Defined Type: ora_secured::controls::sec_max_failed_login_attempts_is_3_or_less

Defined in:
manifests/controls/sec_max_failed_login_attempts_is_3_or_less.pp

Summary

The `SEC_MAX_FAILED_LOGIN_ATTEMPTS` parameter determines how many failed login

Overview

ora_secured::controls::sec_max_failed_login_attempts_is_3_or_less

attempts are allowed before Oracle closes the login connection.

## Skipping

To deliberately skip this control (e.g. meaning don’t use Puppet to enforce this setting), we provide you with three ways:

1) Add ‘ora_secured::controls::sec_max_failed_login_attempts_is_3_or_less: skip` to your hiera data. This will skip this control for ALL databases. 2) Add `ora_secured::controls::sec_max_failed_login_attempts_is_3_or_less::dbname: skip` to your hiera data. This will skip this control for specified database only. 3) Add an entry with the content `sec_max_failed_login_attempts_is_3_or_less` to the array value `ora_secured::skip_list` in your hiera data.

## Benchmarks

This control is used in the following benchmarks:

  • [Oracle Database 12c CIS V3.0.0](/docs/ora_secured/cis/db12c_V3.0.0.html) - paragraph 2.2.12

  • [Oracle Database 18c CIS V1.0.0](/docs/ora_secured/cis/db18c_V1.0.0.html) - paragraph 2.2.11

  • [Oracle Database 19c CIS V1.0.0](/docs/ora_secured/cis/db19c_V1.0.0.html) - paragraph 2.2.10

See the file “LICENSE” for the full license governing this code.

Parameters:

  • title

    The SID to apply the control to. All controls need an SID to apply the control to. Here is a simple example: “‘ puppet ora_secured::controls::control_name { ’DBSID’:} “‘ In this example, the string DBSID is the sid to apply the control to.

  • preferred_value (Integer[0,3]) (defaults to: ora_secured::lookup_setting('preferred_value', 3))

    The preferred value to use. Some controls allow multiple values. The control implement a default value, but when you want an other value, you can use this parameter.



41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'manifests/controls/sec_max_failed_login_attempts_is_3_or_less.pp', line 41

define ora_secured::controls::sec_max_failed_login_attempts_is_3_or_less(
  Integer[0,3] $preferred_value = ora_secured::lookup_setting('preferred_value', 3),
)
{
  $sid = $title
  $unique = ora_secured::random_id(6)

  ora_secured_setup { "sec_max_failed_login_attempts_is_3_or_less_nopdb on ${sid}":
    ensure => 'present'
  }
  -> ora_secured::internal::parameter { "SEC_MAX_FAILED_LOGIN_ATTEMPTS@${sid}@${unique}":
    value =>  $preferred_value,
  }
}