2 Securing the Database Installation and Configuration

This chapter describes how you can secure your Oracle Database installation and configuration.

This chapter contains the following topics:

About Securing the Database Installation and Configuration
Enabling the Default Security Settings
Securing the Oracle Data Dictionary
Restricting Operating System Access
Restricting Permissions on Run-Time Facilities
Initialization Parameters Used for Installation and Configuration Security

2.1 About Securing the Database Installation and Configuration

After you install Oracle Database, you should secure the database installation and configuration. The methods in this chapter describe commonly used ways to do this, all of which involve restricting permissions to specific areas of the database files.

Oracle Database is available on several operating systems. Consult the following guides for detailed platform-specific information about Oracle Database:

Oracle Database Platform Guide for Microsoft Windows
Oracle Database Administrator's Reference for Linux and UNIX
Oracle Database Installation Guide for your platform

2.2 Enabling the Default Security Settings

When you create a new database or modify an existing database, you can use the Security Settings window in Database Configuration Assistant (DBCA) to enable or disable the default security settings. Oracle recommends that you enable these settings. These settings enable the following default security settings:

Enables default auditing settings. See "Using Default Auditing for Security-Relevant SQL Statements and Privileges" for detailed information.
Creates stronger enforcements for new or changed passwords. "Requirements for Creating Passwords" describes the new password requirements.
Removes the CREATE EXTERNAL JOB privilege from PUBLIC. For greater security, grant the CREATE EXTERNAL JOB privilege only to SYS, database administrators, and those users who need it.

Modifies initialization parameter settings. Table 2-1 lists the modified initialization parameter settings.

Table 2-1 Default Security Settings for Initialization Parameters

Setting	Previous Setting	New Setting
`AUDIT_TRAIL`	`NONE`	`DB`
`07_DICTIONARY_ACCESSIBILITY`	`TRUE`	`FALSE`
`PASSWORD_GRACE_TIME`	`UNLIMITED`	`7`
`PASSWORD_LOCK_TIME`	`UNLIMITED`	`1`
`PASSWORD_LOGIN_FAILURES`	`10`	`10`
`PASSWORD_LIFE_TIME`	`UNLIMITED`	`180`
`PASSWORD_REUSE_MAX`	`UNLIMITED`	`UNLIMITED`
`PASSWORD_REUSE_TIME`	`UNLIMITED`	`UNLIMITED`
`REMOTE_OS_ROLES`	`TRUE`	`FALSE`

To enable the default profile security settings using Database Configuration Assistant:

Start Database Configuration Assistant:
- UNIX: Enter the following command at a terminal window:
```
dbca
```
  Typically, dbca is in the $ORACLE_HOME/bin directory.
- Windows: From the Start menu, click All Programs. Then click Oracle - ORACLE_HOME, then Configuration and Migration Tools, and then Database Configuration Assistant.
  
  Alternatively, you can start Database Configuration assistant at a command prompt:
```
dbca
```
  As with UNIX, typically, dbca is in the ORACLE_BASE\ORACLE_HOME\bin directory.
In the Welcome window, click Next.

The Operations window appears.
Select Configure Database Options, and then click Next.

The Database window appears.
Select the database that you want to configure, and then click Next.

The Security Settings window appears.
Select the Keep the enhanced 11g default security settings (recommended). These settings include enabling auditing and a new default password profile option.
Click Next.

The Database Components window appears.
Select any additional options, and then click Next. Answer the remaining questions as necessary.
Click Finish.

2.3 Securing the Oracle Data Dictionary

This section describes how you can secure the data dictionary. The data dictionary is a set of database tables that provide information about the database, such as schema definitions, default values, and so on.

