Scribd Logo
Upload

Welcome to Scribd!

  • 11 I Security Quick Ref

    Uploaded by

    Riyaz Hussain
    25 views2 pages

    Original Title

    11iSecurityQuickRef

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views2 pages

    11 I Security Quick Ref

    Uploaded by

    Riyaz Hussain

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    FND CHANGE PASSWORD UTILITY SECURITY RELATED PROFILE OPTIONS

    INTEGRIGY
    Change Oracle Database Passwords
    Profile Option Default Suggest
    FNDCPASS command changes the password in the
    ORACLE APPLICATIONS 11i Applications and in the database.
    Sign-On:Audit Level
    Sign-on:Notification
    (none)
    No
    FORM
    Yes
    SECURITY QUICK REFERENCE FNDCPASS apps/apps 0 Y system/manager ORACLE
    Signon Password Failure Limit
    Signon Password Hard to
    (none)
    NO
    3
    YES
    <account> <password> Guess
    Signon Password Length 5 6
    Signon Password No Reuse (none) 365
    Version 1.2 – December 2004 Change Applications User Passwords
    Utilities:Diagnostics No No
    Concurrent:Report Access Level User User
    FNDCPASS apps/apps 0 Y system/manager USER AuditTrail:Activate No Yes
    <user> <password>
    DEFAULT ORACLE APPLICATIONS USERS
    “Signon Password Hard to Guess” Rules

    Default passwords for all standard Oracle Applications users


    accounts should be changed and all unused accounts DEFAULT ORACLE DATABASE ACCOUNTS The password contains at least one letter and at least
    one number.
    should be disabled. The password does not contain the username.
    Change The password does not contain repeating characters.
    Account Name
    Default Oracle Applications Users Password
    SYS 
    User Name Module Disable
    1 SYSTEM 
    APPS
    1, 2
     APPLSYSPUB PERMISSIONS
    APPSMGR AOL/FND yes APPLSYS
    1
    
    ASGADM ASG see module APPLSYSPUB
    ASGUEST AS see module CTXSYS  The APPLSYSPUB account should have limited permissions.
    AUTOINSTALL AOL/FND yes  These permissions are set in
    DBSNMP
    CONCURRENT  <FND_TOP>/admin/sql/afpub.sql.
    AOL/FND yes OWAPUB
    MANAGER PORTAL30 
    FEEDER SYSTEM AOL/FND yes INSERT ON FND_UNSUCCESSFUL_LOGINS
    PORTAL30_SSO  INSERT ON FND_SESSIONS
    GUEST AOL/FND no SCHEMAS (ABM … XTR)
    3
     EXECUTE ON FND_DISCONNECTED
    IBE_ADMIN IBE, ONT see module EXECUTE ON FND_MESSAGE
    IBE_GUEST IBE see module 1
    APPS and APPLSYS passwords must be identical EXECUTE ON FND_PUB_MESSAGE
    IBEGUEST IBE, IBU see module 2
    APPS password must be changed in these files: EXECUTE ON FND_SECURITY_PKG
    IEXADMIN IEX see module <iAS_HOME>/Apache/modplsql/cfg/wdbsvr.app EXECUTE ON FND_SIGNON
    INITIAL SETUP AOL/FND yes <FND_TOP>/resource/wfmail.cfg EXECUTE ON FND_WEBFILEPUB
    IRC_EMP_GUEST IRC see module <ORACLE_HOME>/reports60/server/CGIcmd.dat SELECT ON FND_LOOKUPS
    3 SELECT ON FND_APPLICATION
    IRC_EXT_GUEST IRC see module Change all schema passwords – over 200 schemas
    MOBILEADM ASG see module SELECT ON FND_APPLICATION_TL
    OP_CUST_CARE_ADMIN XDP see module SELECT ON FND_APPLICATION_VL
    SELECT ON FND_LANGUAGES_TL
    OP_SYSADMIN XDP see module
    WEB SESSION TIMEOUT SELECT ON FND_LANGUAGES_VL
    STANDALONE BATCH SELECT ON FND_PRODUCT_GROUPS
    AOL/FND yes
    PROCESS SELECT ON FND_PRODUCT_INSTALLATIONS
    SYSADMIN AOL/FND no Set these two parameters to be equal (30 minutes =
    WIZARD AOL/FND yes 1800000 seconds). To check permissions;
    1
    If the module is not being used, the account can be System Profile Option – ICX: Session Timeout = <minutes> SELECT * FROM dba_tab_privs
    disabled. Otherwise, see the module documentation for where grantee = 'APPLSYSPUB'
    more information on this account. <ORAHTTP_TOP>/Jserv/etc/zone.properties

    session.timeout=<seconds>
    DEFAULT ORACLE APPLICATIONS PORTS APPLICATIONS AUDITING (WHO COLUMNS) APPLICATIONS AUDITING (END-USER)

