Firewall Oracle® Audit Vault And Database Installation Guide · 1 Installing Oracle Audit Vault and Database Firewall Software 1.1 About the Software Installation Procedure 1-1 1.2

Oracle® Audit Vault And DatabaseFirewallInstallation Guide

Release 20E93405-09February 2021

Oracle Audit Vault And Database Firewall Installation Guide, Release 20

E93405-09

Copyright © 2012, 2021, Oracle and/or its affiliates.

Primary Authors: Karthik Shetty, Sachin Deshmanya, Manish Chandra, Bharathi Baskaran, Paul Laws, MarekDulko, William Howard-Jones, Tom Taylor, Nithin Gomez

Contributors: Ashok Swaminathan, Rajesh Tammana, Vipin Samar, Mahesh Rao , Angeline Dhanarani, Jean-Francois Verrier, Sarma Namuduri, Lok Sheung, Sahana Jayaprakash, Kaviarasi G, Ravi Kumar, ShrikrishnaMudrale, Sourav Basu, Paul Hackett, Ravi Sharma, Sunil Channapatna Ravindrachar

This software and related documentation are provided under a license agreement containing restrictions onuse and disclosure and are protected by intellectual property laws. Except as expressly permitted in yourlicense agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverseengineering, disassembly, or decompilation of this software, unless required by law for interoperability, isprohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. Ifyou find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it onbehalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,any programs embedded, installed or activated on delivered hardware, and modifications of such programs)and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Governmentend users are "commercial computer software" or "commercial computer software documentation" pursuantto the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such,the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works,and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programsembedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oraclecomputer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in thelicense contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloudservices are defined by the applicable contract for such services. No other rights are granted to the U.S.Government.

This software or hardware is developed for general use in a variety of information management applications.It is not developed or intended for use in any inherently dangerous applications, including applications thatmay create a risk of personal injury. If you use this software or hardware in dangerous applications, then youshall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure itssafe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of thissoftware or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks oftheir respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks areused under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc,and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registeredtrademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products,and services from third parties. Oracle Corporation and its affiliates are not responsible for and expresslydisclaim all warranties of any kind with respect to third-party content, products, and services unless otherwiseset forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will notbe responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,products, or services, except as set forth in an applicable agreement between you and Oracle.

Contents

Preface

Audience vii

Documentation Accessibility vii

Related Documents vii

Conventions vii

Translation viii

Changes in Oracle AVDF

Changes In Oracle Audit Vault and Database Firewall Release 20 ix

1 Installing Oracle Audit Vault and Database Firewall

1.1 About Oracle AVDF Installable Files 1-1

1.2 Downloading and Verifying Oracle AVDF Software 1-3

1.3 Installing Audit Vault Server or Database Firewall 1-6

2 Overview of Oracle Audit Vault and Database Firewall Installation

2.1 Downloading the Latest Version of This Manual 2-1

2.2 Platform Support 2-1

2.2.1 Product Compatibility Matrix 2-2

2.2.2 Supported Browsers 2-8

2.2.3 Support for External Systems 2-8

2.2.4 Audit Vault Agent: Supported and Tested Java Runtime Environment 2-9

2.2.5 Compatibility with Oracle Enterprise Manager 2-10

2.3 Learning About Oracle Audit Vault and Database Firewall 2-10

2.4 About Oracle Audit Vault and Database Firewall Installation 2-10

3 Oracle Audit Vault and Database Firewall Pre-Install Requirements

3.1 Oracle AVDF Deployment Checklist 3-1

3.2 Installing Audit Vault Server on VMware 3-2

iii

3.3 Audit Vault Agent Requirements 3-2

3.4 Host Monitor Requirements 3-2

3.5 Privileges Required to Install Oracle Audit Vault and Database Firewall 3-3

3.6 Oracle Audit Vault and Database Firewall Hardware Requirements 3-4

3.6.1 Memory and Space Requirements 3-4

3.6.2 Disk Space Requirements 3-5

3.6.3 Network Interface Cards 3-6

3.6.4 Fiber Channel Based Multipath in Oracle AVDF 3-6

3.7 Oracle Audit Vault and Database Firewall Software Requirements 3-7

3.7.1 Java SE Requirement 3-7

3.7.2 Browser Requirements 3-8

3.7.3 Target Requirements 3-8

4 Post-Install Configuration Tasks

4.1 Audit Vault Server Post-Installation Tasks 4-1

4.2 Database Firewall Post-Installation Tasks 4-2

4.3 Accessing the Audit Vault Server Post-Install Configuration Page 4-3

4.4 Setting the Usernames and Passwords of Audit Vault Server Users 4-4

4.4.1 About Administrator and Auditor User Names 4-5

4.4.2 Password Requirements 4-6

4.4.3 Setting the Passwords For Audit Vault Server Users 4-7

4.5 Setting the Audit Vault Server Time (Strongly Recommended) 4-8

4.6 Setting the Audit Vault Server DNS Servers (Recommended) 4-8

4.7 Networking Setup And Configuration 4-9

5 Upgrading Oracle Audit Vault and Database Firewall

5.1 About Upgrading Oracle Audit Vault and Database Firewall 5-1

5.2 Pre-upgrade Tasks 5-2

5.2.1 Host Monitor Migration on Windows 5-2

5.2.2 Back Up The Current Oracle Audit Vault And Database FirewallInstallation 5-3

5.2.3 Release Existing Tablespaces That Are Retrieved Manually 5-3

5.2.4 Preserve File Customizations 5-3

5.2.5 Pre-upgrade RPM Boot Device Greater than 2 TB 5-4

5.2.6 Pre-upgrade RPM Boot Partition Space Check Warning 5-5

5.3 Upgrade Tasks 5-7

5.3.1 Upgrade The Audit Vault Servers 5-7

5.3.1.1 Upgrading An Audit Vault Server 5-7

5.3.1.2 Upgrading A Pair Of Audit Vault Servers Configured For HighAvailability 5-8

iv

5.3.2 Automatic Upgrade Of The Audit Vault Agents And Host Monitors 5-8

5.3.3 Upgrade The Database Firewalls 5-9

5.3.3.1 Upgrading A Database Firewall 5-10

5.3.3.2 Upgrading A Pair Of Database Firewalls Configured For HighAvailability 5-10

5.3.4 Steps To Upgrade Oracle Audit Vault And Database Firewall Appliances 5-10

5.3.4.1 Install Oracle AVDF Pre-Upgrade RPM 5-11

5.3.4.2 Transfer The ISO File To The Appliance 5-13

5.3.4.3 Start The Upgrade Script 5-13

5.3.4.4 Restart The Appliance 5-16

5.4 Post Upgrade Tasks 5-17

5.4.1 Confirmation Of The Upgrade Process 5-18

5.4.2 Unable to Add Pre-upgrade SQL Clusters to New Cluster Sets AfterUpgrading to 20.1 5-19

5.4.3 Changing Bridge to Equivalent Proxy Configuration Post Upgrade to 20 5-20

5.4.4 Possible Changes Required for Existing Archive Locations 5-22

5.4.5 Enable Archiving Functionality Post Upgrade 5-23

5.4.6 Post Upgrade Actions to Clear Unused Kernels From Oracle Audit Vaultand Database Firewall 5-24

5.4.7 Scheduling Maintenance Jobs 5-24

5.5 Recovering the Database in the Event of a Failed Upgrade 5-25

6 Uninstalling Oracle Audit Vault and Database Firewall

6.1 Uninstalling Audit Vault Agents Deployed on Target Host Machines 6-1

6.2 Reimage Oracle Database Firewall and Restore from Audit Vault Server 6-2

A Troubleshooting Oracle Audit Vault and Database Firewall

A.1 Install or Upgrade Failure Due to New File System Added to Oracle AVDF A-1

A.2 Cannot Access the Audit Vault Server Console A-2

A.3 Collecting Logs to Debug Installation Failures A-3

A.4 Failure While Adding Disks A-4

A.5 Unable to Reach Gateway Error A-5

A.6 RPM Upgrade Failed A-5

Index

v

List of Tables

2-1 Audit Collection and Database Firewall Protection 2-3

2-2 Supported Platforms for Audit Vault Agent and Host Monitor 2-5

2-3 Appliance Deployment: Audit Vault Server and Database Firewall 2-8

2-4 JRE Support Matrix 2-9

2-5 Oracle Enterprise Manager Support Matrix 2-10

vi

Preface

This section contains the following:

• Audience

• Documentation Accessibility

• Related Documents

• Conventions

• TranslationThis topic contains translation (or localization) information for Oracle AVDF UserInterface and Documentation.

AudienceOracle Audit Vault and Database Firewall Installation Guide is intended for anyonewho is responsible for installing Oracle AVDF.

Documentation AccessibilityFor information about Oracle's commitment to accessibility, visit theOracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic supportthrough My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trsif you are hearing impaired.

Related DocumentsSee Oracle Audit Vault and Database Firewall 20.1 Books.

ConventionsThis document uses these text conventions:

Convention Meaning

boldface Boldface type indicates graphical user interface elements associatedwith an action, or terms defined in text or the glossary.

vii

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs

https://docs.oracle.com/en/database/oracle/audit-vault-database-firewall/20/books.html

Convention Meaning

italic Italic type indicates book titles, emphasis, or placeholder variables forwhich you supply particular values.

monospace Monospace type indicates commands within a paragraph, URLs, codein examples, text that appears on the screen, or text that you enter.

TranslationThis topic contains translation (or localization) information for Oracle AVDF UserInterface and Documentation.

The Web based User Interface or the Audit Vault Server console is translated andmade available in the following languages. This includes the User Interface, errormessages, and help text.

