The chapters in this part explain risk analysis, risk impact, and solutions related to configuration file check.
If account and password are entered on the command line when accessing DBMS using Tibero, the used account and password will be recorded in the history files (.history or .sh_history).
The account and password may be exposed.
Execute the account and password on the command line in Interactive Mode, not Line Mode when using Tibero commands. Set the access permissions of history files (.history or .sh_history) to 600 for protection.
Avoid connecting thorough $ tbsql <username>/<password>.
UTL_FILE_DIR restricts access to directories on the host file system through UTL_FILE. If the UTL_FILE_DIR is set to '*', it allows access to the entire file system, which should only be used under strict restriction.
Access to entire host file system is allowed.
Remove '*' setting.
If the UTL_SMTP package is granted to the Public group, unauthorized emails can be sent.
Internal system files can be sent externally.
Allow privileges only to specific users and not to the public group, so only the authorized users can receive emails.
Removing the default sample DB (TEST DB), originally included when Tibero DBMS is initially installed, eliminates configuration information when a potential DBMS operational data attack occurs.
Database configuration information may be exposed.
Remove the Sample DB.
A modification to one of crucial Tibero files, initialization file, may lead to a system failure.
Tibero의 중요 파일 중에 하나인 initialization 파일의 변경으로 시스템 장애가 발생합니다.
DB startup and operation may be affected negatively.
Set access permission to $ chmod 640 $TB_HOME/config/$TB_SID.tip file. (recommended : 600 or 640)
A modification and deletion of crucial Tibero files, control, redo log, data files may lead to a system failure.
DB downtime or data loss may occur.
Set access permission to control, redo log, data files. (recommended : 600 or 640)
The following is an example of setting access permission to 640.