    Component Port # Creation_Date


    Database 1521 Created_By FND_USERS table Enable auditing by setting System Profile Option Sign-On:
    RPC/FNDFS 1526 Last_Update_Login FND_LOGINS tables Audit Level to FORMS at the site level.
    Reports Server 7000 Last_Update_Date
    Web Server (Apache) 8000 Last_Updated_By FND_USERS table End-User Audit Tables
    Forms Server 9000 applsys.fnd_logins
    Servlet 8880 applsys.fnd_login_responsibilities
    applsys.fnd_login_resp_forms
    TCF Server 15000 APPLICATIONS AUDITING (AUDITTRAILS) fnd_concurrent_requests
    Metrics Server Data 9110
    applsys.fnd_unsuccessful_logins
    Metrics Server Requests 9120
    1. Set System Profile Option AuditTrail:Activate to icx.icx_failures
    TRUE
    DATABASE LISTENER 2. Security -> AuditTrail -> Install to set schemas for End-User Audit Reports
    auditing Signon Audit Users
    3. Security -> AuditTrail -> Groups to create audit Signon Audit Responsibilities
    Listener Password groups and set tables to be audited. Set audit Signon Audit Forms
    listener.ora PASSWORDS_<listener name> group to Enabled Requested Signon Audit Concurrent Requests
    4. Security -> AuditTrail -> Tables to set columns in Signon Audit Unsuccessful Logins
    Listener Logging tables to be audited
    listener.ora LOG_DIRECTORY 5. Run AuditTrail Update Tables to activate auditing
    listener.ora LOG_FILE
    listener.ora LOG_STATUS ON AuditTrails Objects
    Shadow Table = <table name>_A
    Valid Node Checking (8i = protocol.ora, 9i=sqlnet.ora) Update Trigger = <table name>_AU
    tcp.validnode_checking = yes Insert Trigger = <table name>_AI
    tcp.invited_nodes = (x.x.x.x | name, x.x.x.x | name) Delete Trigger = <table name>_AD
    tcp.excluded_nodes=( x.x.x.x | name, x.x.x.x | name) Changes View = <table name>_AV#
    Complete View = <table name>_AC#

    DATABASE AUDITING Suggested Tables to Audit INTEGRIGY


    FND_AUDIT_GROUPS
    FND_AUDIT_SCHEMAS
    Enable auditing by setting audit_trail to TRUE or DB in the FND_AUDIT_TABLES
    init.ora file. FND_AUDIT_COLUMNS
    Integrigy Corporation
    Audit Statement Description 2052 Lincoln Park West, Suite 1301
    Other Possible Tables to Audit
    Chicago, Illinois 60614
    audit session; Session auditing – connects to FND_FORM
    888/542-4802
    the database FND_FORM_FUNCTIONS
    sales@integrigy.com
    audit user; Create, alter, and drop user FND_MENUS
    audit database link; Create or drop database links FND_MENU_ENTIRES
    audit public database Create or drop public FND_REQUEST_GROUPS
    FND_REQUEST_GROUP_UNITS Oracle Applications 11i
    link; database links
    audit system audit; Audit and noaudit statements FND_USER_RESP_GROUPS Security Quick Reference
    FND_RESP_FUNCTIONS
    ALR_ALERTS Version 1.2 – December 2004
    To check current system-level audit options –
    FND_CONCURRENT_PROGRAMS
    FND_DATA_GROUPS Oracle Applications 11.5.1 – 11.5.10
    select * from DBA_STMT_AUDIT_OPTS
    FND_DATA_GROUP_UNITS
    select * from DBA_PRIV_AUDIT_OPTS
    FND_ORACLE_USERID Copyright © 2003, 2005 Integrigy Corporation
    To check current object-level audit options – Information in this document is subject to change without
    notice and does not represent a commitment on the part of
    select * from DBA_OBJ_AUDIT_OPTS Integrigy Corporation.
    where owner = <owner> Integrigy is a trademark of Integrigy Corporation. Oracle
    and object_name = <name> is a registered trademark of Oracle Corporation and/or its
    affiliates.

    You might also like