• French

• German

• Italian

• Japanese

• Korean

• Spanish

• Portuguese - Brazil

• Chinese - Traditional

• Chinese - Simplified

Oracle AVDF Documentation is available in the following languages:

• English

• Japanese

Preface

viii

Changes in Oracle AVDF

This document contains information about install and upgrade of Oracle Audit Vaultand Database Firewall (Oracle AVDF).

• Changes In Oracle Audit Vault and Database Firewall Release 20

Changes In Oracle Audit Vault and Database FirewallRelease 20

New features in Oracle AVDF Release 20.3

• Support for audit collection and network monitoring (using Database Firewall) ofMicrosoft SQL Server (Enterprise Edition) 2019. See Product Compatibility Matrixfor complete information.

• Support for audit collection from Microsoft SQL Server Extended events. SeeMicrosoft SQL Server Plug-in for Oracle Audit Vault and Database Firewall forcomplete information.

• Support for Microsoft SQL Server Always On availability group.


• Audit Vault Agent can be associated with more than one IP address for Audit VaultServer communication. See section Product Compatibility Matrix for completeinformation.

• Support for audit collection, Audit Vault Agent deployment, and Host Monitordeployment on Microsoft Windows Server (x86-64) version 2019. See sectionProduct Compatibility Matrix for complete information.


• Oracle Audit Vault and Database Firewall supports new targets and othercomponents. See Product Compatibility Matrix.

• The installable ISO files can be copied to a USB medium. Before starting the AuditVault Server installation, you must combine the downloaded ISO files into a singleISO file. See the following sections for complete information:

– Downloading and Verifying Oracle AVDF Software

– Installing Audit Vault Server or Database Firewall

• If your current installation is 12.2 and has Database Firewall In-line bridge modedeployed, then certain measures have to be taken after upgrading to release20.1.0.0.0. See Changing Bridge to Equivalent Proxy Configuration Post Upgradeto 20.

ix

1Installing Oracle Audit Vault and DatabaseFirewall

Learn how to install Oracle Audit Vault and Database Firewall (Oracle AVDF).

• About Oracle AVDF Installable FilesOracle AVDF software is installed using the .iso files.

• Downloading and Verifying Oracle AVDF SoftwareLearn about downloading and verifying the software to install Oracle Audit Vaultand Database Firewall.

• Installing Audit Vault Server or Database FirewallSteps for installing Audit Vault Server or Database Firewall.

See Also:

• Oracle Audit Vault and Database Firewall Administrator's Guide forimportant information about securing and protecting your data.

• Oracle Audit Vault and Database Firewall Administrator's Guide forinstructions on deployment and activation of Audit Vault Agent.

1.1 About Oracle AVDF Installable FilesOracle AVDF software is installed using the .iso files.

Oracle Audit Vault and Database Firewall software comprises of the following:

• Audit Vault Server installer file is split into 3 parts or files as follows:

– Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - AuditVault Server - Part 1 of 3 (MUST DOWNLOAD ALL THE 3 PARTS ANDCONCATENATE BEFORE ATTEMPTING INSTALLATION)



1-1

Note:

Concatenate all the three ISO files to get Audit Vault Server 20.x ISO(avdf-install.iso) before proceeding with installation.

• Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - DatabaseFirewall

Note:

Verify the checksum value for both (the combined Audit Vault Server ISOfile and the Database Firewall ISO file). In case of any error or mismatchin the checksum values, download the ISO files again, concatenate theAudit Vault Server ISO file, and validate the checksum values again.

• Vpart_number.zip Oracle Audit Vault and Database Firewall 20.x.0.0.0 -Deprecated-Cipher-Removal Utility

Note:

Apply the deprecated cipher removal patch on Audit Vault Server 20.xafter installation.

• Vpart_number.zip Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Utilities.This bundle contains the following files:

– Npcap installer required for Host Monitoring on Windows: npcap-utility.zip

– Database Firewall utilities to examine Native Network Encryption traffic forOracle Database and to gather session information from other database types:dbfw-utility.zip

– Utilities_README: Instructions for deploying Npcap and Database Firewallutilities patch.

• Vpart_number.pdf Oracle Audit Vault and Database Firewall 20.x.0.0.0 - ReleaseNotes

Note:

The installation process wipes out existing operating system on the machineon which you install the Audit Vault Server or Database Firewall, andautomatically installs the new operating system that comes along.

Chapter 1About Oracle AVDF Installable Files

1-2

1.2 Downloading and Verifying Oracle AVDF SoftwareLearn about downloading and verifying the software to install Oracle Audit Vault andDatabase Firewall.

For a fresh installation, you can download the Oracle Audit Vault and DatabaseFirewall software from the Software Delivery Cloud. You cannot use this package toupgrade. To perform an upgrade from an existing deployment, you can download theupgrade software from the My Oracle Support website.

To download the install software:

1. Use a web browser to access the Oracle Software Delivery Cloud portal:

https://edelivery.oracle.com

2. Click Sign In, and if prompted, enter your User ID and Password.

3. In the All Categories menu, select Release. In the next field, enter Oracle AuditVault and Database Firewall, and then click Search.

4. From the list that is displayed, select the Oracle Audit Vault and DatabaseFirewall version you want to install. Or click the Select icon that appears againstthe specific release.

The download is added to your cart. To check the cart contents, click View Itemsor Continue in the upper right of the screen.

5. In the next page, verify the details of the installation package, and thenclick Continue.

6. Read the Oracle Standard Terms and Restrictions displayed on the page.Select I reviewed and accept the Oracle License Agreement check box, andthen click Continue.

The download page appears and displays the list of ISO files for Oracle Audit Vaultand Database Firewall.

• Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - AuditVault Server - Part 1 of 3 (MUST DOWNLOAD ALL THE 3 PARTS ANDCONCATENATE BEFORE ATTEMPTING INSTALLATION)



Note:

Combine the three ISO files into the final ISO file (avdf-install.iso) that should be used to install Audit Vault Server.

• Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 -Database Firewall

Chapter 1Downloading and Verifying Oracle AVDF Software

1-3

https://edelivery.oracle.com/

https://support.oracle.com/

https://edelivery.oracle.com/

• Vpart_number.zip Oracle Audit Vault and Database Firewall 20.x.0.0.0 -Deprecated-Cipher-Removal Utility

Note:

Apply the deprecated cipher removal patch on Audit Vault Serverafter installation or upgrade. In case of upgrade, before applying thepatch, make sure all Audit Vault Agents and Host Monitor Agents aresuccessfully upgraded.

• Vpart_number.zip Oracle Audit Vault and Database Firewall 20.x.0.0.0 -Utilities. This bundle contains the following files:

– Npcap installer required for Host Monitoring on Windows: npcap-utility.zip

– Database Firewall utilities to examine Native Network Encryption traffic forOracle Database and to gather session information from other databasetypes: dbfw-utility.zip

– Utilities_README: Instructions for deploying Npcap and DatabaseFirewall utilities patch.

• Vpart_number.pdf Oracle Audit Vault and Database Firewall 20.x.0.0.0 -Release Notes

7. Next to the Print button, click View Digest Details.

The listing for the ISO files expands to display the SHA-1 and SHA-256 checksumreference numbers for each ISO file.

8. Click Download. The Download Manager Installation screen is displayed. Thesize of the combined ISO files exceeds 11 GB, and takes time to download,depending on the network speed. The estimated download time and speed aredisplayed in the File Download dialog box.

9. Click Download the installer, and then click Save File.

10. Choose a location to save the ISO files. Click Save.

Alternately, you can save each file individually by clicking its name and thenspecifying a location for the download.

11. Combine the three AVS ISO files into one ISO file.

• Linux:

# cat <part1 file name>.iso <part2 file name>.iso <part3 file name>.iso > avdf-install.iso

• Microsoft Windows:

copy /b <part1 file name>.iso+<part2 file name>.iso+<part3 file name>.iso avdf-install.iso

12. After the ISO files are downloaded to the specified location, generate a SHA256checksum for the combined Audit Vault Server ISO file and the Database Firewall


1-4

ISO file. For example, on a Linux machine run the following command to generatethe checksum:

$ sha256sum Vpart_number.iso

Note:

Ensure that the checksum matches the value specified in the ReleaseNotes document that is available along with the installable files. In caseof any error or mismatch in the checksum values, download the ISOfiles again, concatenate the Audit Vault Server ISO file, and validate thechecksum values again.

13. Optionally, the combined Audit Vault Server ISO image or the DBFW ISO imagecan be copied to another media, like USB. If the files are copied to a Linux basedUSB medium, then execute these steps:

a. Execute the following command to open the Linux terminal:

sudo su -

b. Execute the following command to discover the USB device:

lsblk

c. Execute the following command to erase the data on the USB device:

dd if=/dev/zero of=/dev/<USB device> status=progress conv=fdatasync

d. Execute the following command to copy the iso file directly to the USB device:

dd if=avdf-install.iso of=/dev/<USB device> status=progress conv=fdatasync

e. Boot the system using the USB device. Ensure the appliance is configured toboot from the USB device.

14. If the files are copied to a Windows (EFI only - Extensible Firmware Interface)based USB medium, then execute these steps:

a. Execute the following command to open the Windows command prompt andto load the diskpart:

diskpart

b. Execute the following command to discover the USB device:

list disk

c. Execute the following command to select the USB device:

select disk 1


1-5

d. Execute the following commands to erase or format the data on the USBdevice:

clean

create partition primary

format fs=fat32 label=AVS_20_<x>_0_0_0

OR

format fs=fat32 label=DBFW_20_<x>_0_0_0

Where x is the specific RU release number in Oracle AVDF. For example, useAVS_20_3_0_0_0 or DBFW_20_3_0_0_0 for Oracle AVDF 20.3 (20 RU3).

e. Execute the following command to add Master Boot Record (MBR) to the USBdevice:

active

f. Execute the following command to exit the diskpart:

exit

1.3 Installing Audit Vault Server or Database FirewallSteps for installing Audit Vault Server or Database Firewall.

Audit Vault Server and Database Firewall are delivered as software appliance images,ready to be deployed on physical machines or on virtual machines (VM). Start with theinstallation of Audit Vault Server and later install Database Firewall.

