You are on page 1of 149

index 1.00.00 1.01.

01

Name of precautionary measure Host Operating System security Issues Oracle software permissions

1.01.02 1.01.03 1.01.04 1.01.05 1.01.06

Lock Oracle account Do not name Oracle software owner account "oracle" Limit access to software owner account Use separate owner for listener from database software secure or remove DBSNMP

1.02.02

set umask value to a secure value

1.02.03 1.02.04

Check owner and group for all files in $ORACLE_HOME Windows file permissions and type.

1.02.05

Location of temp directories TMP_DIR, TMPDIR and TEMP

1.02.06 1.03.01

Check windows groups used for ORACLE_HOME and ORACLE_BASE Audit membership of OSDBA and root group

1.03.02 1.03.03 1.03.04 1.04.01

Ensure Oracle is not in the root group Dont use dba name for the OSDBA group Dont use the name ORA_DBA for the OSDBA group on Microsoft. Check trace file permissions

1.04.02

Remove tkprof from production db

1.04.03

disable the otrace utility

1.04.04

Check permissions of the datafiles

1.04.05

Regulary audit Oracle log files

1.04.06 1.04.07 1.04.08

Check for sensitive temporary files Check for tertiary trace files Check for remote data access files (RDA)

1.04.09 1.05.01

Raw device permissions Usernames/ passwords in process list

1.05.02 1.05.03 1.06.01

Restrict the ps command Restrict shell history files for usernames and passwords Secure network communications

1.06.02

set ORA_ENCRYPT_LOGIN to TRUE set DBLINK_ENCRYPT_LOGIN to TRUE Secure password transmission on the server Secure password transmission on the client JDBC thin minimum permissions

1.06.03 1.06.04 1.06.05

1.07.01 1.07.02

Permissions on Oracle SUID and SGID files Remove SUID and SGID files in $ORACLE_HOME Check environment variables for usernames and password Audit the machine for scripts containing usernames and passwords

1.08.01

1.08.02

1.08.03 1.08.04 1.08.05

Audit cron for usernames and passwords Audit client machines for configuration files containing usernames and passwords Remove db creation scripts

1.09.01

Use O/S auditing facilities

1.09.02

Save log files to a separate server using Syslog or Windows event viewer Integrity check O/S files used by Oracle host based IDS Review expected processes regularly monitor and set control file permissions Check who is creating trace files and audit their presence

1.09.03 1.09.04 1.09.05 1.10.01 1.11.01

1.11.02 1.11.03

Audit trace files for attempts to read database internal structures Ensure no user has ALTER SESSION and ALTER SYSTEM privileges

1.12.01

Audit for export file existence

1.12.02 1.13.01

Changing database passwords after full import Locate archive log files and check no user except ORACLE can read them

1.13.02 1.14.01

Save archivelog files to disk Audit external tables

1.15.01

remove access to native PL/SQL compilation in production

1.16.00 1.17.01 2.00.00 2.01.01

Be aware of key files containing hashes or passwords or other sensitive information Password protected listener can be shut down via the OS on Windows Oracle Authentication Audit database users activities

2.01.02

Audit application database logins

2.01.03

Check users database passwords

2.01.04 2.01.05 2.02.01

prevents users from sharing account IDs Use proxy authentication to help resolve SSO issues Audit default database accounts

2.02.010 Modify Oracle scripts for default accounts that are used 2.02.02 Add password management for default accounts

2.02.03 2.02.04 2.02.05

Audit internal alias login Audit non database Oracle passwords Change sys password and system password

2.02.06 2.02.07 2.02.08

Change Create business process to audit default accounts regularly Disable remote login password file parameter

2.02.09

Check use of system tablespace by default and SYSTEM users.

2.02.11 2.03.01 2.03.02

Audit known default role passwords Audit users accounts for passwords same as username Audit users accounts for weak passwords

2.03.03 2.03.04 2.03.05 2.03.06 2.03.07

Lock dormant database accounts and remove after time delay Stop personal data exposure on users accounts Use obfuscated naming convention for users accounts Use LDAP for external authentication Tie db accounts to users

2.04.01

Secure remote password login file

2.05.01 2.06.01

Change SID and service name for third-party applications Check separate applications authentication systems

3.00.00 3.01.01

Oracle Access Controls Check utl_file_dir parameter

3.01.02

Check dbms_backup_restore package permissions Audit Java access to the O/S

3.01.03

3.01.04 3.01.05

Be aware of how Java and Oracle interact Secure Con Text

3.01.06 3.02.01

Remove oo4o if not needed Remove PUBLIC select on ALL_USERS

3.02.02 3.03.01

Secure all ALL_% views secure or remove extproc

3.04.01 3.05.01

Understand Data Access Descriptor administration Check access to catalog roles

3.05.02

Check access to dba role views

3.05.03 3.05.04 3.05.05 3.05.06 3.06.01

Password protect admin roles Check role hierarchy depth Adopt role naming conventions Create a role to manage users accounts Database in archivelog mode?

3.06.02 3.06.03 3.06.04 3.06.05 3.06.06 3.06.07 3.06.08

Check user_dump_dest is valid Check background_dump_dest is valid Check core_dump_dest is valid Check that global_names is true Check that log_archive_start is set to true Check max_enabled_roles less than 30 Check that os_authent_prefix is set to (null string). Check that os_roles is set to false Check that O7_dictionary_accessibility is set to false Check that remote_os_authent is set to false

3.06.09 3.06.10 3.06.11

3.06.12 3.06.13

Check that remote_os_roles is set to false Periodically confirm parameters in database are the same as the configuration file

3.06.14

Check IFILE and the contents of files pointed to by IFILE

3.06.15 3.06.16

Audit remote_listener Check that pfile and spfile can only be written to and read by the software owner.

3.06.17

Audit exempt access policy privilege

3.06.18

Check record locking parameters

3.06.19 3.07.01

Check for SQL92_security Non sys objects in system tablespace

3.08.01

Check for users who have dba privilege

3.08.02

users or roles granted ALL PRIVILEGES or too many privileges

3.08.03

ANY privileges

3.08.04

WITH ADMIN or "WITH GRANT" privileges

3.08.05 3.08.06

Check for privileges granted WITH GRANT system privileges granted

3.08.07 3.08.08

Check for application objects owned by privileged users Check for direct access granted to tables and objects rather than through ROLES

3.08.09

CREATE LIBRARY privilege

3.08.10 3.08.11

Use roles to access underlying database objects Audit access privileges on objects

3.08.12 3.08.13 3.08.14 3.08.15

Use Integrity constraints Use triggers to insert critical data Restrict users to one role at once BECOME USER privilege

3.08.16

CREATE ANY DIRECTORY privilege

3.08.17 3.09.01

CREATE ANY JOB privilege Check for EXTERNAL users and also DBA

3.09.02 3.09.03 3.09.04 3.09.05 3.09.06 3.10.01

Check for external users who are dba Check for external users who have ALL PRIVILEGES Ensure external users have the least privileges possible Do not use remote host based authentication Check that no external users have SYSDBA or SYSOPER Revoke public execute privilege on utl_file

3.10.02

Revoke public execute privilege on utl_tcp

3.10.03

Revoke public execute privilege on utl_http

3.10.04

Revoke public privilege on utl_smtp

3.10.05

Audit public execute privileges on sys owned packages.

3.10.06

Revoke the public execute privilege on dbms_random.

3.10.07

Revoke the public execute privilege on dbms_lob Revoke any privileges on dbms_sql and dbms_sys_sql granted

3.10.08

3.10.09 3.10.10 3.10.11

Audit packages available via a database link Use invokers rights PL/SQL procedures Check DIRECTORY objects

3.10.12 3.10.13

Revoke execute privileges on sys.initjvmaux Revoke public execute privilege on dbms_job

3.10.14

Revoke public execute privilege on dbms_scheduler Revoke public execute privilege on owa_util

3.10.15

3.11.01

Use ROLES instead of directly granted privileges where possible

3.11.02 3.12.01 3.12.02 3.13.01 3.13.02

Access tables through packages or roles. Change system users default tablespace. Change users default and temporary tablespaces Revoke the RESOURCE role from users Revoke the CONNECT role

3.13.03

Add passwords to administrative roles

3.13.04

Revoke all from PUBLIC that's not needed

3.14.01 3.14.02 3.14.03 3.14.04 3.14.05

Set password lifetime in profile to 60 Set password grace time to 3 Set password reuse max to 20 Set failed login attempts to 5 Set up profiles for database users

3.14.06 3.15.01 3.15.02

Set up general profile parameters Set _trace_files_public to false Review initialisation parameters

3.15.03

Ensure system triggers fire

3.16.01

Audit tablespaces for Rogue objects and whether autoextensible.

3.17.01

Check each user has a tablespace quota

3.17.02 3.18.01 3.19.01

Establish different users for schema management and data management Set up naming conventions for schema owners and administrators and users Check for triggers on others tables

3.20.01

Audit access to critical sys/dba owned tables and views with oracle passwords

3.20.02 3.20.03 3.21.01

Audit access to all dba and sys owned views Revoke SELECT ANY TABLE Revoke object creation privileges from all but schema owners and DBAs Audit general users object access

3.21.02

3.22.01

Audit views to ensure correct access

3.23.01

LOCK SYS and SYSTEM and create new DBA accounts

3.24.01

07_DICTIONARY_ACCESSIBILITY =FALSE

3.25.01 3.26.01 3.27.01

Prevent the dba from reading application data Audit integration and server to sever communications Disable unneeded TCP ports.

3.28.01

Audit and secure statspack

4.00.00 4.01.01

Auditing Configure audit and storage.

4.02.01

Audit failures on critical objects

4.02.02 4.03.01

Use triggers to capture login events Audit create session

4.03.02 4.03.03 4.03.04 4.03.05 4.03.06 4.03.07 4.03.08

Audit use of all Audit the use of all drop statements Audit the use of all alter statements Audit the use of create user Audit use of create role Audit all create statements Review audit logs

4.03.09 4.04.01 4.04.02

Use Log Miner to audit in the case of forensics Configure basic audit Limit users who can change the audit

4.04.03

Protect,backup and purge the audit trail

4.04.04 4.04.05 4.04.06 4.05.01 4.06.01 4.07.01 4.07.02

Backup the audit trail Purge the audit trail Audit all SYS operations Check date / time stamps on database objects Ensure reports and alerts are in place to deal with irregularities found through audit Use triggers for row level auditing upto 8i VPD, RLS and label security

4.08.01 4.09.01 4.10.01

Be aware of possible failure to be alerted of suspicious activities Be aware of possible failure to audit the security profile. Monitor Other Oracle generated log files

5.00.00 5.01.01

Networking listener Password and Admin restrictions

5.01.02 5.01.03 5.01.04 5.01.05

Prevent remote dba access on sql*net v1 Audit the listener.ora file Enable shared sockets Use a firewall to protect the Oracle server

5.01.06 5.01.07 5.01.08

Change the standard listener ports 1521, 1526 Change the names of the SID and Listener Do not use hostnames in listener.ora In small environments. Use a personal firewall on database administrator computers

5.01.09

5.01.10

Secure listener.ora at the O/S level

5.01.11 5.02.01

listener logging enabled Restrict sources of connections

5.02.02

Use connection manager to restrict by source

5.03.01 5.04.01 5.05.01 5.06.01 5.06.02 5.06.03

Set the listener password Restrict listener banner information Use a firewall to protect the Oracle server. Audit Oracle client file permissions Audit client configuration file contents Audit the listener and sqlnet files on the server

5.07.01

database links

5.07.02 5.07.03 5.07.04 5.07.05 5.08.01 5.08.02 5.09.01 5.10.01 5.10.02 5.11.01 5.11.02

Discover what objects can be seen in the linked database Create a policy to manage database links Database link user should not be a dba Audit what links exist into and from the database Confirm the file permissions in the network admin directory Add only minimum configuration files to all clients Keep up to date with Oracle listener vulnerabilities and patch Secure remote dba access to the server Use an application gateway firewall Set server to dedicated in the tnsnames.ora file Oracle ports scan

5.12.01

intelligent agent

5.12.02 5.13.01

Protect clear text passwords for SNMP encrypt data transfer

5.13.02 6.00.00 6.01.01

Enable SSL to protect client transmissions Availability / backup / Recovery Backup and recovery procedures

6.01.02

Document recovery procedures

6.01.03 6.01.04 6.01.05 6.01.06 6.01.07 6.02.01

Store backup media off site Schedule cold backups Validate the backup media regularly Do not allow backups to be available on-line Create and use media retrieval procedures On line redo logs mirroring

6.03.01

Ensure the database is in archive log mode and protected Separate the Oracle software from data and from on-line redo and archive Keep Oracle data files on separate disks Use OFA Use striping and mirroring or RAID for Oracle data Destroy old disks that have contained database data.

6.03.02 6.03.03 6.04.01 6.04.02 6.04.03 6.04.04 6.05.01

6.06.01 6.06.02 7.00.00

Document and review disaster recovery procedures Include business users in disaster recovery planning Application Development

7.01.01

wrap PL/SQL code in the database

7.01.02

Checksum all PL/SQL objects in the database

7.01.03

Audit PL/SQL code for hard coded usernames and passwords Audit PL/SQL code for possible SQL injection attacks

7.01.04

7.01.05

7.01.06 7.02.01

Ensure as little information as possible about schema structure is available from the code in Oracle Pre-compile Java code before loading into the database Secure accounts accessing through ODBC

7.02.02

7.02.03

Implement procedures to limit which applications can access the database and from where Audit software/admin tools accessing the database

7.03.01 7.04.01 7.05.01 7.06.01 7.07.01

When decommissioning old applications remove all binaries and files Review procedures for adding new applications Establish procedures for movers, -rs and joiners Audit application file permissions Audit application development on production databases

7.08.01

ad-hoc queries against production database

7.09.01

test and development databases

7.09.02

7.09.03 7.09.04 7.09.05 7.09.06 7.09.07 7.09.08

7.09.09 7.10.01

Check for database links with access to production databases from development or test systems Ensure live data held in test or development is mangled or obfuscated. Do not locate test and development databases on the same server as production Ensure there is no access from test and development to production No developer access to production No developer database accounts should exist on production database Backups and exports copy passwords to test and development ensure they are not the same Place development and test on different network segment to production non application objects in application tablespaces Ensure no privileged user owns application objects Resources used by the database

7.10.02 7.11.01

7.12.01

Application authenticaion vs Oracle authentication

7.12.02 7.13.01

Do not use one database login to authenticate all users Do not use schema owners for administration tasks Ensure the schema owner is not a dba Lock schema owner accounts Audit public synonyms Hard coded usernames and passwords in applications Consider not using Java Do not allow applications to change the schema

7.13.02 7.13.03 7.14.01 7.15.01 7.15.02 7.15.03

7.16.01

Batch processes

7.16.02 7.16.03 7.16.04 7.17.01

Do not use external accounts for batch processes Consider password retrieval and use in schedulers Enable batch database accounts only when needed Product user profile in SQL*Plus

7.17.02 7.18.01

Audit query tool privileges Encrypt critical data

7.19.01 7.19.02 7.20.01 7.21.01 7.22.01

Audit generated applications for known weaknesses Audit public libraries used for know vulnerabilities Use change control Audit use of advance queues Audit client access and dev tools

7.23.01 7.24.01 7.25.01 7.25.02 7.25.03 7.25.04 7.25.05 7.25.06 7.25.07

Ensure no tool offers better access to the database than the application Checksum application files for Trojans Start the Oracle HTTP Server as a non privileged user Configure HTTPS and secure the listener Add authentication for users Set HTTP passwords Configure product user profile for iSQL*Plus Restrict databases that can be accessed Disable iSQL*Plus on production servers

7.27.01

remove debugger privileges

7.28.01

Be careful to sanitise data for external use

8.00.00

Apply latest patch and keep up to date with vulnerabilities

Credits: Thanks to David Litchfield and Pete Finnigan as well as all the SANS oracle security team led by Paul Wright.

The threat that it mitigates attacker taking control of files that should be owned by Oracle account Check OS file permissions in $ORACLE_HOME/bin and $ORACLE_HOME and should all be owned by ORACLE and group membership checked and recorded.OTHER group was able to edit the binaries used to run oracle then a denial of service could be easily mounted. Also malicous binaries could be written over the actual b inaries. attacker taking over the oracle account and using it maliciously attacker knowing the account name makes it quicker to attack that account lack of identity trail i.e. who is it that is logging on as oracle attacker gaining control of listener allows control of database DBSNMP can read user$ as it has the SELECT ANY DICTIONARY privilege . It has a default account/pass so common way into the database. DBSNMP is the user account that the Oracle Intelligent agent uses which has to be able to login remotely and automatically for the intelligent agent functionality to work.

means that files created by the ORACLE acount will have secure permissions by default.

This will prevent malicious access to the Oracle software on the server as long as the normal Windows hardening procedures are also taken.

Oracle installation requires a temp directory. Should not use /tmp as permissions are open. Therefore set TMP_DIR and TMPDIR variables to more secure locations which only ORACLE account should have permission to read, write and execute . should not contain root account or other low privileged users as OSDBA maps to SYS AS SYSDBA which is the most powerful user/role combination in the Oracle database. OSDBA can shutdown the whole database. Also make sure ORACLE is not a member of the root group.

dba is the generic group name for the OS dba group and this should not be used as it known and would make attacking the OS easier. manually create a group that is not called ORA_DBA for the ORACLE group -

tkprof is used to read trace files and should be used off the production server

otrace has known security issues and also performance issues as the .dat files it uses can grow to be very large.

The datafiles (.dbf) hold the actual persistent data and need to be protected

In order to recognise suspicious activity in the database the dba should monitor all log files which are kept historically for a set period of time.

RDA files contain a lot of internal connection details and are uploaded to oracle support in an insecure manner. This input should be sanitised before sending to Oracle support.

Oracle raw devices should have minimum permissions so only Oracle can use them. In UNIX the usernames and passwords that scripts are being run under may show when running the ps -ef command. This is a well known issue as an attacker could simply read these credentials and then impersonate that user. shell history recalls the previous commands but could also show an attacker a username password combination e.g sqlplus scott/tiger TNS sends much information in the clear such as the version number of the database. SQL*PLUS username/password via Oracle Authentication is encrypted but it has been broken by NGS and our recommendation is to use SSH for client to server communications and IPSEC for permanent server/server connections. Oracle Advanced Security is a more expensive option to the above. This is a link that discusses the weaknesses of Oracles network authentication mechanism. http://www.fors.com/eoug97/papers/0356.htm

An attacker can force a second non-encrypted login which is defended by setting this parameter jdbc thin drive transmits clear text error message including username and encrypted password and possibly used therefore set minimum privileges for users with thin client access. older versions of oracle 8 have many SETUID and SGID binaries most of which can be removed either by permission or completely. Dbnsmp is SUID root and should either be removed or changed. The users environment may contain usernames and passwords to make scripts work easily automated scripts have to work as a user which may be hardcoded into a script. Check cron jobs too.

The database configuration assistant can be used to create databases but also creates scripts with username /passwords that are insecure. OS auditing can be useful for Oracle to see what the OSDBA, OSOPER groups and ORACLE user have been doing.

correlated log analysis is a growing requirement in large enterprises so that events can followed over many systems. This may be a hack or a system failure. This requires synchronised time. a process list can show programs that are not meant to be running. One of these may be malicious attacker editing the control files which are needed for Oracle to work trace files can contain sensitive data such as the ability to read internal database structures and be dumped by anyone with ALTER SESSION privilege. Audit the presence of check files to make sure no unauthorised user is doing so and that no unauthorised user can read trace files created.

ALTER SYTEM allows the trace and dump directories to be changed and ALTER SESSION privilege allows the database structures to be dumped.

Attacker may either export the db's data including SYS.USER$ passwords or be able to read a legitimate export which could be imported into the attackers own database.

The redo logs are a record of the SQL commands needed to return the database to a previous state and may be archived preferably remotely in order to facilitate a backup recovery. This data is precious and should be protected. External tables are a link to the OS which allow database user to modify OS file and OS user to modify database file if the permissions allow. Therefore the permission/privileges of these external tables should be checked at both ends. This is not as serious as the UTL_FILE but should be checked.

Native PLSQL compilation allows PLSQL to be compiled via a C compiler to native code. This is dangerous as access to this functionality would allow execution of other binary files and to wrap exisitng PLSQL packages with their own code.

Psservice allows a windows service to be shut down remotely. Therefore secure the ORACLE account at the database level above the OS are users as well that should be monitored. Users such as SYS that are not meant to be logged in most times can be checked to see if they have a session open

Third party application user management is often required. Sometimes however it can be managed by the database. Applications store their passwords in the database anyway so this link has to strong anyway. It is often possible to bypass application security by logging in directly as the application user. strong memorable passwords are essential and the profile features of oracle can be used to control password lifetime, reuse, lock time and gracetime. Use of profiles is heavily recommended. Need to use the Password management features of Oracle to allow constant checking for compliancy. users may use the same login and password for convenience or to hide their identity. This make saccountability impossible. Oracle comes installed with many default accounts which are set with a default password. 10g release 1 and 2 are improving the security of these accounts by locking the default ones but they still come with default passwords. 8i and 9i have many default accounts that are unlocked with default known passwords and have high privileges assigned such as being able to read the password hashes from sys.user$. There are also many default accounts for third party applications that use Oracle. This list of default accounts includes users and roles. default accounts may not have password management features enabled as the profile has to be changed and the profile assigned to the user/role. It is important that accounts be protected from an attacker attempting to brute force an account.

The SYS and SYSTEM password are default user accounts as well and are set with the default passwords such as manage and change_on_install. This should be included in a default password audit but may be overlooked so it is worth explicity checking these accounts due to their sensitivity.

This parameter is set to NONE prior to 8.1.7 and EXCLUSIVE after that. It should be checked that the value has not been changed.

It is possible for accounts such as ordsys to have tablespaces using SYSTEM which if allocated without a quota could be filled up by the account and DoS the machine.

- this Oracle passwords are by default limited to 30 characters that can be used and the variety of each character is limited to alphanumerics a few special characters all upper case. Given this fact they are susceptible to being cracked. An example of this problem is shown in this paper by Josh Wright http://www.sans.org/info/911/

- this With leaving staff and contract workers it is possible that there are accounts in the db that are not being used termed "dormant". There should be a process that can identify accounts that are not being used anymore so that they can be removed. users such as SYS, INTERNAL and users granted SYSDBA/SYSOPER have their password recorded in $ORACLE_HOME/dbs/orapw<SID> Separate applications often have their own authentication system which may provide a weak point of entry. It is worth querying the database tables for these passwords.

UTL_FILE_DIR is the location on the OS that UTL_FILE package points to from Oracle database. This should not be set to "*", the location of the trace directories, "/tmp", "/" or other locations where important scripts lie. The reason being that UTL_FILE could be used to open a script and then saved as empty which would render the script useless. This package can copy, alter and delete files and so needs to be controlled tightly. Java can be used to access the OS from Oracle so Java permissions should be checked and if not needed should be revoked completely.

Oracle Context allows a database user to access external files. The functionality is owned by CTXSYS which unfortunately also has PUBLIC execute on many of the packages and tables.

ALL_USERS is a view like DBA_USERS but intended for anyone to use which is why PUBLIC is granted select on it. This view does show the usernames and this information is part of the way in which the password algorithm works as the username is the salt used to encrypt the password. See the end of SECOPs book. ExtProc enables external access to C libraries on the OS from the database and from the Listener remotely if enabled which it is by default. This is inherently insecure and additionally NGS has found buffer overflows in the fixes that were made to subsequently secure Extproc. http://www.ngssoftware.com/advisories/ora-extproc.txt http://www.oracle.com/technology/deploy/security/pdf/plsextproc_alert.pdf http://www.oracle.com/technology/deploy/security/pdf/2003alert57.pdf Please see the Shellcoders handbook page 406-10 for more detail of the buffer overflow. Also see Database Hackers Handbook page 89 Also see security the Listener further on in this guide.

Only DBA should have access to the catalog roles SELECT_CATALOG_ROLE EXECUTE_CATALOG_ROLE 'DELETE_CATALOG_ROLE

Views pre-fixed by the lettes DBA are for the use of the DBA and should not be viewable by non DBA users. Unauthorised access should be revoked.

Preferably, in order to allow complete Point In Time recovery the database should be in ARCHIVELOG mode which means that the redo logs are kept so that the database can be reinstated to a previous state. It is also preferable that the ARCHIVELOGs are kept remotely so that if the local machine becomes unusable the logs are not affected.

In order to limit the Role inheritance heirarchy set max_enabled_roles to 25 or so If os_authent_prefix is set to (null string) then a user can either logon externally or internally not both. External is insecure and should be seperated in this manner. If true then can log in without oracle authentication. This can be hacked easily from a non windows machine as it relies on the way that the username is formed. Can be spoofed remotely so need to disable The init.ora file is a flat file which may not actually be loaded into the memory the database so it is worth checking the two. There is also the trick of adding parameters at a the very bottom of an extended init.ora file which may not show when a text editor is used. IFILE parameter allows additional parameters to be contained in a separate init.ora pointed to by the first. Avoid use of this functionality where possible and check to see if it is being used or not. If so check the second parameter file to see what parameters are being set. If the system is not using a remote listener then check to see if the remote_listener parameter is null. -

exempt access policy privilege can be used to circumvent fine-grained security. Check for unauthorised granting of this privilege.

SERIALIZABLE set to FALSE and ROW LOCKING set to ALWAYS

User must have SELECT to DELETE and UPDATE. Check for non sys owned objects in the system tablespace that are not default Oracle objects.

this is most powerful role and should not be widely used so check for users and roles that have it. A user could be granted ALL PRIVILEGES which is the opposite of least privilege and should be avoided.

ANY privileges are to be avoided as it is not accurate to need.

WITH ADMIN or "WITH GRANT" privileges allow the grantee to pass on the privilege to any other user. This should be avoided and monitored.

system privileges tend to be more powerful and so should audited in case unauthorised users have them.

It is generally preferable to assign privileges to ROLES and ROLES to users rather than privileges to users. This is debatable though given the disadvantages of roles already highlighted so this item is not critical. CREATE LIBRARY privilege can be used to access the OS and escalate privilege and so this privilege should be revoked if not completely needed.

BECOME USER privilege allows one user to act as another and should be closely monitored. CREATE ANY DIRECTORY privilege allows a user to make a bridge between the DB and OS which is a potential security weakpoint and so this privilege should be monitored. There is no CREATE DIRECTORY so it is just CREATE ANY DIRECTORY. CREATE ANY JOB privilege allows the grantee to run PLSQL jobs as another user and should be closely controlled. External users have already been addressed in the OS section but an extra check is to see which users have the password of 'EXTERNAL'. EXTERNAL users should have absolutely minimal privileges as it is possible to spoof their logins. No SYSDBA or SYSOPER users should be allowed to have EXTERNAL passwords.

UTL_FILE is used to bridge between the oracle database and the supporting OS and can be used to exploit the OS especially on Windows which has had problems limiting UTL_FILE to the $ORACLE_HOME. utl_tcp can be used to connect from an Oracle database over the network to another database and is a common way for a hacker to move from machine to machine. PUBLIC does not require these privileges. utl_tcp can be used to connect from an Oracle database over the network to another database and is a common way for a hacker to move from machine to machine. PUBLIC does not require these privileges. utl_tcp can be used to connect from an Oracle database over the network to another database and is a common way for a hacker to move from machine to machine. PUBLIC does not require these privileges. SYS owned packages can be ran as SYS by any user with execute privileges unless INVOKER rights are specified which is not the default. PUBLIC as a role is a blunt instrument as it is too wide in most cases. Iit is difficult to maintain least privilege when the PUBLIC role is assigned privileges. This is especially the case when the privileges are to SYS owned objects which have the ability to run as SYS much like SUID in UNIX binaries. It is advised when developing internal packages that auth_id current_users is used instead of definers rights to make the risk of the package being used less critical. -

DBMS_LOB can used to access files on the OS due to a bug in the way it handles relative paths. EXECUTE should be revoked from PUBLIC anyway but this is even better reason. These packages should not have PUBLIC EXECUTE privileges as they can be used to trick DBA into executing commands as invoker. This was more of a threat when security models pre 8i worked on definer rights only. DIRECTORIES from an Oracle point of view are links to the OS and should be monitored as part of an audit. Directories tend to be left behind after they are used and no longer needed which is a medium security risk.

This package can be used to used to escalate privilege and so should not have privileges granted on it. By default it should have no privileges. dbms_job can be used to run scheduled jobs at a certain time which is useful for an attacker so that there scripts run unattended. Revoke execute privilege the dbms_scheduler has had a number of attacks directed at it and should preferably not be used at all. For certain the default execute privileges that PUBLIC posesses on the package should be revoked. The OWA_UTIL PL/SQL application exposes a number of stored procedures, which may be accessible anonymously via the web. It is better to organise privileges via ROLES than USERs directly as ROLES can be GRANTED and REVOKED en bulk

RESOURCE has more privileges than are required for instance UNLIMITED TABLESPACE which can cause a DoS. CONNECT has more privileges than required to connect to the database. Revoke the connect role and replace with a stripped down version that has CREATE SESSION Select * from dba_sys_privs where grantee='CONNECT'; GRANTEE PRIVILEGE ------------------------------ ---------------------CONNECT CREATE VIEW CONNECT CREATE TABLE CONNECT ALTER SESSION CONNECT CREATE CLUSTER CONNECT CREATE SESSION CONNECT CREATE SYNONYM CONNECT CREATE SEQUENCE CONNECT CREATE DATABASE LINK

In high security environments powerul roles such as DBA should be passworded. Please note that a passworded role granted to another role does not need a password anymore from the other role. Also password management features do not apply to roles so roles have weaknesses too.

PUBLIC role has privileges that can be accessed by any valid database account. As such all ROLEs and privileges not required should be revoked.

As well as pass management Profiles allow for session management which can help defend a session from attack. These profile parameters should be set up and different values set in different profiles for each security level of user.

Set _trace_files_public parameter when set to true can allow any user to read the trace files so explicitly set this to false. Parameter value changes can be missed and have a large affect there fore they should be checked especially as some parameters are hidden.

An applications tablespace should not have objects owned by another user within it because if the object grows in size it may cause an denial of service on the application . Autoextensible tablespaces can also grow and deman too much disk space so this should be monitored. In order to stop a user from taking up too much tablespace and possibly causing a DoD accidentally or maliciously a quota should be imposed that will limit the size of that users tablespace. It is possible to steal data from another schema using a trigger. Triggers should be audited in order to find triggers in a schema owned by someone else. user$, link$ and dba_users view allow access to the password hashes which in combination with the username makes decrypting the hash feasible.

object creation should be limited to the schema of the owner and to privileged accounts such as DBA. Object creation privileges such as create table should be revoked for non-DBA and non-schema owners. due to privilege inheritance with ROLES it is easy for a user to be able to see objects they should not. The best way to test this thoroughly is to login as that user and see what can be seen.

VIEWs can by design be used to update the underlying table if update is granted on the VIEW. This should be monitored. On top of this is the fact that there has been a bug in Oracle where

This measure when combined with a less obviously named new DBA account will help to secure the database from unauthorised privileged access.

SELECT ANY TABLE privilege should be revoked but if a user does have it then the setting of 07_DICTIONARY_ACCESSIBILITY =FALSE would mean that they could not SELECT from the data dictionary which holds important metadata about the database including passwords. This can be used prevent DBA's reading critical data as well. Ports 2100 and 8080 were added to 9iR2 as part of the XDB server and represent an additional attack surface which if not needed should be removed.

PUBLIC has privileges on STATS$% tables and should be revoked and GRANTED back individually.

basic Oracle Auditing can either be to the OS or to the DB which is easier but the OS is more secure as the OS is harder for a DB user to delete and will less likely affect the running of the DB if the Audit logs get very large. SYS.AUD$ is the database table that takes the auditing logs which since it is on a SYSTEM tablespace and allowed to grow could DoS the whole database. Moving AUD$ away from SYSTEM tablespace is not supported by Oracle but can be done. The other major issue with auditing is the problem with performance as the more that is audited the more resources are taken away from the running of the server. It has often been the case that all auditing is switched off in order to aid performance. This is not recommended. Auditing of most important actions should be made as a minimum. These are all actions by SYS and actions on critical system tables such as SYS.USER$ by everyone. Please see Oracle Privacy Auditing by Arup Nanda for more detail on Auditing on Oracle. The failure of any user to update a critical table is classic auditing priority and can be done easilly. The more users who are likely to be affected by this then the less it should be done due to performance hit. Auditing create session would be used to catch the time that users logon and off. It would generate a lot of audit. The same principle follows for these audit actions: Audit grant,drop, alter,create user, create role, The audit logs are easily readable via a view called dba_audit_trail. As someone is going to need to read and react to this audit this is another reason for selectively auditing the most important events in the DB. Aslong as redo logs are being archived off the databases state can always be inspected using Logminer http://www.giac.org/certified_professionals/practicals/gcfa/0159.php or reinstated. Auditing is a sensitive subject especially when auditing privileged users. The auditing role should be limited to a small group and separate from the main DBA function so that they are independent.

If have to audit to sys.aud$ then can use auditing to protect the audit. Make sure the audit is backed up and purged so that the disk does not fill to cause DoS or lose audit logs.

can use triggers to provide row level auditing even though fine grained auditing is not present in 8i. FGA came in with 9i and allows auditing of what a user selected at the row level. This is implemented using dbms_fga.add_policy. Linked to FGA is Virtual Private Databases which allows segregation of data between users so that they are as if they were in seperate databases. VPD configuration is done using DBSM_RLS. Oracle Label Security use user labels to grant access at the row level. The other logs apart from Basic Oracle Auditing are: Event Viewer,Syslog, Listener.log, access_log, error_log, sqlnet.log. These can be used to correlate information after an incident. The Oracle Listener is controlled by the LSNRCTL utility which previous to 10g allowed remote administration of the listener without authentication by default. This meant that anyone could shutdown the listener remotely. The Listener can be passworded which keeps remote administration but the password can be inputted as a hash that has been sniffed instead. This is assuming that the Listener password has been encrypted. The secure way to configure the listener is with Admin Restrictions ON which means that the Listener configuration changes have to be done locally by editing the Listener.ora file at the OS. If Oracle is networking through a firewall then set it so that it can shared sockets. Oracle networks on 1521 by default at the server but as the connection is made MTS allocates a new server port for that connection. This will be blocked by most firewalls so one solution is to force MTS to allocate a known port after the initial exchange. An alternative to this is to use a Proxy firewall such as Checkpoint NG1 which keeps state of current connections and can therefore handle a change of port number. The Listener should not be connected to over the Internet. These default ports are well known and it is easy to change the port. Change the default SID name from ORCL and the default Listener name of Listener. IP addresses are safer and place less load on the DNS system but larger networks require hostnames so that traffic can travel between subnets and so that an IP related DoS can be averted. -

If the listener.ora is the main point of Listener configuration then it should be secured appropriately using OS permissions.

Brute force attempts are not stopped by the Listener but it can log them if logging is enabled. valid node checking can be set so that only authorised source IP addresses can connect to the listener.

Connection manager can restrict connections based on origin, destination and SID and it can accept wildcards unlike valid node checking.

The networking files on the server should be audited to make sure that the permissions are adequate, the contents are correct and no nefarious copies of these files can be viewed by an unprivileged user. Please note that fat thumbed passwords may appear in the sqlnet.log from failed SQL*PLUS connections. Database links are useful to make connections from one database to another. These links may contain clear text passwords and allow access to unsecured development databases. Links can be PUBLIC,PRIVATE or GLOBAL. PUBLIC can be used by any user and if this link is made using a fixed user the authentication details will be in the link. Database links between Production and Development should be avoided and all links should be audited so that least privilege is extended through the link to the target database. Should run a regular port scan on the oracle server to see if additional services have been added or if Oracle ports not required are running. There are many default Oracle ports: 1521, 1526 default listener which should be changed. Please check the appendices for a list of Oracle default port numbers.

The intelligent agent which functions like an Oracle version of SNMP called DBSNMP which uses the DBSNMP account with default password DBSNMP. It is possible to improve the security of this greatly above the default but it should not be used on an untrusted network. SQL*PLUS encrypts passwords (which can be broken if attacker has the hash) but it does not encyrpt the data. If the client connections are made via web browser then SSL should be used which is part of OAS but can be implemented seperately from OAS.

Availability is one of the most important components of a security plan. Having good backup and recovery procedures is part of maintaining availability and therefore is part of a security plan. This is especially the case when backups can be restored by an attacker. Why attack the server when you can easily gain the backups for the server. Once copied then they may be altered and if a recovery can be forced the attackers malware could get onto the server. Backups are a current research topic for researchers

Backup procedures should not only be secured and practised this should also be documented

In case of fire, bomb or flooding it is wise to have off site backup which must be secured. The Oracle database cannot work normally without the redo logs and so these should be mirrored. remote archive logging is preferable

Data can be recovered from hard drives using forensics techniques both at the OS layer and DB layer.

Wrapping encodes the source code of a package in the database. This process is recommended especially if the source has proprietary code within it. A good reason for wrapping for example would be to hide the mathematical calculation that is used to gain a result which is passed back.

Checksumming all the objects in the database can be done using the packages within Oracle there is no need to do this externally unless there is a fear that the database has already been attacked. Oracle 9i wrapped PLSQL has the ability to read strings by in the file. This can be a way to find usernames and passwords which should be checked for. a common flaw with PLSQL packages both from Oracle and custom made is the susceptibility to SQL injection. See http://www.ngssoftware.com/papers/advanced_sql_injection.pdf In essence the problem is code that forms dynamic SQL allowing SQL key symbols as input which instead of being parsed as string is parsed as SQL.

Java source code can be read from sys.obj$ table and can also be read using DBMS_LOB. ODBC will carry the privileges of the user over to Oracle and so these accounts should be checked too. Excel and Access can connect to Oracle via ODBC and will pick up all the PUBLIC privileges. -

Tools such as Toad, PLSQL Developer, SQL Developer and DBA studio can be used to remotely access an Oracle database just like SQL*PLUS. These tools can allow an overview of database structure that is not needed for the developer. Application developers often work on a production system before it is actually put into production so it is important to secure what they have left behind

separate the two and try to mirror closely the environment so that developers do not need access to the production server to test applications.

As described previously objects not owned the tablespaces schema owner can pose a risk if they grow and cause a DoS especially if the objects are owned by privileged users. Resources can become overused especially with installation of third party applications therefore it is wise to check these resources after installation and running. Care should be taken when implementing and designing application authentication that it cannot be side stepped within Oracle.

