Transcription
Oracle Audit Vault and DatabaseFirewallAdministrator's GuideRelease 20E93408-18June 2022
Oracle Audit Vault and Database Firewall Administrator's Guide, Release 20E93408-18Copyright 2012, 2022, Oracle and/or its affiliates.Primary Authors: Karthik Shetty, Rajesh Tammana, Mahesh Rao , Ravi Kumar, Sachin Deshmanya, AshokSwaminathan, Angeline Dhanarani, Manish ChandraContributors: Jean-Francois Verrier, Vipin Samar, Sarma Namuduri, Lok Sheung, Kaviarasi G, ShrikrishnaMudrale, Soumya Vinod, Hitali Sheth, Sourav Basu, Sumanth Vishwaraj, Paul Laws, Nikhita P, Rinchu S,Shobhit Mishra, Venkataharikrishna Nimmaraju, Marek Dulko, Paul Hackett, William Howard-Jones, RaviSharma, Vijay Medi, Tom Taylor, Nithin Gomez, Sunil Channapatna RavindracharThis software and related documentation are provided under a license agreement containing restrictions onuse and disclosure and are protected by intellectual property laws. Except as expressly permitted in yourlicense agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverseengineering, disassembly, or decompilation of this software, unless required by law for interoperability, isprohibited.The information contained herein is subject to change without notice and is not warranted to be error-free. Ifyou find any errors, please report them to us in writing.If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it onbehalf of the U.S. Government, then the following notice is applicable:U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,any programs embedded, installed or activated on delivered hardware, and modifications of such programs)and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government endusers are "commercial computer software" or "commercial computer software documentation" pursuant to theapplicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use,reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/oradaptation of i) Oracle programs (including any operating system, integrated software, any programsembedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oraclecomputer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in thelicense contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloudservices are defined by the applicable contract for such services. No other rights are granted to the U.S.Government.This software or hardware is developed for general use in a variety of information management applications.It is not developed or intended for use in any inherently dangerous applications, including applications thatmay create a risk of personal injury. If you use this software or hardware in dangerous applications, then youshall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure itssafe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of thissoftware or hardware in dangerous applications.Oracle, Java, and MySQL are registered trademarks of Oracle and/or its affiliates. Other names may betrademarks of their respective owners.Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks areused under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc,and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registeredtrademark of The Open Group.This software or hardware and documentation may provide access to or information about content, products,and services from third parties. Oracle Corporation and its affiliates are not responsible for and expresslydisclaim all warranties of any kind with respect to third-party content, products, and services unless otherwiseset forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not beresponsible for any loss, costs, or damages incurred due to your access to or use of third-party content,products, or services, except as set forth in an applicable agreement between you and Oracle.
ContentsPrefaceAudiencexxixDocumentation AccessibilityxxixDiversity and InclusionxxixRelated DocumentsxxixConventionsxxixTranslationxxxQuick Reference for Common TasksAbout this Quick ReferencexxxiAudit Vault ServerxxxiDatabase FirewallxxxiiHostsxxxiiiAgentxxxiiiHost MonitorxxxivTargetsxxxivOther Administrator TasksxxxvReference InformationxxxvPart IGetting Started with Oracle Audit Vault and Database Firewall1Changes in Oracle Audit Vault and Database Firewall Release 202Introducing Oracle Audit Vault and Database Firewall2.1Downloading the Latest Version of This Manual2-12.2Learning About Oracle Audit Vault and Database Firewall2-12.3Supported Platforms for Oracle Audit Vault and Database Firewall2-12.4Oracle Audit Vault and Database Firewall System Features2-22.4.1About Oracle Audit Vault and Database Firewall2-2iii
2.4.2Security Technical Implementation Guides and Implementation for Oracle AuditVault and Database Firewall2-22.4.3System Requirements for Oracle Audit Vault and Database Firewall2-32.4.4Supported Targets for Oracle Audit Vault and Database Firewall2-32.4.5Oracle Audit Vault and Database Firewall Administrative Features2-32.4.6Oracle Audit Vault and Database Firewall Auditing Features2-42.4.7Integrating Oracle Audit Vault and Database Firewall with Oracle Key Vault2-42.5Separation of Duties2-42.6Understanding the Administrator's Role2-52.7Planning Your Oracle Audit Vault and Database Firewall System Configuration2-62.7.1Guidance for Planning Your Oracle Audit Vault and Database FirewallConfiguration2-62.7.2Step 1: Plan Your Oracle Audit Vault Server Configuration2-62.7.3Step 2: Plan Your Oracle Database Firewall Configuration2-72.7.4Step 3: Plan Your Oracle Audit Vault Agent Deployments2-72.7.5Step 4: Plan Your Audit Trail Configurations2-82.7.6Step 5: Plan for High Availability2-82.7.7Step 6: Plan User Accounts and Access Rights2-82.8Summary of Configuration Steps2.8.1Configuring Oracle Audit Vault and Database Firewall and Deploying the Agent2-92.8.2Configuring Oracle Audit Vault and Database Firewall and Deploying OracleDatabase Firewall2-92.932-9Using Audit Vault Server Console2-102.9.1Log in to Audit Vault Server Console2-102.9.2Log in to Database Firewall Console2-112.9.3Understanding the Tabs and Menus in Audit Vault Server Console2-112.9.4Working with Lists of Objects in the Audit Vault Server Console2-122.10Using the Audit Vault Command Line Interface2-132.11Using the Oracle Audit Vault and Oracle Database Firewall Enterprise ManagerPlug-In2-14General Security Guidelines3.1Installing Oracle Audit Vault and Database Firewall Securely to Protect Your Data3-13.1.1Installing Oracle Audit Vault and Database Firewall Securely3-13.1.2Protecting Your Data3-13.2General Security Recommendations3-23.3External Network Dependencies3-23.4Considerations for Deploying Network-Based Solutions3-33.4.1Managing Database Firewall Network Encryption3-33.4.2Managing Database Firewall Server Side SQL and Context Configurations3-33.4.3How Oracle AVDF Works with Various Database Access Paths3-3iv
3.4.43.4.53.53-4Additional Client and Listener Behavior Considerations3-4Security Considerations for Special Configurations3.5.1Custom Collector Development3.6About Setting Transport Layer Security Levels3.7Certificates3.7.14Database Firewall Configuration for Oracle Database Target Configured inShared Server Mode3-53-53-63-12Platform Certificates3-12Configuring Audit Vault Server4.1About Configuring Audit Vault Server4-14.2Changing the UI (Console) Certificate for Audit Vault Server4-24.3Specifying Initial System Settings and Options on Audit Vault Server (Required)4-34.3.1Specifying the Server Date, Time, and Keyboard Settings4-34.3.2Changing the Time Zone4-74.3.3Specifying Audit Vault Server System Settings4-74.3.3.1Changing the Audit Vault Server Network Configuration4-74.3.3.2Changing the Standby Audit Vault Server Network Configuration4-94.3.3.3Configuring or Changing the Audit Vault Server Services4-104.3.3.4Changing the Standby Audit Vault Server System Settings4-114.3.3.5Changing IP Addresses of Active and Registered Agents4-124.3.4Configuring Audit Vault Server Syslog Destinations4-134.3.5Configuring Custom Ports on Network Interfaces4-144.4Configuring the Email Notification Service4-164.4.1About Email Notifications in Oracle Audit Vault and Database Firewall4-164.4.2Configuring Email Notification for Oracle Audit Vault and Database Firewall4-174.5Configuring Archive Locations and Retention Policies4.5.14-18About Archiving and Retrieving Data in Oracle Audit Vault and DatabaseFirewall4-184.5.2Defining Archive Locations4-214.5.3Creating or Deleting Archiving Policies4-234.5.3.1Creating Archiving and Retention Policies4-234.5.3.2Deleting Archiving Policies4-244.5.4Viewing Archived Datafiles4-244.5.5Running Archive and Retrieval Jobs4-254.6Managing Archival and Retrieval in High Availability Environments4-264.7Defining Resilient Pairs for High Availability4-274.8Registering Database Firewall in Audit Vault Server4-284.9Testing Audit Vault Server System Operations4-294.10Configuring Fiber Channel-Based Storage for Audit Vault Server4-294.11Adding Local Disks to the New ASM Disk Group4-30v
54.12Fiber Channel Based Multipath in Oracle AVDF4-334.13Adding Network Address Translation IP Addresses to Audit Vault Agent4-34Configuring Database Firewall5.1About Configuring Database Firewall5-15.2Introduction to Database Firewall Deployment5-25.2.1Monitoring / Blocking (Proxy)5-35.2.2Monitoring (Out-of-Band)5-75.2.3Monitoring (Host Monitor)5-85.3Specifying the Audit Vault Server Certificate and IP Address5.4Managing the Oracle Database Firewall Network and Services Configuration5-115.4.1Configuring Network Settings for Oracle Database Firewall5-125.4.2Configuring Network Services for Oracle Database Firewall5-135.4.3Configuring SNMPv3 Users in Oracle Audit Vault and Database Firewall5-145.5Setting the Date and Time in Database Firewall5-165.6Changing IP Address on a Single Instance of Database Firewall Server5-175.7Changing the Database Firewall Host Name5-185.8Configuring Database Firewall and Its Traffic Sources on Your Network5-195.8.1About Configuring Oracle Database Firewall and Traffic Sources On YourNetwork5-195.8.2Configuring Traffic Sources5-205.8.3Configuring Database Firewall As A Traffic Proxy5-205.965-9Viewing the Status and Diagnostics Report for Database Firewall5-215.10Configure and Download the Diagnostics Report File5-215.11Configuring Encapsulated Remote Switched Port Analyzer with Database Firewall5-25Registering Hosts and Deploying the Agent6.16.2Registering Hosts on Audit Vault Server6-16.1.1About Registering Hosts6-16.1.2Registering Hosts in the Audit Vault Server6-26.1.3Changing Host Names6-4Deploying and Activating the Audit Vault Agent on Host Computers6-56.2.1Audit Vault Agent Requirements6-56.2.2Audit Vault Agent Machine Java Best Practices6-66.2.3Validation During Audit Vault Agent Deployment6-66.2.4About Deploying the Audit Vault Agent6-76.2.5Steps Required to Deploy and Activate the Audit Vault Agent6-116.2.6Registering the Host6-116.2.7Deploying the Audit Vault Agent6-126.2.8Activating and Starting the Audit Vault Agent6-13vi
6.2.96.2.106.3Registering and Unregistering the Audit Vault Agent as a Windows Service6-146-156.2.10.1About the Audit Vault Agent Windows Service6-166.2.10.2Registering the Audit Vault Agent as a Windows Service6-166.2.10.3Unregistering the Audit Vault Agent as a Windows Service6-17Stopping, Starting, and Other Agent Operations6.3.1Stopping and Starting Audit Vault Agent6-186-186.3.1.1Stopping and Starting the Agent on Unix Hosts6-186.3.1.2Stopping and Starting the Agent on Windows Hosts6-196.3.1.3Autostarting the Agent on Windows Hosts6-206.3.2Changing the Logging Level for the Audit Vault Agent6-206.3.3Viewing the Status and Details of Audit Vault Agent6-216.3.4Deactivating and Removing Audit Vault Agent6-216.4Updating Audit Vault Agent6-226.5Deploying Plug-ins and Registering Plug-in Hosts6-226.67Configuring Agent Auto Restart Functionality6.5.1About Plug-ins6-236.5.2Ensuring that Auditing is Enabled in a Target6-236.5.3Registering the Plug-in Host in Audit Vault Server6-236.5.4Deploying and Activating the Plug-in6-246.5.5Removing Plug-ins6-25Deleting Hosts from Audit Vault Server6-26Configuring Targets, Audit Trails, and Database Firewall MonitoringPoints7.1About Configuring Targets7-17.2Registering Targets and Creating Groups7-17.2.17.3Registering or Removing Targets in Audit Vault Server7-17.2.1.1About Targets in the Audit Vault Server7-17.2.1.2Registering Targets7-27.2.1.3Modifying Targets7-77.2.1.4Removing Targets7-87.2.2Creating a Target Group7-87.2.3Modifying a Target Group7-97.2.4Controlling Access to Targets and Target Groups7-107.2.5Moving a Target from One Host Machine to Another7-10Preparing Targets for Audit Data Collection7-127.3.1Using an NTP Service to Set Time on Targets7-127.3.2Ensuring that Auditing is Enabled on the Target7-137.3.3Setting User Account Privileges on Targets7-147.3.4Scheduling Audit Trail Cleanup7-14vii
7.4Configuring and Managing Audit Trail Collection7.4.1Prerequisites for Adding Audit Trails in Oracle Audit Vault Server7-157.4.2Adding Audit Trails in Audit Vault Server7-157.4.3Stopping, Starting, and Autostart of Audit Trails in Oracle Audit Vault Server7-177.4.4Checking the Status of Trail Collection in Audit Vault Server7-187.4.5Audit Collection Best Practices7-207.4.6Handling New Audit Trails with Expired Audit Records7-217.4.7Deleting an Audit Trail7-227.4.8Converting Audit Record Formats for Collection7-227.4.8.1Prerequisites for Converting Oracle Audit Vault Record MySQL Formats7-227.4.8.2Running the XML Transformation Utility for MySQL Audit Formats7-227.4.8.3Converting Binary Audit Files to ASCII Format for IBM DB27-247.4.97.4.107.57-14Configuring Audit Trail Collection for Oracle Real Application Clusters7-27Configuring Audit Trail Collection for CDBs and PDBs7-28Configuring Database Firewall Monitoring Points7-307.5.1About Configuring Database Firewall Monitoring Points for Targets7-307.5.2Creating and Configuring a Database Firewall Monitoring Point7-317.5.3Modifying a Database Firewall Monitoring Point7-337.5.4Starting, Stopping, or Deleting Database Firewall Monitoring Points7-357.5.5Viewing the Status of Database Firewall Monitoring Points7-367.5.6Finding the Port Number Used by a Database Firewall Monitoring Point7-367.6Configuring Stored Procedure Auditing (SPA)7-377.7Configuring Database Firewall for Databases That Use Native Network Encryption7-377.87.7.1Step 1: Apply the Specified Patch to the Oracle Database7-387.7.2Step 2: Run the Oracle Advance Security Integration Script7-387.7.3Step 3: Provide the Database Firewall Public Key to Oracle Database7-397.7.4Step 4: Enable Native Network Encrypted Traffic Monitoring for OracleDatabase7-40Configuring Advanced Settings for Database Firewall7.8.1About Native Network Encryption for Oracle Databases7-407.8.2Monitor Native Network Encrypted Traffic