Re: setting up a new database - remove any permissions?
- From: Rich J <rjoralist3@xxxxxxxxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Wed, 10 Aug 2016 08:49:15 -0500
On 2016/08/09 18:42, Jeff Chirco wrote:
Wondering if any of you have basic scripts you run everytime you create a new
database. What do you configure? Do you remove any permissions from PUBLIC? I
know I have experimented with removing certain objects from PUBLIC but found
that it came back to bite me when applying patches and updates. Patches would
either fail or cause some components to not be valid.
A few years ago, our auditors asked about EXECUTE privs granted on
specific database objects to PUBLIC. Here's what I found (and was/is
hopefully valid for 11gR2!):
Object Name
Category
Risk Assessment
Comment
ORA_MINING_NUMBER_NT
Collection type
Low
No evidence found that a collection type has any security
implications
ORA_MINING_TABLE_TYPE
Collection type
Low
No evidence found that a collection type has any security
implications
ORA_MINING_VARCHAR2_NT
Collection type
Low
No evidence found that a collection type has any security
implications
URITYPE
Object type
Low
Object created with invoker rights
FTPURITYPE
Object type
Low
Object created with invoker rights
AQ$_AGENT
Object type
Low
Contains no methods
AQ$_DEQUEUE_HISTORY
Object type
Low
Contains no methods
AQ$_HISTORY
Collection type
Low
No evidence found that a collection type has any security
implications
AQ$_MIDARRAY
Collection type
Low
No evidence found that a collection type has any security
implications
AQ$_NOTIFY_MSG
Collection type
Low
No evidence found that a collection type has any security
implications
UTL_BINARYINPUTSTREAM
Object type
Low
Object created with invoker rights
UTL_BINARYOUTPUTSTREAM
Object type
Low
Object created with invoker rights
UTL_CHARACTERINPUTSTREAM
Object type
Low
Object created with invoker rights
UTL_CHARACTEROUTPUTSTREAM
Object type
Low
Object created with invoker rights
ROW_LCR88_T
Object type
Low
Contains no methods
XDBURITYPE
Object type
Low
Object created with invoker rights
XMLBINARYINPUTSTREAM
Object type
Low
Unable to locate any security concerns on this view from Oracle
Corp,
CIS, SANS, Red Database Security, etc.
XMLBINARYOUTPUTSTREAM
Object type
Low
Unable to locate any security concerns on this view from Oracle
Corp,
CIS, SANS, Red Database Security, etc.
XMLCHARACTERINPUTSTREAM
Object type
Low
Unable to locate any security concerns on this view from Oracle
Corp,
CIS, SANS, Red Database Security, etc.
I'm no security expert, so feedback from someone who's more
knowledgeable in this area would be a good thing.
Rich
Other related posts: