Oracle CIS Hardening Standards for UNIX
I am in the midst of applying, or not, company mandated hardening standards for our Oracle databases. One of the items being pushed on us is the following;
For Unix systems, create unique user accounts for
each Oracle process/service in order to differentiate
accountability and file access controls. The user for the
intelligent agent, the listener, and the database must be
Our site has all basic database and related components installed, owned and controlled by the UNIX Oracle account. Has anyone out there ever applied the above from scratch/fresh installs or even migrating existing installs like mine? As I don;t want to apply this snippet, I'll take any technical arguments ya'll can give me to avoid said implementation.
What is normally done is that each person will login with own account (or his/her network account) and sudo to the oracle account, that keeps a record of logins per person.
"The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb
Click Here to Expand Forum to Full Width