Oracle applications logs publicy available
Description
Oracle SQLNet and Listener log files are exposed to unauthorized users through publicly accessible web directories or file shares. These log files contain detailed audit trails of database connection attempts, network traffic, and diagnostic information. When improperly secured, they may reveal sensitive information including database usernames, connection strings, internal network topology, and in some cases, credentials transmitted in clear text during failed authentication attempts.
Remediation
Immediately restrict access to Oracle SQLNet and Listener log files to authorized database administrators only. Implement the following controls:
1. Remove log files from publicly accessible web directories and disable directory listing
2. Set file system permissions to restrict read access (Unix/Linux: chmod 600, Windows: grant access only to DBA group and SYSTEM)
3. Configure log file locations to reside outside web server document roots
4. Review listener.ora and sqlnet.ora to ensure log directories are set to protected locations:
LOG_DIRECTORY_LISTENER = /secure/oracle/logs LOG_FILE_LISTENER = listener.log LOG_DIRECTORY_CLIENT = /secure/oracle/logs5. Implement log rotation and archival procedures with appropriate access controls
6. Enable audit logging to monitor access attempts to these files
7. Verify that backup copies of log files maintain the same access restrictions