The OS must limit privileges to change the database management system (DBMS) software resident within software libraries (including privileged programs).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-270515	O19C-00-007900	SV-270515r1065210_rule		Medium

Description

If the system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process. Accordingly, only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications. Unmanaged changes that occur to the database software libraries or configuration can lead to unauthorized or compromised installations.

STIG	Date
Oracle Database 19c Security Technical Implementation Guide	2025-06-24

Details

Check Text (C-74548r1065210_chk)

Review permissions that control access to the DBMS software libraries. The software library location may be determined from vendor documentation or service/process executable paths.

Typically, only the DBMS software installation/maintenance account or system administrator (SA) account requires access to the software library for operational support such as backups. Any other accounts should be scrutinized and the reason for access documented. Accounts should have the least amount of privilege required to accomplish the job.

Below is one example for how to review accounts with access to software libraries for a Linux-based system:
cat /etc/group |grep -i dba
--Example output:
dba:x:102:

--take above number and input in below grep command
cat /etc/passwd |grep 102

If any accounts are returned that are not required and authorized to have access to the software library location do have access, this is a finding.

Fix Text (F-74449r1064822_fix)

Restrict access to the DBMS software libraries to accounts that require access based on job function.