Through Database Firewall forOracle Databases7-417.8.3Disabling Encrypted Traffic Monitoring for Oracle Databases7-427.8.4Retrieve Session Information for Non Oracle Databases7-427.8.4.17.8.4.27.97-40Setting Permissions to Retrieve Session Information in Microsoft SQLServer7-43Setting Permissions to Retrieve Session Information in Sybase SQLAnywhere Database7-43Monitoring TLS Encrypted SQL Traffic7.9.17.9.27-44Using Default Self Signed Certificates Created During Monitoring PointCreation7-44Configuring Mutual Authentication for Inbound or Outbound TLSCommunication7-45viii
7.9.3Using External Certificates Signed by Certificate Authority7-477.9.4Disabling Mutual Authentication for Inbound or Outbound TLS Communication7-507.10About Database Response Monitoring7-517.10.2Enabling Database Response Monitoring7-52Securing the Agent and Oracle Database Target Connection7-53Using Host Monitor8.1About Host Monitoring8-18.2Installing and Enabling Host Monitor8-18.38.2.1Host Monitor Requirements8-28.2.2Validation During Host Monitor Agent Deployment8-38.2.3Register the Host Machine That Will Run the Host Monitor8-38.2.4Deploy the Audit Vault Agent and the Host Monitor8-38.2.4.1Deploying the Agent and Host Monitor on Windows Host Machine8-48.2.4.2Deploying the Agent and Host Monitor on Unix Host Machine8-78.2.5Create a Target for the Host Monitored Database8-88.2.6Create a Monitoring Point for the Host Monitor8-88.2.7Create a Network Audit TrailStarting, Stopping, and Other Host Monitor Operations8-108-128.3.1Starting the Host Monitor8-128.3.2Stopping the Host Monitor8-138.3.3Changing the Logging Level for a Host Monitor8-138.3.4Viewing Host Monitor Status and Details8-138.3.5Checking the Status of a Host Monitor Audit Trail8-138.3.6Uninstalling the Host Monitor (Unix Hosts Only)8-138.4Updating the Host Monitor (Unix Hosts Only)8-148.5Using Certificate-based Authentication for the Host Monitor8-148.5.18.5.297-517.10.17.118Configuring and Using Database Response MonitoringRequiring a Signed Certificate for Host Monitor Connections to DatabaseFirewall8-14Getting a Signed Certificate from Audit Vault Server8-15High Availability in Oracle AVDF9.1About High Availability in Oracle AVDF9-19.2Managing High Availability in Audit Vault Server9-19.2.1About High Availability in Audit Vault Servers9-19.2.2Prerequisites for Configuring High Availability in Audit Vault Servers9-39.2.3Configure the Designated Standby Audit Vault Server9-39.2.4Configure the Designated Primary Audit Vault Server9-49.2.5Checking the High Availability Status of an Audit Vault Server9-5ix
9.2.6Post High Availability Pairing Steps9-59.2.7Audit Vault Agent Communication with Audit Vault Server in High Availability9-69.2.8Swapping Roles Between a Primary and Standby Audit Vault Server9-79.2.9Handling a Failover Scenario9-79.2.10Unpair Primary and Standby Audit Vault Servers9-89.2.11Disabling or Enabling Failover of the Audit Vault Server9-89.2.12Archiving and Retrieving in High Availability9-99.2.13Backup and Restore of Audit Vault Server in High Availability9.3High Availability for Database Firewall9-119.3.1High Availability for Database Firewall9-119.3.2High Availability for Database Firewall in Host Monitor or Out of Band Modes9-129.3.3Swapping Roles Between Primary and Standby Database Firewalls9-139.3.4Unpair Primary and Standby Database Firewalls9-139.3.5Configuring High Availability of Database Firewall Instances With MonitoringPoints9-149.4High Availability for Database Firewall in Proxy Mode9.4.19.4.29-15Configuring High Availability for Database Firewall in Proxy Mode using DNS9-17Integration with Third Party SIEM and Log-data Analysis Tools11Using Oracle Database