Oracle Data Dictionary
Enabling Data Dictionary Protection

About the Oracle Data Dictionary

The Oracle data dictionary is a set of database tables that provides information about the database. A data dictionary has the following contents:

The names of Oracle Database users
Privileges and roles granted to each user
The definitions of all schema objects in the database (tables, views, indexes, clusters, synonyms, sequences, procedures, functions, packages, triggers, and so on)
The amount of space allocated for, and is currently used by, the schema objects
Default values for columns
Integrity constraint information
Auditing information, such as who has accessed or updated various schema objects
Other general database information

The data dictionary tables and views for a given database are stored in the SYSTEM tablespace for that database. All the data dictionary tables and views for a given database are owned by the user SYS. Connecting to the database with the SYSDBA privilege gives full access to the data dictionary. Oracle strongly recommends limiting access to the SYSDBA privilege to only those operations necessary such as patching and other administrative operations. The data dictionary is central to every Oracle database.

You can view the contents of the data dictionary by querying data dictionary views, which are described in Oracle Database Reference. Be aware that not all objects in the data dictionary are exposed to users. A subset of data dictionary objects, such as those beginning with USER_% are exposed as read only to all database users.

Example 2-1 shows how you can find a list of database views specific to the data dictionary by querying the DICTIONARY view.

Example 2-1 Finding Views That Pertain to the Data Dictionary

sqlplus system
Enter password: password

SQL> SELECT TABLE_NAME FROM DICTIONARY;

Enabling Data Dictionary Protection

You can protect the data dictionary by setting the O7_DICTIONARY_ACCESSIBILITY initialization parameter to FALSE. This parameter prevents users who have the ANY system privilege from using those privileges on the data dictionary, that is, on objects in the SYS schema.

Oracle Database provides highly granular privileges. One such privilege, commonly referred to as the ANY privilege, is typically granted to only application owners and individual database administrators. For example, you could grant the DROP ANY TABLE privilege to an application owner. You can protect the Oracle data dictionary from accidental or malicious use of the ANY privilege by turning on or off the 07_DICTIONARY_ACCESSIBILITY initialization parameter.

To enable data dictionary protection:

Start Oracle Enterprise Manager Database Control (Database Control).

See Oracle Database 2 Day DBA for instructions about how to start Database Control.
Log in as SYS and connect with the SYSDBA privilege.
- User Name: Enter the name of a user who has administrative privileges. In this case, you enter SYS.
- Password: Enter the SYS user's password.
- Connect As: From the list, select SYSDBA.
The Oracle Enterprise Manager Database Home page (Database Home page) appears.
Click Server to display the Server subpage.
In the Database Configuration section, click Initialization Parameters.

The Initialization Parameters page appears.
In the list, search for O7_DICTIONARY_ACCESSIBILITY.

In the Name field, enter O7_ (the letter O), and then click Go. You can enter the first few characters of a parameter name. In this case, O7_ displays the O7_DICTIONARY_ACCESSIBILTY parameter.

Depending on the parameter, you may have to modify the value from the SPFile subpage. Click the SPFile tab to display the SPFile subpage.
Set the value for O7_DICTIONARY_ACCESSIBILTY to FALSE.
Click Apply.
Restart the Oracle Database instance.
1. Click the Database Instance link.
2. Click Home to display the Database Control home page.
3. Under General, click Shutdown.
4. In the Startup/Shutdown Credentials page, enter your credentials.
  
  See Oracle Database 2 Day DBA for more information.
5. After the shutdown completes, click Startup.

Note:

In a default installation, the O7_DICTIONARY_ACCESSIBILITY parameter is set to FALSE.
The SELECT ANY DICTIONARY privilege is not included in the GRANT ALL PRIVILEGES statement, but you can grant it through a role. Roles are described in "Guideline for Granting Roles to Users" and Oracle Database 2 Day DBA.