This section describes the following topics:

About the Oracle Data Dictionary
Enabling Data Dictionary Protection

2.3.1 About the Oracle Data Dictionary

The Oracle data dictionary is a read-only set of database tables that provides information about the database. A data dictionary has the following contents:

The definitions of all schema objects in the database (tables, views, indexes, clusters, synonyms, sequences, procedures, functions, packages, triggers, and so on)
The amount of space allocated for, and is currently used by, the schema objects
Default values for columns
Integrity constraint information
The names of Oracle Database users
Privileges and roles granted to each user
Auditing information, such as who has accessed or updated various schema objects
Other general database information

The data dictionary is structured in tables and views, just like other database data. All the data dictionary tables and views for a given database are stored in the SYSTEM tablespace for that database. The data dictionary central to every Oracle database, and it is an important tool for all users, from end users to application designers and database administrators.

You can use SQL statements to access the data dictionary. Because the data dictionary is read only, you can issue only queries (SELECT statements) against its tables and views. Oracle Database Reference provides a list of database views that you can query to find information about the data dictionary.

Example 2-1 shows how you can find a list of database views specific to the data dictionary by querying the DICTIONARY view.

Example 2-1 Finding Views That Pertain to the Data Dictionary

sqlplus system
Enter password: password
Connected. 
SQL> SELECT * FROM DICTIONARY;

2.3.2 Enabling Data Dictionary Protection

You can protect the data dictionary by enabling the O7_DICTIONARY_ACCESSIBILITY initialization parameter. This parameter prevents users who have the ANY system privilege from using those privileges on the data dictionary, that is, on objects in the SYS schema.

To enable data dictionary protection:

Start Oracle Enterprise Manager Database Control (Database Control).

See Oracle Database 2 Day DBA for instructions about how to start Database Control.
Log in as SYS and connect with the SYSDBA privilege.

For example:

Description of the illustration sys_login.gif

The Oracle Enterprise Manager Database Home page (Database Home page) appears.
Click Server to display the Server subpage.
In the Database Configuration section, click Initialization Parameters.

The Initialization Parameters page appears.
In the list, search for O7_DICTIONARY_ACCESSIBILITY.

In the Name field, enter O7_ (the letter O), and then click Go. You can enter the first few characters of a parameter name. In this case, O7_ displays the O7_DICTIONARY_ACCESSIBILTY parameter.

Depending on the parameter, you may have to modify the value from the SPFile subpage. Click the SFFile tab to display the SPFile subpage.
Set the value for O7_DICTIONARY_ACCESSIBILTY to FALSE.
Click Apply.
Restart the Oracle Database instance.
1. Click the Database Instance link.
2. Click Home to display the Database Control home page.
3. Under General, click Shutdown.
4. In the Startup/Shutdown Credentials page, enter your credentials.
  
  See Oracle Database 2 Day DBA for more information.
5. After the shutdown completes, click Startup.

After you set the O7_DICTIONARY_ACCESSIBILTY parameter to FALSE, only users who have the SELECT ANY DICTIONARY privilege and those users authorized to make DBA-privileged (for example CONNECT / AS SYSDBA) connections can use the ANY system privilege on the data dictionary. If the O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE, then any user with a DROP ANY TABLE (for example) system privilege can drop parts of the data dictionary. However, if a user needs view access to the data dictionary, then you can grant that user the SELECT ANY DICTIONARY system privilege.

Note:

In a default installation, the O7_DICTIONARY_ACCESSIBILITY parameter is set to FALSE.
The SELECT ANY DICTIONARY privilege is not included in the GRANT ALL PRIVILEGES statement, but you can grant it through a role. Roles are described in "Granting Roles to Users" and Oracle Database 2 Day DBA.

2.4 Restricting Operating System Access

You can secure access to Oracle Database on the operating system level by following these guidelines:

Limit the number of operating system users.
Limit the privileges of the operating system accounts (administrative, root-privileged, or DBA) on the Oracle Database host (physical computer). Only grant the user the least number of privileges needed to perform his or her tasks.
Restrict the ability to modify the default file and directory permissions for the Oracle Database home (installation) directory or its contents. Even privileged operating system users and the Oracle owner should not modify these permissions, unless instructed otherwise by Oracle.
Restrict symbolic links. Ensure that when you provide a path or file to the database, neither the file nor any part of the path is modifiable by an untrusted user. The file and all components of the path should be owned by the database administrator or some trusted account, such as root.

