Oracle and other assurance assessment related directives

Oracle User management:
Sql*plus
Create user username identified by password; Create user
Grant permissions (dba= Administrator, resource= Ordinary user, connect= visitor) to username; Authorized
Drop user username cascade; Delete user, add cascade will delete all the things that the user creates

Linux Set User timeout:
/etc/profile//main control global variables, etc.
Tmout//Set user no operation time, auto Disconnect, global, unit seconds

Linux View user account restrictions:
/etc/login.defs//Primary control password validity period
pass_max_days//user password maximum usage period
pass_min_days//user password minimum life cycle
Pass_min_len//user password Minimum length
Pass_warn_age//Prompt for
Md5_crype_enab//MD5 encryption of user password before expiration of password

/etc/pam.d/ System-auth//main control password complexity, etc.
Password requisite pam_cracklib.so
Retry//If the password is not strong enough, the number of times to allow the re-transmission
Difok//Allow the number of the same characters of the old and new password
Minlen//Minimum password length
Dcredit//Limit how many digits the new password must have
Ucredit//Limit how many uppercase letters the new password must have
Lcredit//limit how many lowercase letters the new password must have
Ocredit//Limit how many special characters the new password must have

/etc/pam.d/login//Primary control number of logins, if all methods are restricted, modify System-auth
Auth required pam_tally2.so Primary control login and lock user
Even_deny_root//Limit the number of logins of the root user
Deny//Set the maximum number of consecutive error logons for regular users and root users
Unlock_time// Set the unlock time after the normal user is locked in seconds
Root_unlock_time//Set the unlock time after the root user is locked, in seconds

Oracle View user account limits:
SQLplus:select from Dba_profiles; Controlling password policies and system resources
Password Policy:
Password_lock_time//Login failed to reach a certain number of times after the account lockout time, the unit is days
Password_veryfy_function//Place Password Verification script
Failed_login_atempts//The maximum number of logins before the account is locked
Password_life_time//Password maximum usage period, unit of day
Password_reuse_time//maximum number of days before password reuse
Password_reuse_max//number of changes before password is reused

系统资源：SESSION_PER_USER    //限制用户并发会话数CPU_PER_SESSION     //会话的CPU时间限制，单位百分之一秒CPU_PER_CALL        //指定一次调用的CPU时间限制，单位百分之一秒CONNECT_TIME        //指定会话的总的连接世界，单位为分钟IDLE_TIME       //指定会话超时时间LOGICAL_READS_PER_SESSION //指定一个会话允许读的数据块的数量，包括内存和硬盘LOGICAL_READ_PER_CALL   //指定一次SQL所允许读的数据块的最大数量PRIVATE_SGA     //指定一个会话在共享池的最大分配空间，单位为字节COMPOSITE_LIMIT     //指定一个会话的总的资源消耗，以service units单元表示

The Oracle default password control function is not allowed to be the same as the user name, minimum password length is 4, (password is not allowed to include welcome, user, account, database, password, computer, ABCD), (need to include numbers, Letters and symbols), cannot be the same as the last password 3 characters, Login failed 3 times after locking for one minute, password maximum use 60 days

Oracle Remote Management Data encryption:
Sqlnet.ora
Sqlnet.encryption=true//Encrypt remote management data

Oracle view all user status;
SQLPlus
Select Username,account_status from Dba_users; View all user names, user status
Select from All_users; View all user names, view all user IDs and creation dates

Oracle view roles and system privileges granted to specific users 1:
SQLPlus
Select from Dba_role_privs where grantee= ' user name '; Querying the user's role
Select from Dba_sys_privs where grantee= ' username ';//query user's system privileges
Select from Dba_tab_privs where grantee= ' user name '; Querying user-contained object permissions

Oracle Audit Capabilities:
$ORACLE _home/dbs/init.ora
Audit_trail//If True, auditing is enabled and records are stored in the sys.aud$ table
Audit_file_dest//If the previous is an OS, you need to specify this parameter, the audit record is saved in the directory specified by the parameter
Sql*plus
Alter system set Audit_trail=none Scope=spfile;

Oracle disables the operating system authentication logon database:
$ORACLE _home/network/admin/sqlnet.ora
Sqlnet. Authentication_services= (NONE)

Oracle and other assurance assessment related directives