Note:

• You must combine the downloaded Audit Vault Server ISO files into asingle ISO file, before starting the Audit Vault Server installation.

• If you are installing Audit Vault Server on VMware, then set the VMXconfiguration parameter disk.EnableUUID to TRUE. Without this setting,the Audit Vault Server installation on VMware will fail.

1. Choose the .iso file depending on whether you are installing on a Virtual Machineor a physical machine. Boot the machine using the bootable USB disk createdin the previous section. Ensure the machine is configured to boot from the USBdevice and then complete the installation.

2. The system boots and the initial splash screen appears as follows. This indicatesthe release number you are installing.

Chapter 1Installing Audit Vault Server or Database Firewall

1-6

3. Press the Enter key. The installation proceeds.

4. Enter the new root password when prompted for change.

5. Enter the same password when prompted for confirmation.

The system installs the operating system and then reboots.

6. Continue with the installation and sign in as root user on the console whenprompted.

7. The installation continues with the following prompts on the screen one afteranother:

Installing AVDF bootstrapBeginning installation of Audit Vault Server dependenciesCreating repository.Relinking Oracle DatabaseInstalling AVS application.ORInstalling Database Firewall.Migrating repository to ASM storageUpdating Oracle Audit Vault and Database Firewall dataUpdating UI

....

8. The installer prompts for network configuration. Select the appropriate networkinterfaces and click OK.

9. The following Network settings screen appears.


1-7

10. Enter the following fields:

a. IP Address of the network interface

b. Network Mask

c. Gateway: Enter the IP address of the network interface if a gateway isrequired. Else, clear the field before saving.

11. Press OK.

12. Upon completion of the network settings, the installation continues.

13. Upon successful installation of Audit Vault Server, the following message isdisplayed:

Audit Vault Server 20.1.0.0.0 installation has completed.Post install configuration steps must be completed using theappliance administration console ...

14. Press OK. The installation of Audit Vault Server is complete.

15. Upon successful installation of Database Firewall, the following message isdisplayed:

Oracle Database Firewall 20.1.0.0.0 installation has completed.

16. The installer screen exits and automatically returns to the login prompt.

Note:

The Audit Vault Server and the Database Firewall server are softwareappliances. You must not make any changes to the Linux operating systemthrough the command line on these servers unless following official OracleAVDF documentation or under guidance from Oracle Support.


1-8

See Also:

• Post-Install Configuration Tasks

• In case of any installation failures encountered before or after reboot,use the solution mentioned in Collecting Logs To Debug Pre-rebootInstallation Failure.


1-9

2Overview of Oracle Audit Vault andDatabase Firewall Installation

Learn to install Oracle Audit Vault and Database Firewall (Oracle AVDF).

• Downloading the Latest Version of This ManualLearn how to download the latest documentation for Oracle Audit Vault andDatabase Firewall (Oracle AVDF).

• Platform SupportLearn about various platforms supported by Oracle AVDF.

• Learning About Oracle Audit Vault and Database FirewallLearn more about Oracle Audit Vault and Database Firewall (Oracle AVDF).

• About Oracle Audit Vault and Database Firewall InstallationUnderstand the process for installing Oracle Audit Vault and Database Firewall(Oracle AVDF).

See Also:

Oracle Audit Vault and Database Firewall Administrator's Guide forgeneral information about secure installation, data protection, and generalrecommendations for deploying Oracle Audit Vault and Database Firewall ina network and in special configurations.

2.1 Downloading the Latest Version of This ManualLearn how to download the latest documentation for Oracle Audit Vault and DatabaseFirewall (Oracle AVDF).

See Also:

• Oracle AVDF 20.1 Books to download all the documents.

• https://docs.oracle.com for documentation of other Oracle products.

2.2 Platform SupportLearn about various platforms supported by Oracle AVDF.

2-1

https://docs.oracle.com/en/database/oracle/audit-vault-database-firewall/20/books.html

https://docs.oracle.com

• Product Compatibility MatrixLearn about supported platforms for Audit Vault Agent, Host Monitor, auditcollection, and Database Firewall protection.

• Supported BrowsersLearn what browsers are supported with Oracle Audit Vault and Database Firewall(Oracle AVDF).

• Support for External SystemsLearn about external systems supported by Oracle Audit Vault and DatabaseFirewall.

• Audit Vault Agent: Supported and Tested Java Runtime EnvironmentLearn about the supported and tested Java Runtime Environment (JRE) for theAudit Vault Agent.

• Compatibility with Oracle Enterprise ManagerLearn about the supported versions of Oracle Enterprise Manager and OracleAudit Vault Database Firewall.

2.2.1 Product Compatibility MatrixLearn about supported platforms for Audit Vault Agent, Host Monitor, audit collection,and Database Firewall protection.

Oracle Audit Vault and Database Firewall is delivered as software appliance imagesready to be deployed on physical hardware or on virtualized environments suchas Oracle VM Server or VMware. You can install and run Oracle Audit Vault andDatabase Firewall on the following platforms:

• Any Intel x86 64-bit hardware platform supported by Oracle Audit Vaultand Database Firewall's embedded operating system. Oracle Audit Vault andDatabase Firewall 20 uses Oracle Linux release 7 with the Unbreakable EnterpriseKernel (UEK) version 5. For a list of compatible hardware, refer to HardwareCertification List for Oracle Linux and Oracle VM. This list contains the minimumversion of Oracle Linux certified with the selected hardware. All Oracle Linuxupdates starting with Oracle Linux release 7 as the minimum are also certifiedunless otherwise noted.

• Refer to Oracle Linux documentation for more information on the operating systemplatform.

• Oracle VM Server for x86, version 3.2 - 3.4.6

• VMWare VSphere, version 6.0 and 6.7

• Oracle VM VirtualBox, version 6.0

• Oracle Audit Vault and Database Firewall release 20 supports both BIOS andUEFI boot mode. For system with boot disk greater than 2 TB, Oracle AVDFsupports booting in UEFI mode only.

• Oracle Audit Vault Server and Database Firewall cannot be installed on Exalogicor Exadata appliances.

Chapter 2Platform Support

2-2

http://linux.oracle.com/pls/apex/f?p=117:1


Table 2-1 Audit Collection and Database Firewall Protection

Supported Platform Versions Supported Audit Collection Database FirewallProtection

Database

Oracle Database(Enterprise and Standardeditions)

19c

18c

12.2

12.1

11.2.0.4

Yes Yes

Autonomous DataWarehouse (AutonomousDatabase, serverless)

Not applicable Yes Not supported

Autonomous TransactionProcessing (AutonomousDatabase, serverless)

Not applicable Yes Not supported

Autonomous TransactionProcessing (AutonomousContainer Database,dedicated)

Not applicable No Not supported

Oracle Cloud DatabaseService

19c Yes Not supported

Oracle Database runningon Exadata

19c

18c

12.2

12.1

11.2.0.4

Yes Yes

Oracle Real ApplicationClusters

19c

18c

12.2

12.1

11.2.0.4

Yes Yes

MySQL (Enterprise Edition) 8.0

5.7

5.6

Yes Yes

Microsoft SQL Server(Windows)

Enterprise Edition

2019 (Starting OracleAVDF 20.3)

2017

2016

2014

2012

Yes Yes

Microsoft SQL ServerCluster (Windows FailoverCluster)

2017

2016

2014

2012

Yes No

MongoDB (By configuringQuick JSON collector)

3.6 to 4.2 Yes No


2-3

Table 2-1 (Cont.) Audit Collection and Database Firewall Protection


PostgreSQL 9.6 to 11.8 Yes No

IBM Db2 11.5

11.1

10.5

Yes Yes

IBM Db2 Cluster

HADR (High Availabilityand Disaster Recovery) onOL 7.x

11.1 Yes Yes

IBM Db2 for AIX

7.2 TL1 and above

7.1 TL4 and TL5

11.5

11.1

10.5

No Yes

SAP Sybase ASE 16

15.7

Yes Yes

Transaction Log Collectorusing Oracle GoldenGate19.1

11.2 to 19c Yes Not applicable

Operating System

Oracle Solaris (SPARC64) 11.3

11.4

Yes Not applicable

Oracle Solaris (x86-64) 11.3

11.4

Yes Not applicable

Oracle Linux (64 bit) OL 8 (requires auditd 3.0)

OL 7.6-7.8 (requires auditd2.8) (Starting Oracle AVDF20.2)

OL 7.4-7.5 (requires auditd2.7.6)

OL 7.3 (requires auditd2.6.5)






OL 6.0 (requires auditd2.0)


Yes Not applicable


2-4

Table 2-1 (Cont.) Audit Collection and Database Firewall Protection


Red Hat Enterprise Linux RHEL 8 (requires auditd3.0)

RHEL 7.6-7.8 (requiresauditd 2.8) (Starting OracleAVDF 20.2)

RHEL 7.5 (requires auditd2.7.6)










Yes Not applicable

Microsoft Windows Server(x86-64)

2019 in release 20.2 (20RU2) and later

2016

2012 R2

2012

Yes Not applicable

IBM AIX on Power Systems(64-bit)

7.2 TL2 and above

7.1 TL5

Yes Not applicable

HP-UX on Itanium 11.31 No Not applicable

Directory Service

Microsoft Active Directory 2016

2008

Yes Not applicable

File System

Oracle ACFS 12c Yes Not applicable

Table 2-2 Supported Platforms for Audit Vault Agent and Host Monitor

Supported Platform Versions Supported Audit Vault AgentDeployment

Host MonitorDeployment

Operating System


2-5

Table 2-2 (Cont.) Supported Platforms for Audit Vault Agent and Host Monitor



Oracle Solaris (SPARC64) 11.3

11.4

Yes Yes

Oracle Solaris (x86-64) 11.3

11.4

Yes Yes

Oracle Linux (64 bit) OL 8 (requires auditd 3.0)

OL 7.6-7.8 (requires auditd2.8) (Starting Oracle AVDF20.2)










Yes Yes

Oracle Linux (64 bit)Cluster

OL 7.x Yes No


2-6

Table 2-2 (Cont.) Supported Platforms for Audit Vault Agent and Host Monitor



Red Hat Enterprise Linux RHEL 8 (requires auditd3.0)

RHEL 7.6-7.8 (requiresauditd 2.8) (Starting OracleAVDF 20.2)











Yes Yes

Red Hat Enterprise LinuxCluster

RHEL 7.x Yes No

Microsoft Windows Server(x86-64)

2019 in release 20.2 (20RU2) and later

2016

2012 R2

2012

Yes Yes

IBM AIX on Power Systems(64-bit)

7.2 TL2 and above

7.1 TL5

Yes Yes

IBM AIX on Power Systems(64-bit) Cluster

7.2 TL2 and above

7.1 TL5

Yes No

HP-UX on Itanium 11.31 Yes Not applicable

Note:

HP-UX on Itanium is deprecated in Oracle AVDF 20.2 and is planned fordesupport in a future 20.x release.


2-7

Table 2-3 Appliance Deployment: Audit Vault Server and Database Firewall

Name Release/Version

Oracle VM VirtualBox 6.0

5.2

Oracle VM Server for x86 3.4.6

3.2.2 to 3.2.9

VMware vSphere 6.7

6.0

2.2.2 Supported BrowsersLearn what browsers are supported with Oracle Audit Vault and Database Firewall(Oracle AVDF).

Oracle Audit Vault and Database Firewall requires a JavaScript-enabled browser andsupports the current and prior major release of Google Chrome, Mozilla Firefox, AppleSafari, Microsoft Internet Explorer, and Microsoft Edge.

Note:

• Ensure that the browser version you are using supports TLS 1.2protocol.

• Microsoft Internet Explorer 11 is the prior major release, with MicrosoftEdge being the current Microsoft browser.

2.2.3 Support for External SystemsLearn about external systems supported by Oracle Audit Vault and Database Firewall.

Supported external systems are as follows:

• Integration offered:

– Syslog

– E-mail

• SAN storage

– iSCSI: It can be used to extend disk space for storing event data.

• Archive system

– SMB

– SCP

– NFS


2-8

Note:

• Oracle AVDF 20.1 and later supports Network File System (NFS)versions v3 and v4 for archive or retrieve functionality.

• NFS v3 only is not supported.

• If your NFS server supports and permits both v3 and v4 for archive orretrieve, then no action is required.

• In case you have NFS v4 only in your environment for archive orretrieve, then set the _SHOWMOUNT_DISABLED parameter to TRUE using thefollowing steps:

1. Log in to the Audit Vault Server as root.

2. Switch user to oracle: su oracle

3. Start SQL*Plus connection as sqlplus /nolog without the usernameor password.

4. In SQL*Plus execute the command: connect super administrator

5. Enter the password when prompted. Alternatively, execute thecommand: connect super administrator/password

6. Execute the command: execavsys.adm.add_config_param('_SHOWMOUNT_DISABLED','TRUE');

2.2.4 Audit Vault Agent: Supported and Tested Java RuntimeEnvironment

Learn about the supported and tested Java Runtime Environment (JRE) for the AuditVault Agent.

Table 2-4 lists supported versions of Java Runtime Environment (JRE).

Table 2-4 JRE Support Matrix

JRE Version Release/Version

1.8 1.8.0_45 and later

11 11.0.3

Note:

JRE version 11 is not supported on AIX platform. For AIX platform use JREversion 1.8.0_241 (minimum).


2-9

2.2.5 Compatibility with Oracle Enterprise ManagerLearn about the supported versions of Oracle Enterprise Manager and Oracle AuditVault Database Firewall.

Oracle Audit Vault and Database Firewall (Oracle AVDF) plug-in provides an interfacewithin Enterprise Manager Cloud Control for administrators to manage and monitorOracle Audit Vault and Database Firewall components.

Table 2-5 lists supported versions of Oracle Enterprise Manager and Oracle AuditVault Database Firewall.

Table 2-5 Oracle Enterprise Manager Support Matrix

Oracle Enterprise Manager Release Oracle Audit VaultDatabase Firewall Release

13.4 20.x

• 13.3• 13.2.1

12.2.x

Note:

Oracle Audit Vault and Database Firewall (Oracle AVDF) plug-in is supportedonly with the above mentioned Enterprise Manager releases.

2.3 Learning About Oracle Audit Vault and DatabaseFirewall

Learn more about Oracle Audit Vault and Database Firewall (Oracle AVDF).

See Also:

Oracle Audit Vault and Database Firewall Concepts Guide to understandthe features, components, users, and deployment of Oracle Audit Vault andDatabase Firewall.

2.4 About Oracle Audit Vault and Database FirewallInstallation

Understand the process for installing Oracle Audit Vault and Database Firewall (OracleAVDF).

Briefly, the steps are:

Chapter 2Learning About Oracle Audit Vault and Database Firewall

2-10

1. Understand the Oracle Audit Vault and Database Firewall components to beinstalled.

2. Plan the system configuration that best suits your needs.

3. Ensure that your system meets the pre-install requirements.

4. Complete the installation of Oracle Audit Vault Server.

5. Complete the installation of Oracle Database Firewall.

6. Complete the post-install configuration tasks.

7. Complete the registration of hosts and deployment of Agent.

8. Complete the registration of targets for audit collection and Database Firewallmonitoring.

Note:

The Audit Vault Server and the Database Firewall server are softwareappliances. You must not make any changes to the Linux operating systemthrough the command line on these servers unless following official Oracledocumentation or under guidance from Oracle Support.

See Also:

• Oracle Audit Vault and Database Firewall Concepts Guide forinformation about the components.

• Oracle Audit Vault and Database Firewall Administrator's Guide to planthe system configuration that best suits your needs.

• Upgrading Oracle Audit Vault and Database Firewall for instructionsto update the Oracle Audit Vault and Database Firewall softwareperiodically.

• Oracle Audit Vault and Database Firewall Pre-Install Requirements

• Installing Oracle Audit Vault and Database Firewall

• Post-Install Configuration Tasks

• Uninstalling Audit Vault Agents Deployed on Target Host Machines

Chapter 2About Oracle Audit Vault and Database Firewall Installation

2-11

3Oracle Audit Vault and Database FirewallPre-Install Requirements

Learn about the requirements that your system must meet before you can installOracle Audit Vault and Database Firewall (Oracle AVDF).

• Oracle AVDF Deployment ChecklistPrerequisites or deployment checklist for installing Oracle Audit Vault andDatabase Firewall.

• Installing Audit Vault Server on VMwareAn important prerequisite for installing Audit Vault Server on VMware.

• Audit Vault Agent RequirementsLearn about the Audit Vault Agent requirements.

• Host Monitor RequirementsLearn about Host Monitor requirements.

• Privileges Required to Install Oracle Audit Vault and Database FirewallLearn about the privileges required to install Oracle Audit Vault and DatabaseFirewall (Oracle AVDF).

• Oracle Audit Vault and Database Firewall Hardware RequirementsInstall each Audit Vault Server and each Database Firewall onto its own dedicatedx86 64-bit server (or Oracle VM 3.x).

• Oracle Audit Vault and Database Firewall Software RequirementsLearn about the software requirements for Oracle Audit Vault and DatabaseFirewall.

3.1 Oracle AVDF Deployment ChecklistPrerequisites or deployment checklist for installing Oracle Audit Vault and DatabaseFirewall.

1. Ensure to meet the hardware requirements in sections Product CompatibilityMatrix and Oracle Audit Vault and Database Firewall Hardware Requirements.

2. Review and follow the sizing requirements mentioned in MOS Note (DocID 2092683.1) to ensure hardware has sufficient capacity. Review the sizingwhenever there is increase in scale of targets.

3. Check and resolve the Pre-upgrade RPM Boot Partition Space Check Warning.

4. Follow the guidelines in Audit Vault Agent Requirements.

5. Follow the guidelines in Host Monitor Requirements.

6. Follow the guidelines in Audit Vault Server Post-Installation Tasks.

7. Follow the guidelines in Database Firewall Post-Installation Tasks.

3-1

3.2 Installing Audit Vault Server on VMwareAn important prerequisite for installing Audit Vault Server on VMware.

You must set VMX configuration parameter disk.EnableUUID to TRUE. This must bedone to enable proper mounting of disks. Without this setting, the Audit Vault Serverinstallation on VMware will fail.

3.3 Audit Vault Agent RequirementsLearn about the Audit Vault Agent requirements.

Recommended prerequisites for installing Audit Vault Agent:

1. Ensure to meet the system requirements. See Product Compatibility Matrix.

2. Ensure to meet the following Java requirements:

• Install the supported Java version on the Audit Vault Agent. See Audit VaultAgent: Supported and Tested Java Runtime Environment.

• Apply the latest java patches.

• Point the JAVA_HOME to JRE/JDK directory and set the path before installingthe Agent.

3. The host machine on which the Audit Vault Agent is deployed must have at least512 MB RAM.

4. Apply the latest security patches of OpenSSL libraries available from the OSvendor for the specific OS version on the host machine.

5. The host machine on which the Audit Vault Agent is deployed must haveconnectivity to the Audit Vault Server. In case of high availability set up, it musthave connectivity to both the primary and standby Audit Vault Servers.

6. The Audit Vault Server uses 2 ports (1521 and 1522 by default) forAgent communication. Ensure to configure the ports appropriately for thiscommunication.

