Installation of Oracle Audit Vault and Database Firewall
(AVDF) 12.1.1.1.0 comprises of installing Audit Vault first and then Database
Firewall. Oracle Audit Vault and Database Firewall come in two different installation medias. I have discussed on installation of Oracle Audit Vault in my previous post. This document deals with the installation of Oracle
Database Firewall Server only.
Oracle Audit Vault and Database Firewall (Database Firewall)
provides a first line of defense for databases and consolidates audit data from
databases, operating systems, and directories. A highly accurate SQL
grammar-based engine monitors and blocks unauthorized SQL traffic before it
reaches the database. Database activity data from the network is combined with
detailed audit data for easy compliance reporting and alerting. With Oracle
Audit Vault and Database Firewall, auditing and monitoring controls can be
easily tailored to meet enterprise security requirements.
Following are the top level steps that needs to be performed
to install Oracle Database Firewall Server 12.1.1.1.0:
A.
Media Download
B.
Prerequisites
C.
Installation
D.
Post Installation
A.
Download Media
·
Open a web browser.
·
Press "<Enter>"
key.
·
Click on "Sign In / Register" button.
Image
AVDF-121110-DF-01.png
2.
Login to edelivery
Sign In / Register button redirects to the login screen.
·
Provide login username and password.
·
Click on Sign in button to login.
Image
AVDF-121110-DF-02.png
3.
Search Required Media
·
In Product pack select Oracle Database.
·
In Platform select Linux x86-64.
·
Select "Oracle Audit Vault and Database Firewall 12.1.1 Media Pack for Linux
x86-64".
·
Click on "Go" button to search.
Image
AVDF-121110-DF-03.png
4.
Download Media
·
Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Server"
to download Audit Vault Server.
·
Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Database
Firewall" to download Database Firewall. I will cover this in my next
post.
Image
AVDF-121110-DF-04.png
B.
Prerequisites
1.
Laptop/PC
·
Latest and fast processors
·
At least 8GB memory
·
Windows 64 bit
·
At least 50 GB free HDD (Hard Disk Drive)
·
Host machine should be able to access guest
machine. Later host machine has to access web console of Database Firewall
server.
Host Machine:
IP Address : 192.168.169.174
Subnet Mask : 255.255.255.0
Gateway : 192.168.169.1
Guest Machine (DF Server):
IP Address : 192.168.169.22
Subnet Mask : 255.255.255.0
Gateway : 192.168.169.1
C.
Installation
1.
Set Default Machine Folder.
·
Open VirtualBox
·
Select File -> Preferences
Image
AVDF-121110-DF-05.png
Enter "D:\VM\AVDF\12111"
as Default Machine Folder. Once this is
set all the VMs created hence forth will be redirected to this location.
Image AVDF-121110-DF-06.png
2.
Create new virtual machine for Database Firewall
Server.
·
Click on "New" icon to create new virtual machine for Database Firewall
Server.
Image
AVDF-121110-DF-07.png
3.
Give a name for Oracle Database Firewall Server.
·
Select Type as "Linux"
·
Select Version as "Oracle (64 Bit)"
·
Click on "Next" button to continue.
Image
AVDF-121110-DF-08.png
4.
Specify memory size for the Virtual Machine.
For testing purpose 1.5 GB memory should work.
·
Enter required memory. Since I have 16 GB RAM in
my laptop so I have allocated 3072MB memory.
·
Click on "Next" button to continue.
Image
AVDF-121110-DF-09.png
5.
Add Virtual Hard Disk Drive.
·
Select "Create a virtual hard drive now" option.
·
Click on "Create" button.
Image
AVDF-121110-DF-10.png
6.
Select Hard Drive File Type
·
Select "VMDK (Virtual Machine Disk)".
·
Click on "Next" button to continue.
This file type allows to split files into size of less than 2GB. A number
of files will be automatically created by Virtual Box based on the size of Hard
Drive that we specify in coming steps.
Image
AVDF-121110-DF-11.png
7.
Storage on Physical Hard Drive
·
Select "Dynamically Allocated" option.
·
Select "Split into files of less than 2GB" check box. If this check
box is selected then single Hard Disk file will be split into smaller files of
less than 2GB each. Small size of files help during transfer to external hard
disk drives for testing purposes.
·
Click on "Next" button to continue.
Image
AVDF-121110-DF-12.png
8.
