Oracle AVDF installation,

Oracle AVDF installation,

Next: Introduction to Oracle audit and database firewall (AVDF)

1. Oracle AVDF installation and configuration

Oracle AuditVault and Database Firewall installation is a little troublesome and requires high hardware configuration in the installation environment. Because it is divided into Audit Vault Server and Database Firewall, it requires at least two independent hosts for installation and deployment. The following uses the simplest inline mode as an example to build an Oracle Audit Vault and Database Firewall experiment environment for the ZLHIS application.

1.1. Preparations

Download the complete installation media as described earlier. Note: currently, the latest version of OracleAudit Vault and Database Firewall can only be installed on OracleEnterprise Linux5.8 x86_64 or a later version.

Due to the special nature of the working principle of the firewall, the host that installs the firewall must have at least two NICs. If the firewall works in DPE mode, at least three NICs are required. At the same time, the host that installs Audit Vault Server and Database Firewall requires at least 2 GB of memory and GB of hard disk space.

Finally, before formal installation, make sure that the two hosts used for installation are only used for AuditVault and Database Firewall, and important data has been backed up. During installation, the kernel image is regenerated and the hard disk is automatically repartitioned and formatted.

1.2. Formal Installation

Make sure that the installation media is downloaded completely. The following three image files are indispensable:

Oracle AVDF installation media

First install Audit Vault Server. Put the Audit Vault Server installation disc burned in the image file into the optical drive, start the computer and start installation. After the installation information is automatically loaded, you will be prompted to insert the Oracle Enterpries Linux system CD. Log out of the Audit VaultServer installation disk, insert the OEL (Oracle Enterpries Linux) installation disk, and select OK.

Oracle AVDF installation (1)

Identify the inserted OEL disc and verify the dependencies of the packages required for installation, and then start automatic installation. The OEL operating system is installed first (but the system kernel image file is regenerated according to Audit VaultServer requirements), and then AuditVault Server is installed on the OEL system.

Oracle AVDF installation (2)

After the operating system is installed, you will be prompted to insert the installation disc of Audit VaultServer. The installation procedure is to install the Audit Vault Server. Similarly, after changing the disc, select OK. The system will automatically run the installation and apply the configuration script.

Oracle AVDF installation (3)

Install and apply the default configuration script (depending on the machine configuration, this process takes a relatively long time ).

Oracle AVDF installation (4)

After you install and apply the default script, you will be prompted to set a "installation password". This password phrase needs to be used when it is shut down in the console in the future (remember after setting it, the installation password must be entered twice. If the password is too simple, the system will prompt whether to set the password ).

Oracle AVDF installation (5)

Finally, the system automatically identifies all networks on the current host, and requires that one Nic be selected as the management interface. When you select a NIC as the management interface, information about the NIC is displayed, and you must set the IP address of the management interface.

Oracle AVDF installation (6)

Set the IP address of the management interface.

Oracle AVDF installation (7)

After the IP address of the management interface is set, select the last one to restart the installation (the restart process will be a little longer, because the Oracle database for which data is stored will be installed and configured for the Audit Vault Server at the time of restart ).

After the restart is successful, the console interface is displayed. On this interface, you can change the IP address, set the operating system user password (root, support dual-account), change the password set during installation, and shut down. These functions can be completed in the Web Console provided by the Audit Vault Server. At this point, the installation of Audit VaultServer is complete, and all subsequent operations will be completed in the Web console.

Oracle AVDF installation (8)

After the Audit VaultServer is installed, you can install Database Firewall (the installation sequence of the two is not strictly distinguished ). The installation procedure of Database Firewall is exactly the same as that of Audit Vault Server. Two prompts are displayed, including replacing the installation disc, setting the installation password, and managing the interface IP address.

1.1. Configure and deploy

L Initial Configuration

Before official deployment and use, you must complete some initial settings, including the operating system user password (root and support user's) password of the Administrator and Auditor logging on to the Audit Vault Server and Database Firewall, current time zone, time, keyboard type used, and registration of Database Firewall to Audit Vault Server.

Note: Because the HTTPS protocol is used for Web access, you will be prompted to install the security certificate when you log on to the Audit Vault Server or Database Firewall on the Web console for the first time. When you log on for the first time, you must enter the password phrase set during installation, after the password phrase is verified, it is automatically transferred to the page for setting the password for the administrator and auditor of Audit Vault Server, Database Firewall, and operating system users.

Oracle AVDF configuration (1)

The initial user name and password are set. After the user name and password are set, you can log on with the user name and password you just set and perform other settings (the current time zone, time, and keyboard type must be set, the settings are relatively simple and I will not go into details here ).

Oracle AVDF configuration (2)

After the basic elements of user name, password, and date and time are set, you can log on to AuditVault Server and Database Firewall as an administrator and register Database Firewall to Audit Vault Server. Because Database Firewall does not provide complete configuration and management functions for both the command line and Web Console, most of its management and configuration must be completed through Audit Vault Server. In addition, for enterprise-level batch deployment needs, it is more convenient to centrally manage configurations through AuditVault Server.

