Oracle Enterprise Manager highlights many execute to public permissions on packages like UTL_FILE, UTL_HTTP, UTL_TCP, UTL_SMTP, DBMS_LOB, DBMS_JOB and DBMS_RANDOM.
The following is a script that will help take care of that.
Be sure to check for invalid objects after script execution. This script covers Oracle internal accounts, but your database may have other accounts that need permissions as well.
----------------------------------------
-- fix_database_security.sql
--
-- Michael Messina
--
----------------------------------------
-- Script will resolve the most common
-- security policy violations OEM looks
-- for in a Oracle database
----------------------------------------
grant execute on DBMS_LOB to CONTENT ;
grant execute on DBMS_LOB to CWSYS ;
grant execute on DBMS_LOB to CTX_SUBSTR ;
grant execute on dbms_lob to rtc ;
grant execute on utl_smtp to es_mail ;
grant execute on utl_file to es_mail ;
grant execute on dbms_lob to es_mail ;
-- Oracle AS Metadata Repository Needs
grant execute on dbms_lob to ORASSO ;
grant execute on dbms_job to ORASSO ;
grant execute on dbms_random to orasso ;
grant execute on utl_file to orasso ;
grant execute on utl_http to orasso ;
grant execute on utl_smtp to orasso ;
grant execute on utl_tcp to bam ;
grant execute on utl_smtp to bam ;
grant execute on dbms_lob to bam ;
grant execute on utl_file to ods ;
grant execute on dbms_job to ods ;
grant execute on dbms_lob to OWF_MGR ;
grant execute on dbms_job to OWF_MGR ;
grant execute on dbms_random to OWF_MGR ;
grant execute on utl_http to OWF_MGR ;
grant execute on utl_file to OWF_MGR ;
grant execute on dbms_lob to exfsys ;
grant execute on dbms_lob to PORTAL ;
grant execute on dbms_job to PORTAL ;
grant execute on dbms_random to PORTAL ;
grant execute on utl_http to PORTAL ;
grant execute on utl_file to PORTAL ;
grant execute on utl_SMTP to PORTAL ;
grant execute on dbms_lob to WIRELESS ;
grant execute on dbms_job to WIRELESS ;
grant execute on dbms_random to WIRELESS ;
grant execute on dbms_job to B2B ;
-- Enterprise Manager Repository Owner Needs
grant execute on utl_file to sysman ;
grant execute on dbms_random to sysman ;
grant execute on utl_http to sysman ;
grant execute on utl_smtp to sysman ;
grant execute on utl_tcp to sysman ;
grant execute on dbms_lob to sysman ;
grant execute on dbms_job to sysman ;
grant execute on utl_file to ordplugins ;
grant execute on dbms_random to ordplugins ;
grant execute on utl_http to ordplugins ;
grant execute on utl_smtp to ordplugins ;
grant execute on utl_tcp to ordplugins ;
grant execute on dbms_lob to ordplugins ;
grant execute on dbms_job to ordplugins ;
grant execute on utl_file to ordsys ;
grant execute on dbms_random to ordsys ;
grant execute on utl_http to ordsys ;
grant execute on utl_smtp to ordsys ;
grant execute on utl_tcp to ordsys ;
grant execute on dbms_lob to ordsys ;
grant execute on dbms_job to ordsys ;
grant execute on utl_file to mdsys ;
grant execute on dbms_random to mdsys ;
grant execute on utl_http to mdsys ;
grant execute on utl_smtp to mdsys ;
grant execute on utl_tcp to mdsys ;
grant execute on dbms_lob to mdsys ;
grant execute on dbms_job to mdsys ;
grant execute on utl_file to dmsys ;
grant execute on dbms_random to dmsys ;
grant execute on utl_http to dmsys ;
grant execute on utl_smtp to dmsys ;
grant execute on utl_tcp to dmsys ;
grant execute on dbms_lob to dmsys ;
grant execute on dbms_job to dmsys ;
grant execute on utl_file to xdb ;
grant execute on dbms_random to xdb ;
grant execute on utl_http to xdb ;
grant execute on utl_smtp to xdb ;
grant execute on utl_tcp to xdb ;
grant execute on dbms_lob to xdb ;
grant execute on dbms_job to xdb ;
grant execute on utl_file to system ;
grant execute on dbms_random to system ;
grant execute on utl_http to system ;
grant execute on utl_smtp to system ;
grant execute on utl_tcp to system ;
grant execute on dbms_lob to system ;
grant execute on dbms_job to system ;
grant execute on utl_file to outln ;
grant execute on dbms_random to outln ;
grant execute on utl_http to outln ;
grant execute on utl_smtp to outln ;
grant execute on utl_tcp to outln ;
grant execute on dbms_lob to outln ;
grant execute on dbms_job to outln ;
grant execute on utl_file to dbsnmp ;
grant execute on dbms_random to dbsnmp ;
grant execute on utl_http to dbsnmp ;
grant execute on utl_smtp to dbsnmp ;
grant execute on utl_tcp to dbsnmp ;
grant execute on dbms_lob to dbsnmp ;
grant execute on dbms_job to dbsnmp ;
grant execute on utl_file to ordsys ;
grant execute on utl_http to mdsys ;
grant execute on utl_file to olapsys ;
grant execute on dbms_random to olapsys ;
grant execute on utl_http to olapsys ;
grant execute on utl_smtp to olapsys ;
grant execute on utl_tcp to olapsys ;
grant execute on dbms_lob to olapsys ;
grant execute on dbms_job to olapsys ;
grant execute on dbms_lob to ctxsys ;
grant execute on dbms_job to ctxsys ;
grant execute on dbms_job to exfsys ;
grant execute on dbms_job to wksys ;
grant execute on dbms_lob to wksys ;
revoke execute on utl_file from public ;
revoke execute on dbms_random from public ;
revoke execute on utl_http from public ;
revoke execute on utl_smtp from public ;
revoke execute on utl_tcp from public ;
revoke execute on dbms_lob from public ;
revoke execute on dbms_job from public ;
@$ORACLE_HOME/rdbms/admin/utlrp
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment