Scribd Logo
Upload

Welcome to Scribd!

  • Oracle Audit Vault Installation and Implementation Steps

    Uploaded by

    Irfan Aslam
    27 views19 pages

    Original Title

    auditvault-160817190642

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views19 pages

    Oracle Audit Vault Installation and Implementation Steps

    Uploaded by

    Irfan Aslam

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    Oracle Audit Vault installation and implementation steps:

    Introduction
    Oracle Audit Vault is a security product that gathers auditing information from remote databases and
    store them in a single centralized warehouse database. Suppose you have different machine in a
    different database, that’s time really tough to monitor what happens in different database at a time. By
    using an audit vault system you can monitor every database in a single dashboard and you can apply
    policies which alerts you and provide you desires report.

    Another Key feature is once audit vault system ready you cannot enter audit database, because system
    is totally intact, you cannot login putty or other ssh, enter the system you can see only below screen

    Audit vault itself has different types of reports like Activity reports, Alert reports, user privileges report,
    stored procedure audit reports.

    Oracle Audit vault raise alerts any types of suspicious transactions.

    Capture before/after values from transaction logs.

    Automated cleanup of Oracle database audit data on source systems, no need to manage the audit
    database.
    Installation:

    Download Audit Vault Software


    A. Download Media
    1. Download media from https://edelivery.oracle.com/.
    · Open a web browser.
    · Type https://edelivery.oracle.com/ in the address bar.
    · Press "<Enter>" key.
    · Click on "Sign In / Register" button.

    2. Login to edelivery
    Sign In / Register button redirects to the login screen.
    · Provide login username and password.
    · Click on Sign in button to login.
    3. Search Required Media
    · In Product pack select Oracle Database.
    · In Platform select Linux x86-64.
    · Select "Oracle Audit Vault and Database Firewall 12.1.1 Media Pack for Linux x86-64".
    · Click on "Go" button to search.

    4. Download Media
    · Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Server"
    to download Audit Vault Server.
    · Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Database
    Firewall" to download Database Firewall. I will cover this in my next post.
    Prerequisites
    1. Laptop/PC
    · Latest and fast processors
    · At least 8GB memory, but I am using 1.5GB memory
    · Windows 64 bit
    · At least 120GB Hardisk , rather than 120GB storage you can installed Audit vault server.

    Host Machine (Windows 10)


    IP Address : 172.25.200.1
    Subnet Mask : 255.255.255.0

    AV server (virtual Box, installed Oracle Linux 6)


    IP Address : 172.25.200.10
    Subnet Mask : 255.255.255.0

    Attached media in virtual Box machine

    After startup the Virtual Box this screen come in type install , hit enter key
    I stuck here cause I assign 52GB for this , that’s why I will add 120GB disk and re-run the installation
    again.

    Installation in Progress
    Applying Configuration
    · Wait until the installer goes to next screen.

    Enter Installation Passphrase


    · Enter a strong passphrase.
    This passphrase will be used later to change other system passwords. It is recommended to
    note the password securely for future reference.

    NOTE: The passphrase should be 8 characters or more and contains an uppercase, lowercase, digit and
    punctuation. If this policy is violated then following message will be displayed.
    Enter password: Ucbl_123
    Refreshing link state
    Server will automatically refresh the link state and redirect to next screen.

    Select Management Interface

    After Enter the machine IP 172.25.200.55, reboot machine


    Login in Oracle Audit vault Server :

    https://172.25.200.55/console/

    Oracle Audit Vault has Two Schema

    One is AVADMIN where you can do all types of administrator job.

    Another is AVAUDITOR which helped you to monitor audit information.

    Implementation Audit Server in a database and monitor the activity

    Step1: Register a host

    Host Name: SolarisM1

    IP address: 172.25.200.10

    Service: PRIPDB

    Register the host


    Save the host

    Step 2: Download agent


    Click download agent

    Copy this jar file in below location

    Step 3: deploy agent.jar in hosts

    Java –jar agent.jar –d agent


    Step 4: Now activate the agent

    ./agentctl activate

    Step 5: Now activate it from console. You find agent version

    Step 6: Now start the agent with generated KEY

    bash-3.2$ ./agentctl start -k OR61-LH3O-KWUA-YSNW-5JDA


    Step 7: create Audit user in database avcol

    Setup

    SQL>
    @/export/home/oracle/app/oracle/product/agent/av/plugins/com.oracle.av.plugin.oracle/config/oracl
    e_user_setup.sql avcol setup

    Step 8: secured target setup


    Step 9: add Audit trail

    Step 10: start audit trail


    Step 11: audit enable basak.employee;

    SQL> conn sys@PRIPDB as sysdba

    Enter password:

    Connected.

    SQL> audit all on basak.employee;

    Audit succeeded.

    Step 12: retrieve audit settings using avauditor user

    Download report monitor the activity

    You might also like