Log on to the Audit Vault Server console, select the "certificate" menu under the "Settings" tab, and copy all the content in the Server certificate box on the right to the Database Firewall. Because the Audit Vault Server will be responsible for managing and configuring Database Firewall in the future, the purpose of providing a certificate to Database Firewall is to identify its legal identity in Database Firewall.

Oracle AVDF configuration (3)

Copy the certificate in the Audit Vault Server and select "Audit Vault Server" under the "System" tab of the Database Firewall console ". Paste the copied certificate content into the certificate bar, fill in the Audit Vault Server IP address column, and save the settings.

Oracle AVDF configuration (4)

After identifying the Audit Vault Server host in Database Firewall, return to the Audit VaultServer console. Select the "firewall" menu under the "firewall" tab, fill in the firewall name (custom firewall name) and the IP address of the host in the registration firewall form, and confirm registration.

Oracle AVDF configuration (5)

Because the identity of the Audit Vault Server host has been identified in Database Firewall, after you confirm registration, Audit VaultServer will connect and take over the management of Database Firewall. In this case, the Database Firewall host can be restarted, shut down, and deleted and registered on the Audit Vault Server. NOTE: If only one Database Firewall is deployed and the Audit Vault Server is properly connected and manageable, the status will be displayed as "Primary ", if the host where the Database Firewall is located is shut down or is not connectable, the status is "offline ". Click the name of the firewall set during registration to view the details of the firewall status at this time.

Oracle AVDF configuration (6)

L deployment configuration

After the initial configuration is complete, you only need to log on to the AuditVault Server. Next, we will deploy Oracle Audit Vault and database in the production environment to view its security target protection. The security goal here is a ZLHIS database in use. Note that the Audit Vault Agent is a java Agent that requires JDK1.5 and later versions to be installed on the security target host.

Log on to the Web Console of Audit Vault Server, select the "Agent" menu under the "host" tab, and click the "Download Agent" button on the Right To download the AuditVault Agent plug-in.

Oracle AVDF configuration (7)

 

Deploy and activate the Audit Vault Agent on the security target host. After setting JAVA_HOME, Run "java-jar agent. jar-d" on the security target host.Installation target directory name"(After the command is executed, the jar package is deployed to the directory where the installation target is located ). Switch the directory on the security target host to the installation target directory and execute "./Bin/agentctlactivate"Activate the agent plug-in.

After the plug-in is activated, log on to the Audit Vault Server as an administrator and select the "host" menu under the "host" tab, click "register" on the right to register the security target host to AuditVault Server (the host name column is customized, and the Host IP address is the security target host IP address) and save the settings.

Oracle AVDF configuration (8)

Next, activate the host registered above (this operation mainly generates a proxy activation key ). Under the "host" menu, select the host you just registered and click the activate button on the right. After successful activation, a key is generated in the "proxy activation key" column, and then the generated activation key is used to start the proxy plug-in for the security target host. Switch the directory on the security target host to the installation target directory and execute "./Bin/agentctl start-k key (the proxy activation key, that is, the GE4D-ZCQF-U2TB-QKO7-TBC1 in)"Start the agent plug-in. After the Audit Vault Agent plug-in is started, the "Agent status" column changes to "Running". Otherwise, the target host proxy is not started successfully.

Oracle AVDF configuration (9)

After the security target host is registered, it needs to register the database target on the host that needs to be protected. AuditVault Server, click "target" under the "protected targets" tab, click "register", enter the registration information for the protected target, and save the registration information. Note that the format of the protected directory location is related to the type of the protected target. The example image uses the Oracle database as an example. For other operating systems or database formats, see the official manual.

Oracle AVDF configuration (10)

After the protected directory is registered, you can configure "Audit lead" and "force point" for the protected directory (that is, the audit data source and execution point mentioned earlier. The Audit clue is to tell the agent plug-in where to send Audit data back to the Audit Vault Server. The force point is to determine the mode in which the firewall works and which firewall is used .)

Same as above, Audit Vault Server, click "add" under the "protected targets" tab, and fill in the Audit clue information. The audit clue information can be understood as follows, that is, the audit data is obtained from the host, the protected target, and the location. For detailed definitions, refer to the official manual, where there are many types of audit leads.

Oracle AVDF configuration (11)

The added audit leads and their collection statuses are displayed by default in the audit lead menu. You can use the start or stop button on the right to change the collection status. The green up arrow of the collection status bar indicates the start status, and the red down arrow indicates the stop status.

Oracle AVDF configuration (12)

After the audit lead is added, select the "force point" menu to create a force point. The force point information mainly determines which target the firewall is protected and what monitoring mode it adopts. In addition to the Force vertex name, the other content is configured for you to choose to use.

Oracle AVDF configuration (13)

So far, the deployment of Oracle Audit Vault andDatabase Firewall in the production environment has been completed. Next, you can log on to the AuditVault Server as an auditor to specify the audit operations to be performed and the rules that the firewall follows to monitor SQL traffic, view the working status of configured policies, the generated audit report, and the firewall interception report.