Remote administration must be disabled for the Oracle connection manager.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-270542	O19C-00-011600	SV-270542r1064904_rule		Medium

Description

Remote administration provides a potential opportunity for malicious users to make unauthorized changes to the Connection Manager configuration or interrupt its service.

STIG	Date
Oracle Database 19c Security Technical Implementation Guide	2025-06-24

Details

Check Text (C-74575r1064902_chk)

View the cman.ora file in the ORACLE_HOME/network/admin directory.

If the file does not exist, the database is not accessed via Oracle Connection Manager and this check is not a finding.

If the entry and value for REMOTE_ADMIN is not listed or is not set to a value of NO (REMOTE_ADMIN = NO), this is a finding.

Fix Text (F-74476r1064903_fix)

View the cman.ora file in the ORACLE_HOME/network/admin directory of the Connection Manager.

Include the following line in the file:

REMOTE_ADMIN = NO