Using a schema owner to access the databaes means that all objects within that schema become available as well as any higher privileges granted. Avoid hardcoded usernames and passwords where possible certainly plaintext. Since applications can be hacked through SQL injection, fuzzing and buffer overflows it is a good idea to give minimal privileges to the application. This would include not giving DDL privileges on the schema which would allow injected SQL to drop tables etc. Batch processes should access the database through one specific account

By enabling batch accounts at the time they run and disabling other accounts at that time activity can be monitored more easily. The PUP can be used to control users access via SQL*PLUS

Sarbannes Oxley recommends the use of data encryption within the database which hinders an attacker and also stops DBA's from reading very sensitive data. This is recommended. Audit saved passwords in the tools which may be encrypted weakly. Should be deleted. Also the accounts used via developer tools should have least privilege applied to them. It is good practise to checksum the developer tool binaries and compare these with known good hashes to make sure they have not been trojaned. iSQL*Plus requires a working http server on the same machine as the database which is a security weakness. Disable iSQL*Plus on production servers. thre are a number of debuggers included with oracle such as dbms_debug, oradebug and via dbms_java. It would be preferable to remove these but not always possible so remove all privileges to them. They can be granted back when needed. Data through employment adverts, RDA output to Support, Application server error pages etc should all be minimised as this is valuable reconaisance for a hacker. Especially using historcal records such as www.archive.org or googles cache.

Depending on both the components installed and the version of the database the latest CPU should be installed on test machines and then on the production machines unless it breaks current applications. The last two CPUs on 10 have applied more smoothly now that they are Java based. Please note that many vulnerabilities do not get patched for a long time so a member of the team should be tasked with monitoring websites that may have new Oracle security information of which there are many such as bugtraq and packetstorm. http://www.securityfocus.com/archive/1 For example http://www.securityfocus.com/archive/1/432078 http://ww.packetstormsecurity.nl/ As well as the Oracle Security website. http://www.oracle.com/technology/deploy/security/alerts.htm Plus specialist Database security websites such as www.databasesecurity.com It is not just Oracle vulnerabilities but also the supporting OS.

version 3.1.1

Description of how to do it ls -alR > recursivels.txt $ORACLE_HOME/bin set to 0755 and all other $ORACLE_HOME to 0750 cat /etc/passwd

passwd -l <username> use a different OS account name for Oracle software owner sudo to oracle In UI select custom install and use different account for listener either drop DBSNMP DROP USER DBSNMP CASCADE; or run $ORACLE_HOME/rdbms/admincatnsnmp.sql/ change username/password is minimum. For high security should remove the DBSNMP binary from the $ORACLE_HOME/bin as this is SUID. Also change the DBSNMP password in snmp_rw.ora file bash-2.05$ umask 022

set file type to NTFS ORACLE user account created to own the Oracle software should not be called "oracle" The user should be a local admin and not a domain user. This user should be made part of a group not called ORA_DBA. Remove everyone using inherited permissions. mkdir /u01/temp TEMP=/u01/temp; export TEMP TMPDIR=/u01/temp; export TMPDIR cat /etc/group adduser <username> <groupname> Adds username to the group groupname

groupadd <groupname> controlpanel>admintools>compmanagement>groups -

delete tkprof binary from $ORACLE_HOME/bin

CD to the $ORACLE_HOME/otrace/admin directory of your instance and remove or delete the dat files related to otrace. process.dat collect.dat regid.dat Once these are removed/deleted you should restart your instances and listener and otrace will be disabled. The database file location is usually in the parent directory of the control files which can be found by select name,value from v$parameter where name='control_files'; These permissions should be 600 if ORACLE is to run the db. This process necessetates the archiving of log files and when space is an issue deleting logs of a certain age so that there is rotation. It is worth correlating with SYSOG and IDS logs using timestamp as the central unifier of these logs. Therefore strong synchronisation of timestamp is required. This should be done using GPS or CDMA to give an accurrate internal stratum 0 source not via untrusted NTP from external source. A perl script could be used to parse the RDA files before sending to Oracle Support. This is a current research project at GIAC and more information will be available from this URL in the near future. http://www.giac.org/certified_professionals/listing/gsoc.php The local copy of the RDA files should be deleted after they have been sent. ls -al device/disk/volume hide.c available from oracle metalink support allows the username/password to be hid from the ps -ef command. Metalink notes 136480.1 and 1009091.6 Should restrict use of the PS command using OS permissions. restrict shell history by reducing the HISTSIZE environment variable to as low an amount as is appropriate for your environment for each user. Putty is a free and popular client that can be used for client connections. http://www.chiark.greenend.org.uk/~sgtatham/putty/ Need to edit the tnsnames.ora file and port forward using putty # TNSNAMES.ORA,Network Configuration File: C:\oracle\ora90\network\admin\tnsnames.ora PLSQL = (DESCRIPTION = (ADDRESS-LIST = (ADDRESS = (PROTOCOL = TCP) (HOST = localhost) (PORT = 7774))) (CONNECT-DATA = (SERVER = DEDICATED) (SERVICE-NAME = plsql) ) ) then: ssh -L 7774:venus:1521 venus

edit the text file init.ora to include the statement ORA_ENCRYPT_LOGIN=TRUE; DBLINK_ENCRYPT_LOGIN =TRUE REVOKE privilege from USER

chmod -s binaryname

it is possible to read a users environment remotely so these should be audited and any that are not absolutely essential removed. Use the $env command or system>advaneed>environment variables. #!/bin/bash/ find $ORACLE_HOME -name "*" -print | while read filename do echo "filename "$filename >>user.lis egrep -I 'connect|sqlplus' $filename >> user.lis2>/dev/null audit the $ORACLE_HOME for this scripts and remove them and also remove the database configuration assistant or dbca which is in $ORACLE_HOME/bin. Tripwire can be used to monitor the state of the oracle files. Oracle basic auditing can be set to log to the OS instead of sys.aud$. This is recommended as the DBA cannot directly alter this auditing log.

save Oracle logs to syslog in a central remote loghost server. Syslogng is also worth looking at for this purpose. lsof will list the processes on UNIX and can be compared to known list of good processes. to find OS Location select name from v$controlfile; .ctl files read/write by ORACLE only /bin/bash/ find $ORACLE_HOME -name "*.trc" -print | while read filename; do echo "FILENAME IS "$filename >> trc.lis; egrep -i 'Image' $filename >> trc.lis 2> /dev/null; done audit the presence of trace files: select name, value from v$parameter where name like '%dump_dest%'; Then ls -al that directory to see who can read them. Also check for trace files outside of the usual destination using find $ORACLE_HOME -name "*.trc" -exec ls -al {} \; - print select grantee, privilege from dba_sys_privs where privilege in ('ALTER SYSTEM', 'ALTER SESSSION'); DBA ROLEs should be ignored as they need these privileges.

find $ORACLE_HOME -name "*" -print | while read filename do egrep -I 'EXPORT' $filename >>exp.lis 2> /dev/null done

select log_mode from v$database; name, value from v$parameter where name like '%arch%'; select

example: SQL> select table_name, default_directory_name from dba_external_tables; TABLE_NAME DEFAULT_DIRECTORY_NAME ------------------------------ -----------------------------SALES_TRANSACTIONS_EXT DATA_FILE_DIR SQL> select * from all_directories where directory_name = 'DATA_FILE_DIR'; OWNER DIRECTORY_NAME ------------------------------ -----------------------------DIRECTORY_PATH -------------------------------------------------------------------------------SYS DATA_FILE_DIR /u01/app/oracle/product/9.2.0/demo/schema/sales_history/ ls -al /u01/app/oracle/product/9.2.0/demo/schema/sales_history/ SQL> select grantee,privilege from dba_tab_privs where table_name='DATA_FILE_DIR'; GRANTEE PRIVILEGE ------------------------------ ---------------------------------------SH READ

v$parameters should be set to false or null. plsql_native_c_compiler plsql_native_library_dir plsql_native_library_subdir_count plsql_native_linker plsql_native_make_file_name

psservice tool from sysinternals http://www.sysinternals.com/utilities/psservice.html SELECT * FROM v$session;

oracle label security can be used to as a solution to this problem.

Run a password cracker on the checksums for the passwords from sys.user$ to see if they are strong. NGS SQuirreL for Oracle has one of the fastest. It is also common for some users to set the password to be the same as the user which is covered by SQuirreL alter profile default limit sessions_per_user 1; These default accounts need to be audited for which can be done using products such as NGS SQuirreL for oracle which has over a 1000 entries. There is a list of common default usernames in the appendices of this report. Default accounts that are not required should be dropped. Defaults accounts that may be required should be locked and password changed. ALTER USER ACCOUNT UNLOCK; WKSYS and DBSNMP are two of the most commonly used default accounts as they have strong privileges and are often overlooked. ALTER USER defaultaccount PROFILE myprofile; The default profile is often used and should have password management features enabled using: ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 5 PASSWORD_LIFE_TIME 40 PASSWORD_REUSE_MAX 10 PASSWORD_REUSE__TIME UNLIMITED PASSWORD_LOCK_TIME 1 PASSWORD_GRACE_TIME 3; Additional to running a password cracker or default password check it is recommended to explicity change the password to a new secure password so that it is known 100% that the password is secure using the advice in item named "Audit users accounts for weak passwords"

SELECT value FROM v$parameter where NAME='remote_login_passwordfile'; should return NONE or EXCLUSIVE. If not change the init_SID.ora

select username, default_tablespace, temporary_tablespace from dba_users; this will provide a list of tablespaces with SYSTEM. Change these with the following SQL. ALTER USER ORDSYS DEFAULT TABLESPACE tools TEMPORARY TABLESPACE temp; - this In order to set a secure password in oracle it is recommended to use a quoted password which allows for ctrl UNICODE characters to be used in each of the 30 places. ALTER USER PAUL IDENTIFIED BY "passwordincludingnumbersandctrlchars";" This makes the password very difficult indeed to crack." As well as making the pasword secure it is possible to set up alias' for the accounts so that users actual username is never known. - this This is a hypothetical example given that hr_table contained a column of valid_users: (select name from sys.user$)minus (select valid_users from hr_table); The result would be invalid users. check the permissions on this file and change to -rw-r----- if necessary.

select object_name object, object_type type, owner owner from dba_objects where owner<>'SYS' and ((object_name like '%USER%' and object_name not like 'USER_%') or object_name like '%USR%' or object_name like '%PASSWD%' or object_name like '%PWD%' or object_name like '%PASS%') and object_type in('VIEW','TABLE') union select table_name object, column_name type, owner owner from dba_tab_columns where owner<>'SYS' and (column_name like '%USER%' or column_name like '%USR%' or column_name like '%PASSWD%' or column_name like '%PWD%' or column_name like '%PASS%') /

select name, value from v$parameter where name = 'ult_file_dir'; Also revoke access to UTL_FILE and only grant to those db accounts that require the OS access.

select privilege, grantee from dba_tab_privs where table_name='DBMS_BACKUP_RESTORE'; revoke access as needed. select Count(1) from dba_objects where object_type Like '%JAVA%'; --if this returns more than 3000 java is installed. This query will show the privs given wiithin Java select grantee,type_name,name,kind,action from dba_java_policy where grantee not like 'JAVA%' and grantee<>'SYS' / Then revoke privs not need using dbms_java.revoke_permission remove Java completely if not needed using $ORACLE_HOME/javavm/install/rmjvm.sql if context is not being used then drop CTXSYS user DROP USER CTXSYS CASCADE; If it is being used then can just lock CTXSYS ALTER USER CTXSYS ACCOUNT LOCK; Revoke all access to CTXSYS packages from PUBLIC. revoke select on all_users from public; Will also need to test that the low privileged accounts that should not see the usernames cannot actually see them by logging in as them and testing. This is because the privilege hierarchy may inherit the ability to select from a different route. To remove Extproc: -Remove the entries from the listener.ora file -Remove entries from any tnsnames.ora -Delete the extproc binary -Revoke create / alter (any) library privileges -Revoke create / alter procedure privileges To secure Extproc: -Create a separate user for the extproc listener -Remove extproc entries from listener.ora and tnsnames.ora - Create a new seperate listener for extproc -use valid node checking on the new extproc listener and restrict to IPC protocol only.

select grantee,granted_role from dba_role_privs where granted_role in ('SELECT_CATALOG_ROLE','EXECUTE_CATALOG_ROLE','DELETE_C ATALOG_ROLE'); revoke as needed. select grantee,privilege,table_name from dba_tab_privs where table_name in ('DBA_ROLES','DBA_SYS_PRIVS', 'DBA_ROLE_PRIVS','ROLE_ROLE_PRIVS'); This query is for general parameter values. SELECT * FROM v$parameter ORDER BY name; This query is specifically for archivelog mode and whether it is switched on. select log_mode from v$database;

SELECT * FROM v$parameter where name ='max_enabled_roles'; set in init.ora SELECT * FROM v$parameter where name ='os_authent_prefix'; set in init.ora SELECT value FROM v$parameter where name ='remote_os_authent'; set in init.ora SELECT value FROM v$parameter where name ='remote_os_roles'; set in init.ora SELECT * FROM v$parameter ORDER BY name; and compare with the init<SID>.ora file

search the init.ora for an IFILE parameter and follow that up by inspecting any addional parameter file.

SELECT value FROM v$parameter where name ='remote_listener'; set in init.ora -

select grantee,privilege from dba_sys_privs where privilege = 'EXEMPT ACCESS POLICY'; SELECT * FROM v$parameter where name ='serializable'; Not In 10g r2 set in init.ora SELECT * FROM v$parameter where name ='sql92_security'; set in init.ora select owner,segment_name,segment_type from dba_segments where tablespace_name='SYSTEM' and owner<>'SYS'; select grantee from dba_role_privs where granted_role='DBA'; Revoke from accounts that do not need it revoke dba from accountname; Check for all privs: (select count(*) from system_privilege_map)intersect (select count(*) from dba_sys_privs group by grantee); Check for number of privs in case too many. select count(*) from system_privilege_map; select count(*),grantee from dba_sys_privs group by grantee; select grantee,privilege from dba_sys_privs where privilege like '%ANY%'; revoke where possible select grantee, granted_role from dba_role_privs where admin_option='YES' union select grantee, privilege from dba_sys_privs where admin_option='YES'; Do the same query 'WITH GRANT'; select grantee,privilege from dba_sys_privs where grantee not in ('SYSTEM','SYS','PUBLIC') and not exists (select 'A' from dba_roles where role=grantee) These users have direct privileges. select distinct grantee, table_name, privilege from dba_tab_privs where grantee in((select grantee from dba_tab_privs)minus (select role from dba_roles)); select grantee,privilege from dba_sys_privs where privilege='CREATE LIBRARY' -

select grantee,privilege from dba_sys_privs where privilege = 'BECOME USER'; select * from dba_sys_privs where privilege='CREATE ANY DIRECTORY';

select * from dba_sys_privs where privilege='CREATE ANY JOB'; select username from dba_users where password='EXTERNAL'; select username from dba_role_privs, dba_users where username=grantee and granted_role='DBA' and password='EXTERNAL';

REVOKE ALL ON UTL_FILE FROM PUBLIC

REVOKE EXECUTE ON UTL_TCP FROM PUBLIC

REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC

REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC

This SQL will identify packages that are both owned by SYS and have EXECUTE granted to PUBLIC (select object_name from dba_objects where owner ='SYS' and object_type='PACKAGE')intersect (select table_name from dba_tab_privs where grantee='PUBLIC' and privilege='EXECUTE');

REVOKE EXECUTE ON dbms_lob FROM PUBLIC;

REVOKE EXECUTE ON dbms_sql FROM PUBLIC;

SELECT * FROM all_directories; and SELECT * FROM dba_directories; Un needed ones can dropped DROP DIRECTORY directory_name select grantee, privilege from dba_tab_privs where table_name ='INITJVMAUX'; REVOKE EXECUTE ON DBMS_JOB FROM PUBLIC;

revoke execute on dbms_scheduler from public;

revoke execute on owa_util from public;

to identify those with CONNECT you can use this query. select grantee from dba_role_privs where granted_role='CONNECT';

CREATE ROLE dba_role IDENTIFIED BY "S0^Sorry"; or alter role dba identified by "S0^Sorry"; See which roles are passworded. select * from dba_roles where password_required='NO'; This query will identify all ROLES and privs granted to PUBLIC. select 'SYSTEM','SYSTEM',privilege from dba_sys_privs where grantee='PUBLIC' union select 'OBJECT',table_name,privilege from dba_tab_privs where grantee='PUBLIC' union select 'COLUMN',table_name,privilege from dba_col_privs where grantee='PUBLIC' union select 'ROLE','ROLE',granted_role from dba_role_privs where grantee='PUBLIC'; Parameters that can be set and will increase security are: CPU_PER_SESSION PRIVATE_SGA SESSIONS_PER_USER CONNECT_TIME IDLE_TIME set this paramete in the init<SID>.ora file This SQL will list all parameters: select pin.ksppinm called, pcv.ksppstvl itsvalue from sys.x$ksppi pin, sys.x$ksppcv pcv where pin.inst_id=userenv('Instance') and pcv.inst_id=userenv('Instance') and pin.indx=pcv.indx and translate(pin.ksppinm,'_','^') like '^%'; Alternatively an OS level checksum of the init<SID>.ora file would also verify more easily the state of the parameter file. Try to explicitly declare hidden parameters so that they are known. For example _system_trib_enabled set to FALSE will switch off all SYSTEM triggers which may be used for auditing actions on objects. This should be explicitly set and monitored. -

This query will find the autoextensible tablespaces select tablespace_name from dba_data_files where autoextensible='YES';

Check the users from this query and assign a quote where appropriate. (select name from sys.user$)minus (select username from dba_ts_quotas); This query will find triggers not owned by the schema owner. select owner, trigger_name, table_owner, table_name from dba_triggers where owner<>table_owner and owner not in ('SYS','SYSTEM'); This query will select the users and roles that can select the hashes. (select grantee from dba_tab_privs where table_name in('USER$','DBA_USERS')) UNION (select grantee from dba_sys_privs where privilege in('SELECT ANY DICTIONARY','SELECT ANY TABLE')) UNION (select grantee from dba_role_privs where granted_role in('DBA','OLAP_DBA','OLAP_USER','SELECT_CATALOG_ROLE')) ORDER BY GRANTEE; This query includes users who have SELECT ANY TABLE which is a privilege that should be revoked. revoke create any table from user;

This query will return the privileges of a user.select 'SYSTEM', privilege from dba_sys_privs where grantee='SCOTT' union select table_name,privilege from dba_tab_privs where grantee='SCOTT' union select table_name,privilege from dba_col_privs where grantee='SCOTT' union select 'ROLE', granted_role from dba_role_privs where grantee='SCOTT';

This SQL will identify VIEWs which allow base table to be edited. select grantee,table_name,privilege from dba_tab_privs where exists (select 'x' from dba_views where view_name=table_name) and privilege<>'SELECT' union select grantee,table_name,privilege from dba_col_privs where exists (select 'x' from dba_views where view_name=table_name) and privilege<>'SELECT' /

Also it is possible to bypass Oracle object security on underlying tables from a view as below(from David). SQL> connect / as sysdba Connected. SQL> create table ttt (n number, text varchar2(20), constraint n_pk primary key(n)); Table created. SQL> insert into ttt (n,text) values (1,'abc'); 1 row created. SQL> grant select on ttt to scott; SQL> connect scott/tiger Connected. SQL> create or replace view vvv as select a.n, a.text from sys.ttt a join sys.ttt b on a.n = b.n; View user created. alter system account lock; or can also set the password to an impossible password using an impossible password like this: SQL> alter user sys identified by values 'no-decrypt'; User altered. SQL> select password from dba_users where username = 'SYS'; PASSWORD -----------------------------no-decrypt 07_DICTIONARY_ACCESSIBILITY =FALSE

remove the line dispatcher=(PROTOCOL=TCP) (SERVICE=orat92XDB)

select * from dba_tab_privs where grantee ='PUBLIC' and table_name like 'STATS$%'; revoke as necessary It is recommended to log auditing to the OS. Select value from v$parameter where name = 'audit_trail'; Set to OS Please note on Windows OS trails are recorded to the Application Event Logs. It is recommended to audit at least all SYS actions. Select value from v$parameter where name = 'audit_sys_operations'; Set to TRUE (this parameter is new in 9iR2) Plus to audit certain critical actions like selecting the password hashes. This is object auditing which would look like this: AUDIT SELECT ON SYS.USER$ BY ACCESS Please note that compliance with data standards such as Sarbannes Oxley, HIPAA and GLB act require the ability to audit to Row Level sensitive data.