7. If NAT (Network Address Translation) is used in the network between Audit VaultServer and the host machine where agent is deployed, then ensure the IP addressof the host machine is resolvable from Audit Vault Server.

8. The user must have the required OS permissions to install the Agent. The usermust be able to access the audit trail location in case of directory audit trails.See About Deploying the Audit Vault Agent for the OS permissions required forinstalling the Agent.

3.4 Host Monitor RequirementsLearn about Host Monitor requirements.

Database Firewall can monitor SQL traffic in a database using Host Monitor.

Prerequisites for installing Host Monitor on Windows platform:

1. Ensure Audit Vault Agent is running on the host machine.

Chapter 3Installing Audit Vault Server on VMware

3-2

2. Install Npcap that is available in the avdf20-utility.zip bundle in ARU. It ispart of the Oracle Audit Vault and Database Firewall installable files.

3. Ensure to install Npcap in WinPcap-API-compatible mode.

4. Install the latest version of OpenSSL (1.1.1g or higher) libraries.

5. Ensure the Windows target machine has the latest update of Visual C++Redistributable for Visual Studio 2015 (MSVCRT.dll (*) or later) package fromMicrosoft installed.

6. In case network firewall is present, allow communication on port range 2050 -5200. This is required for communication in between the host machine and theDatabase Firewall.

Prerequisites for installing Host Monitor on Linux/Unix/AIX/Solaris platforms:

1. Ensure Audit Vault Agent is running on the host machine.

2. Ensure the latest version of the following packages from the OS vendor for thespecific OS version are installed on the host machine:

• Libcap (for Linux hosts only)

• LibPcap

• OpenSSL

3. Ensure gmake is installed for AIX host machines. For other Unix host machinetypes (Linux/Unix/Solaris), ensure make is installed. This is needed for linking theHost Monitor executables with LibPcap and OpenSSL libraries.

4. In case network firewall is present, allow communication on port range 2050 -5200. This is required for communication in between the host machine and theDatabase Firewall.

5. Ensure the Input Output Completion Ports (IOCP) is set to available for IBM AIXon Power Systems (64-bit). It is set to defined by default.

6. Check directory permissions. All the directories in the path of the Host Monitorinstall location should have 755 as the permission bits starting from the rootdirectory. This is required as the Host Monitor has to be installed in a root ownedlocation.

7. Host Monitor has to be installed by the root user.

See Also:

Enabling and Using Host Monitoring for host monitoring instructions andprerequisites.

3.5 Privileges Required to Install Oracle Audit Vault andDatabase Firewall

Learn about the privileges required to install Oracle Audit Vault and Database Firewall(Oracle AVDF).

Chapter 3Privileges Required to Install Oracle Audit Vault and Database Firewall

3-3

https://www.microsoft.com/en-in/download/details.aspx?id=48145

Any user can install Oracle Audit Vault and Database Firewall. You do not needadministrative privileges to complete the installation.

3.6 Oracle Audit Vault and Database Firewall HardwareRequirements

Install each Audit Vault Server and each Database Firewall onto its own dedicated x8664-bit server (or Oracle VM 3.x).

You can use any Intel x86-64-bit hardware platform that is supported by Oracle AuditVault and Database Firewall's embedded operating system. Oracle Audit Vault andDatabase Firewall uses Oracle Linux release 7 with the Unbreakable Enterprise Kernel(UEK) version 5. For a list of compatible hardware, refer to Hardware Certification Listfor Oracle Linux and Oracle VM. This list contains the minimum version of OracleLinux certified with the selected hardware. All Oracle Linux updates starting withOracle Linux release 7 as the minimum are also certified unless otherwise noted.

Note:

Do not install Audit Vault Server or Database Firewall on a server (or OracleVM) that is used for other activities, because the installation process formatsthe server, deleting any existing data and operating systems.

• Memory and Space RequirementsLearn about the minimum memory requirements for Oracle Audit Vault andDatabase Firewall.

• Disk Space RequirementsLearn about the minimum disk space requirements for Oracle Audit Vault andDatabase Firewall (Oracle AVDF).

• Network Interface CardsLearn about the recommended number of network interface cards (NICs) for eachx86 64-bit server.

• Fiber Channel Based Multipath in Oracle AVDFLearn about support for multipath in Oracle AVDF.

3.6.1 Memory and Space RequirementsLearn about the minimum memory requirements for Oracle Audit Vault and DatabaseFirewall.

Each x86 64-bit server must have the following minimum memory:

• Audit Vault Server: 8 GB1

• Database Firewall: 8 GB

1 In this guide, 1 GB represents 2 to the 30th power bytes or in decimal notation 1,073,741,824 bytes.

Chapter 3Oracle Audit Vault and Database Firewall Hardware Requirements

3-4



File System Layout

The installer checks for a number of conditions before allowing the installation orupgrade to be completed. Memory allocation and space checks on specific directoriesis an important aspect.

A minimum of at least 8 GB of memory is required. You can force the upgradeprocess to complete if your system has a lower amount of memory (for example 4GB). However it is not difficult to extend memory for Oracle Audit Vault and DatabaseFirewall installation. Oracle Audit Vault and Database Firewall sends daily reminders toupgrade your system's memory.

The space checks mentioned here are a bare minimum, below which the upgrade islikely to fail.

File System Space Check

/home 100 MB

/usr/local/dbfw 200 MB

/usr/local/dbfw/tmp 7.5 GB

/var/lib/oracle 27 GB for Audit Vault Server

/ 2 GB

/tmp 1.4 GB

/var/dbfw 100 MB

/var/log 100 MB

/var/tmp 5 GB

/boot 1 GB

3.6.2 Disk Space RequirementsLearn about the minimum disk space requirements for Oracle Audit Vault andDatabase Firewall (Oracle AVDF).

Each x86 64-bit server must have a single hard drive with a minimum of the followingdisk space:

• Audit Vault Server: 220 GB

• Database Firewall: 220 GB


3-5

Note:

• Oracle Audit Vault and Database Firewall release 20 supports both BIOSand UEFI boot mode. For system with boot disk greater than 2 TB,Oracle AVDF supports booting in UEFI mode only.

• Provisioning disks greater than 4PB each for fresh installation is notoptimal. The disks equal to or under 4PB, ensure that only one diskpartition is allocated per disk group on each physical disk.

• For appliance hardware specification, refer to Oracle Audit Vault andDatabase Firewall Sizing Advice (MOS Doc ID 2223771.1).

3.6.3 Network Interface CardsLearn about the recommended number of network interface cards (NICs) for each x8664-bit server.

Oracle recommends the following number of network interface cards (NICs) for eachx86 64-bit server on which you install the following components:

• 1 NIC for the Audit Vault Server

• At least 1 NIC for a Database Firewall operating as a proxy with no networkseparation

• At least 2 NICs for a Database Firewall deployed in Monitoring (Out-of-Band) orMonitoring (Host Monitor) mode

• 2 NICs for Database Firewall deployed in Monitoring / Blocking (Proxy) modewith network separation.

• At least 3 NICs for a Database Firewall deployed in Monitoring / Blocking(Proxy) mode. These 3 NICs are required for network separation, 1 NIC formanagement, 2 NICs for client and database network connections.

See Also:

Introduction to Oracle Database Firewall Deployment

3.6.4 Fiber Channel Based Multipath in Oracle AVDFLearn about support for multipath in Oracle AVDF.

Oracle Audit Vault and Database Firewall 20.1 and later supports fiber channel basedstorage with multipath. The redundant paths in multipath can enhance performanceand utilize features like dynamic load balancing, traffic shaping, automatic pathmanagement, and dynamic reconfiguration. The connection to the disk can be madethrough two fiber channel ports.

Here are some important aspects of multipath in Oracle AVDF:

• It is not supported with ISCSI storage.


3-6

• It does not support the device xvd*.

• Multipath is supported only for Audit Vault Server installation.

• Multipath is not supported for Database Firewall installation.

• It does not support removable block devices. Check for removable block devicesin the system as they can lead to installation failure.

Note:

In case there are removable block devices in the system, the following errormay be encountered during Audit Vault Server installation:

ERROR: Failed to check if the disk is in multipathTraceback (most recent call last): File "/run/install/repo/partitions.py", line 386, in <module> main() File "/run/install/repo/partitions.py", line 372, in main write_partition_table( None ) File "/run/install/repo/partitions.py", line 322, in write_partition_table part_table = generate_partition_table_data(dev_list) File "/run/install/repo/partitions.py", line 243, in generate_partition_table_data raise RuntimeError("No disks detected")RuntimeError: No disks detected

3.7 Oracle Audit Vault and Database Firewall SoftwareRequirements

Learn about the software requirements for Oracle Audit Vault and Database Firewall.

• Java SE RequirementThe AVCLI command line utility that the Audit Vault Server administrator uses andthe avpack utility (which is part of the software development kit) require Java SEversion 8 or 11.

• Browser RequirementsLearn about the browser requirements for Oracle Audit Vault and DatabaseFirewall (Oracle AVDF).

• Target RequirementsFor targets that are on Oracle Solaris running the LDoms Manager service, svc:/ldoms/ldmd:default, ensure that the target is using LDoms version 3.2.0.1 orlater.

3.7.1 Java SE RequirementThe AVCLI command line utility that the Audit Vault Server administrator uses and theavpack utility (which is part of the software development kit) require Java SE version 8or 11.

Chapter 3Oracle Audit Vault and Database Firewall Software Requirements

3-7

3.7.2 Browser RequirementsLearn about the browser requirements for Oracle Audit Vault and Database Firewall(Oracle AVDF).

Note:

See section Supported Browsers for more information on the supportedbrowsers.

3.7.3 Target RequirementsFor targets that are on Oracle Solaris running the LDoms Manager service, svc:/ldoms/ldmd:default, ensure that the target is using LDoms version 3.2.0.1 or later.