This recommendation applies to all types of files: data files, log files, trace files, external tables, BFILEs, and so on.

2.5 Restricting Permissions on Run-Time Facilities

Many Oracle Database products use run-time facilities such as Oracle Java Virtual Machine (OJVM). Do not assign all permissions to a database run-time facility. Instead, grant specific permissions to the explicit document root file paths for facilities that might run files and packages outside the database.

Here is an example of a vulnerable run-time call, in which individual files are specified:

call dbms_java.grant_permission('wsmith', 'SYS:java.io.FilePermission','filename','read');

Here is an example of a better (more secure) run-time call, which specifies a directory path instead:

call dbms_java.grant_permission('wsmith', 'SYS:java.io.FilePermission','directory_path','read');

2.6 Initialization Parameters Used for Installation and Configuration Security

Table 2-2 lists initialization parameters that you can set to better secure your Oracle Database installation and configuration.

Table 2-2 Initialization Parameters Used for Installation and Configuration Security

Initialization Parameter Default Setting Description

Initialization Parameter	Default Setting	Description
`SEC_RETURN_SERVER_RELEASE_BANNER`	`FALSE`	Controls the display of the product version information, such as the release number, in a client connection. An intruder could use the database release number to find information about security vulnerabilities that may be present in the database software. You can enable or disable the detailed product version display by setting this parameter. See Oracle Database Security Guide for more information about this and similar parameters. Oracle Database Reference describes this parameter in detail.
`O7_DICTIONARY_ACCESSIBILITY`	`FALSE`	Controls restrictions on `SYSTEM` privileges. See "Enabling Data Dictionary Protection" for more information about this parameter. Oracle Database Reference describes this parameter in detail.

SEC_RETURN_SERVER_RELEASE_BANNER

FALSE

Controls the display of the product version information, such as the release number, in a client connection. An intruder could use the database release number to find information about security vulnerabilities that may be present in the database software. You can enable or disable the detailed product version display by setting this parameter.

See Oracle Database Security Guide for more information about this and similar parameters. Oracle Database Reference describes this parameter in detail.

O7_DICTIONARY_ACCESSIBILITY

FALSE

Controls restrictions on SYSTEM privileges. See "Enabling Data Dictionary Protection" for more information about this parameter. Oracle Database Reference describes this parameter in detail.

2.6.1 Modifying the Value of an Initialization Parameter

This section explains how to use Database Control to modify the value of an initialization parameter. To find detailed information about the initialization parameters available, see Oracle Database Reference.

To modify the value of an initialization parameter:

Start Database Control.
Log in as user SYS with the SYSDBA privilege.
- User Name: SYS
- Password: Enter your password.
- Connect As: SYSDBA
Click Server to display the Server subpage.
In the Database Configuration section, click Initialization Parameters.

The Initialization Parameters page appears.
In the Name field, enter the name of the parameter to change, and then click Go.

You can enter the first few letters of the parameter, for example, SEC_RETURN if you are searching for the SEC_RETURN_SERVER_RELEASE_NUMBER parameter. Alternatively, you can scroll down the list of parameters to find the parameter you want to change.

Depending on the parameter, you might have to modify the value from the SPFile subpage. Click the SFFile tab to display the SPFile subpage.
In the Value field, either enter the new value or if a list is presented, select from the list.
Click Apply.
If the parameter is static, restart the Oracle Database instance.

To find out if an initialization parameter is static, check its description in Oracle Database Reference. If the Modifiable setting in its summary table shows No, then you must restart the database instance.
1. Click the Database Instance link.
2. Click Home to display the Database Control home page.
3. Under General, click Shutdown.
4. In the Startup/Shutdown Credentials page, enter your credentials.
  
  See Oracle Database 2 Day DBA for more information.
5. After the shutdown completes, click Startup.