For example: audit update on sys.salaries whenever not successful; Not difficult to do as just issue this command. AUDIT SESSION';

select * from dba_audit_trail; This is a large view and there fore best read through a client like SQLDeveloper from Oracle or SQL Tools which is a free client. http://www.sqltools.net/

This query shows users with audit privileges. select grantee,privilege from dba_sys_privs where privilege like '%AUDIT%';

AUDIT ALL ON SYS.AUD$ BY ACCESS

dba_fga_audit_trail is the main view for seeing this row level audit and should be used. fine grained audit may be a requirement for compliancy sake so not negotiable but should only be needed for sensitive data.

The location of these logs should be known before and incident occurs and practise should be made at correlating these logs so that problems that may occur during an incident are solved beforehand. Set a password on the Listener and set Admin Restrictions to ON. To encrypt the listener password change it through lsnrctl: lsnrctl>change_password password changed lsnrctl>save_config Then restart the listener. USE SSH TO THE OS TO ADMIN THE LISTENER. USE_SHARED_SOCKETS added to init.ora Set the fixed MTS dispatchers in the init.ora file. http://www.cs.umbc.edu/help/oracle8/server.815/a67775/ch2x_mts.htm

Change the port using listener.ora file. Edit the listener.ora file use IP address in the listener.ora for smalll networks.

chmod 600 listener.ora or using the NTFS file permissions. Also recommend taking a hash of the file so that it can be seen that is the same. set: LOGGING_LISTENER=ON set protocol.ora in 8i and sqlnet.ora in 9i/10g: tcp.validnode_checking=YES tcp.invited_nodes =(10.1.1.161, etc) tcp.excluded_nodes=(10.1.1.160, etc) needs configuring on each client in sqlnet.ora: USE_CMAN=TRUE Can also use Oracle names or Oracel Internet Directory preferably OID. Use Locate command on Linux, Find on Solaris or explorer search on Windows to find nefarious copies of listener.ora and sqlnet.ora. Check the permissions which should be 600 or similar. Secure the wallet directory for OID. This will query the link$ table for stored passwords. select name,password from sys.link$; Do not set up links as the DBA user as this user can masquerade as any other and has too many privileges for a link. Set DBLINK_ENCRYPT_LOGIN to TRUE.

Run a port scan using NMAP and vulnerability scan using Nessus or NGS SQuirreL for Oracle. The port number profile of that server should be recorded so that changes can be recognised. Remove needed services/ports.

OEM is very functional but its automation is built upon default account settings that are insecure and so for high security networks it is not recommended. Secure the snmp_ro.ora and snmp_rw.ora file as part of the IA audit. If data sent is sensitive then the connection should be made over SSH. If the connection is permanent then setting up an IPSEC tunnel would be a more practicable solution. The best solution is the most expensive being Oracle Advanced Security. http://oracleheva1.oracle.com/docs/cd/B19306_01/network.102/b14268/as ointro.htm It is imperative to secure backup media and to practise using the backup processes so that a real recovery can be done efficiently in case of crisis. Remote Archive Logging is a key recommendation for good Oracle backup and recovery. Schedule both hot backups which take the data and Cold backups which will take all data and configuration for a complete rebuild. This will require some kind of failover secondary server if 24/7 is required. Rotate and renew backup media incase of worn tapes. Document both the process of backup and recovery and the testing of these processes with sign off from security and senior admins so that it can be proven that this has been done. Need to have a process owner who is accountable in case of failure. Test the off site backup procedures. Mirroring simply involves making a copy of the redo log which can be done by Oracle Multiplexing or OS level mirroring. Put the mirrors on a different disk from the origina in case of disk failure. select log_mode from v$database; Ensure archive logs are written to backup and are purged and protected. Use secure delete software to wipe the disks or magnetically wipe them. Then destroy them phsysically and if necessary distribute seperately. Physical reconstruction is possible though currently expensive. -

use the following command at the OS. Wrap iname =infile oname=outfile Wrapping the PLSQL is not a high security measure as it has been reverse engineered. Search for unwrapped code using the following. select owner,name from dba_source where text like'%wrapped%'; select owner,name from dba_source where text not like'%wrapped%'; dbms_utility.get_hash_value can be used to get a hash value of a package. run an automated grep like search on PLSQL packages to see the strings that are in them. There are a number of cures for this http://www.ngssoftware.com/papers/DBMS_ASSERT.pdf Prepared statements are used in Java as well to stop this problem. The classic way to find these bugs is to insert a single quote into a text input field. This can be interpreted as a break in attempt so should only be done on internal applications with permisssion in writing. -

precompile java and load using the loadjava utility. lock down the privileges generally as previously described and test connecting to Oracle via MS Office applications. Applications that are allowed to access Oracle should be registered using DBMS_APPLICATION_INFO -

Assign a specific account for applications like Toad so that it can be locked down in a way specifically to that application and its activitied monitored seperately. Old application files should be removed and new ones should have the correct permissions assigned. Access to the database by development should be stopped before going to production and no more access granted unless requested and checked. Check for evidence of development work by comparing the timestamps on the view dba_objects. If the last_ddl_time is after development work should have stopped then there may have been unauthorised access. -

developer privileges present in the development database should be tested to make sure they are not in production. Also check for db links between the two as described previously Also make sure that test data in development is not real data but does closely model it.

select owner,segment_name,segment_type from dba_segments where tablespace_name='appowner'; use the v_$resource_limit view to compare resource usage before and after. Compare this to the maximum resources available on that server and increase if necessary using ALTER SYSTEM. It is often a good idea where possible to use Oracles authentication system and secure it at the Oracle end. This also means that auditing and logging can be individual to the account being used rather than having all application users using the same Oracle account which the application manages. Use a dedicated role that is assigned the required privileges and if possible lock the schema owners account. encrypt usernames and passwords in the database and then log back in as that user so user is trackable. REVOKE DDL privileges that the Application account has been granted.

product_user_profile view can be used to control users access. This is not available for ODBC

DBMS_OBFUSCATION_TOOLKIT is the main package internal to Oracle though there is also the new database vault functionality.

stop the http server edit the oracle_apache.conf and comment out the line which includes isqlplus.conf by using a # revoke execute on dbms_debug from devaccount;

It is worth having an external blackbox pentest to see how much information can gained.

Use metalink to source the patch Use Opatch to apply the patch and then check the state of the applied package that should have been changed by using dbms_utility.get_hash_value. Please note that earlier versions of Opatch are quite unreliable and allow patch information to be accessed by any OS user.

Potential DBA Discussion no one should need write access to the files in the bin so there should not be discussion on this point. It is possible to run with tighter permissions though this should be tested and support from Oracle verified.

criticality

platform 1 ALL

time to lock and unlock when needed may be difficult after the fact as scripts may be hardcoded with this data DBA do not want to use sudo so could disable remote login instead so have to su from fresh install no discussion needed on this point. DBA wants to use intelligent agent --> at least change the password for DBSNMP to a secure password. ALTER USER DBSNMP IDENTIFIED BY "SECURE PASSWORD"; See auditing weak passwords later.

1 ALL 2 ALL 2 Unix 2 ALL 1

If files may need to be read by those outside of the OSDBA group then could set 027 but depends on how many people are in the OSDBA group and how structured. If only two in OSDDBA/SYSDBA group then maybe 027 might be more time efficient but our recommendation is 022. none needed

1 Unix

1 Unix 1 Win

none needed

1 Unix

there may be additional discussion on who exactly will be a member of the OSDBA group which is a business decision. Need to have more than one person but not much more. Users that do not need complete power should access as SYSOPER for maintenance or as a low privileged Oracle db account directly. Least privilege is the key. none needed none needed -

1 Win 1 ALL

1 Unix 1 Unix 2 Win 3 ALL

if absolutely needed could keep on production server but would need v.good reason such as no other place to read the trace files which had to be read there. none needed

3 ALL

2 ALL

If a different user from ORACLE is used but in the same group then permisssions should be 660.

1 ALL

DBA may wish not correlate logs. The first time this is done takes along time but once a process is in place it can be automated. Time synchronisation will also be important for single sign on if and when implemented so it is a good idea to implement time syncrhonisation anyway.

3 ALL

none needed

2 ALL 2 ALL 3 ALL

if using veritas volume manager or similar then will have to use the tools supplied with that software. who gets permissions to ps is the question here. Root has it and ORACLE may need it as well as OSDBA and OSOPER. It should be limited below these users. none needed DBA may say that this is a lot of work on each client. The option is Oracle Advanced Security which is expensive or to - as it is. An advanced attacker can sniff traffic and gain the plain text of the password if they have the hash of the password that is being used. It is a business and context decision as to whether the risk of malicious sniffing and unencryption warrants the extra work/cost of securing each client. A high security network should take this precaution.

1 Unix 1 Unix

2 Unix 2 Unix 2 ALL

none needed

3 ALL

none needed

1 ALL 1 ALL 1 ALL

none needed

3 Unix 3 Unix

discussion about what is essential. Can use scripts that prompt the user to input their password manually as compromise. It may be the case that an automated script with a password is required then encrypt the password or at the very least limit the permissions so that it cannot be read by an unauthorised user.

3 ALL

2 ALL

none needed

2 Unix 2 ALL 2 ALL

none needed except that use of tripwire should be tested thoroughly before installation to make sure that it does not interfere with the smooth running of the server. If it does then manual checksumming of the oracle binaries can be carried out, recorded and then checked at agreed intervals. May be too time consuming for the benefit but this is potentially very beneficial in all but a completely trusted network environment. none needed none needed maybe DBA does not want to run a large find command on the machine while in production as may slow it down. Therefore can check the trace files manually and check for ALTER SESSION privileges.

2 ALL

2 ALL

2 Unix 3 ALL 2 ALL 2 ALL 3 ALL

should be no discussion on this but users may need to kill their own sessions therefore use kill command on UNIX or orakill.exe on windows to replace the ALTER SESSION capability

3 ALL 1 ALL

Running this find command on all files will slow down the machine whilst it is being done. This should be done whilst the machine is offline. Also change the passwords after a full export/import between machine environments e.g. production to development. The archive logs can take up a lot of space so a remote dedicated storage is safer and easier to manager in terms of disk space. Access to these logs should be strictly controlled as they can allow the database to be reinstated on a separate machine especially if the database structure is known. none needed

1 ALL

1 ALL 2 ALL

2 ALL 2 ALL

Native PLSQL runs quicker so development team may require this functionality. Both requirements can be met by setting the parameters for the developer as the PLSQL needs compiling and then setting it back. This should be a rare occurance and therefore not take up too much itme.

1 ALL

3 ALL Where Windows is being used migrate towards 2003 OS 1 Win

none needed

3 ALL

check the security of the web application to the database. An audit can useful in these situations. What encrytion is used by the application. Is the database security stronger the application password security. SQuirreL allows password auditing without actually viewing the passwords.

3 ALL

1 ALL

none needed Default accounts is a pretty clear subject so should not be too much discussion. The main stumbling block is DBSNMP as this is used as the account that the Oracle intelligent uses to gather data remotely as part of Oracle Enterprise Manager (OEM) which is a GUI tool for managing many servers in an easy way. see the securing DBSNMP section.

2 ALL 3 ALL 1 ALL

The exact composition and settings of a profile are flexible to the policy and business need. As a minimum there should at least be a default profile with password management features enabled though the values would be negotiable. If there are many contexts then different profiles should be implemented to satisfy all groups needs.

1 ALL 1 ALL

There may be some resistance to changing the SYS and SYSTEM passwords to a known secure password but this should be ignored unless exceptionally good reason. Changing these passwords should be a matter of course as they will become more insecure over time . These passwords should be changed each month anyway. Changing them should not inconvenience the DBA and it will ensure they are secure and able to change. none needed

2 ALL 2 ALL 1 ALL

1 ALL 2 ALL 2 ALL

none needed

3 ALL

- this auditing accounts for weak passwords can take along time so it is recommended to automate this process either using an SQL script locally or a remote testing application such as NGS SQuirreL for Oracle which is available as a free trial from http://www.ngssoftware.com/squirrelora.htm

1 ALL 2 ALL 2 ALL

- this This point clearly needs implementing the only question should be how which would be business process decision. It would be useful to allocate a business process owner so that could be responsible for removing leaving accounts and checking this has been done in Oracle. none needed

3 ALL 5 ALL 5 ALL 4 ALL 2 ALL

3 ALL

no problem running the query but problem when passwords are found so have to prepare for this. It may be the case that the auditor should not view the passwords depending on privacy policy. If weak passwords are found this way then need to secure the tables that contain the passwords and talk the application provider.

4 ALL 3 ALL

3 ALL

none needed

3 ALL

Business decision as to what Java permissions are required if Java is being used at all.

2 ALL

none needed

2 ALL 3 ALL

none needed

2 ALL 3 ALL

For DBA here is seperate Extproc listener if needed but try to avoid Extproc if possibly can. LISTENER EXT = (DESCRIPTION LIST = (DESCRIPTION = (ADDRESS-LIST = (ADDRESS = (PROTOCOL = IPC) (KEY= EXTPROC))))) SID-LIST EXT = (SID-LIST = (SID-DESC = (SID-NAME = PLsExtPr0c) (ORACLE-HOME = /export/home/uOl/app/oracle/product/9.0.1) (PROGRAM = extproc) ) )

4 ALL 1 ALL

none needed.

4 ALL 3 ALL

none needed.

3 ALL

Not aware of any good reasons not to do this. Disk space is a bad reason given the fall in disk prices.

4 4 5 5 2

ALL ALL ALL ALL ALL

4 4 4 3 4 3

ALL ALL ALL ALL ALL ALL

2 ALL

none needed.

4 ALL 1 ALL 3 ALL

none needed. none needed.

1 ALL 3 ALL

none needed.

3 ALL

none needed. -

3 ALL 2 ALL

none needed.

2 ALL

none needed.

2 ALL

2 ALL There will probably be SYSTEM and OUTLN objects which are default with Oracle but this check is looking for objects from other users which are out of place. Compromise to taking away DBA role is to strip down the privileges of this role so it is not such a security risk. The DBA role and SYS user will have this privilege. 1 ALL

1 ALL

1 ALL

create any directory does not have a non ANY version but most privs can be assigned more precisely so revoking ANY privileges should be enforced strongly. The DBA role and SYS user will have this privilege. The DBA role and SYS user will have this privilege.

1 ALL

2 ALL

busines processs required to match the allocation of system privileges to the business requirement.

2 ALL 1 ALL

This is debatable given the disadvantages of roles already highlighted so this item is not critical.

2 ALL 3 ALL

none needed should be enforced.

1 ALL

3 ALL 2 ALL

none needed.

3 3 2 2

ALL ALL ALL ALL

The DBA role and SYS user will have this privilege.

2 ALL

The DBA role and SYS user will have this privilege. none needed as previously addressed.

2 ALL 2 ALL

none needed - not negotiable

1 ALL 1 ALL 2 ALL 2 ALL 1 ALL 1 ALL

none needed - not negotiable

1 ALL

none needed - not negotiable

1 ALL

none needed - not negotiable

1 ALL

Some packages need PUBLIC execute but many should not. Many recent PLSQL injection attacks are targetted at SYS owned definer rights PLSQL packages that PUBLIC has execute upon. Therefore execute should certainly be revoked on PUBLIC packages unless absolutely necessary. In either case the use of PUBLIC execute on SYS owned packages should certainly be audited, controlled and in the future deprecated.

1 ALL

2 ALL

none needed - not negotiable

1 ALL

none needed - not negotiable

1 ALL

Need to be able to verify which directories are actually needed.

1 ALL 2 ALL 2 ALL

none needed none needed - not negotiable

2 ALL 2 ALL

none needed - not negotiable

1 ALL

This is will cause mod_plsql to stop working which will require execute being granted to the account used by the appserver to work again. ROLES granted to ROLES can cause an obfuscated hierarchy of privilges which can make it difficult to work out what privileges a user actually has so this item in the guide should be tempered with the proviso not to layer ROLES too deeply. -

2 ALL

2 ALL

4 ALL 1 ALL 2 ALL 1 ALL

Thorough testing of the new ROLE to replace CONNECT would require time and testing.

2 ALL

discretionary

2 ALL

This will take a long time and needs to be broken down into stages. The main amount of results will be the object privs form dba_tab_privs. Prioritise the others first and then prioritise SYS owned objects and objects that have known vulnerabilities.

2 ALL

agreeing how long a session can be left idle before it is disconnected is the main issue here and it depends on the power of the account and security context of the environment being used. DBA accounts should cut out more quickly and have less sessions per user normally. none needed none needed

3 3 2 3 3

ALL ALL ALL ALL ALL

2 ALL 3 ALL 3 ALL

1 ALL

none needed

3 ALL

none needed

3 ALL

none needed

3 ALL 5 ALL 2 ALL

The permission of select any table is required by the DBSNMP account for the intelligent agent to work which may be a factor in keeping this privilege IF the Intelligent agent functionality is to be kept.

1 ALL

the schema owner will still be able to create tables in their own schema but not others. There needs to be a very good reason to not do this for all but high privileged users. time intensive. If time pressured and not v.high security then better to approach from the direction of identifying the sensitive objects and seeing who has privileges on them rather than this method which looks at everything an individual can see and have to be repeated for each individual.

1 ALL 1 ALL 2 ALL

2 ALL

none needed

2 ALL

Note that SYS AS SYSDBA cannot be locked in this way so strenght in depth with the other measures needed especially OSDBA access from OS.

2 ALL

none needed

2 ALL

none needed

4 ALL 2 ALL 2 ALL

none needed

2 ALL

There can be much discussion on Auditing and the recommendations here represent the bare minimum that a server should have and should not represent a detriment to the performance of the server. Addtionally auditing can be added from here and is highly flexible and complex. Of major importance is the purging strategy as the more AUDIT the more logs and where to store them. Please see Oracle Privacy Auditing by Arup Nanda for more detail on Auditing on Oracle.

1 ALL

As long as the action being audited should not occur often and the action is critical then it is justified. Will this affect performance. Best to test beforehand on dev server or at a time when contigencies have been put in place.

2 ALL

2 ALL 3 ALL

Some audit has to be done and therefore some review of audit logs has to be done. The question is how much and how often which is a business decision sensitive to the security needs of that department.

