I wrote a mini script to protect my customer from being attacked by an “oracle voyage worm” variant :
revoke CREATE DATABASE LINK from CONNECT; revoke ALL on SYS.UTL_FILE from PUBLIC; revoke ALL on SYS.UTL_HTTP from PUBLIC; revoke ALL on SYS.UTL_SMTP from PUBLIC; revoke ALL on SYS.UTL_TCP from PUBLIC; grant EXECUTE on SYS.UTL_FILE to XDB; grant EXECUTE on SYS.UTL_HTTP to MDSYS; grant EXECUTE on SYS.UTL_HTTP to ORDPLUGINS; @?/rdbms/admin/utlrp
Than, in OEM 10g, check for policy violations.
I added a few grants to special oracle internal users, to avoid invalid objects, which is also a policy violation in OEM… OEM will report a violation if those accounts are not locked and expired