Choose a location for Hard Disk file
·
Provide appropriate file name for the virtual
hard disk file.
·
Choose appropriate location to store virtual
hard disk file.
·
Click on "Save" button to save the virtual hard disk file.
Image
AVDF-121110-DF-13.png
9.
File Location and Size.
·
Review the file location.
·
Enter "130
GB" as the size of file.
·
Click on "Create" button to create Virtual Hard Disk File.
Image
AVDF-121110-DF-14.png
NOTE:
If the size of the file is less than 80 GB the installation will terminate with
as shown in screenshot below.
Image
AVDF-121110-DF-15.png
10.
Virtual Machine Details.
The screen below shows details of virtual machine just created. Review
the details and modify if necessary. Use Settings icon
to modify any settings.
Image
AVDF-121110-DF-16.png
11.
Select Database Firewall Installation Media.
·
In the main screen of VirtualBox, select "Database Firewall" Virtual
machine.
·
Click on "Settings" icon.
·
Click on "Storage"
·
Click on "Empty" CD icon.
·
Click on "CD icon" on the right side.
·
Click on "Choose a virtual CD/DVD disk file..."
Image
AVDF-121110-DF-17.png
12.
Choose Virtual Optical Disk file.
·
Select Database Firewall ISO image file "V39779-01_DF.iso". Original
filename was "V39779-01.iso".
·
Click on "Open" button to select the file.
Image
AVDF-121110-DF-18.png
13.
Details of Installation media.
·
Review the details of Database Firewall Server
installation media.
Image
AVDF-121110-DF-19.png
14.
Set Network Adapter.
Installation of Oracle Database Firewall requires 3 network adapters.
Network Adapter 1:
·
Select Network on the left pane.
·
Select "Adapter 1" tab
·
Select Enable Network Adapter on the right pane.
·
Select Attached to as "Bridged Adapter".
·
Select Name as the available network adapter of
your machine.
Image
AVDF-121110-DF-20.png
Network Adapter 2:
·
Select Network on the left pane.
·
Select "Adapter 2" tab
·
Select Enable Network Adapter on the right pane.
·
Select Attached to as "Bridged Adapter".
·
Select Name as the available network adapter of
your machine.
·
Select Promiscuous Mode as "Allow All".
Image
AVDF-121110-DF-21.png
Network Adapter 3:
·
Select Network on the left pane.
·
Select "Adapter 3" tab
·
Select Enable Network Adapter on the right pane.
·
Select Attached to as "Internal Network".
·
Select Name as the available network adapter of
your machine.
·
Select Promiscuous Mode as "Allow All".
·
Click on "OK" button.
Image
AVDF-121110-DF-22.png
15.
Start installation of Oracle Database Firewall
Server.
·
Select Database Firewall Virtual Machine on the
left pane.
·
Review the details of Virtual Machine on the
right pane.
·
Click on Start button
to start the
installation.
Image
AVDF-121110-DF-23.png
16.
Installation Main Screen
·
Type "install"
and press "<Enter>"
to continue.
Image
AVDF-121110-DF-24.png
17.
Installation in Progress
Image
AVDF-121110-DF-25.png
18.
Applying Configuration
·
Wait until the installer goes to next screen.
Image
AVDF-121110-DF-26.png
19.
Enter Installation Passphrase
·
Enter a strong passphrase.
This passphrase will be used later to change other system passwords. It
is recommended to note the password securely for future reference.
Image
AVDF-121110-DF-27.png
NOTE:
The passphrase should be 8 characters or more and contains an uppercase,
lowercase, digit and punctuation. If this policy is violated then following
message will be displayed.
Image
AVDF-121110-DF-28.png
20.
Confirm Installation Passphrase
·
Re-enter the installation passphrase for
confirmation.
·
Press "<Enter>"
key to go to next screen.
Image
AVDF-121110-DF-29.png
21.
Oracle Database Firewall Installation
Successful.
Congratulations if you get screen like below screenshot. Installation of Database Firewall is now
completed successfully.
·
Press "<Enter>"
button to go to next screen.
Image
AVDF-121110-DF-30.png
22.
Refreshing link state
Server will automatically refresh the link state and redirect to next
screen.
Image
AVDF-121110-DF-31.png
23.
Select Management Interface
·
Select one of the available interface as
Management Interface. This will be used to connect to the server through
terminals like ssh, putty e.t.c. for maintenance operations.