Firewall with Oracle RAC11.1Configuring a Database Firewall with Oracle RAC for Monitoring and Blocking11.1.111.1.211.29-15Configuring High Availability for Database Firewall in Proxy Mode throughClient Configuration10129-1011-1About Configuring Database Firewall with Oracle RAC for Monitoring andBlocking11-1Configure A Proxy Using the Audit Vault Server Console11-1Configuring a Database Firewall with Oracle RAC for Monitoring11-2Oracle Audit Vault and Database Firewall on Oracle Cloud Infrastructure12.1About Oracle AVDF on Oracle Cloud Infrastructure12-112.2Benefits of Provisioning Oracle AVDF on Oracle Cloud Infrastructure12-112.3Supported Oracle Cloud Infrastructure Virtual Machine Shapes12-212.4Provisioning Oracle AVDF with the Oracle Cloud Marketplace Image12-212.4.1Accessing the Oracle AVDF Cloud Marketplace Image12-312.4.2Creating an Oracle AVDF instance with Oracle Cloud Marketplace Image12-312.4.3Post Instance Creation Steps12-512.5Connecting to Oracle AVDF Instance12-612.6Scaling up Oracle AVDF Instance12-7x
1312.7Changes in Functionality for Oracle AVDF Instances on OCI12-812.8Ports for Communication between Oracle AVDF Components12-912.9High Availability for Oracle AVDF Instance12-912.10Deploying Audit Vault Agents12-1012.11Configuring Audit Trail Collection12-1112.12Deploying Database Firewall for Monitoring12-1112.13Monitoring Autonomous Database Services12-1212.14Monitoring DB Systems on OCI12-1312.15Backup and Restore of Oracle AVDF Instances in OCI12-1312.16Archiving and Retrieving Audit Data12-1412.17Starting or Stopping the Oracle AVDF Instance12-1412.18Terminating Oracle AVDF Instance12-15Oracle Audit Vault And Database Firewall Hybrid Cloud Deployment13.1Oracle Audit Vault and Database Firewall Hybrid Cloud Deployment andPrerequisites13-113.2Opening Ports on Oracle Database Cloud Service13-313.3Configuring Hybrid Cloud Target Using TCP13-413.3.1Step 1: Registering On-premises Host on the Audit Vault Server13-413.3.2Step 2: Installing Audit Vault Agent on Registered On-premises Hosts13-413.3.3Step 3: Creating User Accounts on Oracle Database Cloud Service TargetInstances13-5Step 4: Setting Up or Reviewing Audit Policies on Target Oracle DatabaseCloud Service Instances13-6Step 5: Creating Targets on Oracle Audit Vault Server for Oracle DatabaseCloud Service Instances13-6Step 6: Starting Audit Trail on Audit Vault Server for Oracle Database CloudService Instances13-713.3.413.3.513.3.613.4Configuring TCPS Connections for DBCS Instances13-813.4.1Step 1: Creating Server Wallet and Certificate13.4.2Step 2: Creating Client (Agent) Wallet and Certificate13-1013.4.3Step 3: Exchanging Client (Agent) and Server Certificates13-1313.4.4Step 4: Configuring Server Network13-1613.4.5Step 5: Connecting to DBCS instances in TCPS mode13-1813.5Configuring Hybrid Cloud Target Using TCPS13-813-1813.5.1Step 1: Registering On-premises Host on Oracle Audit Vault Server13-1813.5.2Step 2: Installing Oracle Audit Vault Agent on Registered On-premises Hostsand Configuring TCPS13-19Step 3: Creating User Accounts on Oracle Database Cloud Service TargetInstances13-19Step 4: Setting Up or Reviewing Audit Policies on Target Oracle DatabaseCloud Service Instances13-2013.5.313.5.4xi