Guidelines for Securing Operating System Access to Oracle Database

You can secure access to Oracle Database on the operating system level by following these guidelines:

Limit the number of operating system users.
Limit the privileges of the operating system accounts (administrative, root-privileged, or DBA) on the Oracle Database host (physical computer). Only grant the user the least number of privileges needed to perform his or her tasks.
Restrict the ability to modify the default file and directory permissions for the Oracle Database home (installation) directory or its contents. Even privileged operating system users and the Oracle owner should not modify these permissions, unless instructed otherwise by Oracle.
Restrict symbolic links. Ensure that when you provide a path or file to the database, neither the file nor any part of the path is modifiable by an untrusted user. The file and all components of the path should be owned by the database administrator or some trusted account, such as root.

This recommendation applies to all types of files: data files, log files, trace files, external tables, BFILEs, and so on.

Guideline for Granting Permissions to Run-Time Facilities

Many Oracle Database products use run-time facilities such as Oracle Java Virtual Machine (OJVM). Do not assign all permissions to a database run-time facility. Instead, grant specific permissions to the explicit document root file paths for facilities that might run files and packages outside the database.

Here is an example of a vulnerable run-time call, in which an individual file (in bold typeface) is specified:

call dbms_java.grant_permission('wsmith',
 'SYS:java.io.FilePermission','filename','read');

The following example is a better (more secure) run-time call, because by specifying a directory path (in bold typeface), it protects all files within the directory.

call dbms_java.grant_permission('wsmith', 
 'SYS:java.io.FilePermission','directory_path','read');

Initialization Parameters Used for Installation and Configuration Security

Table 2-2 lists initialization parameters that you can set to better secure your Oracle Database installation and configuration.

Table 2-2 Initialization Parameters Used for Installation and Configuration Security

Initialization Parameter Default Setting Description

Initialization Parameter	Default Setting	Description
`SEC_RETURN_SERVER_RELEASE_BANNER`	`FALSE`	Controls the display of the product version information, such as the release number, in a client connection. An intruder could use the database release number to find information about security vulnerabilities that may be present in the database software. You can enable or disable the detailed product version display by setting this parameter. See Oracle Database Security Guide for more information about this and similar parameters. Oracle Database Reference describes this parameter in detail.
`O7_DICTIONARY_ACCESSIBILITY`	`FALSE`	Controls restrictions on `SYSTEM` privileges. See "Enabling Data Dictionary Protection" for more information about this parameter. Oracle Database Reference describes this parameter in detail.

SEC_RETURN_SERVER_RELEASE_BANNER

FALSE

Controls the display of the product version information, such as the release number, in a client connection. An intruder could use the database release number to find information about security vulnerabilities that may be present in the database software. You can enable or disable the detailed product version display by setting this parameter.

See Oracle Database Security Guide for more information about this and similar parameters. Oracle Database Reference describes this parameter in detail.

O7_DICTIONARY_ACCESSIBILITY

FALSE

Controls restrictions on SYSTEM privileges. See "Enabling Data Dictionary Protection" for more information about this parameter. Oracle Database Reference describes this parameter in detail.

Modifying the Value of an Initialization Parameter

This section explains how to use Database Control to modify the value of an initialization parameter. To find detailed information about the initialization parameters available, see Oracle Database Reference.

To modify the value of an initialization parameter:

Start Database Control.
Log in as user SYS with the SYSDBA privilege.
- User Name: SYS
- Password: Enter your password.
- Connect As: SYSDBA
Click Server to display the Server subpage.
In the Database Configuration section, click Initialization Parameters.

The Initialization Parameters page appears.
In the Name field, enter the name of the parameter to change, and then click Go.

You can enter the first few letters of the parameter, for example, SEC_RETURN if you are searching for the SEC_RETURN_SERVER_RELEASE_NUMBER parameter. Alternatively, you can scroll down the list of parameters to find the parameter you want to change.

Depending on the parameter, you might have to modify the value from the SPFile subpage. Click the SPFile tab to display the SPFile subpage.
In the Value field, either enter the new value or if a list is presented, select from the list.
Click Apply.
If the parameter is static, restart the Oracle Database instance.

To find out if an initialization parameter is static, check its description in Oracle Database Reference. If the Modifiable setting in its summary table shows No, then you must restart the database instance.
1. Click the Database Instance link.
2. Click Home to display the Database Control home page.
3. Under General, click Shutdown.
4. In the Startup/Shutdown Credentials page, enter your credentials.
  
  See Oracle Database 2 Day DBA for more information.
5. After the shutdown completes, click Startup.