·
Press"<Enter>"
key to make the selection and go to next screen.
Image
AVDF-121110-DF-32.png
24.
Select available ethernet device.
·
Make selection as shown in below screenshot.
·
Press "<Enter>"
key to go to next screen.
Image
AVDF-121110-DF-33.png
25.
Specify IP address
·
Enter IP address, subnet mask and gateway for
the management interface.
·
Press "<Enter>"
key to complete the installation and reboot the server.
Image
AVDF-121110-DF-34.png
26.
First Reboot
The first reboot of the server could take up to an hour depending upon
the configuration of the machine that is being used. There is nothing much to
do here other than wait until the installation completes.
Image
AVDF-121110-DF-35.png
27.
Database Firewall Server Installation Complete
Screenshot below shows the final screen after the installation of Oracle Database
Firewall server is completed. Use Up/Down arrow keys and press "<Enter>" key to make
appropriate selection.
Image
AVDF-121110-DF-36.png
D.
Post Installation
Login to Database Firewall Web Console
1.
Open a web browser in your host machine and
enter following url in the address bar https://192.168.169.22
2.
Press "<Enter>"
key to go to the specified url.
3.
Click on "Proceed Anyway" button.
Image
AVDF-121110-DF-37.png
4.
Enter Installation Passphrase
·
Enter Installation Passphrase.
·
Click on "Login" button.
Image
AVDF-121110-DF-38.png
5.
Post Installation Configuration
As a part of post installation configuration an administrator user for
Database Firewall has to be created and password of root and support user has
to be reset.
·
Enter FWADMIN as username. Usually administrator user for
Database Firewall is named as FWADMIN. THIS USERNAME IS CASE SENSITIVE.
·
Users "root"
and "support" are created
in operating system. While connecting to this server using terminals like ssh and
putty, first login as support user then switch to other users. User "oracle" is implicitly created in
the operating system. By default database named "dbfwdb" is created.
·
Click on "Save" button after all the information has been filled.
Image
AVDF-121110-DF-39.png
6.
Login to Database Firewall web console
System will redirect to the login screen after Save button is clicked in the earlier screen.
·
Enter the username and password for the
administrator user of Oracle Database Firewall.
·
Click on Login button to login to the web
console.
Image AVDF-121110-DF-40.png
7.
Check System Status
On initial login, Database Firewall web console shows the status.
·
Click on Show Report button to check Diagnostic
Status.
Image
AVDF-121110-DF-41.png
Output of Diagnostic Status is given below:
Diagnostic Status - OK
Checking if exists:
/etc/platform.conf OK
Checking if exists:
/usr/local/dbfw/etc/stund.conf OK
Checking if exists:
/usr/local/dbfw/etc/mwecsvc.conf OK
Checking if exists: /usr/local/dbfw/etc/privkey.pem OK
Checking if exists:
/usr/local/dbfw/etc/cert.crt OK
Checking if readable
by user dbfw: /etc/platform.conf OK
Checking if readable
by user dbfw: /usr/local/dbfw/etc/dbfw.conf OK
Checking if readable
by user dbfw: /usr/local/dbfw/etc/privkey.pem OK
Checking if readable
by user dbfw: /usr/local/dbfw/etc/cert.crt OK
Checking if readable
by user dbfw: /usr/local/dbfw/etc/stund.conf OK
Checking if readable
by user dbfw: /usr/local/dbfw/etc/mwecsvc.conf OK
Checking if readable
by user dbfw: /usr/local/dbfw/etc/middleware.ppk OK
Checking if readable
by user dbfw: /var/dbfw/tmp OK
Checking if writable
by user dbfw: /usr/local/dbfw/etc/dbfw.conf OK
Checking if writable
by user dbfw: /usr/local/dbfw/upload OK
Checking if writable
by user dbfw: /var/dbfw/tmp OK
Checking if
/dev/mapper/vg_root-lv_root mounted on /(ext3) OK
Checking if
/dev/mapper/vg_root-lv_tmp mounted on /tmp(ext3) OK
Checking if
/dev/mapper/vg_root-lv_home mounted on /home(ext3) OK
Checking if
/dev/mapper/vg_root-lv_local_dbfw mounted on /usr/local/dbfw(ext3) OK
