Re: setting up a new database - remove any permissions?

From: Rich J <rjoralist3_at_society.servebeer.com>
Date: Wed, 10 Aug 2016 08:49:15 -0500
Message-ID: <f98fc4a39528851b2173b712e2806534_at_society.servebeer.com>

On 2016/08/09 18:42, Jeff Chirco wrote:

> Wondering if any of you have basic scripts you run everytime you create a new database. What do you configure? Do you remove any permissions from PUBLIC? I know I have experimented with removing certain objects from PUBLIC but found that it came back to bite me when applying patches and updates. Patches would either fail or cause some components to not be valid.

A few years ago, our auditors asked about EXECUTE privs granted on specific database objects to PUBLIC. Here's what I found (and was/is hopefully valid for 11gR2!):

 		Object Name
 		Category
 		Risk Assessment
 		Comment

 		ORA_MINING_NUMBER_NT
 		Collection type
 		Low
 		No evidence found that a collection type has any security

implications

 		ORA_MINING_TABLE_TYPE
 		Collection type
 		Low
 		No evidence found that a collection type has any security

implications

 		ORA_MINING_VARCHAR2_NT
 		Collection type
 		Low
 		No evidence found that a collection type has any security

implications

 		URITYPE
 		Object type
 		Low
 		Object created with invoker rights

 		FTPURITYPE
 		Object type
 		Low
 		Object created with invoker rights

 		AQ$_AGENT
 		Object type
 		Low
 		Contains no methods

 		AQ$_DEQUEUE_HISTORY
 		Object type
 		Low
 		Contains no methods

 		AQ$_HISTORY
 		Collection type
 		Low
 		No evidence found that a collection type has any security

implications

 		AQ$_MIDARRAY
 		Collection type
 		Low
 		No evidence found that a collection type has any security

implications

 		AQ$_NOTIFY_MSG
 		Collection type
 		Low
 		No evidence found that a collection type has any security

implications

 		UTL_BINARYINPUTSTREAM
 		Object type
 		Low
 		Object created with invoker rights

 		UTL_BINARYOUTPUTSTREAM
 		Object type
 		Low
 		Object created with invoker rights

 		UTL_CHARACTERINPUTSTREAM
 		Object type
 		Low
 		Object created with invoker rights

 		UTL_CHARACTEROUTPUTSTREAM
 		Object type
 		Low
 		Object created with invoker rights

 		ROW_LCR88_T
 		Object type
 		Low
 		Contains no methods

 		XDBURITYPE
 		Object type
 		Low
 		Object created with invoker rights

 		XMLBINARYINPUTSTREAM
 		Object type
 		Low
 		Unable to locate any security concerns on this view from Oracle Corp,

CIS, SANS, Red Database Security, etc.

 		XMLBINARYOUTPUTSTREAM
 		Object type
 		Low
 		Unable to locate any security concerns on this view from Oracle Corp,

CIS, SANS, Red Database Security, etc.

 		XMLCHARACTERINPUTSTREAM
 		Object type
 		Low
 		Unable to locate any security concerns on this view from Oracle Corp,

CIS, SANS, Red Database Security, etc.

I'm no security expert, so feedback from someone who's more knowledgeable in this area would be a good thing.

Rich

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Aug 10 2016 - 15:49:15 CEST

This message: [ Message body ]
Next message: Jeff Chirco: "Re: setting up a new database - remove any permissions?"
Previous message: Niall Litchfield: "Re: OEM 12c Software Library"
Next in thread: Jeff Chirco: "Re: setting up a new database - remove any permissions?"
Reply: Jeff Chirco: "Re: setting up a new database - remove any permissions?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message