Fixed user and PUBLIC Database links must be authorized for use.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-270522 | O19C-00-008700 | SV-270522r1115956_rule | Medium |
| Description |
| Database links define connections that may be used by the local Oracle database to access remote Oracle databases (homogenous links) and non-Oracle Databases (heterogeneous links). These links provide a means for a compromise to the local database to spread to remote databases and for a compromise of a remote database to the local database in a distributed database environment. Limiting or eliminating the use of database links, where they are not required to support the operational system, can help isolate compromises, mitigate risk, and reduce the potential attack surface. |
| STIG | Date |
| Oracle Database 19c Security Technical Implementation Guide | 2025-06-24 |
Details
| Check Text (C-74555r1112468_chk) |
| If using a non-CDB database: Use the following query to get a list of database links. From SQL*Plus: select owner||': '||db_link from dba_db_links; If using a CDB database: Use the following query to get a list of database links. select con_id_to_con_name(con_id) con_id, owner, db_link, username, host from cdb_db_links order by 1,2,3; Check Results: If no rows are returned from the first SQL statement, this check is not a finding. If there are rows returned, verify the database links are required. If they are required and exist, this is not a finding. |
| Fix Text (F-74456r1064843_fix) |
| Document all authorized connections from the database to remote databases. Remove all unauthorized remote database connection definitions from the database. From SQL*Plus: drop database link [link name]; OR drop public database link [link name]; Review remote database connection definitions periodically and confirm their use is still required and authorized. |