13.5.5Step 5: Creating Targets on Audit Vault Server for Oracle Database CloudService Instances13-21Step 6: Starting Audit Trail on Audit Vault Server for Oracle Database CloudServices Instances13-22Configuring Oracle Database Exadata Express Cloud Service Target Using TCPS13-2213.5.613.613.6.113.6.213.6.313.713-23Step 2: Creating User Accounts on Oracle Exadata Express Cloud ServiceInstances13-23Step 3: Creating Targets on Oracle Audit Vault Server for Oracle ExadataExpress Cloud Service Instances13-24Configuring Oracle Database Exadata Express Cloud Service Target Using TCP13-2413.7.1Step 1: Registering On-premises Hosts on Oracle Audit Vault Server13-2413.7.2Step 2: Installing Audit Vault Agents on Registered On-Premises Hosts13-2413.7.3Step 3: Creating User Accounts on Oracle Exadata Express Cloud TargetInstances13-24Step 4: Setting Up or Reviewing Audit Policies on Target Oracle ExadataExpress Cloud Instances13-25Step 5: Creating Targets on Oracle Audit Vault Servers for Oracle ExadataExpress Cloud Instances13-25Step 6: Starting Audit Trail on Oracle Audit Vault Server for Oracle ExadataExpress Cloud Instances13-2513.7.413.7.513.7.613.8Configuring Autonomous Data Warehouse and Autonomous TransactionProcessing13-2613.8.1Step 1: Install Audit Vault Agent on Registered Host13-2613.8.2Step 2: Create User Accounts on Oracle Cloud Instances13-2613.8.3Step 3: Create Targets on Audit Vault Server for the Cloud Instances13-2713.8.4Step 4: Start Audit Trail on Audit Vault Server for the Autonomous DataWarehouse and Autonomous Transaction Processing Cloud Instances13-27Part II14Step 1: Installing Audit Vault Agent on registered On-premises Hosts andConfiguring TCPSGeneral Administration TasksManaging User Accounts and Access14.1About Oracle Audit Vault and Database Firewall Administrative Accounts14-114.2Security Technical Implementation Guides and Implementation for User Accounts14-214.3Configuring Administrative Accounts for Oracle Audit Vault Server14-214.3.1Guidelines for Securing Oracle Audit Vault and Database Firewall UserAccounts14-214.3.2Creating Administrative Accounts for Audit Vault Server14-314.3.3Viewing the Status of Administrator User Accounts14-314.3.4Changing User Account Types for Audit Vault Server14-314.3.5Unlocking User Accounts14-414.3.6Deleting Oracle Audit Vault Server Administrator Accounts14-5xii
14.414-514.4.1About Configuring sudo Access14-514.4.2Configuring sudo Access for Users14-514.5Managing User Access Rights to Targets and Groups14-614.5.1About Managing User Access Rights14-714.5.2Controlling Access Rights by User14-714.5.3Controlling Access Rights by Target or Group14-714.6Changing User Passwords in Oracle Audit Vault and Database Firewall14-814.6.1Password Requirements14-814.6.2Changing the Audit Vault Server Administrator Password14-914.715Configuring sudo Access for Users14.6.2.1Changing Your Own Password14-914.6.2.2Changing the Password of Another Administrator14-914.6.2.3Changing the Expired Password of an AdministratorIntegrating Oracle Audit Vault and Database Firewall with Microsoft Active Directoryor OpenLDAP14-1014-1114.7.1About Microsoft Active Directory or OpenLDAP Integration14-1114.7.2Configuring an LDAP Server14-1214.7.3Creating New Users14-1214.7.4Log in as an OpenLDAP or Microsoft Active Directory User14-14Managing the Audit Vault Server and Database Firewalls15.1Managing Audit Vault Server Settings, Status, and Maintenance Operations15-115.1.1Checking Server Status and System Operation15-115.1.2Managing Diagnostics15-115.1.2.1About Managing Diagnostics15-115.1.2.2Running Diagnostics Checks for the Audit Vault Server15-215.1.2.3Downloading Detailed Diagnostics Reports for Oracle Audit Vault Server15.1.2.4Clearing Diagnostic Logs15.1.3Accessing the Audit Vault Server Certificate and Public Key15-315-415-415.1.3.1Accessing the Server Certificate15-415.1.3.2Accessing the Server Public Key15-415.1.4Changing the Keyboard Layout15-515.1.5Restarting or Powering Off the Audit Vault Server15-515.2Changing Oracle Audit Vault Server Network and Services Configurations15-515.3Managing Server Connectors for Email and Syslog15-615.4Configuring Remote Syslog Over TLS15-615.5Archiving and Retrieving Audit Data15-915.5.1Enabling Automatic Archival15.5.2Starting an Archive Job Manually15-1015.5.3Retrieving Oracle Audit Vault and Database Firewall Audit Data15-1015.6Managing Repository Encryption15-915-12xiii
