Has Anyone implemented the ISACA-Recommended privileges on $ORACLE_HOME (revoke world-read)

From: byrocat <strikemaster2000_at_yahoo.ca>
Date: Wed, 16 Mar 2011 11:12:30 -0700 (PDT)
Message-ID: <acfb1f1e-5e8d-4191-bd70-de61f41ade24_at_s18g2000vbe.googlegroups.com>

Our database security standard specifies the privileges that are supposed to be in place (750 or less on all files and subdirectories under $ORACLE_HOME except for $ORACLE_HOME/bin and sub-directories and files which has 755 or less).

Turns out that no one installed a new copy or Oracle until just recently and then found that the tools installed (SQLPlus) don't work).

I've found an ISACA book called "Oracle Database Security, Audit and Control Features" which recommended that the world-read privilege be revoked for everything under $ORACLE_HOME). Char 7.2 lays out the files and directories and the specific privileges for each. This chart is used in a lot of documents, here's one: http://www.isacanashville.org/files/presentations/Oracle-Database-Security-Update.pdf Slide 25 is the one with the cahrt.

Has anyone followed this recommendation and what has happened to your server and databases? Received on Wed Mar 16 2011 - 13:12:30 CDT

Original text of this message