Oracle AVDF Installation

Next: Oracle Audit and Database Firewall (AVDF) Introduction

1.Oracle AVDF Installation Configuration

The installation of Oracle Auditvault and Database firewall is somewhat cumbersome and requires a high level of hardware configuration for the installation environment. Because it is divided into audit Vault server and database Firewall, it requires at least 2 separate hosts for its installation deployment. Here's an example of the simplest inline mode for an experimental environment where Oracle Audit Vault and Database Firewall are designed for zlhis applications.

1.1. Pre-preparation

Before installing, please download the complete installation media as described above. Note: The latest version of Oracleaudit Vault and Database firewall can now be installed on only oracleenterprise Linux5.8 x86_64 and above.

Due to the special features of the firewall, it requires at least 2 NICs to be installed on the firewall, and requires at least 3 network cards if a firewall is required to work in DPE mode. It requires at least 2GB of memory and 125GB of hard disk space to install Audit Vault Server and database firewall hosts.

Finally, before the formal installation, verify that both of the hosts used for the installation are only for Auditvault and Database Firewall, and that important data is already backed up. Because kernel mirroring is regenerated at installation time and the hard disk is automatically re-partitioned.

1.2. Formal Installation

Confirm that the installation media must be downloaded intact, the following 3 image files are indispensable:

Oracle AVDF installation media

Install audit Vault Server first. Insert the Audit Vault Server installation disc that was burned in the image file into the CD drive, start the computer to start the installation, and automatically load the installation information to prompt for an Oracle Enterpries Linux system CD. At this point, exit the audit vaultserver Setup disk and select OK after inserting the OEL (Oracle enterpries Linux) installation disk.

Oracle AVDF Installation (i)

After you identify the inserted OEL disc and verify the dependencies of the packages that are required for installation, start the automatic installation. This installation is in fact the installation of the OEL operating system (but the system kernel image files are regenerated according to audit vaultserver requirements), and then Auditvault Server is installed OEL the system.

Oracle AVDF Installation (ii)

After the installation of the operating system, you will be prompted to insert the Audit Vaultserver installation CD, after which the installation steps are actually installed audit Vault server. Similarly, after replacing the disc, select OK, and the system will automatically run the installation and apply the configuration script.

Oracle AVDF Installation (iii)

Install and apply the default configuration script (this process takes a relatively long time depending on the machine configuration).

Oracle AVDF Installation (iv)

After installing and applying the default script, you will be prompted to set an "Install password", which will need to be used in case of later shutdown via the console (you will need to remember that the installation password requires a repeat two times if the password is set too simple and the system prompts you to confirm the password).

Oracle AVDF Installation (v)

Finally, the system automatically recognizes all the networks that are available on the current host and requires that one of the network cards be selected as the management interface. When you select the NIC as the management interface, the information about the NIC is displayed, and the management interface IP address is required.

Oracle AVDF Installation (vi)

Sets the management interface IP address.

Oracle AVDF Installation (vii)

After the management interface IP address is set up, select the last restart to complete the installation (the restart process is a little bit longer because the Oracle database that stores the data later is installed and configured for audit Vault server when it restarts).

The console interface is shown after a successful restart. This interface enables you to change the IP address, set the operating system user password (root, support dual-use), change the password that was set during installation, and shutdown. These features can be done in the Web console provided by the Audit Vault server. The installation of Audit Vaultserver is complete, and all subsequent operations are completed in the Web console.

Oracle AVDF Installation (eight)

After the installation of the Audit Vaultserver is complete, you can install the database Firewall (the installation order of the two is not strictly differentiated). The installation steps for Database firewall are exactly the same as for Audit Vault server, which also has two prompts to replace the installation disc, set the installation password, and the management interface IP address.

1.1. Configure the deployment

L Initial Configuration

There are some initial settings that need to be completed before a formal deployment, including user passwords for the operating system (root and support users), passwords for administrators and auditors who log on to audit Vault server and database firewall, the current time zone, Time, the type of keyboard used, and settings such as registering the database firewall with the Audit Vault server.

Note that because Web Access uses the HTTPS protocol, you are prompted to install a security certificate when you first log on to audit Vault server or database firewall using the Web console. And when you first log on, you will be asked to enter the passphrase set at installation, and the password phrase verification will automatically go to the page that sets audit Vault Server, Database Firewall administrator and auditor, and operating system user's password.

Oracle AVDF Configuration (i)

Initial user name, password settings, user name password settings can be set to the user name and password to log in and make other settings (the main need to complete the current time zone, time and keyboard type settings, the settings are more simple here no longer repeat).

Oracle AVDF Configuration (ii)

User name, password, and date time when these basic elements are set up, you can now log on to Auditvault server and database firewall as an administrator and then register the database firewall with the Audit Vault server. Because the database firewall itself, whether it is the command line or the Web console, does not provide its own complete configuration and management capabilities, most of its management and configuration needs to be done with the help of Audit Vault server. And for enterprise-class batch deployments, it is more convenient to centralize management configuration through Auditvault server.

