Auditing UTL_FILE_DIR parameter file entry

-

UTL_FILE_DIR in the database initialization parameter the Oracle Database is used to determine what operating system directories and files PL/SQL packages, functions, and procedures may be read from or written to when using the standard UTL_FILE database package.

Security Concerns
The UTL_FILE database package is used to read from and write to operating system directories and files.  By default, PUBLIC is granted execute permission on UTL_FILE. Therefore, any database account may read from and write to files in the directories specified in the UTL_FILE_DIR database initialization parameter.

When UTL_FILE_DIR is set to “*”, all directories accessible to the Oracle database process, typically the Oracle installation account, are accessible via the UTL_FILE package. This setting effectively disables directory access checking, and makes any directory accessible to the UTL_FILE functions. The UTL_FILE_DIR list should specify only authorized and protected directories and should include only fully specified path names.

Note that the UTL_FILE.FOPEN procedure is used to access the directories in the oracle database. This since EXECUTE on this procedure is granted to PUBLIC, every user on the database has permission to execute it also.


Audit Point

1. Identify where UTIL_FILE is used by running the command below:

SELECT distinct(name),type,owner FROM dba_source 
WHERE upper(text) like '%FOPEN%' 


2. Confirm that the owners are authorised to create such packages or procedure

3. Confirm the setting in the initialisation parameter by running the following script:

select value from v$parameter where lower(name)='utl_file_dir';

 If the returned value contains '*', this is an exception and should be discussed with your DBA.

4. It is recommended that the UTL_FILE_DIR list should specify only authorized and protected directories and should include only fully specified path names.

Click here to access my post on Hardening the Oracle database through secured database Initialization parameters

Comments

Post a Comment

Popular posts from this blog

Auditing Virtualization

-
Image
Virtualization is the process of creating virtual, representation of an entity, such as virtual applications, servers, storage and networks. It is the single most effective way to reduce IT expenses by reducing hardware footprint while boosting efficiency and agility for all size businesses. However good as it is, virtualization can create a single point of failure if poor implementation introduced a security flaw to the system. In this post I will be sharing with you how to audit virtualization.
Read more

How to Identify if the capacity of your FLASH storage device is genuine or counterfeit

-
Image
Have you at some time purchased a flash drive  or memory card that always stored corrupt data? You paid for a 64gig memory card and all you stored in it is simply just got corrupted. I have been a victim several times even with reputable retailers. These counterfeit flash storages are low capacity in nature, devices that have been maliciously altered so that they appear to have much more capacity than its original. An example is the 64 gig memory card I purchased which ended up having actual capacity of 2gig. So I actually paid for 2gig. Now I didn't get to know this on time because I actually copied a video file inside it as a test which checked out fine. The video file size was 1.5gb. I was able to play the video with no issue of corruption. Thus I "Assumed" the flash was genuine. Boy was I wrong. Later in the week I decided to do a major backup of my mobile phone since I was purchasing another one. After the backup, I formatted ...
Read more

Address Resolution Protocol (ARP): Understanding the basics

-
Image
Address resolution Protocol or ARP for short is basically used to resolve an IP address to a MAC address. A MAC address is a unique identifier for any device. And since we are talking networking today, The mac address we will be concentration on is that of a network device. Its important to note that, no two device can have the same mac address. Whenever a network device needs to communicate with another network device in a Local Area Network, it needs the MAC address of that device. This is where ARP comes to play. Lets take a look at the scenario bellow to clearly understand this concept: 1. There are 2 computers say A and B on the network. 2. They have both been assigned an IP address as seen below:        A: 192.168.0.1        B: 192.168.0.2 3. Computer A needs to communicate with computer B. 4. It looks at a list for the IP address to see if it has a corresponding MAC address. This list is called an ARP Cache. 5. If the en...
Read more