3 3 3 3 3 3 3

ALL ALL ALL ALL ALL ALL ALL

should be unnegotiable. Please note that the newest functionality in Oracle database called database vault is specifically designed to withhold some control from senior DBA as this concept of everyone being accountable to policy is of current concern. http://www.oracle.com/technology/deploy/security/db_security/data base-vault/index.html OS is preferred as previously stated.

4 ALL 2 ALL 1 ALL

2 ALL

3 4 1 3

ALL ALL ALL ALL

3 ALL 3 ALL 3 ALL

2 ALL 2 ALL 1 ALL

Minimum passworded Listener and very preferably should be Admin Restrictions ON which is now the default in 10g. Please see this document for more detail on securing the Oracle Listener. http://www.integrigy.com/info/Integrigy_OracleDB_Listener_Securit y.pdf It should be noted that some clustering software such as SUN Solaris v3.0 cannot restart the Listener automatically if it fails and is passworded. The new 3.1 version does. Has a slight negative effect on performancy so only use when having to tunnel through a firewall. Can also use an Oracle aware firewall instead but Oracle Server must be protected from direct access by untrusted network such as the internet.

1 ALL

4 ALL 5 ALL 3 win 3 ALL

none needed. none needed. discretionary

2 ALL 2 ALL 3 ALL

2 ALL

none needed - not negotiable

1 ALL

none needed discretionary

2 ALL 3 ALL

Architectural issue is complex and cannot presribe completely. OID seems to be preferred route.

2 ALL

Shoud not be much discussion needed.

1 3 2 4 5 2

ALL ALL ALL ALL ALL ALL

Shoud not be much discussion needed.

1 ALL

none needed.

2 ALL 1 ALL 1 ALL 1 ALL 2 ALL 2 ALL 2 ALL 1 ALL 2 ALL 1 ALL 3 ALL

depends on the security of the network environment. At least put in place the previous securing DBSNMP recommendations and preferably do not use at all. SQL*PLUS command line over SSH is preferred admin tool. none needed.

2 ALL

2 ALL 2 ALL

DBA's often appreciate this very well perhaps more fully than many security researchers in the past though the potential for attack via backups is now becoming more well known. http://www.dbaoncall.net/references/ref_backup_strategy.html

3 ALL 1 ALL

not negotiable.

1 ALL

Should not be negotiable. none needed

2 ALL 3 3 2 2 2 ALL ALL ALL ALL ALL

none needed

2 ALL

should not be needed.

2 ALL 3 ALL 3 ALL 3 ALL 5 ALL 4 ALL 2 ALL

4 ALL 4 ALL

It is relatively easy to wrap the code. The question will be keeping the clear text version of the code and being able to keep a record of the state of the currently used version of the package which is where checksummng can be useful.

2 ALL

This process can be automated so should not take long.

3 ALL

none needed

3 ALL

This process is difficult to do automatically and if there is a lot of code it may be worth seeking a specialised Code Review consultancy.

2 ALL

3 ALL

should not be needed. none needed

3 ALL 2 ALL

2 ALL

none needed

3 ALL

none needed

4 ALL 4 ALL 2 ALL 3 ALL 3 ALL

3 ALL

There may be teething stage for a new application that requires temporary privileges to the production server to be granted to development. A process should be in place to make sure that any temporary accounts are deleted after a set period of time. If real data does get in to the development db then the top priority is to make sure that the DB account usenames and passwords transferred are deleted and new ones created. -

2 ALL

2 ALL

2 ALL 2 ALL 2 ALL 1 ALL 2 ALL 2 ALL

2 ALL 2 ALL

should not be needed.

2 ALL 2 ALL

There is not always a choice in this depending on the third party application.

1 ALL

if not possible at least ensure that the schema owner has not been granted the DBA role. Certainly no plaintext username and passwords. discussion should not be needed.

2 ALL 2 ALL

2 2 5 2

ALL ALL ALL ALL

2 ALL 2 ALL

1 ALL

1 ALL 1 ALL 1 ALL

The PUP can be bypassed so it should not be relied on heavilly. On the Oracle server SQL*PLUS security can be strengthened by making sure that no one other than ORACLE can access the sqlplus binary. It would normally agreed that there should be some data encyrpted and the DBA should certainly have the ability to encrypt data. How much data and how to encrypt data without the DBA's control over decryption is a business decission. -

3 ALL

3 ALL 2 ALL

2 ALL 2 ALL 2 ALL 2 ALL 3 ALL

should not be negotiable.

2 ALL 2 ALL 1 ALL 3 2 2 3 2 1 ALL ALL ALL ALL ALL ALL

should not be negotiable.

1 ALL

delist from google cache and archive.org and sanitise all data that is to be made external including to ORACLE support.

2 ALL

should not be negotiable. The problem is the time to do this. It is advisable to pay for an advanced scanner like NGS SQuirreL for Oracle which has the updates contained within it and automates the process of scanning for vulnerabilities through an enterprise.

version ALL

ALL ALL ALL ALL

ALL

ALL ALL

ALL

ALL ALL

ALL ALL ALL ALL

ALL

ALL

ALL

ALL

ALL ALL ALL

ALL ALL

ALL ALL ALL

ALL

ALL ALL ALL

ALL ALL

ALL

ALL

ALL ALL ALL

ALL

ALL

ALL ALL ALL ALL ALL

ALL ALL

ALL

ALL ALL

ALL >= 9i

>= 9i

ALL ALL

ALL

ALL

>= 8

ALL >= 8 ALL

ALL ALL

>= 8i ALL ALL

ALL ALL ALL

ALL

ALL ALL ALL

ALL ALL ALL >= 9i ALL

ALL

ALL ALL

ALL

ALL

>= 8

>= 8 >= 8

>= 7 ALL

ALL >= 8

9iAS ALL

ALL

ALL ALL ALL ALL ALL

ALL ALL ALL ALL ALL ALL ALL

ALL ALL ALL

ALL ALL

>= 9i

>= 9i ALL

>= 9i

ALL

ALL ALL

ALL

ALL

ALL

ALL

ALL ALL

ALL ALL

ALL

ALL ALL

ALL ALL ALL ALL

>=9i

>=10g ALL

ALL ALL ALL ALL ALL >= 8

>=8.1.7

>=8.1.7

>=8.1.7

ALL

ALL

>= 8i

ALL

ALL ALL >= 8

ALL ALL

>=10g

ALL

ALL

ALL ALL ALL ALL ALL

ALL

ALL

>= 8 >= 8 >= 8 >= 8 ALL

ALL ALL ALL

>=8i

ALL

ALL

ALL ALL ALL

ALL

ALL ALL ALL

ALL

ALL

ALL

ALL

ALL ALL >=9iR2

>= 8i

ALL

ALL

ALL ALL

ALL ALL ALL ALL ALL ALL ALL

ALL ALL ALL

ALL

ALL ALL >=9iR2 ALL ALL ALL >= 8

ALL ALL ALL

ALL

ALL ALL ALL ALL

ALL ALL ALL

ALL

ALL

ALL ALL

ALL

ALL ALL ALL ALL ALL ALL

ALL

ALL ALL ALL ALL ALL ALL ALL ALL ALL ALL ALL

ALL

ALL ALL

ALL ALL

ALL

ALL ALL ALL ALL ALL ALL

ALL

ALL ALL ALL ALL ALL ALL ALL

ALL ALL

ALL

ALL

ALL

ALL

ALL

ALL ALL

ALL

ALL

ALL ALL ALL ALL ALL

ALL

ALL

ALL

ALL ALL ALL ALL ALL ALL

ALL ALL

ALL ALL

ALL

ALL ALL

ALL ALL ALL ALL >= 8 ALL

ALL

ALL ALL ALL ALL

ALL ALL

ALL ALL ALL ALL ALL

ALL ALL >= 9i >= 9i >= 9i >= 9i >= 9i >= 9i >= 9i

ALL

ALL

Security Alert Number And Description Alert 68, Oracle Security Update Alert 67, Unauthorized Access Vulnerabilities in Oracle E-Business Suite Alert 66, Security Vulnerabilities in Oracle Application Server Web Cache Alert 65, Security Vulnerability in Oracle9i Application and Database Servers Alert 64, Security Vulnerabilities in Oracle9i Database Server Alert 63, Security Vulnerabilities in Oracle9i Lite Alert 62, SSL Update for CERT CA-2003-26 and older SSL issues Alert 61, SQL Injection Vulnerability in Oracle9i Application Server Alert 60, Unauthorized Access to Restricted Content in Oracle Files Alert 59, Buffer Overflow in Oracle Database Server Binaries Alert 58, Buffer Overflow in the XML Database of Oracle9i Database Server Alert 57, Buffer Overflows in EXTPROC of Oracle Database Server Alert 56, Buffer Overflow Vulnerability in Oracle E-Business Suite Alert 55, Unauthorized Disclosure of Information in Oracle E-Business Suite Alert 54, Buffer Overflow in Net Services for Oracle Database Server Alert 53, Report Review Agent Vulnerability in Oracle E-Business Suite Alert 52, Security Vulnerabilities in Oracle9i Application Server Alert 51, Buffer Overflow in ORACLE executable of Oracle9i Database Server Alert 50, Buffer Overflow in Oracle9i Database Server Alert 49, Buffer Overflow in Oracle9i Database Server Alert 48, Buffer Overflow in Oracle9i Database Server Alert 47, Security Vulnerabilities in Oracle9i Application Server Alert 46, Buffer Overflow in iSQL*Plus (Oracle9i Database Server) Alert 45, Security Release of Apache 1.3.27 Alert 44, Unauthorized Access Vulnerability in Oracle E-Business Suite, Release 11i Alert 43, Oracle9iApplication Server Web Cache Administration Tool Vulnerability Alert 42, Denial of Services Against Oracle Net Services Alert 41, Oracle9iApplication Server Oracle Java Server Pages Demo Vulnerability Alert 40, Oracle Net Listener Vulnerabilities Alert 39, Web Cache Oracle9i Application Server Password Vulnerability Alert 38, Oracle Net Denial of Service Security Vulnerability Alert 37, OpenSSL Buffer Overflow Alert 36, Security Vulnerability in Apache HTTP Server of Oracle9i Application Server Alert 35, Buffer Overflow Vulnerability in Oracle9iAS Reports Server Alert 34, Buffer Overflow Vulnerability in Oracle Net (Oracle9i Database Server) Alert 33, User Privileges Vulnerability in Oracle9i Database Server Alert 32, Unauthorized Access Vulnerability in the Oracle E-business Suite Alert 31, Oracle Configurator Cross Site Scripting Vulnerability Alert 30, SNMP Vulnerability in Oracle Enterprise Manager, Master_Peer Agent, for Oracle9i Database Alert 29, Vulnerability in PL/SQL EXTPROC in Oracle9i Database Alert 28, Vulnerabilities in Oracle mod_plsql and JSP in Oracle9i Application Server Alert 27, Vulnerabilities in Oracle9i Application Server Webcache Alert 26, Denial of Service against Oracle9i Application Server Alert 25, Vulnerabilities in mod_plsql Alert 24 was never released Alert 23, Oracle Database Server DBSNMP Vulnerabilities 167004.1

MetaLink Note ID 281188.1 274356.1 265308.1 258997.1 263508.1 263509.1 258996.1 253982.1 252706.1 251910.1 246202.1 244523.1 244335.1 244294.1 237172.1 235262.1 229288.1 229287.1 229286.1 229285.1 229284.1 224215.1 216775.1 214356.1 213415.1 213413.1 213411.1 207272.1 207269.1 207271.1 207268.1 206034.1 200873.1 198531.1 198544.1 185074.1 185073.1 182244.1 183556.1 175429.1 175428.1 169628.1 168862.1 168863.1 167001.1

167007.1 Alert 22, Oracle9i Application Server Default SOAP Configuration Alert 21, Oracle Label Security Mandatory Security Patch Alert 20, Oracle File Overwrite Security Vulnerability Alert 19, Oracle Trace Collection Security Vulnerability Alert 18, Oracle9iAS Web Cache Overflow Vulnerability Alert 17, Oracle Internet Directory Buffer Overflow Vulnerability Alert 16, Oracle SQL*Net and Net8 Malformed Packet Denial of Service Vulnerability Alert 15, Buffer Overflow Vulnerability in the Oracle8i Listener Alert 14, Oracle SQL*Net/Net8 Denial of Service Vulnerabilities 151290.1 151291.1 151292.1 37290 37504 37504 Alert 13, Oracle Redirect Denial of Service Vulnerability Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator Forms Launched Insecurely from Oracle E-Business Suite Oracle JVM FilePermission Vulnerability Security Bug with JSPs and the Oracle 8.1.7 Directory Traversal Vulnerability Unintended Execution of Oracle JSP Oracle XSQL Servlet Vulnerability Oracle Connection Manager Control SUID Oracle Internet Directory Buffer Overflows mod_plsql exclusion_list Announcement Oracle Internet Application Server Oracle Enterprise Manager Backup and Recovery Vulnerability in the Oracle Listener Oracle Application Server: Remote Command Execution Unprotected Oracle Installer File

37377 166869.1 163726.1 163727.1 163728.1 163729.1 152780.1 151260.1 151259.1 151261.1

37290

153289.1 No MetaLink Note No MetaLink Note No MetaLink Note 135885.1 No MetaLink Note No MetaLink Note No MetaLink Note No MetaLink Note No MetaLink Note No MetaLink Note 130119.1 124742.1 108139.1 No MetaLink Note

Latest Version/Date Rev 4, 2 March 2005 Rev 1, 3 June 2004 Rev 2, 2 April 2004 Rev 4, 2 June 2004 Rev 2, 20 May 2004 Rev 1, 18 February 2004 Rev 1, 04 December 2003 Rev 3, 13 November 2003 Rev 1, 28 October 2003 Rev 3, 13 November 2003 Rev 1, 18 August 2003 Rev 2, 07 August 2003 Rev 1, 23 July 2003 Rev 1, 23 July 2003 Rev 2, 30 April 2003 Rev 1, 10 April 2003 Rev 3, 03 March 2003 Rev 6, 18 April 2003 Rev 6, 18 April 2003 Rev 6, 18 April 2003 Rev 6, 18 April 2003 Rev 3, 23 July 2003 Rev 3, 11 November 2002 Rev 6, 20 May 2004 Rev 1, 04 October 2002 Rev 1, 04 October 2002 Rev 3, 16 December 2002 Rev 1, 14 August 2002 Rev 3, 08 August 2002 Rev 1, 08 August 2002 Rev 3, 08 August 2002 37477 37449 37412 37412 37363 37363 37347 37320 37840 37442 37253 38142 37046 -

37522 37182 37182 37224 37182 37167 37504 37504

37216 37032 37011 36935 38294 36935 36914 36922 36922 36901 36888 37358 38190 37291 36630

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 3 3 2 3 3 3 2 3 3 3 3 3 3 3 2 3 3 3 3 3 3 3 4 3 3 2 1 3 3 3 2 2 2 2 3 2 3 3 3 2 2 2 3

BRIO_ADMIN BRUGERNAVN BRUKERNAVN BSC BUG_REPORTS CALVIN CATALOG CCT CDEMO82 CDEMO82 CDEMO82 CDEMOCOR CDEMORID CDEMOUCB CDOUGLAS CE CENTRA CENTRAL CIDS CIS CIS CISINFO CISINFO CLARK CLKANA CLKRT CN COMPANY COMPIERE CQSCHEMAUSER CQUSERDBUSER CRP CS CSC CSD CSE CSF CSI CSL CSMIG CSP CSR CSS CTXDEMO

BRIO_ADMIN ADGANGSKODE PASSWORD BSC BUG_REPORTS HOBBES CATALOG CCT CDEMO82 CDEMO83 UNKNOWN CDEMOCOR CDEMORID CDEMOUCB CDOUGLAS CE CENTRA CENTRAL CIDS CIS ZWERG CISINFO ZWERG CLOTH <UNKNOWN> <UNKNOWN> CN COMPANY COMPIERE PASSWORD PASSWORD CRP CS CSC CSD CSE CSF CSI CSL CSMIG CSP CSR CSS CTXDEMO

EB50644BE27DF70B 2F11631B6B4E0B6F 652C49CDF955F83A EC481FD7DCE6366A E9473A88A4DD31F2 34200F94830271A3 397129246919E8DA C6AF8FCA0B51B32F 7299A5E2A5A05820 67B891F114BE3AEB 73EAE7C39B42EA15 3A34F0B26B951F3F E39CEFE64B73B308 CEAE780F25D556F8 C35109FE764ED61E E7FDFE26A524FE39 63BF5FFE5E3EA16D A98B26E2F65CA4D3 AA71234EF06CE6B3 7653EBAF048F0A10 AA2602921607EE84 3AA26FC267C5F577 BEA52A368C31B86F 7AAFE7D01511D73F

73F284637A54777D 402B659C15EAF6CB E3D0DCF4B4DBE626 04071E7EDEB2F5CC 0273F484CD3F44B7 F165BDE5462AD557 DB78866145D4E1C3 EDECA9762A8C79CD 144441CEBAFC91CF D8CC61E8F42537DA 684E28B3C899D42C 71C2B12C28B79294 C4D7FE062EFB85AB 09B4BB013FBD0D65 5746C5E077719DB4 0E0F7C1B1FE3FA32 3C6B8C73DDC6B04F CB6B5E9D9672FE89

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

1 1 1 1 2 2 2 3 2 2 2 2 2 2 3 3 3 2 3 2 2 2 2 2 2 2 3 2 3 2 3 2 2 2 2 2 3 2 2 2 2 2 3 3

CTXSYS CTXSYS CTXSYS CTXSYS CUA CUE CUF CUG CUI CUN CUP CUS CZ DBI HR HR HR HRI HVST HXC HXT IBA IBE IBP IBU IBY ICDBOWN ICX IDEMO_USER IEB IEC IEM IEO IES IEU IEX IFSSYS IGC IGF IGI IGS IGW IMAGEUSER IMC

<UNKNOWN> CHANGE_ON_INSTAL 71E687F036AD56E5 L CTXSYS 24ABAB8B06281B4C UNKNOWN CUA CUE CUF CUG CUI CUN CUP CUS CZ MUMBLEFRATZ <UNKNOWN> A13C035631643BA0 CB7B2E6FFDD7976F A219FE4CA25023AA 82959A9BD2D51297 21FBCADAEAFCC489 AD7862E01FA80912 41C2D31F3C85A79D C03082CD3B13EC42 00A12CC6EBF8EDB8 9B667E9C5A0D21A6 D8FF6ECEF4C50809 33EBE1C63D5B7FEF

CHANGE_ON_INSTAL 6399F3B38EDF3288 L HR 4C6D73C3E8B0F0DA HRI HVST HXC HXT IBA IBE IBP IBU IBY ICDBOWN ICX IDEMO_USER IEB IEC IEM IEO IES IEU IEX IFSSYS IGC IGF IGI IGS IGW IMAGEUSER IMC 49A3A09B8FC291D0 5787B0D15766ADFD 4CEA0BF02214DA55 169018EB8E2C4A77 0BD475D5BF449C63 9D41D2B3DD095227 840267B7BD30C82E 0AD9ABABC74B3057 F483A48F6A8C51EC 76B8D54A74465BB4 7766E887AF4DCC46 739F5BC33AC03043 A695699F0F71C300 CA39F929AF0A2DEC 37EF7B2DD17279B5 E93196E9196653F1 30802533ADACFE14 5D0E790B9E882230 6CC978F56D21258D 1DF0D45B58E72097 D33CEB8277F25346 1740079EFF46AB81 8C69D50E9D92B9D0 DAF602231281B5AC B39565F4E3CF744B E079BF5E433F0B89 C7D0B9CDE0B42C73