Chapter 3Oracle Audit Vault and Database Firewall Software Requirements

3-8

4Post-Install Configuration Tasks

Learn about the post-installation tasks for Oracle Audit Vault and Database Firewall(Oracle AVDF).

• Audit Vault Server Post-Installation TasksExecute recommended post-installation tasks after installing the Audit VaultServer.

• Database Firewall Post-Installation TasksLearn about Database Firewall post-installation tasks.

• Accessing the Audit Vault Server Post-Install Configuration PageAccess the Audit Vault Server post-installation configuration page.

• Setting the Usernames and Passwords of Audit Vault Server UsersSet up usernames and passwords for Oracle Audit Vault and Database Firewall(Oracle AVDF).

• Setting the Audit Vault Server Time (Strongly Recommended)Steps to set the Audit Vault Server time.

• Setting the Audit Vault Server DNS Servers (Recommended)Steps to set the DNS servers for the Audit Vault Server.

• Networking Setup And ConfigurationOracle Audit Vault and Database Firewall can be setup or configured for accessthrough DNS.

See Also:

Unable to Log in to the Oracle AVDF Appliance through SSH

4.1 Audit Vault Server Post-Installation TasksExecute recommended post-installation tasks after installing the Audit Vault Server.

Recommended post-installation steps for Audit Vault Server:

1. Complete the steps in section Accessing the Audit Vault Server Post-InstallConfiguration Page and set up usernames and passwords.

2. Apply the patch to remove deprecated ciphers post AVS install or upgrade:Deprecated-Cipher-Removal.zip.

Note: Apply this patch on Oracle Audit Vault Server 20.1 after install or upgrade. Incase of upgrade, before applying the patch, make sure that all Audit vault Agentsare upgraded to 20.1 and Host Monitor Agents are in Installed state.

3. Review the DNS and NTP system service configuration. See Configuring orChanging the Oracle Audit Vault Server Services.

4-1

4. Configure resilient pair of Audit Vault Servers. See Managing A Resilient AuditVault Server Pair.

5. Register the targets for monitoring using Oracle Audit Vault and Database Firewall.See Configuring Targets, Audit Trails, and Database Firewall Monitoring Points.

6. Ensure to configure the data retention policy for every target before configuringaudit trails. See Configuring Archive Locations and Retention Policies.

7. Follow these steps for configuring each audit trail for native audit collection. SeePreparing Targets for Audit Data Collection.

a. Deploy an Audit Vault Agent on the machine where the target is installed or ona machine that can connect to the target.

b. Enable native database auditing on the target.

c. Review and configure the audit trails for the target as per the requirement.

d. Configure the audit trail cleanup wherever necessary.

8. For Oracle Database targets, consider provisioning Oracle recommended auditpolicies. See Creating Audit Policies for Oracle Databases.

9. Consider configuring alert policies. See Creating Alerts.

Note:

• The Audit Vault Server reads the audit log from the target that containsthe timestamp of the event. Without this synchronization, events mayappear to be archived to the Audit Vault Server before they occur andalerts may appear to be sent before their triggering events occur.

• You must set the usernames and passwords of its administrator andauditor, and the passwords of its root and support user. You can alsoset the time and domain name service (DNS) servers of the Audit VaultServer.

4.2 Database Firewall Post-Installation TasksLearn about Database Firewall post-installation tasks.

After installing the Database Firewall, set the password for support user. This is theLinux operating system user account on Database Firewall. Follow these steps to setthe password:

1. After the installation is complete, log in as root user on the console displayed.

2. Execute the following command to set the password for the support user:

passwd support

3. Enter the new password for the support user when prompted.

4. Re-enter the password when prompted.

5. After the password is set successfully, the following message is displayed on theconsole:

Chapter 4Database Firewall Post-Installation Tasks

4-2

all authentication tokens updated successfully.

4.3 Accessing the Audit Vault Server Post-InstallConfiguration Page

Access the Audit Vault Server post-installation configuration page.

To access the Audit Vault Server Post-Install Configuration page:

1. Using a browser, go to the Audit Vault Server console. Ensure that the browserversion you are using supports TLS 1.2 protocol. See Supported Browsers forcomplete information.

https://ip_address

For ip_address, use the IP address of the Audit Vault Server. See Installing AuditVault Server or Database Firewall.

You may see a message about a problem with the website security certificate. Thisis due to a self-signed certificate. Click the Continue to this website (or similar)link. You can generate a certificate request later to avoid this message. This is oneof the possible reasons. However, there may be other reasons where the browsermay prompt about the website being insecure. Use your due caution, verify, andthen connect to the correct website.

See Oracle Audit Vault and Database Firewall Administrator's Guide.

2. You are prompted to enter the root password.

3. Click Login.

The Post-Install Configuration page appears:

Chapter 4Accessing the Audit Vault Server Post-Install Configuration Page

4-3

From this page, you must set the usernames and passwords (required), set up thetime, and DNS servers.

4.4 Setting the Usernames and Passwords of Audit VaultServer Users

Set up usernames and passwords for Oracle Audit Vault and Database Firewall(Oracle AVDF).

In the post-install configuration page, you set up usernames and passwords for thefollowing Oracle Audit Vault and Database Firewall users:

• Super Administrator

• Super Auditor

• Repository Encryption Keystore

Chapter 4Setting the Usernames and Passwords of Audit Vault Server Users

4-4

• Support

• Root

Changing the root user password on this screen is optional as it is already set duringinstallation.

See Also:

Separation of Duties for a description of each user.

Note:

Do not use the root or support users unless instructed to do so indocumentation or by a customer support representative.

• About Administrator and Auditor User NamesOracle recommends that you create administrator and auditor user accounts afteryou install Oracle Audit Vault and Database Firewall (Oracle AVDF).

• Password RequirementsSet password management guidelines for the Audit Vault and Database Firewall(Oracle AVDF) user accounts.

• Setting the Passwords For Audit Vault Server UsersSteps for setting the passwords for the Audit Vault Server users.

4.4.1 About Administrator and Auditor User NamesOracle recommends that you create administrator and auditor user accounts after youinstall Oracle Audit Vault and Database Firewall (Oracle AVDF).

The administrator and auditor user names must be simple SQL names of 1 to 30characters, and must follow these rules:

• The first character is alphabetical.

• Each remaining character is either alphanumeric or an underscore (_), dollar sign($), or number sign (#).

Note:

The administrator and auditor user names are upshifted (that is,any lowercase alphabetic characters are replaced by their uppercaseequivalents). Also, the Audit Vault Server does not support quoted usernames.


4-5

See Also:

Separation of Duties for a description of each user account.

4.4.2 Password RequirementsSet password management guidelines for the Audit Vault and Database Firewall(Oracle AVDF) user accounts.

For example, you may require that users change their passwords on a regular basis,such as every 120 days, and that they create passwords that are not easily guessed.

The following sections describe the minimum password requirements for Oracle AuditVault and Database Firewall.

Requirements for Passwords Containing Unicode Characters

If your password contains unicode characters (such as non-English characters withaccent marks), the password requirement is that it:

• Be between 8 and 30 characters long.

Requirements for English-Only (ASCII) Passwords

If you are using English-only, ASCII printable characters, Oracle Audit Vault andDatabase Firewall requires that passwords:

• Be between 8 and 30 characters long.

• Contain at least one of each of the following:

– Lowercase letters: a-z.

– Uppercase letters: A-Z.

– Digits: 0-9.

– Punctuation marks: comma (,), period (.), plus sign (+), colon(:), exclamationmark (!), and underscore (_)

• Not contain double quotes ("), back space, or control characters.

In addition, Oracle recommends that passwords:

• Not be the same as the user name.

• Not be an Oracle reserved word.

• Not be an obvious word (such as welcome, account, database, and user).

• Not contain any repeating characters.


4-6

See Also:

• Oracle Database Security Guide for additional guidelines on how youcan strengthen passwords for your site.

• Changing Your Own Password

• Changing the Password of Another Administrator

4.4.3 Setting the Passwords For Audit Vault Server UsersSteps for setting the passwords for the Audit Vault Server users.

To set the passwords of the Audit Vault Server administrator, auditor, root, and supportuser:

1. Access the Audit Vault Server Post-Install Configuration page.

2. Under User Setup:

• In the Super Administrator field, enter the administrative user name.

• Under the Super Administrator field, enter the administrator SuperAdministrator Password, then confirm it in the Re-enter Password field.

• Click Validate username.

The administrator username that you entered is validated. If this name is valid,then you can use it; if not, then you must enter a valid name.

• In the Super Auditor field, enter the super auditor user name.

• Under the Super Auditor, field, enter the auditor Super Auditor Password,then confirm it in the Re-enter Password field.

• Click Validate username.

The auditor username that you entered is validated. If this name is valid, thenyou can use it; if not, then you must enter a valid name.

3. Under Repository Encryption, enter the Keystore Password, and then re-enterit.

On new, full installations of Oracle Audit Vault and Database Firewall 12.2 or later,audit event data in the Audit Vault Server's repository is automatically encryptedusing Oracle Database Transparent Data Encryption (TDE). The repositoryencryption keystore password is required to reset the TDE master key.

4. Under Root Password, in the fields labeled Root Password and Re-enter NewPassword, type the password for root.

5. Under Support User Password, in the fields labeled Support Password andRe-enter New Password, type the password for the support user.

See Also:

Accessing the Audit Vault Server Post-Install Configuration Page


4-7

4.5 Setting the Audit Vault Server Time (StronglyRecommended)

Steps to set the Audit Vault Server time.

To set the Audit Vault Server time:

1. Access the Audit Vault Server Post-Install Configuration page.

2. Expand the Time Setup section.

3. Select either Set Manually or Use NTP.

Note:

Oracle strongly recommends that you select Use NTP. In addition, it isrecommended that you also use an NTP service on your targets to avoidconfusion on timestamps on the alerts raised by the Audit Vault Server.

