When DBA attempted to harden our Oracle 19c, ran into issues
(& I think this was a recommendation from a tool fr Oracle):
many Oracle objects (default accounts) became invalid after hardenings
to revoke execute package from PUBLIC:
REVOKE EXECUTE ON DBMS_ADVISOR FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_JAVA FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_JAVA_TEST FROM PUBLIC;
REVOKE EXECUTE ON DBMS_JOB FROM PUBLIC;
REVOKE EXECUTE ON DBMS_LDAP FROM PUBLIC;
REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_OBFUSCATION_TOOLKIT FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_BACKUP_RESTORE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_SCHEDULER FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_XMLGEN FROM PUBLIC;
REVOKE EXECUTE ON DBMS_XMLQUERY FROM PUBLIC ;
REVOKE EXECUTE ON UTL_FILE FROM PUBLIC;
REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC ;
REVOKE EXECUTE ON UTL_TCP FROM PUBLIC ;
REVOKE EXECUTE ON UTL_MAIL FROM PUBLIC ;
REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC ;
REVOKE EXECUTE ON UTL_DBWS FROM 'PUBLIC' ;
REVOKE EXECUTE ON UTL_ORAMTS FROM PUBLIC ;
REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC ;
REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_SYS_SQL FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_BACKUP_RESTORE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_AQADM_SYSCALLS FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_REPACT_SQL_UTL FROM PUBLIC ;
REVOKE EXECUTE ON INITJVMAUX FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_STREAMS_ADM_UTL FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_AQADM_SYS FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_STREAMS_RPC FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_PRVTAQIM FROM PUBLIC ;
REVOKE EXECUTE ON WWV_DBMS_SQL FROM PUBLIC;
REVOKE EXECUTE ON WWV_EXECUTE_IMMEDIATE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_IJOB FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_FILE_TRANSFER FROM PUBLIC ;
DbaInvalidObjs7May.jpg
(& I think this was a recommendation from a tool fr Oracle):
many Oracle objects (default accounts) became invalid after hardenings
to revoke execute package from PUBLIC:
REVOKE EXECUTE ON DBMS_ADVISOR FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_JAVA FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_JAVA_TEST FROM PUBLIC;
REVOKE EXECUTE ON DBMS_JOB FROM PUBLIC;
REVOKE EXECUTE ON DBMS_LDAP FROM PUBLIC;
REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_OBFUSCATION_TOOLKIT FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_BACKUP_RESTORE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_SCHEDULER FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_XMLGEN FROM PUBLIC;
REVOKE EXECUTE ON DBMS_XMLQUERY FROM PUBLIC ;
REVOKE EXECUTE ON UTL_FILE FROM PUBLIC;
REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC ;
REVOKE EXECUTE ON UTL_TCP FROM PUBLIC ;
REVOKE EXECUTE ON UTL_MAIL FROM PUBLIC ;
REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC ;
REVOKE EXECUTE ON UTL_DBWS FROM 'PUBLIC' ;
REVOKE EXECUTE ON UTL_ORAMTS FROM PUBLIC ;
REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC ;
REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_SYS_SQL FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_BACKUP_RESTORE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_AQADM_SYSCALLS FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_REPACT_SQL_UTL FROM PUBLIC ;
REVOKE EXECUTE ON INITJVMAUX FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_STREAMS_ADM_UTL FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_AQADM_SYS FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_STREAMS_RPC FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_PRVTAQIM FROM PUBLIC ;
REVOKE EXECUTE ON WWV_DBMS_SQL FROM PUBLIC;
REVOKE EXECUTE ON WWV_EXECUTE_IMMEDIATE FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_IJOB FROM PUBLIC ;
REVOKE EXECUTE ON DBMS_FILE_TRANSFER FROM PUBLIC ;
DbaInvalidObjs7May.jpg
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 8 Answers and 11 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.