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 3 3 3 3 3 2 2 2 3 2 2 2 3 2 2 3 2 3 3 3 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 1 2 2 3 3 3

IMEDIA IMT #INTERNAL #INTERNAL INTERNAL INTERNAL INV IPA IPD IPLANET ISC ITG JA JAKE JE JG JILL JL JMUSER JOHN JONES JTF JTM JTS JWARD KWALKER L2LDEMO LBACSYS LIBRARIAN MANPROD MARK MASCARM MASTER MDDATA MDDEMO MDDEMO_CLERK MDDEMO_CLERK MDDEMO_MGR MDSYS ME MFG MGR MGWUSER MIGRATE

IMEDIA IMT ORACLE SYS_STNT ORACLE SYS_STNT INV IPA IPD IPLANET ISC ITG JA PASSWO4 JE JG PASSWO2 JL JMUSER JOHN STEEL JTF JTM JTS AIROPLANE KWALKER L2LDEMO LBACSYS SHELVES MANPROD PASSWO3 MANAGER PASSWORD MDDATA MDDEMO CLERK MGR MDDEMO_MGR MDSYS ME MFG MGR MGWUSER MIGRATE

8FB1DC9A6F8CE827 E4AAF998653C9A72 87DADF57B623B777 38379FC3621F7DA2 AB27B53EDC5FEF41 E0BF7F3DDE682D3B ACEAB015589CF4BC EB265A08759A15B4 066A2E3072C1F2F3 7404A12072F4E5E8 373F527DC0CFAE98 D90F98746B68E6CA 9AC2B58153C23F3D 1CE0B71B4A34904B FBB3209FD6280E69 37A99698752A1CF1 D89D6F9EB78FC841 489B61E488094A8D 063BA85BF749DF8E 29ED3FDC733DC86D B9E99443032F059D 5C5F6FC2EBB94124 6D79A2259D5B4B5A 4087EE6EB7F9CD7C CF9CB787BD98DA7F AD0D93891AEB26D2 0A6B2DF907484CEE AC9700FD3F1410EB 11E0654A7068559C F0EB74546E22E94D F7101600ACABCD74 4EA68D0DDE8AAC6B 9C4F452058285A74 DF02A496267DEE66 46DFFB4D08C33739 564F871D61369A39 E5288E225588D11F 2E175141BEE66FF6 72979A94BAD2AF80 E5436F7169B29E4D FC1B0DD35E790847 9D1F407F3A05BDD9 EA514DD74D7DE14C 5A88CE52084E9700

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 3 3 3 3 3 2 2 2 2 2 3 3 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 3 3 3 3 2 2 3 3

MILLER MMO2 MMO2 MMO2 MODTEST MOREAU MRP MSC MSD MSO MSR MTS_USER MTSSYS MWA MXAGENT NAMES NEOTIX_SYS NNEUL NOM_UTILISATEUR NOMEUTENTE NOME_UTILIZADOR NUME_UTILIZATOR OAIHUB902 OAS_PUBLIC OAS_PUBLIC OCITEST OCM_DB_ADMIN OCM_DB_ADMIN ODM ODM_MTR ODS ODS_SERVER ODSCOMMON OE OE OE OEM_REPOSITORY OEMADM OEMREP OKB OKC OKE OKI OKO

MILLER MMO2 MMO3 UNKNOWN YES MOREAU MRP MSC MSD MSO MSR MTS_PASSWORD MTSSYS MWA MXAGENT NAMES NEOTIX_SYS NNEULPASS MOT_DE_PASSE PASSWORD SENHA PAROL <UNKNOWN> OAS_PUBLIC <UNKNOWN> OCITEST <UNKNOWN> OCM_DB_ADMIN ODM MTRPW ODS ODS_SERVER ODSCOMMON

D0EFCD03C95DF106 AE128772645F6709 A0E2085176E05C85 62876B0382D5B550 BBFF58334CDEF86D CF5A081E7585936B B45D4DF02D4E0C85 89A8C104725367B2 6A29482069E23675 3BAA3289DB35813C C9D53D00FE77D813 E462DB4671A51CD4 6465913FF5FF1831 1E2F06BE2A1D41A6 C5F0512A64EB0E7F 9B95D28A979CC5C4 05BFA7FF86D6EB32 4782D68D42792139 FD621020564A4978 8A43574EFB1C71C7 71452E4797DF917B 73A3AC32826558AE

A8116DB6E84FA95D 9300C0977D7DC75E C09011CB0205B347

2C3A5DEF1EE57E92 C252E8FA117AF049 A7A32CD03D3CE8D5 89804494ADFC71BC C6E799A949471F57 59BBED977430C1A8

CHANGE_ON_INSTAL 9C30855E7E0CB02D L UNKNOWN 62FADF01C4DC1ED4 OE <UNKNOWN> OEMADM OEMREP OKB OKC OKE OKI OKO D1A2DFC623FDA40A 1FF89109F7A16FEF 9DCE98CCF541AAE6 7BB2F629772BF2E5 A01A5F0698FC9E31 31C1DDF4D5D63FE6 B7C1BB95646C16FE 991C817E5FD0F35A 6E204632EC7CA65D

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

2 2 2 3 3 3 3 3 3 2 3 3 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 3 3 3 3 3 3 3 3 3 3 2 2 3 3

OKR OKS OKX OLAPDBA OLAPSVR OLAPSVR OLAPSYS OLAPSYS OMWB_EMULATION ONT OO OPENSPIRIT OPI ORACACHE ORACACHE ORACLE ORADBA ORANGE ORAPROBE ORAREGSYS ORASSO ORASSO_DS ORASSO_PA ORASSO_PS ORASSO_PUBLIC ORASTAT ORCLADMIN ORDCOMMON DATA_SCHEMA DBSNMP DBVISION DCM DDIC DEMO DEMO8 DEMO9 DES DES2K DEV2000_DEMOS DIANE DIP DISCOVERER_ADMIN DISCOVERER5 DMSYS

OKR OKS OKX OLAPDBA INSTANCE OLAPSVR MANAGER OLAPSYS ORACLE ONT OO OPENSPIRIT OPI <UNKNOWN> ORACACHE ORACLE ORADBAPASS <UNKNOWN> ORAPROBE ORAREGSYS ORASSO ORASSO_DS ORASSO_PA ORASSO_PS ORASSO_PUBLIC ORASTAT WELCOME ORDCOMMON

BB0E28666845FCDC C2B4C76AB8257DF5 F9FDEB0DE52F5D6B 1AF71599EDACFB00 AF52CFD036E8F425 3B3F6DB781927D0F 3FB8EF9DB538647C C1510E7AC8F0D90D 54A85D2A0AB8D865 9E3C81574654100A 2AB9032E4483FAFC D664AAB21CE86FD2 1BF23812A0AEEDA0

5A4EEC421DE68DDD 38E38619A12E0257 C37E732953A8ABDB 3D9B7E34A4F7D4E9 2E3EA470A4CA2D94 28D778112C63CB15 F3701A008AA578CF 17DC8E02BC75C141 133F8D161296CB8F 63BB534256053305 C6EED68A8F75F5D3 6102BAE530DD4B95 7C0BE475D580FBA2 9B616F5489F90AD7

LASKJDF098KSDAF09 5ECB30FD1A71CC54 DBSNMP DBVISION <UNKNOWN> 199220706 DEMO DEMO8 DEMO9 DES DES2K DEV2000_DEMOS PASSWO1 DIP 4F9FFB093F909574 4646116A123897CF 0E7260738FDFD678 EE02531A80D998CA ABFEC5AC2274E54D 611E7A73EC4B425A 18A0C8BD6B13BEE2 46DC27700F2ADE28 CE4A36B8E06CA59C E066D214D5421CCC F74F7EF36A124931

DISCOVERER_ADMIN 5C1AED4D1AADAA4C <UNKNOWN> DMSYS BFBA5A553FD9E28A

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 3 3 3 3 2 2 3 3 2 2 3 3 3 3 2 2 3 3 2 3 2 3 3 2 2 2 3 3 2 3 3 2 2 3 2 2 3 2 2 2 2 2 2

DPF DSGATEWAY DSGATEWAY DSSYS DTSP EAA EAM EARLYWATCH EAST EC ECX EJB EJSADMIN EJSADMIN EMP ENG ENI ESTOREUSER EVENT EVM EXAMPLE EXFSYS EXTDEMO EXTDEMO2 FA FEM FII FINANCE FINPROD FLM FND FOO FPT FRM FROSTY FTE FV GL GMA GMD GME GMF GMI GML

DPFPASS <UNKNOWN> DSGATEWAY DSSYS DTSP EAA EAM SUPPORT EAST EC ECX EJB EJSADMIN

E53F7C782FAA6898

6869F3CFD027983A E3B6E6006B3A99E0 5A40D4065B3673D2 A410B2C5A0958CDF CE8234D92FCFB563 8AA1C62E08C76445 C5D5C455A1DE5F4D 6A066C462B62DD46 0A30645183812087 69CB07E2162C6C93 4C59B97125B6641A

EJSADMIN_PASSWOR 313F9DFD92922CD2 D EMP B40C23C6E2B4EA3D ENG ENI ESTORE EVENT EVM EXAMPLE EXFSYS EXTDEMO EXTDEMO2 FA FEM FII FINANCE FINPROD FLM FND BAR FPT FRM SNOWMAN FTE FV GL GMA GMD GME GMF GMI GML 4553A3B443FB3207 05A92C0958AFBCBC 51063C47AC2628D4 7CA0A42DA768F96D 137CEDC20DE69F71 637417B1DC47C2E5 66F4EF5650C20355 BAEF9D34973EE4EC 6A10DD2DB23880CB 21A837D0AED8F8E5 BD63D79ADF5262E7 CF39DE29C08F71B9 6CBBF17292A1B9AA 8E2713F53A3D69D5 CEE2C4B59E7567A3 0C0832F8B6897321 707156934A6318D4 73E3EC9C0D1FAECF 9A2A7E2EBE6E4F71 2ED539F71B4AA697 2FB4D2C9BAE2CCCA 907D70C0891A85B1 CD6E99DACE4EA3A6 DC7948E807DFE242 E269165256F22F01 B2F0E221F45A228F A07F1956E3E468E1 82542940B0CF9C16 5F1869AD455BBA73

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

2 2 3 3 2 3 3 3 3 2 4 3 3 3 3 3 3 3 2 3 3 3 2 2 4 3 3 3 3 3 3 3 3 3 3 3 3 3 1 1 3 3 3 3

GMP GMS GPFD GPLD GR HADES HCPARK HLW HR ABM ADAMS ADLDEMO ADMIN ADMIN ADMINISTRATOR ADMINISTRATOR AHL AHM AK ALHRO ALHRW ALR AMS AMV ANDY ANONYMOUS ANONYMOUS AP APPLMGR APPLSYS APPLSYS APPLSYS APPLSYSPUB APPLSYSPUB APPLSYSPUB APPLYSYSPUB APPLYSYSPUB APPLYSYSPUB APPS APPS_MRC APPUSER AQ AQDEMO AQJAVA

GMP GMS GPFD GPLD GR HADES HCPARK HLW UNKNOWN ABM WOOD ADLDEMO JETSPEED WELCOME ADMIN ADMINISTRATOR AHL AHM AK XXX XXX ALR AMS AMV SWORDFISH ANONYMOUS <INVALID> AP APPLMGR APPLSYS APPS FND APPLSYSPUB PUB FNDPUB FNDPUB PUB <UNKNOWN> APPS APPS APPPASSWORD AQ AQDEMO AQJAVA

450793ACFCC7B58E E654261035504804 BA787E988F8BC424 9D561E4D6585824B F5AB0AA3197AEE42 2485287AC1DB6756 3DE1EBA32154C56B 855296220C095810 6E0C251EABE4EBB8 D0F2982F121C7840 72CDEF4A3483F60D 147215F51929A6E8 CAC22318F162D597 B8B15AC9A946886A F9ED601D936158BD 1848F0A31D1C5C62 7910AE63C9F7EEEE 33C2E27CF5E401A4 8FCB78BBA8A59515 049B2397FB1A419E B064872E7F344CAE BE89B24F9F8231A9 BD821F59270E5F34 38BC87EB334A1AC4 B8527562E504BC3F FE0E8CE7C92504E9 Anonymous EED09A552944B6AD CB562C240E871070 FE84888987A6BF5A E153FFF4DAE6C9F7 0F886772980B8C79 D5DB40BB03EA1270 D2E3EF40EE87221E 78194639B5C3DF9F 78194639B5C3DF9F A5E09E84EC486FC9 D2E3EF40EE87221E D728438E8A5925E0 2FFDCBB4FD11D9DC 7E2C3C2D4BF4071B 2B0C31040A1CFB48 5140E342712061DD 8765D2543274B42E

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 3 2 4 3 2 1 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 3

AQUSER AR ASF ASG ASL ASO ASP AST ATM AUDIOUSER AURORA$JIS$UTILITY$ AURORA$JIS$UTILITY$

AQUSER AR ASF ASG ASL ASO ASP AST SAMPLEATM AUDIOUSER <INVALID> INVALID

4CF13BDAC1D7511C BBBFE175688DED7E B6FD427D08619EEE 1EF8D8BD87CF16BE 03B20D2C323D0BFE F712D80109E3C9D8 CF95D2C6C85FF513 F13FF949563EAB3C 7B83A0860CF3CB71 CB4F2CEC5A352488 INVALID_ENCRYPTED_PASS WORD E1BAE6D95AA95F1E 80C099F0EADF877E INVALID_ENCRYPTED_PASS WORD 0A8303530E86FCDD AAA18B5D51B0D5AC EAA333E83BF2810D 9671866348E03616 E84CC95CBBAC1B67 BF24BCE2409BE1F7 6026F9A8A54B9468 7E9901882E5F3565 2564B34BE50C2524 3DD36935EAEDE2E3 9435F2E60569158E C9B597D7361EE067 56DB3E89EAE5788E 447B729161192C24

AURORA$ORB$UNAUTH INVALID ENTICATED AURORA$ORB$UNAUTH <INVALID> ENTICATED AX AX AZ BC4J BEN BIC BIL BIM BIS BIV BIX BLAKE BLEWIS BOM SYSMAN SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM TAHITI AZ BC4J BEN BIC BIL BIM BIS BIV BIX PAPER BLEWIS BOM SYSMAN

CHANGE_ON_INSTAL 8BF0DA8E551DE1B9 L D_SYSPW 1B9F1F9A5CB9EB31 MANAGER ORACLE SYSTEMPASS SYSTEM MANAG3R ORACL3 0RACLE 0RACL3 ORACLE8 ORACLE9 ORACLE9I 0RACLE9I 0RACL39I TAHITI D4DF7931AB130E37 2D594E86F93B17A1 4861C2264FB17936 970BAA5B81930A40 135176FFB5BA07C9 E4519FCD3A565446 66A490AEAA61FF72 10B0C2DA37E11872 D5DD57A09A63AA38 69C27FA786BA774C 86FDB286770CD4B9 B171042374D7E6A2 D7C18B3B3F2A4D4B F339612C73D27861

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 3 3 3 3 3 3 3 3

TALBOT TDOS_ICSAP TEC TEST TEST TEST_USER TESTPILOT THINSAMPLE TIBCO TIP37 TRACESVR TRAVEL TSDEV TSUSER TURBINE UDDISYS ULTIMATE UM_ADMIN UM_CLIENT USER USER_NAME USER0 USER1 USER2 USER3 USER4 USER5 USER6 USER7 USER8 USER9 UTILITY USUARIO UTLBSTATU VEA VEH VERTEX_LOGIN VIDEOUSER VIF_DEVELOPER VIRUSER VPD_ADMIN VRR1 VRR1 VRR1

MT6CH5 TDOS_ICSAP TECTEC PASSWD TEST TEST_USER TESTPILOT THINSAMPLEPW TIBCO TIP37 TRACE TRAVEL TSDEV TSUSER TURBINE <UNKNOWN> ULTIMATE UM_ADMIN UM_CLIENT USER PASSWORD USER0 USER1 USER2 USER3 USER4 USER5 USER6 USER7 USER8 USER9 UTILITY CLAVE UTLESTAT VEA VEH VERTEX_LOGIN VIDEOUSER VIF_DEV_PWD VIRUSER AKF7D98S2 VRR1 VRR2 UNKNOWN

905475E949CF2703 7C0900F751723768 9699CFD34358A7A7 26ED9DD4450DD33C 7A0F2B316C212D67 C0A0F776EBBBB7FB DE5B73C964C7B67D 5DCD6E2E26D33A6E ED4CDE954630FA82 B516D9A33679F56B F9DA8977092B7B81 97FD0AE6DFF0F5FE 29268859446F5A8C 90C4F894E2972F08 76F373437F33F347

4C3F880EFA364016 F4F306B7AEB5B6FC 82E7FF841BFEAB6C 74085BE8A9CF16B4 96AE343CA71895DA 8A0760E2710AB0B4 BBE7786A584F9103 1718E5DBB8F89784 94152F9F5B35B103 2907B1BFA9DA5091 6E97FCEA92BAA4CB F73E1A76B1E57F3D 3E9C94488C1A3908 D148049C2780B869 0487AFEE55ECEE66 81F2423D6811246D 1AB4E5FD2217F7AA C42D1FA3231AB025 D38D161C22345902 72A90A786AAE2914 DEF637F1D23C0C59 29ECA1F239B0F7DF 9A7DCB0C1D84C488 404B03707BF5CEA3 571A7090023BCD04 811C49394C921D66 3D703795F61E3A9A 3DA1893A5FCA23BF

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 3 3 3 3 3 3 2 2 3 3 3 3 3 3 3 3 3 3 3 2 3 3 2 2 2 3 3 3 3 2 2 2 3 2 2 2 3 2 3 1 1 1 1

WEBCAL01 WEBDB WEBREAD WEBSYS WEBUSER WEST WFADMIN WH WIP WIRELESS WKADMIN WKPROXY WKPROXY WKSYS WKPROXY WKSYS WKUSER WK_SYS WK_TEST WK_PROXY WMS WMSYS WOB WPS WSH WSM WWW WWWUSER XADEMO XDB XDP XLA XNC XNI XNM XNP XNS XPRT XTR MDDEMO_MGR SYSTEM SYSTEM SYSTEM SYSTEM

WEBCAL01 WEBDB WEBREAD MANAGER YOUR_PASS WEST WFADMIN WH WIP <UNKNOWN> WKADMIN WKPROXY

C69573E9DEC14D50 D4C4DCDD41B05A5D F8841A7B16302DE6 A97282CE3D94E29E FD0C7DB4C69FA642 DD58348364219102 C909E4F104002876 91792EFFCB2464F9 D326D25AE0A0355C

888203D36F64C5F6 AA3CB2A4D9188DDB

CHANGE_ON_INSTAL B97545C4DD2ABE54 L CHANGE_ON_INSTAL 69ED49EE1851900D L UNKNOWN 18F0B0E50B9F7B12 WKSYS WKUSER <UNKNOWN> WK_TEST <UNKNOWN> WMS WMSYS WOB WPS WSH WSM WWW WWWUSER XADEMO 545E13456B7DDEA0 8B104568E259B370 79DF7A1BD138CF11 29802572EB547DBF 3F9FBD883D787341 D7837F182995E381 7C9BA362F8314299 D27FA6297C0313F4 50D22B9D18547CF7 D4D76D217B02BD7A 750F2B109F49CC13 6DE993A60BC8DBBF F239A50072154BAC ADBC95D8DCC69E66

