This report is a fictitious example ================================================== = Database NAME @ HOST - SW Versions - DATE of run ================================================== Database Identification DB Version EBS Release SYSDATE -------------------------------------------------- ----------------- ------------ --------- SAMPLE @ xendbprod 12.1.0.2.0 12.2.5 01-APR-17 1 row selected. *************************************************** * Check: Security Profiles: Configuration ERRORS *************************************************** Internal name Profile name Last Updated Profile Level Profile Context Value ----------------------- ------------------------------ ------------ --------------- ------------------------- ---------- DIAGNOSTICS Utilities:Diagnostics 18-FEB-17 Responsibility GENERAL_LEDGER_SUPER_USER Y DIAGNOSTICS Utilities:Diagnostics 18-FEB-17 Responsibility XLA_SUPERUSER Y FND_DIAGNOSTICS FND: Diagnostics 18-FEB-17 Responsibility XLA_SUPERUSER Y FND_DIAGNOSTICS FND: Diagnostics 18-FEB-17 Responsibility GENERAL_LEDGER_SUPER_USER Y FRAMEWORK_VALIDATION_LE Framework Validation Level 31-JAN-13 Site NONE VEL 5 rows selected. *************************************************** * Check: Security Profiles: Configuration WARNINGS *************************************************** Internal name Profile name Last Updated Profile Level Profile Context Value ----------------------- ------------------------------ ------------ --------------- ------------------------- ---------- DIAGNOSTICS Utilities:Diagnostics 01-MAR-17 User XENIALAB_DBA Y FND_DIAGNOSTICS FND: Diagnostics 01-MAR-17 User XENIALAB_DBA Y FND_SECURITY_FILETYPE_R Attachment File Upload Restric 22-AUG-11 Site Y ESTRICT_DFLT tion Default 3 rows selected. *************************************************** * Check: Security Profiles: Configuration MISSING *************************************************** no rows selected *************************************************** * Check: Application Users With Default Passwords *************************************************** Apps Users - Default Passwords -------------------------------------------------- ASGADM ASGUEST AUTOINSTALL GUEST IEXADMIN MOBILEADM OP_CUST_CARE_ADMIN OP_SYSADMIN PORTAL30 PORTAL30_SSO XML_USER 11 rows selected. *************************************************** * Check: DB Users With Default Passwords *************************************************** PL/SQL procedure successfully completed. USERNAME ACCOUNT_STATUS ------------------------ -------------------- AD_MONITOR EXPIRED & LOCKED APPLSYSPUB OPEN APPQOSSYS EXPIRED & LOCKED CTXSYS OPEN DBSNMP OPEN DIP EXPIRED & LOCKED EM_MONITOR EXPIRED & LOCKED GSMADMIN_INTERNAL EXPIRED & LOCKED GSMCATUSER EXPIRED & LOCKED GSMUSER EXPIRED & LOCKED IZU OPEN JUNK_PS OPEN MDDATA LOCKED MDSYS OPEN MTH OPEN ODM OPEN ODM_MTR OPEN OJVMSYS EXPIRED & LOCKED OLAPSYS EXPIRED & LOCKED ORACLE_OCM EXPIRED & LOCKED ORDDATA EXPIRED & LOCKED ORDPLUGINS OPEN ORDSYS OPEN OUTLN OPEN OWAPUB OPEN PERFSTAT OPEN SCOTT LOCKED SI_INFORMTN_SCHEMA EXPIRED & LOCKED SPATIAL_CSW_ADMIN_USR EXPIRED & LOCKED SPATIAL_WFS_ADMIN_USR EXPIRED & LOCKED SYSBACKUP EXPIRED & LOCKED SYSDG EXPIRED & LOCKED SYSKM EXPIRED & LOCKED XDB EXPIRED & LOCKED 34 rows selected. *************************************************** * Check: For excessive privs in APPLSYSPUB *************************************************** no rows selected *************************************************** * Check: Oracle Applications User Passwords Migrated to Non-Reversible Hash Password *************************************************** Password Mode --------------------------------------- Hashed passwords are on PL/SQL procedure successfully completed. *************************************************** * Check: Server Security Status *************************************************** Server Security Status ----------------------------- Server Security is on PL/SQL procedure successfully completed. *************************************************** * Check: SSL Status *************************************************** SSL Mode ------------------------------- WARNING: SSL/TLS is not enabled 1 row selected. *************************************************** * Check: Credit Card Encryption Status *************************************************** EBS level - 12.2.5 Credit Card Encryption Status ----------------------------- WARNING: Encryption not enabled Supplemental Credit Card Data Encryption Status ----------------------------------------------- WARNING: Supplemental credit card data is not encrypted Enhanced Hashing ---------------- WARNING: Enhanced Hashing is not on PL/SQL procedure successfully completed. *************************************************** * Check Status of 12.2 Security Features *************************************************** Internal name Profile name Last Updated Value Recommendation ----------------------- ------------------------------ ------------ ---------- ---------------------------------------------------------------------------- FND_SEC_ALLOW_JSP_UNRES Allow Unrestricted JSP Access 10-MAY-13 Y Turn on Allowed JSPs (see Security Admin Guide) TRICTED_ACCESS FND_SEC_ALLOW_UNRESTRIC Allow Unrestricted Redirects 10-FEB-14 Y Turn on Allowed Redirects (see Security Admin Guide) TED_REDIRECT ICX_SESSION_COOKIE_DOMA Oracle Applications Session Co 05-APR-13 DOMAIN Consider restricting Cookie Scope (see Security Admin Guide) IN okie Domain 3 rows selected. *************************************************** * Check: Users with Access to Sensitive Pages *************************************************** NOTE: EBSCheckSensitivePageAccess.sql is disabled by default - it may be verbose ================================================== = Done; Now review the results from the spool file currently spooling to EBSSecConfigChecks.txt