This blogpost will provide you detailed information about Oracle Audit Vault and Database Firewall (Oracle AVDF) setup.
Oracle AVDF is a comprehensive Database Activity Monitoring (DAM) solution that integrates with native audit data.
Environment Setup:
[oracrp@ebs-dev2-db01 ~]$ mkdir -pv /oradb/oracle/avcli mkdir: created directory ‘/oradb/oracle/avcli’ [oracrp@ebs-dev2-db01 ~]$ mkdir -pv /oradb/oracle/avagent mkdir: created directory ‘/oradb/oracle/avagent’ [oracrp@ebs-dev2-db01 ~]$- Add these variables to the environment file
vi DEV2CDB.env # AVS export AVCLI_HOME="/oradb/oracle/avcli" export AV_HOME="/oradb/oracle/avagent" export PATH="$PATH:$AV_HOME/bin"Download the JAR files:
AVDF installation requires one network interface card on respective hosts. IP assigned to AV server NIC will communicate with target databases and IP assigned to DF server will connect to AV
Download - Agent jar file:
Login to AV console as avadmin user
- Go to Agents tab
- Click on download
- Upload the downloaded "Audit Vault Agent Jar" from your desktop to Database server at "/oradb/oracle/avagent".
- Login to DB host using WinScp and upload the JAR
Download
- AVCLI jar file :
Download -
AVCLI jar file
Go to the Settings tab
Click on "Audit Vault CLI"
Upload the downloaded " AVCLI Jar" from your
desktop to Database server at "/oradb/oracle/ avcli ".
Login to DB host using WinScp and upload the JAR.
Install AVCLI on DB host :
Source AVDF environment variables and install AVCLI on db host.
[oracrp@ebs-dev2-db01 ~]$ . DEV2CDB.env [oracrp@ebs-dev2-db01 ~]$ cd $AVCLI_HOME [oracrp@ebs-dev2-db01 avcli]$ java -jar avcli.jar -d /oradb/oracle/avcli AVCLI installed successfully [oracrp@ebs-dev2-db01 avcli]$ ls av avcli.jar bin jdbc jlib lib META-INF network oc4j rdbms ucp [oracrp@ebs-dev2-db01 avcli]$ cd /oradb/oracle/avcli/bin [oracrp@ebs-dev2-db01 bin]$ ./avcli AVCLI : Release 20.8.0.0.0 - Production on Mon Feb 6 13:42:12 AST 2023 Copyright (c) 1996, 2022 Oracle. All Rights Reserved. AVCLI> connect avadmin Enter password: Connected. AVCLI> list host; 0 row(s) selected. The command completed successfully. AVCLI> AVCLI> exit Disconnected from Oracle Audit Vault Server - Version : 20.8.0.0.0 [oradev@ebs-dev2-db01 bin]$Install AV Agent: Install AV Agent on db host:
[oradev@ebs-dev2-db01 ~]$ cd $AV_HOME [oradev@ebs-dev2-db01 avagent]$ ls agent.jar [oradev@ebs-dev2-db01 avagent]$ java -jar agent.jar -d /oradb/oracle/avagent Agent installed successfully. If deploying hostmonitor please refer to product documentation for additional installation steps. [oradev@ebs-dev2-db01 avagent]$Register DB Host in AVDF:
[oradev2@ebs-dev2-db01 bin]$ cd /oradb/oracle/avcli/bin [oradev2@ebs-dev2-db01 bin]$ ./avcli AVCLI : Release 20.8.0.0.0 - Production on Mon Feb 6 13:46:24 AST 2023 Copyright (c) 1996, 2022 Oracle. All Rights Reserved. AVCLI> connect AVADMIN Enter password: Connected. AVCLI> list host; 0 row(s) selected. The command completed successfully. AVCLI> REGISTER HOST ebs-dev2-db01 WITH IP 10.10.2.51; The command completed successfully. AVCLI> list host ; --------------------------------------------------------------------------------------------------------------- | HOST | IP | VERSION | ACTIVATION_KEY | STATUS | AGENT_LOCATION | =============================================================================================================== | ebs-dev2-db01 | 10.10.1.22 | | EBS-DEV2-DB01::HAQS-FROV-KFX2-P#EH-K9BD | ACTIVATED | | --------------------------------------------------------------------------------------------------------------- 1 row(s) selected. The command completed successfully. AVCLI> exit Disconnected from Oracle Audit Vault Server - Version : 20.8.0.0.0 [oradev2@ebs-dev2-db01 bin]$Start the Registered Agent:
[oradev@ebs-dev2-db01 ~]$ ${AV_HOME}/bin/agentctl start -k Enter Activation Key: Checking for updates... Agent is updating. This operation may take a few minutes. Please wait... Agent updated successfully. Agent started successfully. [oradev@ebs-dev2-db01 ~]$Configure Agent auto restart:
[oradev@ebs-dev2-db01 ~]$ ${AV_HOME}/bin/agentctl registersvc Agent service registered successfully. [oradev@ebs-dev2-db01 ~]$Create AVDF DB user avdfdbuser and grant privileges to this user:
[oradev2@ebs-dev2-db01 bin]$ cd /oradb/oracle/avagent/av/plugins/com.oracle.av.plugin.oracle/config [oradev2@ebs-dev2-db01 config]$ sqlplus SQL*Plus: Release 19.0.0.0.0 - Production on Mon Feb 6 13:51:00 2023 Version 19.16.0.0.0 Copyright (c) 1982, 2022, Oracle. All rights reserved. Enter user-name: /as sysdba Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 SQL> conn c##dvacctmgr@ebsdev2 Enter password: Connected. SQL> CREATE USER avdfdbuser IDENTIFIED BY Avdfdbusr321; User created. SQL> CONNECT SYS / AS SYSDBA Enter password: SQL> conn / as sysdba Connected. SQL> alter session set container = ebsdev2 ; Session altered. SQL> spool oracle_avdf_user_setup.log SQL> @oracle_user_setup.sql avdfdbuser SETUP SQL> Rem Copyright (c) 2016, 2022, Oracle and/or its affiliates. SQL> Rem All rights reserved. SQL> Rem oracle__user_setup.sql - Grant privileges to user for SQL> Rem SETUP/SPA/ENTITLEMENT purpose SQL> SQL> WHENEVER SQLERROR EXIT; SQL> -- set the nls_numeric_characters to '.,' as version checking fails when nls is set to germany SQL> ALTER SESSION SET NLS_NUMERIC_CHARACTERS = '.,'; Session altered. Enter username for granting privileges: Setting username to 'avdfdbuser' Enter mode (SETUP/SPA/ENTITLEMENT): SETUP for granting Audit Collection and Audit Policy Management privileges SPA for granting Stored Procedure Auditing privileges ENTITLEMENT for granting Entitlement retrieval privileges Setting mode to 'SETUP' Granting privileges to "AVDFDBUSER" ... Done. SQL> EXIT; Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 [oradev2@ebs-dev2-db01 config]$ sqlplus SQL*Plus: Release 19.0.0.0.0 - Production on Mon Feb 6 13:53:39 2023 Version 19.16.0.0.0 Copyright (c) 1982, 2022, Oracle. All rights reserved. Enter user-name: /as sysdba Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 SQL> conn c##dvowner@ebsdev2 Enter password: Connected. SQL> GRANT DV_MONITOR TO "AVDFDBUSER"; Grant succeeded. SQL> exit Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 [oradev2@ebs-dev2-db01 config]$ sqlplus SQL*Plus: Release 19.0.0.0.0 - Production on Mon Feb 6 13:56:27 2023 Version 19.16.0.0.0 Copyright (c) 1982, 2022, Oracle. All rights reserved. Enter user-name: /as sysdba Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 SQL> alter session set container = ebsdev2 ; Session altered. SQL> GRANT DV_SECANALYST TO avdfdbuser; Grant succeeded. SQL> [oradev2@ebs-dev2-db01 config]$ sqlplus SQL*Plus: Release 19.0.0.0.0 - Production on Mon Feb 6 14:02:31 2023 Version 19.16.0.0.0 Copyright (c) 1982, 2022, Oracle. All rights reserved. Enter user-name: /as sysdba Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 SQL> alter session set container = ebsdev2 ; Session altered. SQL> spool oracle_user_ENTITLEMENT.log SQL> @oracle_user_setup.sql avdfdbuser ENTITLEMENT Session altered. Enter username for granting privileges: Setting username to 'avdfdbuser' Enter mode (SETUP/SPA/ENTITLEMENT): SETUP for granting Audit Collection and Audit Policy Management privileges SPA for granting Stored Procedure Auditing privileges ENTITLEMENT for granting Entitlement retrieval privileges Setting mode to 'ENTITLEMENT' Granting privileges to "AVDFDBUSER" ... Done. Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 [oradev2@ebs-dev2-db01 config]$ sqlplus SQL*Plus: Release 19.0.0.0.0 - Production on Mon Feb 6 14:03:21 2023 Version 19.16.0.0.0 Copyright (c) 1982, 2022, Oracle. All rights reserved. Enter user-name: /as sysdba Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 SQL> SQL> alter session set container = ebsdev2 ; Session altered. SQL> spool oracle_user_SPA.log SQL> @oracle_user_setup.sql avdfdbuser SPA Session altered. Enter username for granting privileges: Setting username to 'avdfdbuser' Enter mode (SETUP/SPA/ENTITLEMENT): SETUP for granting Audit Collection and Audit Policy Management privileges SPA for granting Stored Procedure Auditing privileges ENTITLEMENT for granting Entitlement retrieval privileges Setting mode to 'SPA' Granting privileges to "AVDFDBUSER" ... Done. Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.16.0.0.0 [oradev2@ebs-dev2-db01 config]$Register PDB in AVDF :
[oradev2@ebs-dev2-db01 config]$ ${AVCLI_HOME}/bin/avcli -u avadmin AVCLI : Release 20.8.0.0.0 - Production on Mon Feb 6 14:06:39 AST 2023 Copyright (c) 1996, 2022 Oracle. All Rights Reserved. Enter password for 'AVADMIN': Connected to: Oracle Audit Vault Server - Version : 20.8.0.0.0 AVCLI> LIST SECURED TARGET; 0 row(s) selected. The command completed successfully. AVCLI> REGISTER SECURED TARGET ebsdev2 OF SECURED TARGET TYPE "Oracle Database" AT jdbc:oracle:thin:@//10.10.1.22:1523/ebsdev2 AUTHENTICATED BY avdfdbuser; Enter password: The command completed successfully. AVCLI> LIST SECURED TARGET; ------------------------------------------------------------------------------------------- | NAME | DESCRIPTION | LOCATION | SECUREDTARGETTYPE | =========================================================================================== | ebsdev2 | | jdbc:oracle:thin:@//10.10.1.22:1523/ebsdev2 | Oracle Database | ------------------------------------------------------------------------------------------- 1 row(s) selected. The command completed successfully. AVCLI> exit Disconnected from Oracle Audit Vault Server - Version : 20.8.0.0.0 [oradev2@ebs-dev2-db01 config]$The above blogposts provide detailed information about setting up of AVDF software.
Thanks for reading :)
regards,
ZAHEER
Comments