Qualys Blog

www.qualys.com
Tim White

Qualys Policy Compliance Notification: Changes Required for Oracle Assessments

We will be releasing new controls that will require some customers to make changes to their Oracle targets.

For customers that grant granular permissions to allow access to our Oracle assessment capabilities, new CID’s are being released that require additional rights to be granted.  Failure to grant the new rights will result in an error when you assess your Oracle environment.

We are providing advanced notice to give you time to implement these changes.  If you use an account with full read privileges or broader permissions than the minimum privileges recommended in the documentation, you will likely not be affected by this change.

This update will occur no earlier than August 15, 2015 to allow time for updates to your Oracle environment.

Please contact your TAM or technical support if you have any concerns or questions.

New Controls

9672 – Monitor the action of jobs so they don’t contain external commands.

9670 – List of all active database links

Rights Required

The GRANT statements needed to allow the scan user SELECT access to these underlying signatures are:

GRANT SELECT ON DBA_SCHEDULER_JOBS TO QUALYS_ROLE;

GRANT SELECT ON V_$DBLINK TO QUALYS_ROLE;

Please see the attached Example Query for Verifying Required Rights

*PLEASE NOTE* This SQL Script assumes that you are leveraging our scanning document and have created a QUALYS_ROLE.  If a different role name was used, please replace QUALYS_ROLE accordingly.

Attachments

QG Oracle Scripts 3.7 K

Qualys Authenticated Scanning Oracle PC 455.6 K

Leave a Reply