Just check ->
https://docs.oracle.com/en/engineered-systems/exadata-database-machine/dbmsq/exadata-security-features.html**Security Features of Oracle Exadata Database Machine"
You can find these.. it is Linux Roshan..
antivirus.. There is no antivirus there.
Default user accounts are there in Linux and in the database and in the ASM.. I don't think it is that hard for you to find & list them.
FTP,telnet,etc --> these are linux services, just check linux documentation to list all the active service and share them to your authority that does the security assesment.
For the Exadata related patching, version info just check the Exadata documentation.
It is easy.. imageinfo & opatch..
Security of credentials during storage and transmission --> these are related with the OS. The ownership of ASM disks and so on..
Strong cryptography -> You just know your environment. Did you implement TDE? If not, then I don't think your data is secured in that mode physically in disk.
Transmission – HTTPS over TLS 1.2, TLS 1.2, FIPS Complaint, SSH V2, etc --> What HTTPS? This is Database machine.. Listener can be configured to use TLS.. For HTTPS , you may check if you have anything (a GUI) maybe installed on the Exadata machine..
Audit logs again.. It is a database thing mostly, but you can have the compute and cell nodes to redirect their logs to a central audit inventory.. It should be enabled by default-> /etc/audit/auditd.conf
/etc/audit/audit.rules
What do you mean by FIM? It is a hardware related thing in Exadata jargon :)
If you are talking about the firmware version of the switches or something like, you can get that by just connecting to the switches and run command like version and show version. For the PDU's firmware versions, open the web console using PDU management IP and click on module info.
Locked