CHANGE_ON_INSTAL 88D8364765FCE6AF L XDP F05E53C662835FA2 XLA XNC XNI XNM XNP XNS XPRT XTR MGR D_SYSTPW ORACLE8I 0RACLE8 0RACLE9 2A8ED59E27D86D41 BD8EA41168F6C664 F55561567EF71890 92776EA17B8B5555 3D1FB783F96D1F5E FABA49C38150455E 0D5C9EFC2DFE52BA A43EE9629FA90CAE B41BCD9D3737F5C4 4438308EE0CAFB7F FAAD7ADAF48B5F45 685657E9DC29E185 49B70B505DF0247F

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

1 1 1 1 1 1 1 1 1 1 3 2 3 3 2 3 3 3 3 2 2 3 3 3 3 3 2 2 2 2 3 3 3 3 3 2 3 3 3 3 3 3 2 2

SYSTEM SYSTEM SYSTEM SYSTEM SYS SYS SYS SYS SYS SYS ORDPLUGINS ORDSYS OSE$HTTP$ADMIN OSE$HTTP$ADMIN OSM OSP22 OSSAQ_HOST OSSAQ_PUB OSSAQ_SUB OTA OUTLN OWA OWA_PUBLIC OWF_MGR OWF_MGR OWNER OZF OZP OZS PA PANAMA PATROL PAUL PERFSTAT PERSTAT PJM PLANNING PLEX PLSQL PM PM PM PMI PN

0RACLE8I 0RACL38 0RACL39 0RACL38I 0RACLE8 0RACLE9 0RACLE8I 0RACL38 0RACL39 0RACL38I ORDPLUGINS ORDSYS Invalid password INVALID OSM OSP22 <UNKNOWN> <UNKNOWN> <UNKNOWN> OTA OUTLN OWA OWA_PUBLIC <UNKNOWN> OWF_MGR OWNER OZF OZP OZS PA PANAMA PATROL PAUL PERFSTAT PERSTAT PJM PLANNING PLEX SUPERSECRET

B49C4279EBD8D1A8 604101D3AACE7E88 02AB2DB93C952A8F 203CD8CF183E716C 1FA22316B703EBDD 12CFB5AE1D087BA3 380E3D3AD5CE32D4 2563EFAAE44E785A E7686462E8CD2F5E 691C5E7E424B821A 88A2B2C183431F00 7EFA02EC7EA6B86F INVALID_ENCRYPTED_PASS WORD 05327CD9F6114E21 106AE118841A5D8C C04057049DF974C2

F5E498AC7009A217 4A3BA55E08595C81 CA5D67CD878AFC49 0D9EC1D1F2A37657

3CBED37697EB01D1 5C3546B4F9165300 970B962D942D0C75 B650B1BB35E86863 0DABFF67E0D33623 8CE2703752DB36D8 3E7B4116043BEAFF 0478B8F047DECC65 35EC0362643ADD3F AC98877DE1297365 A68F56FBBCDC04AB 021B05DBB892D11F 71B5C2271B7CFF18 99355BF0E53FF635 C4522E109BCF69D0

CHANGE_ON_INSTAL 72E382A52E89575A L UNKNOWN F67E035BF8352CB4 PM PMI PN C7A235E6D2AF6018 A7F7978B21A6F65E D40D0FEF9C8DC624

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

1 3 3 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 1 3 2 2 3 2 3 3 3 3 3 3 3 3 3 3 3

PO PO7 PO8 POA POM PORTAL PORTAL_APP PORTAL_DEMO PORTAL_DEMO PORTAL_PUBLIC PORTAL_SSO_PS PORTAL30 PORTAL30 PORTAL30_ADMIN PORTAL30_DEMO PORTAL30_PS PORTAL30_PUBLIC PORTAL30_SSO

PO PO7 PO8 POA POM <UNKNOWN> <UNKNOWN> <UNKNOWN> PORTAL_DEMO <UNKNOWN> PORTAL_SSO_PS PORTAL30 PORTAL31 PORTAL30_ADMIN PORTAL30_DEMO PORTAL30_PS PORTAL30_PUBLIC PORTAL30_SSO

355CBEC355C10FEF 6B870AF28F711204 7E15FBACA7CDEBEC 2AB40F104D8517A0 123CF56E05D4EF3C

A0A3A6A577A931A3

D1FB757B6E3D8E2F 969F9C3839672C6D D373ABE86992BE68 7AF870D89CABF1C7 CFD1302A7F832068 333B8121593F96FB 42068201613CA6E2 882B80B587FCDBC8

PORTAL30_SSO_ADMIN PORTAL30_SSO_ADM BDE248D4CCCD015D IN PORTAL30_SSO_PS PORTAL30_SSO_PS F2C3DC8003BC90F8 PORTAL30_SSO_PUBLI PORTAL30_SSO_PUB 98741BDA2AC7FFB2 C LIC POS POS 6F6675F272217CF7 POWERCARTUSER PRIMARY PSA PSB PSP PUBSUB PUBSUB1 PV QA QDBA QP QS QS QS QS_ADM QS_ADM QS_ADM QS_CB QS_CB QS_CB QS_CBADM QS_CBADM POWERCARTUSER PRIMARY PSA PSB PSP PUBSUB PUBSUB1 PV QA QDBA QP 2C5ECE3BEC35CE69 70C3248DFFB90152 FF4B266F9E61F911 28EE1E024FC55E66 4FE07360D435E2F0 80294AE45A46E77B D6DF5BBC8B64933E 76224BCC80895D3D C7AEAA2D59EB1EAE AE62CB8167819595 10A40A72991DCA15

CHANGE_ON_INSTAL 8B09C6075BDF2DC4 L QS 4603BCD2744BDE4F UNKNOWN ACBD635B3A25405D

CHANGE_ON_INSTAL 991CDDAD5C5C32CA L QS_ADM 3990FB418162F2A0 UNKNOWN BB424460EFEC9080

CHANGE_ON_INSTAL CF9CFACF5AE24964 L QS_CB 870C36D8E6CD7CF5 UNKNOWN A2A1265A6BDC8F36

CHANGE_ON_INSTAL 7C632AFB71F8D305 L QS_CBADM 20E788F9D4F1D92C

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 2 2 2 3 2 3 1 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3

QS_CBADM QS_CS QS_CS QS_CS QS_ES QS_ES QS_ES QS_OS QS_OS QS_OS QS_WS QS_WS QS_WS RE REP_MANAGER REP_OWNER REP_OWNER REP_USER REPADMIN REPORTS_USER REPORTS RG RHX RLA RLM RMAIL RMAN RRS SAMPLE SAP SAP SAPR3 SCOTT SCOTT SDOS_ICSAP SECDEMO SERVICECONSUMER1 SH SH SH SITEMINDER

UNKNOWN

58C823BA7A2D3D7F

CHANGE_ON_INSTAL 91A00922D8C0F146 L QS_CS 2CA6D0FC25128CF3 UNKNOWN 5D85C7E8FB28375F

CHANGE_ON_INSTAL E6A6FA4BB042E3C2 L QS_ES 9A5F2D9F5D1A9EF4 UNKNOWN 723007181C44715C

CHANGE_ON_INSTAL FF09F3EB14AE5C26 L QS_OS 0EF5997DC2638A61 UNKNOWN 7ABBCF4BEB7854B2

CHANGE_ON_INSTAL 24ACF617DD7D8F2F L QS_WS 0447F2F756B4F460 UNKNOWN RE DEMO DEMO REP_OWNER DEMO REPADMIN OEM_TEMP REPORTS RG RHX RLA RLM RMAIL RMAN RRS SAMPLE SAPR3 6071992 SAP TIGER TIGGER SDOS_ICSAP SECDEMO 8CF13718CDC81090 933B9A9475E882A6 2D4B13A8416073A1 88D8F06915B1FE30 BD99EC2DD84E3B5C 57F2A93832685ADB 915C93F34954F5F8 635074B4416CD3AC 0D9D14FE6653CF69 0FAA06DA0F42F21F FFDF6A0C8C96E676 C1959B03F36C9BB2 4B16ACDA351B557D DA4435BBF8CAE54C E7B5D92911C831E1 5CA8F5380C959CA9 E74B15A3F7A19CA8 BEAA1036A464F9F0 B1344DC1B5F3D903 58872B4319A76363 F894844C34402B67 7AA1A84E31ED7771 C789210ACC24DA16 009BBE8142502E10

SERVICECONSUMER1 183AC2094A6BD59F CHANGE_ON_INSTAL 9793B3777CD3BD1A L SH 54B253CBBAAA8C48 UNKNOWN SITEMINDER 1729F80C5FA78841 061354246A45BBAB 84B8CBCA4D477FA3 FDFE8B904875643D 4A0A55000357BB3E

SI_INFORMTN_SCHEMA SI_INFORMTN_SCHE MA SLIDE SLIDEPW SPIERSON SPIERSON

Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle Oracle

2 3 3 3 3 3 1 1 2 1 1 1 1 1 1 1 1 1 1 1 1 1 3 3 3 1

SSP STARTER STRAT_USER SWPRO SWUSER SYMPA SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYSADM SYSADMIN SYSADMIN SYSMAN

SSP STARTER STRAT_PASSWD SWPRO SWUSER SYMPA

87470D6CE203FB4D 6658C384B8D63B0A AEBEDBB4EFB5225B 4CB05AA42D8E3A47 783E58C29D2FC7E1 E7683741B91AF226

CHANGE_ON_INSTAL D4C5016086B2DC6A L D_SYSPW 43BE121A2A135FF3 MANAGER ORACLE SYS SYSPASS MANAG3R ORACL3 0RACLE 0RACL3 ORACLE8 ORACLE9 ORACLE8I ORACLE9I 0RACLE9I 0RACL39I SYSADM <UNKNOWN> SYSADMIN OEM_TEMP DC86E8DEAA619C1A 639C32A115D2CA57 5638228DAF52805F 8A8F025737A9097A 4DE42795E66117AE 66BC3FF56063CE97 57D7CFA12BB5BABF A9A57E819B32A03D 2905ECA56A830226 64074AF827F4B74A 41B328CA13F70713 0B4409DDD5688913 6CFF570939041278 3522F32DD32A9706 BE29E31B2B0EDA33 5AC333703DE0DBD4 BA3E855E93B5B9B0

BRIO_ADMIN is an account of a 3rd party product. 9iR2 documentation 9iR2 documenation BSC is a schema account from Oracle Applications. Default it has several CREATE privileges. From a book CALVIN is an account to demonstrate AOLServer. It should not exist in a production environment. CATALOG is an account of a 3rd party product. CCT is a schema account from Oracle Applications. Default it has several CREATE privileges. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. CDOUGLAS is a schema owner of Workflow Iasdb CE is a schema account from Oracle Applications. Default it has several ANY privs CENTRA is an account that presumably manages Centra application software. CENTRAL is an administrative account for Quest Central(?). CIDS is an account for Cerberus Intrusion Detection System. CIS is an account for dbengine CIS is an account for dbengine CISINFO is an account for dbengine CISINFO is an account for dbengine This is a training account. It should not be available in a production environment. CLKANA is an account for Oracle Clickstream Intelligence. CLKRT is an account for Oracle Clickstream Intelligence. CN is a schema account from Oracle Applications. Default it has several ANY privs COMPANY is an account with DBA privileges COMPIERE is an account for the application Compiere. CQSCHEMAUSER is a schema account of a 3rd party product. CQUSERDBUSER is a user account of a 3rd party product. CRP is a schema account from Oracle Applications. Default it has several ANY privs CS is a schema account from Oracle Applications. Default it has several ANY privs CSC is a schema account from Oracle Applications. Default it has several CREATE privileges. CSD is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications CSF is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications Oracle Applications CSMIG is an account for Character Set Migrations. CSP is a schema account from Oracle Applications. Default it has several CREATE privileges. CSR is a schema account from Oracle Applications. Default it has several CREATE privileges. CSS is a schema account from Oracle Applications. Default it has several CREATE privileges. CTXDEMO is a demonstration account of Oracle Context/Oracle Text. amongst which amongst which amongst which which allow change and destroy all data in your to read database. at interface from CIS at interface from CIS at interface from CIS at interface from CIS amongst which

CTXSYS (Oracle Text/Intermedia Text/Context option) is an account with DBA privileges and therefor allows to read CTXSYS (Oracle Text/Intermedia Text/Context option) is an account with DBA privileges and therefor allows to read CTXSYS (Oracle Text/Intermedia Text/Context option) is an account with DBA privileges and therefor allows to read CTXSYS (Oracle Text/Intermedia Text/Context option) is an account with DBA privileges and therefor allows to read CUA is a schema account from Oracle Applications. Default it has several ANY privs CUE is a schema account from Oracle Applications. Default it has several CREATE privileges. CUF is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications CUI is a schema account from Oracle Applications. Default it has several CREATE privileges. CUN is a schema account from Oracle Applications. Default it has several CREATE privileges. CUP is a schema account from Oracle Applications. Default it has several CREATE privileges. CUS is a schema account from Oracle Applications. Default it has several CREATE privileges. CZ is a schema account from Oracle Applications. Default it has several CREATE privileges. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. HRI is a schema account from Oracle Applications. Default it has several CREATE privileges. CA Harvest HXC is a schema account from Oracle Applications. Default it has several CREATE privileges. HXT is a schema account from Oracle Applications. Default it has several CREATE privileges. IBA is a schema account from Oracle Applications. Default it has several CREATE privileges. IBE is a schema account from Oracle Applications. Default it has several CREATE privileges. IBP is a schema account from Oracle Applications. Default it has several CREATE privileges. IBU is a schema account from Oracle Applications. Default it has several CREATE privileges. IBY is a schema account from Oracle Applications. Default it has several CREATE privileges. ICDBOWN is the owner of BEA eLink Business Process Engine. ICX is a schema account from Oracle Applications. Default it has several CREATE privileges. IEB is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications IEM is a schema account from Oracle Applications. Default it has several CREATE privileges. IEO is a schema account from Oracle Applications. Default it has several CREATE privileges. IES is a schema account from Oracle Applications. Default it has several CREATE privileges. IEU is a schema account from Oracle Applications. Default it has several CREATE privileges. IEX is a schema account from Oracle Applications. Default it has several CREATE privileges. IFSSYS is an account belonging to Oracle Internet File System. IGC is a schema account from Oracle Applications. Default it has several CREATE privileges. IGF is a schema account from Oracle Applications. Default it has several CREATE privileges. IGI is a schema account from Oracle Applications. Default it has several CREATE privileges. IGS is a schema account from Oracle Applications. Default it has several CREATE privileges. IGW is a schema account from Oracle Applications. Default it has several CREATE privileges. IMAGEUSER is an account of an unknown 3rd party product. Oracle Applications

change and destroy all change and destroy all change and destroy all change and destroy all amongst which

IMEDIA is the schema account of the Intermedia option. Oracle Applications

INV is a schema account from Oracle Applications. Default it has several ANY privs IPA is a schema account from Oracle Applications. Default it has several CREATE privileges. IPD is a schema account from Oracle Applications. Default it has several CREATE privileges. IPLANET is an account belonging to iPlanet (now called Java Enterprise System). ISC is a schema account from Oracle Applications. Default it has several CREATE privileges. ITG is a schema account from Oracle Applications. Default it has several CREATE privileges. JA is a schema account from Oracle Applications. Default it has several CREATE privileges. JAKE is an account to demonstrate AOLServer. It should not exist in a production environment. JE is a schema account from Oracle Applications. Default it has several CREATE privileges. JG is a schema account from Oracle Applications. Default it has several ANY privs JILL is an account to demonstrate AOLServer. It should not exist in a production environment. JL is a schema account from Oracle Applications. Default it has several CREATE privileges. JMUSER is the schema account of the General Ledger module of the Oracle E-Business suite. Book This is a training account. It should not be available in a production environment. JTF is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications Oracle Applications 9iR2 documenation KWALKER is a schema owner of Workflow Iasdb

amongst which

amongst which

LBACSYS is an management account of Oracle Label Security. It allows to change security settings for Oracle Label Security. LIBRARIAN is an account that possibly belongs to ACD/Web software Librarian targeted at MARK is an account to demonstrate AOLServer. It should not exist in a production environment.

10g

MDDEMO_CLERK is a user account belonging to Oracle Metadata API. MDDEMO_MGR is an administration account for to Oracle Metadata API. The account MDSYS (Oracle Spatial administrator) has DBA-like privileges ME is a schema account from Oracle Applications. Default it has several CREATE privileges. MFG is a schema account from Oracle Applications. Default it has several ANY privs 10g

which allow change and destroy all data in your to read database. amongst which

MRP is a schema account from Oracle Applications. Default it has amongst several ANY privs which MSC is a schema account from Oracle Applications. Default it has several CREATE privileges. MSD is a schema account from Oracle Applications. Default it has several CREATE privileges. MSO is a schema account from Oracle Applications. Default it has several CREATE privileges. MSR is a schema account from Oracle Applications. Default it has several CREATE privileges. MTSSYS is an account for Microsoft Transaction Server support. MWA is a schema account from Oracle Applications. Default it has several CREATE privileges.

NNEUL is an account of Computer and Information Services from the University of Missouri-Rolla. 9iR2 documenation 9iR2 documenation 9iR2 documenation 9iR2 documenation OAIHUB902 is an account of Oracle 9iAS InterConnect (OAI). OAS_PUBLIC is the schema account of older versions of Oracle Webserver.

OCM_DB_ADMIN is an administrative account of Oracle9iAS Certificate Manager (OCM). OCM_DB_ADMIN is an administrative account of Oracle9iAS Certificate Manager (OCM).

ODS is the schema of Oracle Internet Directory metadata. ODS_SERVER is an administrative account for of Oracle Internet Directory metadata. ODSCOMMON is a user with acces to Oracle Internet Directory. This is a training account. It should not be available in a production environment. OE is a schema account from Oracle Applications. Default it has several ANY privs OEM_REPOSITORY is the schema owner of Oracle Enterprise Managers Repository. amongst which

Oracle Applications OKC is a schema account from Oracle Applications. Default it has several CREATE privileges. OKE is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications Oracle Applications

OKR is a schema account from Oracle Applications. Default it has several CREATE privileges. OKS is a schema account from Oracle Applications. Default it has several CREATE privileges. OKX is a schema account from Oracle Applications. Default it has several CREATE privileges. OLAPDBA is an administrative account for the OLAP Services option. OLAPSVR is an administrative account for the OLAP Services option. OLAPSVR is an administrative account for the OLAP Services option. OLAPSYS is an administrative account for the OLAP Services option. OLAPSYS is an administrative account for the OLAP Services option. ONT is a schema account from Oracle Applications. Default it has several CREATE privileges.

OPI is a schema account from Oracle Applications. Default it has several CREATE privileges.

