Oracle Security Operations

The Vault

Read-only security scans, vulnerability exposure, and resilience checks — all running live against your Oracle database. No ALTERs, no REVOKEs.

Security Posture

Live DB Security Scan

10 check groups, scored 0–100. Pure SELECTs against DBA_* and V$ views. Nothing mutates the target.

🛡️
Sign in to run a security scan
The scanner uses your existing TuneVault reader role — no elevated privileges required.
Results are saved to your account and deltas are tracked across scans.
Sign in to scan →
🔑
Default Passwords
Accounts using Oracle-shipped default passwords.
🚨
Priv Escalation
ANY grants, ADMIN OPTION, SYSDBA beyond SYS, powerful package access.
🌐
PUBLIC Grants
Dangerous privileges granted to every connected user.
⚙️
Init Parameters
remote_os_authent, o7_dictionary_accessibility, utl_file_dir and 8 more.
🔒
Password Policy
Verify function, lockout, expiry on DEFAULT profile.
📋
Audit Trail
audit_trail parameter, unified audit, DDL logging.
🛡️
Encryption (TDE)
Wallet status, unencrypted tablespaces, encrypted column count.
👤
Account Hygiene
No-auth accounts + DBA privilege sprawl.
🔗
Database Links
PUBLIC db links and fixed-user links with embedded credentials.
📅
Patch Currency
Oracle version + last Release Update applied via dba_registry_sqlpatch.
Vulnerability Exposure

Oracle CVE & Patch Gap Analysis

Cross-reference your running Oracle version against the Oracle Critical Patch Update catalog to surface unpatched CVEs and their CVSS scores.

Resilience

Backup, HA & Recovery Readiness

5 check groups, scored 0–100. Pure SELECTs against V$ views. Nothing mutates the target.

💾
Sign in to run a resilience scan
The scanner uses your existing TuneVault reader role — no elevated privileges required.
Results are saved to your account and deltas are tracked across scans.
Sign in to scan →
💾
Backup Currency
Last RMAN backup via V$BACKUP_SET_DETAILS. Pass <24h, warn 24-48h, fail >48h.
📂
Archive Log Mode
V$DATABASE log_mode. NOARCHIVELOG = impossible point-in-time recovery.
📡
Data Guard Lag
V$MANAGED_STANDBY + V$DATAGUARD_STATS apply lag. Advisory when no standby configured.
🗃️
FRA Headroom
V$RECOVERY_FILE_DEST usage %. Advisory when FRA not configured. Fail >85%.
🔗
Redo Log Health
V$LOG member count per group. Single-member groups and INVALID status flagged.