Join the Reckless Community* indicates requiredEmail Address *First Name *Last Name *
Back to Oracle Database 11g Installation STIG
Severity: Medium
<VulnDiscussion>The SQLNet and Listener log files provide audit data useful to the discovery of suspicious behavior. The log files may contain usernames and passwords in clear text as well as other information that could aid a malicious user with unauthorized access attempts to the database. Generation and protection of these files helps support security monitoring efforts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Database Administrator</Responsibility><IAControls></IAControls>
Locate the Listener and SQLNet log files. View the contents of the sqlnet.ora and listener.ora configuration files located in the ORACLE_HOME/network/admin directory or the directory specified by the TNS_ADMIN environment variable (if set) for the listener process/service account: If the sqlnet.ora parameter TRACE_LEVEL_SERVER is not defined or is set to OFF OR 0, SQLNet logging is not enabled and the check for these parameters below is Not a Finding, otherwise, verify the directories specified in the following parameters of the sqlnet.ora file exist: LOG_FILE_SERVER = sqlnet [filename is sqlnet.log] LOG_DIRECTORY_SERVER = [directory on a volume with enough free space] Verify the directories and files specified in the following parameters of the listener.ora exist: NOTE: If you are using Automatic Diagnostic Repository (ADR) logging (DIAG_ADR_ENABLED_[listener name] = ON in listener.ora), the following parameters are Not Applicable. Setting DIAG_ADR_ENABLED_[listener name] = OFF reverts to traditional listener tracing/logging and the following parameters are in effect. For more information on Automatic Diagnostic Repository (ADR), refer to Oracle MetaLink Note 454927.1. LOG_DIRECTORY_[listener name] = [directory on a volume with enough free space] LOG_FILE_[listener name] = listener TRACE_DIRECTORY_[listener name] = [directory on a volume with enough free space] Default log file locations (by Oracle Version): - DIAG_ADR_ENABLED_[listener name] = OFF: -- listener log directory and file: ORACLE_HOME/network/log/listener.log -- listener trace directory and files: ORACLE_HOME/network/trace/listener.trc -- sqlnet log file: ORACLE_HOME/network/log/sqlnet.log -- sqlnet trace file: ORACLE_HOME/network/trace/sqlnet.trc - DIAG_ADR_ENABLED_[listener name] = ON: NOTE: The ADR_HOME is defined from the ADR_BASE parameter. If ADR_BASE is not defined, then ADR_BASE is set to the value of the DIAGNOSTIC_DEST initialization par
Restrict access to the listener and sqlnet log files. Restrict access to the tnslsnr service account to DBAs, SAs and auditors where they are required by assigned responsibilities.