In a recent post, I announced the release of some sample code that created two new compliance standards for DISA’s Oracle Database 12c Security Technical Implementation Guide. The sample code includes details on how to install the compliance standards, but I wanted to walk you through an example of installing it with screenshots and more commentary than is in the sample code. So let’s start off with some of the assumptions you need to be aware of.
Sample Code Prerequisite Assumptions
As I mentioned in the post announcing the sample code, there are some inbuilt assumptions when using this sample code:
- Just to reiterate, sample code has limitations. Specifically, sample code is provided for educational purposes or to assist your development or administration efforts. Your use rights and restrictions for each sample code item are described in the applicable license agreement. Except as may be expressly stated in the applicable license agreement or product documentation, sample code is provided “as is” and is not supported by Oracle.
- The sample code creates a user in the repository database called STIGTOOL, and provides a variety of fairly basic privileges to that user (CREATE TABLE, CREATE PROCEDURE, and SELECT access to various management views) The exact listing is in either the stigtool_grants_EM13_v1_3.sql file or the stigtool_grants_EM12_v1_3.sql file (depending on the version you are installing the sample code in). Obviously, this means that you must not have a user called STIGTOOL.