Defined Type: ora_cis::controls::alter_system_audit_option_is_enabled
- Defined in:
- manifests/controls/alter_system_audit_option_is_enabled.pp
Summary
`ALTER SYSTEM` allows one to change instance settings, including security settingsOverview
See the file “LICENSE” for the full license governing this code.
--
ora_cis::controls::alter_system_audit_option_is_enabled
and auditing options. Additionally, ‘ALTER SYSTEM` can be used to run operating system commands using undocumented Oracle functionality. Enabling the audit option will audit all attempts to perform `ALTER SYSTEM`, whether successful or not and regardless of whether or not the `ALTER SYSTEM` privilege is held by the user attempting the action.
## Skipping
To deliberately skip this control (e.g. meaning don’t use Puppet to enforce this setting), we provide you with three ways:
1) Add ‘ora_cis::controls::alter_system_audit_option_is_enabled: skip` to your hiera data. This will skip this control for ALL databases. 2) Add `ora_cis::controls::alter_system_audit_option_is_enabled::dbname: skip` to your hiera data. This will skip this control for specified database only. 3) Add an entry with the content `alter_system_audit_option_is_enabled` to the array value `ora_cis::skip_list` in your hiera data.
## Benchmarks
This control is used in the following benchmarks:
-
[Oracle Database 12c CIS V3.0.0](/docs/ora_cis/db12c_V3.0.0.html) - paragraph 6.1.16
-
[Oracle Database 18c CIS V1.0.0](/docs/ora_cis/db18c_V1.0.0.html) - paragraph 6.1.16
-
[Oracle Database 19c CIS V1.0.0](/docs/ora_cis/db19c_V1.0.0.html) - paragraph 6.1.16
–++–
45 46 47 48 49 50 51 52 |
# File 'manifests/controls/alter_system_audit_option_is_enabled.pp', line 45
define ora_cis::controls::alter_system_audit_option_is_enabled()
{
$sid = $title
ora_cis_setup { "alter_system_audit_option_is_enabled on ${sid}":
ensure => 'present',
}
-> ora_cis::internal::audit_option{"ALTER SYSTEM@${sid}": }
}
|