Several CIS benchmark checks for DVM require you to add another privilege to the Oracle scan user

Technical Articles ID: KB79513
Last Modified: 2022-09-23 11:17:33 Etc/GMT

Environment

Database Activity Monitoring 4.x
Vulnerability Manager for Databases (DVM) 4.x

All Oracle Database11 environments

Summary

To allow several Center for internet Security (CIS) Benchmark checks for DVM 4.x to run, you must add another privilege to the Oracle scan user.

Problem

The current Oracle scan user is missing the EXECUTE ON SYS.DBMS_CRYPTO privilege.

This missing privilege prevents several CIS checks from running properly. If this privilege isn't granted, only the specific checks that require it fail, but all other checks are unaffected.

NOTE: This problem was first seen while doing a Vulnerability Assessment Security Update (VA SUP) v85 for DVM.

Cause

New DVM content was added that requires the additional privilege to be added to the scan user. The content is related to CIS Benchmark checks.

Solution

On the relevant database, run the following command with a high privileged user:

GRANT EXECUTE ON SYS.DBMS_CRYPTO TO [SCAN USER];

Here, [SCAN USER] is the scan username previously created for DVM on the database.

The create_scanuser.sql script will be updated in a future product release to reflect this requirement.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Several CIS benchmark checks for DVM require you to add another privilege to the Oracle scan user

Environment

Summary

Problem

Cause

Solution

Affected Products

Languages:

Title

Title

Knowledge Center

Several CIS benchmark checks for DVM require you to add another privilege to the Oracle scan user

Environment

Summary

Problem

Cause

Solution

Affected Products

Languages:

Choose your region

Title

Title