15.6.1About Oracle Audit Vault Server Repository Encryption15-1215.6.2Rotating the Master Key for Repository Encryption15-1315.6.3Changing the Keystore Password15-1315.6.4Backing Up TDE Wallets15-1415.6.5Data Encryption on Upgraded Instances15-1415.7Backup and Restore of Audit Vault Server15-1815.7.1About Backup and Restore of Audit Vault Server15-1815.7.2Audit Vault Server Backup and Restore in High Availability Environment15-1915.7.3About Audit Vault Server Backup and Restore Utility15-2015.7.4Setting Up NFS for Audit Vault Server Backup and Restore15-2515.7.5Backup of Audit Vault Server15-2615.7.6Configuring Audit Vault Server Backup15-2815.7.7Performing Audit Vault Server Backup15-2915.7.8Monitoring and Validating the Audit Vault Server Backup15-3115.7.9Automating the Backup Schedule15-3215.7.10Performing Audit Vault Server Backup in High Availability15-3415.7.11Restoring from Audit Vault Server Backup15-3415.7.12Post Restore Tasks15-3615.7.13Monitor the Restore Process15-3815.7.14Restoring Audit Vault Server in High Availability15-3915.8Backing Up and Restoring the Database Firewall15-3915.9Enabling Oracle Database In-Memory for the Audit Vault Server15-4015.9.1About Enabling Oracle Database In-Memory for Oracle Audit Vault Server15-4015.9.2Enabling and Allocating Memory for Oracle Database In-Memory15-4115.9.3Disabling Oracle Database In-Memory15-4115.9.4Monitoring Oracle Database In-Memory Usage15-4215.10Managing Plug-ins15-4215.11Monitoring Server Tablespace Space Usage15-4215.12Monitoring Server Archive Log Disk Space Use15-4315.13Monitoring Server Flash Recovery Area15-4415.14Monitoring Jobs15-4515.15Scheduling Maintenance Jobs15-4615.16Downloading and Using the AVCLI Command Line Interface15-4615.16.1About the AVCLI Command-Line Interface15-4715.16.2Downloading the AVCLI Command Line Utility and Setting JAVA HOME15-4715.16.3Logging in to AVCLI15-4815.16.3.1About Logging in to AVCLI15-4815.16.3.2Logging in to AVCLI Interactively15-4815.16.3.3Storing or Overwriting Administrative Credentials15-4915.16.3.4Logging in to AVCLI Using Stored Credentials15-4915.16.4Running AVCLI Scripts15-50xiv
1615.16.5Specifying Log Levels for AVCLI15-5115.16.6Displaying Help and the Version Number of AVCLI15-5215.17Downloading the Oracle Audit Vault and Database Firewall SDK15-5215.18Managing Database Firewalls15-5215.18.1Changing the Database Firewall Network or Services Configuration15-5215.18.2Viewing Network Traffic in a Database Firewall15-5315.18.3Capturing Network Traffic in Database Firewall15-5315.18.4Restarting or Powering Off Database Firewall15-5315.18.5Removing Database Firewall from Audit Vault Server15-5415.18.6Fetching an Updated Certificate from Database Firewall15-5415.18.7Viewing Diagnostics for Database Firewall15-5515.18.8Resetting Database Firewall15-5515.18.9Restoring Database Firewall Monitoring Points15-55Configuring a SAN Repository16.1About Configuring a SAN Repository16-116.2Configuring a SAN Server to Communicate with Oracle Audit Vault and DatabaseFirewall16-1Registering or Dropping SAN Servers in the Oracle Audit V
2.2 Learning About Oracle Audit Vault and Database Firewall 2-1 2.3 Supported Platforms for Oracle Audit Vault and Database Firewall 2-1 2.4 Oracle Audit Vault and Database Firewall System Features 2-2 2.4.1 About Oracle Audit Vault and Database Firewall 2-2iii. Preface. Audiencexxix. Documentation Accessibilityxxix. Diversity and Inclusionxxix