ORADBA is a DBA account of Computer and Information Services from the University of Missouri-Rolla. OR Solutions User used to execute default password check scripts

ORASSO is the schema of Oracle9iAS Single Sign-On. ORASSO_DS is an account belonging to Oracle9iAS Single SignOn. ORASSO_PA is an account belonging to Oracle9iAS Single SignOn. ORASSO_PS is an account belonging to Oracle9iAS Single SignOn. ORASSO_PUBLIC is a public account for Oracle9iAS Single SignOn. n/a

DBSNMP is an account for the Oracle Intelligent Agent. Under certain circumstances it allows to read passwords from memory. DBVISION is an administrative account of Platinum DBVision. DCM is an administrative account of Oracle 9iAS Distributed Configuration Manager. This is a SAP application user ID. DEMO is a commonly used name for demonstration accounts. This should not exist in a production environment. DEMO8 is some kind of demonstration account. DEMO9 is some kind of demonstration account. DES is a common name for a Oracle Designer account. DES2K is an account of Oracle Designer 2000. DEV2000_DEMOS is a demonstration account for Oracle Developer. DIANE is an account to demonstrate AOLServer. It should not exist in a production environment. 10g

DISCOVERER5 is an administrative account of Oracle9iAS Discoverer. 10g

DPF is an account of Computer and Information Services from the University of Missouri-Rolla. DSGATEWAY is an account for Oracle Syndication Server. DSGATEWAY is an account for Oracle Syndication Server. DSSYS is an account for Oracle Dynamic Services/Web Services.

EAA is a schema account from Oracle Applications. Default it has several CREATE privileges. EAM is a schema account from Oracle Applications. Default it has several CREATE privileges.

EC is a schema account from Oracle Applications. Default it has amongst several ANY privs which ECX is a schema account from Oracle Applications. Default it has several CREATE privileges.

EMP is an training account (I think). It should not be on production environments. ENG is a schema account from Oracle Applications. Default it has several ANY privs ENI is a schema account from Oracle Applications. Default it has several ANY privs ESTOREUSER is an administration account for WebSphere. EVENT is an administration account for Oracle Discoverer. EMV is a schema account from Oracle Applications. Default it has several CREATE privileges.

amongst which amongst which

9ir2 9ir2 FA is a schema account from Oracle Applications. Default it has amongst several ANY privs which FEM is a schema account from Oracle Applications. Default it has several CREATE privileges. FII is a schema account from Oracle Applications. Default it has several CREATE privileges. FINANCE is a schema account for Oracle Financials. OraSecurityChk.exe FLM is a schema account from Oracle Applications. Default it has several CREATE privileges. FND is an account for Oracle Applications 9ir2 FPT is a schema account from Oracle Applications. Default it has several CREATE privileges. FRM is a schema account from Oracle Applications. Default it has several CREATE privileges. FROSTY seems to be some kind of test account from a guide to install Oracle on RedHat. This account should not be on FTE is a schema account from Oracle Applications. Default it has several CREATE privileges. FV is a schema account from Oracle Applications. Default it has several CREATE privileges. GL is the schema account of the General Ledger module of the Oracle E-Business suite. GMA is a schema account from Oracle Applications. Default it has several CREATE privileges. GMD is a schema account from Oracle Applications. Default it has several CREATE privileges. GME is a schema account from Oracle Applications. Default it has several CREATE privileges. GMF is a schema account from Oracle Applications. Default it has several CREATE privileges. GMI is a schema account from Oracle Applications. Default it has several CREATE privileges. GML is a schema account from Oracle Applications. Default it has several CREATE privileges.

the Financials

GMP is a schema account from Oracle Applications. Default it has several CREATE privileges. GMS is a schema account from Oracle Applications. Default it has several CREATE privileges. GPFD is an account of an unknown 3rd party product GPFD is an account of an unknown 3rd party product GR is a schema account from Oracle Applications. Default it has several CREATE privileges. GPFD is an account of an unknown 3rd party product HLW seems to be part of a 9iAS demo. It should not be on a production environment then. ABM is an account from Oracle Applications. It has This is a training account. It should not be available in a production environment. This is an account to demonstrate using LOBs in VBA code. It should not be installed in a production environment. ADMIN is an administration account of Apache Jetspeed. ADMIN is a generally used accountname to administer a product (like Apache Jetspeed). ADMINISTRATOR is a commonly used name for management accounts for applications. ADMINISTRATOR is a commonly used name for management accounts for applications. Oracle Applications Oracle Applications AK is a schema account from Oracle Applications. Default it has many ANY privileges ALHRO is an unknown account. ALHRW is an unknown account. Oracle Applications AMS is a schema account from Oracle Applications. Default it has several CREATE privileges. AMV is a schema account from Oracle Applications. Default it has several CREATE privileges. This is a training account. It should not be available in a production environment. Usually it is not a good idea to have anonymous access to a database. Set by values AP is an account for Oracle Applications specifically Account amongst which amongst others CREATE DATABASE LINK privileges.

APPLSYS is an administration account for Oracle Applications. It controls the Concurrent Manager. APPLSYS is an administration account for Oracle Applications. It controls the Concurrent Manager.

APPLYSYSPUB is an account for Oracle Applications. It has UNLIMITED TABLESPACE. APPLYSYSPUB is an account for Oracle Applications. It has UNLIMITED TABLESPACE. APPS is an often used name for management or schema accounts for applications. In Oracle Applications it is a schema APPS_MRC is a schema account from Oracle Applications. It has DBA-like privileges. APPUSER is an often used name for an application account for users. AQ is an account to manage Oracle Advanced Queuing a messaging AQDEMO is an account to demonstrate Oracle Advanced a Queuing messaging AQJAVA is an account of Oracle Advanced Queuing a messaging

AQ is an account to use Oracle Advanced Queuing

a messaging AR is a schema account from Oracle Applications. Default it has amongst several ANY privs which ASF is a schema account from Oracle Applications. Default it has several CREATE privileges. ASG is a schema account from Oracle Applications. Default it has several CREATE privileges. ASL is a schema account from Oracle Applications. Default it has several CREATE privileges. ASO is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications AST is a schema account from Oracle Applications. Default it has several CREATE privileges. 9iR2 default account AUDIOUSER is the account to manage the Intermedia Audio option. AURORA$JIS$UTILITY$ is an internal account of Jserver. In 8i changing the password will prevent ORB from working. AURORA$JIS$UTILITY$ is an internal account of Jserver. In 8i changing the password will prevent ORB from working. AURORA$ORB$UNAUTHENTICATED is an internal account of Jserver. In 8i changing the password will prevent ORB from AX is a schema account from Oracle Applications. Default it has amongst several ANY privs which AZ is a schema account from Oracle Applications. Default it has several CREATE privileges. BC4J is the account to manage the Bussiness Components for Java. BEN is a schema account from Oracle Applications. Default it has several CREATE privileges. BIC is a schema account from Oracle Applications. Default it has several CREATE privileges. BIL is a schema account from Oracle Applications. Default it has several CREATE privileges. BIM is a schema account from Oracle Applications. Default it has several CREATE privileges. BIS is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications BIX is a schema account from Oracle Applications. Default it has several CREATE privileges. This is a training account. It should not be available in a production environment. BLEWIS is a schema owner of Workflow Iasdb BOM is a schema account from Oracle Applications. Default it has several ANY privs SYSMAN is the management account for Oracle Enterprise Mananger. It is used as access to all databases that are managed SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read amongst which change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all

9iR2 documenation

TRACESVR is required for Oracle trace (otrace)

which is you might want to lock it. generally not

UDDISYS is an administrative account of Oracle9iAS Web Services.

9iR2 documentation

VEA is a schema account from Oracle Applications. Default it has several CREATE privileges. VEH is a schema account from Oracle Applications. Default it has several CREATE privileges.

WH is a schema account from Oracle Applications. Default it has several CREATE privileges. WIP is a schema account from Oracle Applications. Default it has several CREATE privileges. WIRELESS is an administrative account of Oracle 9iAS Wireless WFADMIN is an administrative account of Oracle9iAS WorkFlow. 10g WKPROXY is an administrative account of Oracle9iAS Ultrasearch. WKSYS is an administrative account of Oracle9iAS Ultrasearch.

WKSYS is an administrative account of Oracle9iAS Ultrasearch. WKUSER is a user account of Oracle9iAS Ultrasearch.

10g 10g WMS is a schema account from Oracle Applications. Default it has several CREATE privileges.

WPS is a schema account from Oracle Applications. Default it has several CREATE privileges. WSH is a schema account from Oracle Applications. Default it has several CREATE privileges. WSM is a schema account from Oracle Applications. Default it has several CREATE privileges.

XDP is a schema account from Oracle Applications. Default it has several CREATE privileges. XLA is a schema account from Oracle Applications. Default it has several CREATE privileges. XNC is a schema account from Oracle Applications. Default it has several CREATE privileges. Oracle Applications XNM is a schema account from Oracle Applications. Default it has several CREATE privileges. XNP is a schema account from Oracle Applications. Default it has several CREATE privileges. XNS is a schema account from Oracle Applications. Default it has several CREATE privileges. XTR is a schema account from Oracle Applications. Default it has several CREATE privileges. SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read change and destroy all change and destroy all change and destroy all change and destroy all

SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYSTEM is Oracles database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read ORDPLUGINS is an administrative account for Oracle Time Series. The account ORDSYS (Oracle Time Series) has a limited number of risky system privileges OSE$HTTP$ADMIN is an internal account of Jserver. In 8i changing the password will prevent ORB from working. OSE$HTTP$ADMIN is an internal account of Jserver. In 8i changing the password will prevent ORB from working. OSM is a schema account from Oracle Applications. Default it has several ANY privs

change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all amongst which those

amongst which

OSSAQ_HOST is an administrative account of Oracle9iAS Syndication Server. OSSAQ_PUB is a public account of Oracle9iAS Syndication Server. OSSAQ_SUB is an administrative account of Oracle9iAS Syndication Server. OTA is a schema account from Oracle Applications. Default it has amongst several ANY privs which Often neglected the OUTLN account has

OWF_MGR is the schema owner of Oracle Workflow Manager. OWF_MGR is the schema owner of Oracle Workflow Manager.

OZF is a schema account from Oracle Applications. Default it has several CREATE privileges. OZP is a schema account from Oracle Applications. Default it has several CREATE privileges. OZS is a schema account from Oracle Applications. Default it has several CREATE privileges. PA is a schema account from Oracle Applications. Default it has several CREATE privileges.

Book PERFSTAT is an account of Oracles statistics package Statspack. PERFSTAT probably has permissions to see the data PERFSTAT is an account of Oracles statistics package Statspack. PERFSTAT probably has permissions to see the data PJM is a schema account from Oracle Applications. Default it has several CREATE privileges.

This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. PMI is a schema account from Oracle Applications. Default it has several CREATE privileges. PN is a schema account from Oracle Applications. Default it has several CREATE privileges.

PO is an possibly account with DBA privileges

which allow change and destroy all data in your to read database.

POA is a schema account from Oracle Applications. Default it has several CREATE privileges. POM is a schema account from Oracle Applications. Default it has several CREATE privileges.

PORTAL30 is the schema owner of Oracle Portal. PORTAL31 is the schema owner of Oracle Portal. PORTAL30_ADMIN is the administration account of Oracle Portal.

PORTAL30_SSO is the schema owner of Oracle Portal SingleSign on PORTAL30_SSO is the admin account of Oracle Portal SingleSign on PORTAL30_SSO is the public account for Oracle Portal SingleSign on Oracle Applications

PSA is a schema account from Oracle Applications. Default it has several CREATE privileges. PSB is a schema account from Oracle Applications. Default it has several CREATE privileges. PSP is a schema account from Oracle Applications. Default it has several CREATE privileges. PUBSUB is an account with DBA privileges

which allow change and destroy all data in your to read database.

PV is a schema account from Oracle Applications. Default it has several CREATE privileges. QA is a schema account from Oracle Applications. Default it has several CREATE privileges. QP is a schema account from Oracle Applications. Default it has several CREATE privileges. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment.

This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment.

n/a RG is a schema account from Oracle Applications. Default it has several CREATE privileges. RHX is a schema account from Oracle Applications. Default it has several CREATE privileges. RLA is a schema account from Oracle Applications. Default it has several CREATE privileges. RLM is a schema account from Oracle Applications. Default it has several CREATE privileges. RMAN is an account for the Oracle Recovery Manager. This account might be misused to write unwanted changes to the SAMPLE is possibly an account with DBA privileges This is a SAP application user ID. This is a SAP application user ID. SAPR3 is the administration account (and schema?) of SAP R/3 This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment. which allow change and destroy all data in your to read database.

This is a training account. It should not be available in a production environment. This is a training account. It should not be available in a production environment.

10g

SPIERSON is a schema owner of Workflow Iasdb

SSP is a schema account from Oracle Applications. Default it has several CREATE privileges.

SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYS is Oracles most powerful database management account. It allows to read SYSADMIN is the schema owner of Oracle Workflow Manager. SYSADMIN is the schema owner of Oracle Workflow Manager. SYSMAN is the management account for Oracle Enterprise Mananger. It is used as access to all databases that are managed

change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all change and destroy all

Oracle HTTP Server listen port / Oracle HTTP Server port Oracle Internet Directory(non-SSL) Oracle HTTP Server SSL port Oracle Internet Directory(SSL) Oracle Net Listener / Enterprise Manager Repository port Oracle Net Listener Oracle Names Oracle Connection Manager (CMAN) Oracle JDBC for Rdb Thin Server Oracle Intelligent Agent Oracle Intelligent Agent Oracle Intelligent Agent Oracle Intelligent Agent Enterprise Manager Servlet port SSL Oracle Connection Manager Admin (CMAN) Enterprise ManagerAgent port Enterprise Manager RMI port Oracle XMLDB FTP Port Oracle GIOP IIOP Oracle GIOP IIOP for SSL Oracle OC4J RMI

80 389 443 636 1521 1526 1575 1630 1701 1748 1754 1808 1809 1810 1830 1831 1850 2100 2481 2482 3201

Oracle OC4J AJP

3301

Enterprise Manager Reporting port Oracle OC4J IIOP

3339 3401

Oracle OC4J IIOPS1

3501

Oracle OC4J IIOPS2

3601

Oracle OC4J JMS

3701

Oracle9iAS Web Cache Admin port 4000 Oracle9iAS Web Cache Invalidation port 4001 Oracle9iAS Web Cache Statistics port 4002 Oracle Internet Directory(SSL) 4031 Oracle Internet Directory(non-SSL) 4032 OracleAS Certificate Authority (OCA) - Server Authentication 4400 OracleAS Certificate Authority (OCA) - Mutual Authentication 4401 Oracle HTTP Server SSL port 4443 Oracle9iAS Web Cache HTTP Listen(SSL) port 4444 Oracle TimesTen 4662 Oracle TimesTen 4758 Oracle TimesTen 4759 Oracle TimesTen 4761

Oracle TimesTen Oracle TimesTen Oracle TimesTen Oracle Enterprise Manager Web Console iSQLPlus 10g iSQLPlus 10g Oracle Notification Service request port Oracle Notification Service local port Oracle Notification Service remote port Oracle9iAS Clickstream Collector Agent Java Object Cache port DCM Java Object Cache port Oracle HTTP Server Diagnostic Port Oracle HTTP Server Port Tunneling Oracle HTTP Server listen port / Oracle HTTP Server port Oracle9iAS Web Cache HTTP Listen(non-SSL) port Oracle HTTP Server Jserv port Oracle XMLDB HTTP port OC4J Forms / Reports Instance OC4J Forms / Reports Instance Oracle Forms Server 6 / 6i Oracle SOAP Server OS Agent Oracle Times Ten Oracle Times Ten Oracle Times Ten Log Loader

4764 4766 4767 5500 5560 5580 6003 6100 6200 6668 7000 7100 7200 7501 7777 7779 8007 8080 8888 8889 9000 9998 14000 15000 15002 15004 44000

Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server / Oracle Database Oracle Database Oracle Database Oracle Connection Manager Oracle Rdb Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Enterprise Manager Oracle Connection Manager (CMAN) Oracle Enterprise Manager Oracle Enterprise Manager Oracle Database Oracle Database Oracle Database Oracle Application Server

Edit httpd.conf and restart OHS Edit httpd.conf and restart OHS Edit listener.ora and restart listener Edit listener.ora and restart listener Edit names.ora and restart names server Edit cman.ora and restart Connection Manager snmp_rw.ora snmp_rw.ora snmp_rw.ora snmp_rw.ora Edit cman.ora and restart Connection Manager

change dbms_xdb.cfg_update Edit listener.ora/init.ora and restart listener/database Edit listener.ora/init.ora and restart listener/database

Oracle Application Server

Oracle Application Server Oracle Application Server

Edit oem_webstage/oem.conf and restart OHS

Oracle Application Server

Oracle Application Server

Oracle Application Server

Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle TimesTen Oracle TimesTen Oracle TimesTen Oracle TimesTen

Webcache Admin GUI or webcache.xml Webcache Admin GUI or webcache.xml Webcache Admin GUI or webcache.xml

Edit httpd.conf and restart OHS Webcache Admin GUI or webcache.xml

Oracle TimesTen Oracle TimesTen Oracle TimesTen Oracle Enterprise Manager Web Oracle i*SQLPlus Oracle i*SQLPlus RMI Port Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Application Server Oracle Database Oracle Developer Suite Oracle Developer Suite Oracle Application Server Oracle Application Server Oracle Application Server Oracle Times Ten Oracle Times Ten Oracle Times Ten Oracle Enterprise Manager

Edit httpd.conf and restart OHS Webcache Admin GUI or webcache.xml change dbms_xdb.cfg_update

schema CTXSYS CTXSYS CTXSYS CTXSYS CTXSYS CTXSYS CTXSYS CTXSYS EXFSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS MDSYS OLAPSYS ORDSYS ORDSYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS SYS

Alert 68 package CATSEARCH CTX_DOC CTX_QUERY DRIDDLR DRILOAD DRI_MOVE_CTXSYS DRVDML DRVXMD DBMS_EXPFIL MD2 PRVT_IDX PRVT_SAM RTREE_IDX SDO_CATALOG SDO_GEOR_INT SDO_GEOR_UTL fixed SDO_GEOM_TRIG_INS1 SDO_LRS_TRIG_INS SDO_PRIDX SDO_SAM SDO_TUNE SDO_UTIL CWM2_OLAP_AW_AWUTIL ORDIMAGE ORDIMGIDXMETHODS AQ_INV DBMS_APPLY_PROCESS DBMS_APPLY_ADM_INTERNAL DBMS_AQADM_SYS DBMS_CDC_DPUTIL DBMS_CDC_IMPDP DBMS_CDC_ISUBSCRIBE DBMS_CDC_SUBSCRIBE DBMS_CDC_UTILITY DBMS_DATAPUMP DBMS_DDL DBMS_DEFER_REPCAT DBMS_EXPORT_EXTENSION DBMS_FGA DBMS_INTERNAL_REPCAT DBMS_METADATA DBMS_LOGMNR_SESSION DBMS_REPCAT DBMS_REPCAT_ADMIN DBMS_REPUTIL DBMS_SNAPSHOT_UTL DBMS_STATS DBMS_SYSTEM DBMS_XRWMV DBUPGRADE KUPF$FILE KUPW$WORKER LTUTIL OUTLN_PKG

Jan05 Apr05

July05 Oct05 Jan06 Apr06 fixed fixed fixed fixed

fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed fixed

fixed fixed fixed

SYS WKSYS WKSYS XDB XDB XDB XDB schema

OWA_OPT_LOCK WK_ACL WK_ADM DBMS_XDB DBMS_XDBZ0


DBMS_XMLSCHEMA DBMS_XMLSCHEMA_INT

fixed fixed fixed fixed fixed fixed fixed July05 Oct05 Jan06 Apr06

package

Alert 68 Jan05 Apr05

Jul06 now

fixed

fixed

fixed

fixed fixed fixed fixed

Jul06 now