Configuration File Check

The chapters in this part explain risk analysis, risk impact, and solutions related to configuration file check.

OS Command History Check

Risk Analysis

If account and password are entered on the command line when accessing DBMS using Tibero, the used account and password will be recorded in the history files (.history or .sh_history).

Risk Impact

The account and password may be exposed.

Solution

Execute the account and password on the command line in Interactive Mode, not Line Mode when using Tibero commands. Set the access permissions of history files (.history or .sh_history) to 600 for protection.

Avoid connecting thorough $ tbsql <username>/<password>.

UTL_FILE_DIR Usage Control

Risk Analysis

UTL_FILE_DIR restricts access to directories on the host file system through UTL_FILE. If the UTL_FILE_DIR is set to '*', it allows access to the entire file system, which should only be used under strict restriction.

Risk Impact

Access to entire host file system is allowed.

Solution

Remove '*' setting.

UTL_SMTP Usage Control

Risk Analysis

If the UTL_SMTP package is granted to the Public group, unauthorized emails can be sent.

Risk Impact

Internal system files can be sent externally.

Solution

Allow privileges only to specific users and not to the public group, so only the authorized users can receive emails.

Sample DB Removal

Risk Analysis

Removing the default sample DB (TEST DB), originally included when Tibero DBMS is initially installed, eliminates configuration information when a potential DBMS operational data attack occurs.

Risk Impact

Database configuration information may be exposed.

Solution

Remove the Sample DB.

TIP(Tibero Initialize Parameter) File Access Permission Setting

Risk Analysis

A modification to one of crucial Tibero files, initialization file, may lead to a system failure.

Tibero의 중요 파일 중에 하나인 initialization 파일의 변경으로 시스템 장애가 발생합니다.

Risk Impact

DB startup and operation may be affected negatively.

Solution

Set access permission to $ chmod 640 $TB_HOME/config/$TB_SID.tip file. (recommended : 600 or 640)

Control File, Redo Log File, Data File Access Control

Risk Analysis

A modification and deletion of crucial Tibero files, control, redo log, data files may lead to a system failure.

Risk Impact

DB downtime or data loss may occur.

Solution

Set access permission to control, redo log, data files. (recommended : 600 or 640)

The following is an example of setting access permission to 640.

$ chmod 640 [Control file|Redo log file|Data file]

PreviousDBMS Security Setting NextSecurity Audit Configuration

Last updated 5 months ago

Configuration File Check

The chapters in this part explain risk analysis, risk impact, and solutions related to configuration file check.

OS Command History Check

Risk Analysis

If account and password are entered on the command line when accessing DBMS using Tibero, the used account and password will be recorded in the history files (.history or .sh_history).

Risk Impact

The account and password may be exposed.

Solution

Avoid connecting thorough $ tbsql <username>/<password>.

UTL_FILE_DIR Usage Control

Risk Analysis

Risk Impact

Access to entire host file system is allowed.

Solution

Remove '*' setting.

UTL_SMTP Usage Control

Risk Analysis

If the UTL_SMTP package is granted to the Public group, unauthorized emails can be sent.

Risk Impact

Internal system files can be sent externally.

Solution

Allow privileges only to specific users and not to the public group, so only the authorized users can receive emails.

Sample DB Removal

Risk Analysis

Removing the default sample DB (TEST DB), originally included when Tibero DBMS is initially installed, eliminates configuration information when a potential DBMS operational data attack occurs.

Risk Impact

Database configuration information may be exposed.

Solution

Remove the Sample DB.

TIP(Tibero Initialize Parameter) File Access Permission Setting

Risk Analysis

A modification to one of crucial Tibero files, initialization file, may lead to a system failure.

Tibero의 중요 파일 중에 하나인 initialization 파일의 변경으로 시스템 장애가 발생합니다.

Risk Impact

DB startup and operation may be affected negatively.

Solution

Set access permission to $ chmod 640 $TB_HOME/config/$TB_SID.tip file. (recommended : 600 or 640)

Control File, Redo Log File, Data File Access Control

Risk Analysis

A modification and deletion of crucial Tibero files, control, redo log, data files may lead to a system failure.

Risk Impact

DB downtime or data loss may occur.

Solution

Set access permission to control, redo log, data files. (recommended : 600 or 640)

The following is an example of setting access permission to 640.

$ chmod 640 [Control file|Redo log file|Data file]

PreviousDBMS Security Setting NextSecurity Audit Configuration

Last updated 5 months ago