After logging in to the Audit Vault Server console, under the Settings tab, select the Certificate menu, and then copy the contents of the right-side server certificate box to database firewall. Because audit Vault Server will later assume the task of managing and configuring database firewall, the purpose of providing a certificate to database firewall is to identify its own legal identity to database firewall.

Oracle AVDF Configuration (iii)

After you replicate the certificates in the Audit Vault server, select Audit Vault Server under the System tab of the database firewall console. Then paste the contents of the copied certificate into the certificate bar, and in the Audit Vault Server IP Address field, fill in the IP address of the Audit Vault server host and save the settings.

Oracle AVDF Configuration (iv)

When you are finished identifying the Audit Vault server host in database firewall, return to the Audit Vaultserver console. Select the firewall menu under the Firewall tab, and in the Register firewall form, fill in the firewall name (the firewall name is self-defined) and the host's IP address, and confirm the registration.

Oracle AVDF Configuration (v)

Since the identity of the audit Vault server host has previously been identified in database firewall, audit Vaultserver will be connected and take over the management of database firewall after the registration is confirmed. In audit Vault server, the database firewall host can be re-started, shut down, delete registration, and so on. Note that if only one database firewall is deployed and audit Vault server is properly connected and manageable, the status will be displayed as "Primary" if the database firewall host machine or other non-connected state is "Offline". You can view the details of the firewall status at this time by clicking on the firewall name set when registering.

Oracle AVDF Configuration (vi)

L Deployment Configuration

After the initial configuration is complete, basically all of the work will need to be logged in to Auditvault server to complete. The next step is to deploy the Oracle Audit Vault anddatabase into a production environment to see its protection for security goals. The security objective here is a zlhis database that is in use. Note that because the audit Vault agent is a proxy plugin written in the Java language, it requires that the security target host be installed with JDK1.5 and above versions.

Log in to the Web console of the Audit Vault server Select the "Agents" menu under the "Hosts" tab and click on the "Download Agent" button on the right to download the Auditvault Agent Agent plugin.

Oracle AVDF Configuration (vii)

Deploy and activate the Audit Vault Agent plug-in on the security target host. Deploy the Java-jar agent.jar-d installation target directory name on the security target host after the Java_home is set up (the command executes to deploy the jar package to the installation target directory). Then, on the security target host, switch directories to the installation target directory and execute ". /bin/agentctlactivate"Activates the proxy plugin.

After the plugin is activated, log in to audit Vault server as an administrator, select the Hosts menu under the Hosts tab, and click the Register button on the right to register the security target host with the Auditvault Server (the hostname bar is defined by itself and the host IP is the security destination host IP address ) to save the settings.

Oracle AVDF Configuration (eight)

Next, activate the host registered above (this operation primarily generates a proxy activation key). Under the Host menu, select the host you just registered, and click the Activate button on the right. After successful activation, a key is generated in the Agent activation key column and then the proxy plug-in for the security target host is started using the generated activation key. On the security target host, switch directory to the installation target directory and execute ". /bin/agentctl start–k key (proxy activation key, GE4D-ZCQF-U2TB-QKO7-TBC1 in)"Start Agent plugin. After the Audit Vault agent plug-in is started, the "Agent status" bar becomes "Running" state, otherwise the target host agent does not start successfully.

Oracle AVDF Configuration (ix)

Once the security target host is registered, it needs to register the database target on that host that needs to be protected. Auditvault Server, the target menu under the Protected Targets tab, click Register, fill in the protected target registration information, and save. Note that the format of the protected directory location is related to the protected target type, and the example image is in the Oracle database as an example. For other operating systems or databases, please refer to the official manual.

Oracle AVDF Configuration (10)

After the protected directory registration is complete, you can configure the audit trail and enforcement point for the protected directory (that is, the audit data source and the execution point mentioned earlier in this article. The audit trail is to tell the proxy plug-in where the audit data is sent back to the audit Vault server server, forcing the point to determine what mode the firewall is working in and which firewall to use. )

Ibid., Audit Vault Server, the "Audit trail" menu under the "Protected Targets" tab, click Add to fill in the audit trail information. The audit trail information is simple enough to understand where to get audit data from which host's protected target. See the official manual for detailed definitions, which involve more audit trail types, which are not covered here.

Oracle AVDF Configuration (11)

An audit trail that has been added and its collection status is displayed by default under the Audit trail menu. The collection status can be changed by the start or stop button on the right. The Collect status bar shows a green up arrow indicating the start state, and a red down arrow indicates a stop state.

Oracle AVDF Configuration (12)

Audit Trail Add complete then select the enforcement Point menu to create a force point. The mandatory point information is primarily about determining which protected target the firewall is targeting and what monitoring mode to take. In addition to the mandatory point name, the rest of the content is configured before you choose to use.

Oracle AVDF Configuration (13)

So far, the deployment of Oracle Audit Vault anddatabase Firewall in a production environment has been fully completed. You can then log in to Auditvault server as an auditor to specify what audit actions to perform and what rules the firewall follows to monitor SQL traffic, and to see how the policies have been set up, the audit reports generated, and the firewall interception reports.

Oracle AVDF Installation