4. If in step 3 you selected Use NTP, then for each of the fields Server 1 Address,Server 2 Address, and Server 3 Address:

a. Type either the IP address or name of a preferred time server.

If you type a name, the DNS server specified in the System Services page isused for name resolution.

b. Click Test Server.

The time from the specified server appears.

5. If in step 3 you selected Set Manually, then set the Date fields to your currentlocal day and time.

6. Either click Save or proceed to set the DNS servers for the Audit Vault Server.

See Also:

Unable to Access the AVS Console After Changing the Audit Vault ServerTime using NTP Server or Manually

4.6 Setting the Audit Vault Server DNS Servers(Recommended)

Steps to set the DNS servers for the Audit Vault Server.

The Audit Vault Server DNS servers are used to resolve any host names that AuditVault Server might use.

Chapter 4Setting the Audit Vault Server Time (Strongly Recommended)

4-8

Note:

Set Audit Vault Server DNS server values only if the network has DNSservers, otherwise system performance will be impaired.

To set the DNS servers for the Audit Vault Server:

1. Enter the IP addresses of up to three DNS servers on the network in the Server 1,Server 2, and Server 3 fields.

Leave the fields blank if there are no DNS servers.

2. Click Save.

4.7 Networking Setup And ConfigurationOracle Audit Vault and Database Firewall can be setup or configured for accessthrough DNS.

The host name must match the FQDN used for access.

See Also:

• Changing Host Names

• Oracle Audit Vault and Database Firewall Administrator's Guide

• Oracle Audit Vault and Database Firewall Administrator's Guide

• Unable to Access the AVS Console After Changing the Audit VaultServer Time using NTP Server or Manually

Chapter 4Networking Setup And Configuration

4-9

5UpgradingOracle Audit Vault and Database Firewall

This chapter provides information on upgrades from the previous release of OracleAudit Vault and Database Firewall.

• About Upgrading Oracle Audit Vault and Database FirewallLearn the steps to upgrade Oracle Audit Vault and Database Firewall.

• Pre-upgrade TasksLearn about the pre-upgrade prerequisites before upgrading Oracle Audit Vaultand Database Firewall (Oracle AVDF).

• Upgrade TasksTasks for upgrading Oracle Audit Vault and Database Firewall.

• Post Upgrade TasksPost upgrade tasks for Oracle Audit Vault and Database Firewall (Oracle AVDF).

• Recovering the Database in the Event of a Failed UpgradeAlways take back up Oracle Audit Vault and Database Firewall before upgrading incase the upgrade fails for an unforeseen reason.

5.1 About Upgrading Oracle Audit Vault and DatabaseFirewall

Learn the steps to upgrade Oracle Audit Vault and Database Firewall.

You can upgrade Oracle Audit Vault and Database Firewall from the previous release.

Note:

• You must first take backup prior to performing any upgrade.

• Follow the instructions in section Pre-upgrade Tasks before upgrading toOracle AVDF 20.

• Oracle Audit Vault and Database Firewall versions 12.2.0.0.0 andabove must first upgrade to 12.2.0.9.0.

• In all the above cases, you may perform a single backup operation priorto performing the first upgrade.

• In case you have a Niagara card in your system, then contact Oraclesupport before performing the upgrade task.

• You must keep sufficient disk space if there is huge amount of eventdata. The amount of disk space required is about 5% of the total eventlog data size.

5-1

1. Go to My Oracle Support and sign in.

2. Click the Patches & Updates tab.

3. Use the Patch Search box.

a. Click the Product or Family (Advanced) link on the left.

b. In the Product field, start typing Audit Vault and Database Firewall, andthen select the product name.

c. In the Release field, select the latest patch from the drop-down list.

d. Click Search.

4. In the search results page, in the Patch Name column, click the number for thelatest Bundle Patch.

A corresponding patch page appears.

5. Click Readme to access the README file, which has the upgrade instructions.

6. Follow the instructions in the README file to complete the upgrade.

5.2 Pre-upgrade TasksLearn about the pre-upgrade prerequisites before upgrading Oracle Audit Vault andDatabase Firewall (Oracle AVDF).

• Host Monitor Migration on WindowsIf you are using Host Monitoring on Windows platform, then update Npcap andOpenSSL libraries on Windows before upgrading to 20.1.

• Back Up The Current Oracle Audit Vault And Database Firewall InstallationBefore upgrading Oracle Audit Vault and Database Firewall (Oracle AVDF), youmust back up the Audit Vault Server.

• Release Existing Tablespaces That Are Retrieved ManuallyLearn about releasing tablespaces retrieved manually.

• Preserve File CustomizationsPreserve customizations applied to configuration files before upgrade of OracleAudit Vault and Database Firewall to 20.1.

• Pre-upgrade RPM Boot Device Greater than 2 TBLearn how to address the issue for boot devices greater than 2 TB.

• Pre-upgrade RPM Boot Partition Space Check WarningLearn how to address boot partition space check warning.

5.2.1 Host Monitor Migration on WindowsIf you are using Host Monitoring on Windows platform, then update Npcap andOpenSSL libraries on Windows before upgrading to 20.1.

Complete the steps in the following sections:

• Ensure the network_device_name_for_hostmonitor collection attribute is setfollowing the steps mentioned in section Create a Network Audit Trail postinstallation of Npcap and OpenSSL

• Deploying the Agent and Host Monitor on Microsoft Windows Hosts

Chapter 5Pre-upgrade Tasks

5-2

5.2.2 Back Up The Current Oracle Audit Vault And Database FirewallInstallation

Before upgrading Oracle Audit Vault and Database Firewall (Oracle AVDF), you mustback up the Audit Vault Server.

See Backing Up and Restoring the Audit Vault Server for complete information.

If your current Audit Vault Server is installed on a virtual machine (for example VM onOracle VM or VMWare), it is recommended to take a VM snapshot before starting theupgrade process.

5.2.3 Release Existing Tablespaces That Are Retrieved ManuallyLearn about releasing tablespaces retrieved manually.

Release all the existing tablespaces that were retrieved manually before upgradingOracle Audit Vault and Database Firewall.

If the existing tablespaces are not released, then the pre-upgrade operation may failresulting in an error. Or the index job creation may fail after upgrade because theycannot allocate space. The new indexes may also not be created after the upgrade.

To release the tablespaces follow this procedure:

1. Log in to the Audit Vault Server console as super administrator.

2. Navigate to Settings, and then to Archiving.

3. Click Retrieve.

4. You will find a list of tablespaces retrieved.

5. Select and release all the tablespaces.

5.2.4 Preserve File CustomizationsPreserve customizations applied to configuration files before upgrade of Oracle AuditVault and Database Firewall to 20.1.

The upgrade will erase all custom changes made to system configuration files. It isadvisable to backup any required changes that is required to be transferred to theupgraded system. To preserve such rules:

• There may be differences in configuration between OL6 and OL7 applications thatprevent old configuration from working correctly on the upgraded system.

• Create your own custom configuration file. See Oracle Linux documentation fordetails.

• Move any rules to a custom configuration file before performing the upgradeprocess.

• Synchronize the time between Database Firewall and Audit Vault Server. In casethe system clocks for Database Firewall and the Audit Vault Server are notsynchronized, then you may face a certificate error after the upgrade. After theupgrade, check the appliance diagnostics output to ensure that everything ismarked OK in green. The diagnostic failures are marked FAILED in red.


5-3

See Also:

• Specifying the Server Date, Time, and Keyboard Settings

• Setting the Date and Time in Oracle Database Firewall

5.2.5 Pre-upgrade RPM Boot Device Greater than 2 TBLearn how to address the issue for boot devices greater than 2 TB.

The pre-upgrade RPM performs necessary space checks for the boot device. In casethe boot device is greater than 2 TB, then the upgrade process may fail. The bootdevice should be less than 2 TB before the upgrade process can begin.

Follow these steps in case the boot device is greater than 2 TB when upgrading theAudit Vault Server:

1. Stop all the trails and monitoring points.

2. Stop all Audit Vault Agents and shutdown all the Database Firewall servers.

3. Take a backup of the system.

4. Choose a server that has at least one hard disk which is less than 2 TB.

5. Install the same bundle patch version of Audit Vault Server in 12.2 release.

6. Configure the system to boot in BIOS mode. For most of the servers this is thedefault setting.

7. Restore from the backup. Use the same IP and ensure the system is up.

8. Upgrade Audit Vault Server to release 20.1 using the documented upgradeprocess.

Follow these steps in case the boot device is greater than 2 TB when upgrading theDatabase Firewall added to the Audit Vault Server prior to release 12.2.0.1.0:

1. Log in to the Audit Vault Server console as administrator.

2. Click Reset Database Firewall to update all the settings from Database FirewallServer to the Audit Vault Server. This is applicable for all the Database Firewallinstances added to the Audit Vault Server prior to release 12.2.0.1.0.


4. Install the same bundle patch version of Database Firewall in 12.2 release.


6. Configure the Database Firewall instance.

7. Log in to the Audit Vault Server console as an administrator. Specify the AuditVault Server certificate and IP address on the new Database Firewall instance.

8. Click on Database Firewalls tab. A list of Database Firewall instances configuredare displayed on the main page.

9. The Status of the newly installed Database Firewall instance is Down with a redindicator. Click the name of the specific Database Firewall instance. The details ofthe specific Database Firewall instance is displayed on the main page.


5-4

10. Click Update Certificate button, and wait for the page to load. The status of theDatabase Firewall instance is Up or green.

11. Click Reset Firewall button. Confirm the operation by selecting OK in the dialog.

12. Check the status of this operation by navigating to the Jobs dialog. For this, clickthe Settings tab, and then click the System tab in the left navigation menu. Clickthe Jobs link under the Monitoring section.

