Details
Database administration accounts are frequently granted more permissions to the local host system than are necessary. This allows inadvertent or malicious changes to the host operating system.
Solution
Revoke all host system privileges from the DBA group accounts and DBA user accounts not required for DBMS administration.
Revoke all OS group memberships that assign excessive privileges to the DBA group accounts and DBA user accounts.
Remove any directly applied permissions or user rights from the DBA group accounts and DBA user accounts.
You should document all DBA group accounts and individual DBA account assigned privileges in the System Security Plan.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.
References
- 800-53|AC-6
- CAT|II
- Rule-ID|SV-24346r1_rule
- STIG-ID|DG0005-ORACLE11
- Vuln-ID|V-6756
Comments
Please sign in to leave a comment.