Checking if
/dev/mapper/vg_root-lv_local_dbfw_tmp mounted on /usr/local/dbfw/tmp(ext3) OK
Checking if
/dev/mapper/vg_root-lv_var_log mounted on /var/log(ext3) OK
Checking if
/dev/mapper/vg_root-lv_var_tmp mounted on /var/tmp(ext3) OK
Checking if
/dev/mapper/vg_root-lv_var_www mounted on /var/www(ext3) OK
Checking if
/dev/mapper/vg_root-lv_var_www_tmp mounted on /var/www/tmp(ext3) OK
Checking if
/dev/mapper/vg_root-lv_oracle mounted on /var/lib/oracle(ext3) OK
Checking if
/dev/mapper/vg_root-lv_var_dbfw mounted on /var/dbfw(ext3) OK
Checking if
/usr/local/dbfw/volatile mounted on /usr/local/dbfw/volatile(tmpfs) OK
Checking if shmfs
mounted on /dev/shm(tmpfs) OK
Checking network
address OK
Checking network mask OK
Checking bridges: OK
Checking DNS: OK
Checking gateway: OK
Checking if
certificate is valid at least for one year: OK
Checking controller
connection OK
Checking if
backgroundrb is running: OK
Checking if HTTP
server is running: OK
Checking if cron is
running: OK
Checking if stund
process is running: OK
Checking if monitor
process is running: OK
Checking if database
is running: OK
Checking that IPv6 is
disabled OK
Checking Oracle
listener OK
Checking Oracle
database processes OK
Checking netfilter
rules OK
Checking monitoring
processes OK
Current platform:
multi
Script executed as:
dbfw
8.
Configure Network Interfaces and Hostname
·
Click on "Network" link on the left panel.
·
Click on "Change" button at the bottom of the right corner.
·
Change the hostname to "fwserver01".
·
In "Proxy
Ports" section, select "Enabled"
check box, enter "15211"
as port number and click on "Add"
button.
·
In Traffic Sources section, change the IP
address from "192.168.0.220"
to "192.168.168.23".
·
Click on "Save" button. This usually requires a reboot but we will
restart the server once all the post-installation configuration is complete.
Review the image below.
Image
AVDF-121110-DF-41-a.png
Image
AVDF-121110-DF-42.png
Image
AVDF-121110-DF-43.png
9.
DNS and Access configuration
·
Click on "Services" link on the left panel.
·
Click on "Change" button on the right panel.
·
Leave the DNS Server configuration unchanged
i.e. leave values of "DNS Server 1",
"DNS Server 2" and "DNS Server 3" to "disabled".
·
Set the value of "Web Access" to "all".
·
Set the value of "SSH Access" to list of IP address from where this server will
be accessed. The list of IP addresses should be separated by space.
·
Leave the value of "SNMP Access" to "disabled".
·
Review the changes.
·
Click on "Save" button.
Image
AVDF-121110-DF-44.png
Image
AVDF-121110-DF-45.png
10.
Change Date and Time
·
Click on "Date and Time" from system menu on the left panel.
·
Click on "Change" button at the corner of right panel in the bottom.
Image
AVDF-121110-DF-46.png
·
Set date and time correctly in "System Time" fields.
·
Select "Enable NTP Synchronization" check box and enter NTP server
addresses in Server 1, Server 2 and
Server 3 respectively as below:
o
0.centos.pool.ntp.org
o
1.centos.pool.ntp.org
o
2.centos.pool.ntp.org
·
Click on "Save" button.
Image
AVDF-121110-DF-47.png
Image
AVDF-121110-DF-48.png
11.
Change Keyboard Layout
Image
AVDF-121110-DF-49.png
12.
Post-Install Configuration Complete
·
This completes post-installation configuration
of Oracle Database Firewall.
·
After network settings has been changed Database
Firewall asks for reboot of server. In such cases it is recommended to reboot
the server.
13.
Reboot Server
·
Login to the database firewall server.
·
Select "Power Off" using Up/Down arrow keys as shown in image below.
·
Press "Enter"
button.
·
Enter "root"
user pasword when prompted.
·
Press "Enter"
to shutdown the server.
·
To start server, select Database Firewall
machine in VirtualBox Manager and click on start icon.
Image AVDF-121110-DF-50.png
Image AVDF-121110-DF-51.png
Image AVDF-121110-DF-52.png
Hope this helps...
References:
