To test the report function only for Oracle DBs our Databaseteam asked to run the checks with a less privileged user.
Looking at the fixlets the connection to the database is done by:
${{DB_USER}/${{DB_PWD}@${{DB_NAME} AS SYSDBA
Exporting fixlets, remove the “AS SYSDBA” and importing the fixlets was easy, but not successful. Looking at the detect scripts within “/var/opt/BESClient/CIS/Scripts” there is still “as SYSDBA” in connection string.
So, question is: which source builds the detection scripts? I assume it’s done within the encrypted part within the environment setup task?