Configuration File Check
The chapters in this part explain risk analysis, risk impact, and solutions related to configuration file check.
OS Command History Check
Risk Analysis
If account and password are entered on the command line when accessing DBMS using Tibero, the used account and password will be recorded in the history files (.history or .sh_history).
Risk Impact
The account and password may be exposed.
Solution
Execute the account and password on the command line in Interactive Mode, not Line Mode when using Tibero commands. Set the access permissions of history files (.history or .sh_history) to 600 for protection.
Avoid connecting thorough $ tbsql <username>/<password>.
UTL_FILE_DIR Usage Control
Risk Analysis
UTL_FILE_DIR restricts access to directories on the host file system through UTL_FILE. If the UTL_FILE_DIR is set to '*', it allows access to the entire file system, which should only be used under strict restriction.
Risk Impact
Access to entire host file system is allowed.
Solution
Remove '*' setting.
UTL_SMTP Usage Control
Risk Analysis
If the UTL_SMTP package is granted to the Public group, unauthorized emails can be sent.
Risk Impact
Internal system files can be sent externally.
Solution
Allow privileges only to specific users and not to the public group, so only the authorized users can receive emails.
Sample DB Removal
Risk Analysis
Removing the default sample DB (TEST DB), originally included when Tibero DBMS is initially installed, eliminates configuration information when a potential DBMS operational data attack occurs.
Risk Impact
Database configuration information may be exposed.
Solution
Remove the Sample DB.
TIP(Tibero Initialize Parameter) File Access Permission Setting
Risk Analysis
A modification to one of crucial Tibero files, initialization file, may lead to a system failure.
Tibero의 중요 파일 중에 하나인 initialization 파일의 변경으로 시스템 장애가 발생합니다.
Risk Impact
DB startup and operation may be affected negatively.
Solution
Set access permission to $ chmod 640 $TB_HOME/config/$TB_SID.tip file. (recommended : 600 or 640)
Control File, Redo Log File, Data File Access Control
Risk Analysis
A modification and deletion of crucial Tibero files, control, redo log, data files may lead to a system failure.
Risk Impact
DB downtime or data loss may occur.
Solution
Set access permission to control, redo log, data files. (recommended : 600 or 640)
The following is an example of setting access permission to 640.
$ chmod 640 [Control file|Redo log file|Data file]Last updated