html Security Check list

To ensure the security of an Oracle database, it's crucial to perform various checks and validations. Below is an outline of a comprehensive checklist that generates an HTML report containing essential security information about the database. This checklist covers aspects like database details, patch status, parameter settings, redo log configurations, user grants, auditing policies, schema accounts, database links, and special privileges.

Checklist Overview

1. Database Details:

   • Database name
   • Hostname
   • Database role (Primary or Standby)
   • RAC (Real Application Clusters) or Single Instance

2. Latest Patch Check:

   • Information about the latest applied patch

3. Parameter Checks:

   • Various critical parameters and their expected values:

     • audit_sys_operations should be TRUE
     • global_names should be TRUE
     • 07_dictionary_accessibility should be FALSE
     • os_roles should be FALSE
     • remote_login_passwordfile should be EXCLUSIVE
     • sec_max_failed_login_attempts should be 3
     • sec_protocol_error_further_action should be DELAY
     • trace_files_public should be FALSE
     • remote_os_authent should be FALSE
     • sql92_security should be TRUE

4. Instance Name and Redo Log Files:

   • Ensure the instance name/SID does not contain the Oracle version

   • Verify the redo log groups and control files:

     • Redo log groups should have at least two members.
     • Members should be in different locations.

5. User Grants and Roles:

   • Direct grants to users
   • Roles assigned to users

6. Unified Auditing Policies:

   • Check if required audit options are enabled:

     • CREATE USER, DROP USER, ALTER USER
     • CREATE ROLE, DROP ROLE, ALTER ROLE
     • DROP PROFILE, CREATE PROFILE, ALTER PROFILE
     • CREATE DATABASE LINK, DROP DATABASE LINK, ALTER DATABASE LINK
     • CREATE SYNONYM, DROP SYNONYM, ALTER SYNONYM
     • SELECT ANY DICTIONARY
     • CREATE INDEX, ALTER INDEX, DROP INDEX
     • CREATE DIRECTORY, ALTER DIRECTORY, DROP DIRECTORY
     • ALTER SYSTEM, AUDIT SYSTEM
     • CREATE PROCEDURE, ALTER PROCEDURE, DROP PROCEDURE

7. Schema Accounts and Privileges:

   • Default schemas with no lock

8. Database Links and Public Links:

   • Database links
   • Public links

9. Privileges with ADMIN OPTION:

   • Privileges granted with ADMIN OPTION

10. Special Privileges:

    • Privileges like ANY, ALTER SYSTEM, etc.
    •  
    •  
      • you can find the sql from my telegram channel:
      • https://t.me/vahiddb_dba/27