--init.ora parameter: dblink_encrypt_login = true (8i and below)
--init.ora parameter: sql92_security = true
--init.ora parameter: remote_login_passwordfile = none
--init.ora parameter: remote_os_authent = false
--init.ora parameter: o7_dictionary_accessibility = false (breaks lots of stuff)
--init.ora parameter: os_authent_prefix = "bogus"
--init.ora parameter: audit_trail = db
--init.ora parameter: shadow_core_dump = none

--listener.ora parameter: ADMIN_RESTRICTIONS_listener = on
--listener.ora parameter: PASSWORDS_LISTENER = XXXXXXXXXXXXXXXX



alter profile default limit failed_login_attempts 20;

revoke execute on sys.utl_file from public;
revoke execute on sys.dbms_export_extension from public;
revoke execute on sys.dbms_utility from public;
revoke execute on sys.OWA_OPT_LOCK from public;
revoke execute on sys.dbms_lob from public;
revoke execute on sys.dbms_random from public;
revoke execute on sys.utl_smtp from public;
revoke execute on sys.utl_http from public;
revoke execute on sys.utl_tcp from public;

revoke create procedure from resource;
revoke create database link from connect;

noaudit all;
noaudit all privileges;
noaudit all on application.products;

audit alter system;
audit cluster;
audit index;
audit procedure;
audit public database link;
audit public synonym;
audit role;
audit sequence;
audit synonym;
audit system audit;
audit system grant;
audit table;
audit tablespace;
audit trigger;
audit user;
audit view;

audit comment table;
audit alter sequence;
audit alter table;

audit grant procedure;
audit grant sequence;
audit grant table;
audit grant any role;

audit connect whenever not successful;