13. The Jobs dialog contains a list of ongoing jobs. The Job Type is Reset Firewall.Click the Job Details page icon in the extreme left. The Job Status Detailsdialog contains current status. If the job has failed, then an appropriate message isdisplayed. If the job is successful, then it displays the completion time.

Follow these steps in case there is insufficient space in the boot device whileupgrading the Database Firewall which is on release 12.2.0.2.0 or later:


2. Install the same bundle patch version of Database Firewall in 12.2 release.











5.2.6 Pre-upgrade RPM Boot Partition Space Check WarningLearn how to address boot partition space check warning.

The pre-upgrade RPM performs necessary space checks in the boot partition. In casethere is not enough space in the boot partition, the upgrade process may fail. The bootpartition should have at least 500 MB before the upgrade process can begin.

Follow these steps in case there is insufficient space in the boot partition whileupgrading the Audit Vault Server:


5-5

1. Stop all the trails and monitoring points.

2. Stop all Audit Vault Agents and shutdown all the Database Firewall servers.

3. Take a backup of the system.

4. Install the same bundle patch version of Audit Vault Server in 12.2 release. Thiscreates the /boot partition with 500 MB.

5. Restore from the backup. Use the same IP and ensure system is up.

6. Upgrade Audit Vault Server to release 20.1 using the documented upgradeprocess.

Follow these steps in case there is insufficient space in the boot partition whileupgrading the Database Firewall instances added to the Audit Vault Server prior torelease 12.2.0.1.0:


2. Click Reset Database Firewall to update all the settings on the Audit Vault Server.

3. Continue the upgrade process using the steps in the following block.

Follow these steps in case there is insufficient space in the boot partition whileupgrading the Database Firewall:

1. Install the same bundle patch version of Database Firewall in 12.2 release. Thiscreates the /boot partition with 500 MB.










11. Check the overall health status of the Database Firewall instance. Navigate backto the Database Firewalls tab, and click on the specific instance. Click HealthIndicators link, under Diagnostics section.

12. Expand the Certificates block. There is a message pertaining to certificatevalidation failure in the list, and take appropriate action.


5-6

13. Expand the Database Firewall Monitoring section and ensure everything isgreen. Click the Close button in the bottom right corner of the dialog.

5.3 Upgrade TasksTasks for upgrading Oracle Audit Vault and Database Firewall.

• Upgrade The Audit Vault ServersYou must upgrade the Audit Vault Server before you upgrade the Audit VaultAgents and Database Firewall.

• Automatic Upgrade Of The Audit Vault Agents And Host MonitorsThe Agents and Host Monitors are automatically upgraded when you upgrade theAudit Vault Server.

• Upgrade The Database FirewallsYou must first upgrade the Audit Vault Server (or high availability pair of servers),before following these instructions to upgrade all Database Firewalls.

• Steps To Upgrade Oracle Audit Vault And Database Firewall AppliancesThe steps to upgrade an Audit Vault Server appliance or a Database Firewallappliance are similar.

5.3.1 Upgrade The Audit Vault ServersYou must upgrade the Audit Vault Server before you upgrade the Audit Vault Agentsand Database Firewall.

If you have set up a high availability environment, upgrade both your primary andstandby Audit Vault Server.

• Upgrading An Audit Vault ServerThis procedure is for updating an Audit Vault Server that is not part of a pair ofAudit Vault Servers configured for high availability (a resilient pair).

• Upgrading A Pair Of Audit Vault Servers Configured For High AvailabilityLearn to upgrade a pair of Audit Vault Servers configured for high availability.

5.3.1.1 Upgrading An Audit Vault ServerThis procedure is for updating an Audit Vault Server that is not part of a pair of AuditVault Servers configured for high availability (a resilient pair).

To upgrade an Audit Vault Server:

1. Make sure that all audit trails are stopped.

a. Click the Targets tab in the Audit Vault Server console.

b. Click Audit Trails tab in the left navigation menu.

c. Select all audit trails, and then click Stop.

2. Follow the steps in Steps To Upgrade Oracle Audit Vault And Database FirewallAppliances to upgrade the Audit Vault Server.

Chapter 5Upgrade Tasks

5-7

Upgrade Notes

• If you have existing targets for which you ran Oracle Audit Vault and DatabaseFirewall setup scripts to set user privileges (for example, for stored procedureauditing), no further action is required to update those privileges.

• Password hashing has been upgraded to a more secure standard. This changeaffects the operating system passwords (support and root). Change yourpasswords after upgrade to take advantage of the more secure hash.

5.3.1.2 Upgrading A Pair Of Audit Vault Servers Configured For HighAvailability

Learn to upgrade a pair of Audit Vault Servers configured for high availability.

Note:

Do not change the primary and standby roles before completing the upgradeon both Audit Vault Servers.

1. Upgrade the standby Audit Vault Server first.

Follow the steps in Steps To Upgrade Oracle Audit Vault And Database FirewallAppliances to upgrade the standby (secondary).

2. After the standby Audit Vault Server is rebooted, ensure that it is up and runningbefore proceeding to upgrade the primary Audit Vault Server.

3. Stop the audit trails before upgrading the primary Audit Vault Server.

a. Click the Targets tab in the Audit Vault Server console.

b. Click Audit Trails in the left navigation menu.

c. Select all audit trails, and then click Stop.

4. Follow the steps in Steps To Upgrade Oracle Audit Vault And Database FirewallAppliances to upgrade the primary.

Note:

After the primary Audit Vault Server is rebooted and is running, no additionalreboot is needed. It is fully functional at this point.

5.3.2 Automatic Upgrade Of The Audit Vault Agents And HostMonitors

The Agents and Host Monitors are automatically upgraded when you upgrade theAudit Vault Server.


5-8

Note:

• During the Audit Vault Agent auto-update process, its status will beUNREACHABLE for a while. It may take as much as 45 minutes to returnto RUNNING state.

• On Windows hosts, the Audit Vault Agent gets updated automaticallyonly if you have registered it as a Windows service, and you have setthis service to use the credentials of the OS user that originally installedthe agent.

When you start the Agent from the command line, the Audit VaultAgent will not auto-update. In this case, update the Agent manually. Forexample:

<agent_home>\bin\agentctl.bat stop

Download the new agent.jar from the Audit Vault Server Console andextract it using java -jar agent.jar from agent_home of the existingagent. Then run:

<agent_home>\bin\agentctl.bat start

Do not delete the existing agent_home directory.

• In a high availability environment if the Audit Vault Agents are deployedon the secondary Audit Vault Server before pairing, then manuallyupdate the previously deployed Audit Vault Agents pertaining to thesecondary Audit Vault Server after pairing is complete.

5.3.3 Upgrade The Database FirewallsYou must first upgrade the Audit Vault Server (or high availability pair of servers),before following these instructions to upgrade all Database Firewalls.

When updating Database Firewalls configured for high availability (a resilient pair),upgrade both the primary and secondary Database Firewall.

Note:

After upgrading to Oracle AVDF 20.3 or later, the status of some of theDatabase Firewall monitoring points may be Down. The Database Firewallpolicies created before the upgrade are undergoing migration to the newformat. This may take few minutes. Navigate to the Jobs dialog in the AuditVault Server console and check the status of the job Firewall post-upgradeactions. In case the background job fails, then deploy the Database Firewallpolicy using the Audit Vault Server console only. Check if the status ofthe Database Firewall monitoring points has changed to Up. Else, start themonitoring point.

• Upgrading A Database FirewallThis procedure is for updating a Database Firewall that is not part of a pair ofDatabase Firewalls configured for high availability (a resilient pair).


5-9

• Upgrading A Pair Of Database Firewalls Configured For High AvailabilityLearn to upgrade a pair of Database Firewalls configured for high availability.

5.3.3.1 Upgrading A Database FirewallThis procedure is for updating a Database Firewall that is not part of a pair ofDatabase Firewalls configured for high availability (a resilient pair).

To upgrade a Database Firewall:

1. Stop all the Database Firewall monitoring points.

a. Click Database Firewalls tab in the Audit Vault Server console.

b. Click Database Firewall Monitoring tab.

c. In the Database Firewall Monitoring section, select all the monitoring points.

d. Click Stop.

2. Follow the procedures in Steps To Upgrade Oracle Audit Vault And DatabaseFirewall Appliances to upgrade the Database Firewall.

5.3.3.2 Upgrading A Pair Of Database Firewalls Configured For HighAvailability

Learn to upgrade a pair of Database Firewalls configured for high availability.

1. Follow the steps in Steps To Upgrade Oracle Audit Vault And Database FirewallAppliances to first upgrade the standby (secondary) Database Firewall.

2. Ensure that the standby Database Firewall has been restarted.

3. After the standby Database Firewall has fully started up after the reboot, swap thisDatabase Firewall so that it now becomes the primary Database Firewall. To dothis:

a. In the Audit Vault Server console, click the Database Firewalls tab.

b. Click High Availability tab in the left navigation menu.

c. Select this resilient pair of Database Firewall instances, and click Swap.

The Database Firewall you just upgraded is now the primary DatabaseFirewall.

4. Follow the steps in Steps To Upgrade Oracle Audit Vault And Database FirewallAppliances to upgrade the original primary Database Firewall.

5. After the original primary Database Firewall has fully started up after the reboot,swap this Database Firewall so that it now becomes the primary DatabaseFirewall. This is an optional step.

5.3.4 Steps To Upgrade Oracle Audit Vault And Database FirewallAppliances

The steps to upgrade an Audit Vault Server appliance or a Database Firewallappliance are similar.


5-10

In the following steps, the term appliance refers to Audit Vault Server or DatabaseFirewall depending on the one you are upgrading. Make sure you upgrade all theappliances as described in the sections above.

• Install Oracle AVDF Pre-Upgrade RPMSteps to install Oracle AVDF pre-upgrade RPM.

• Transfer The ISO File To The ApplianceSteps to transfer the ISO file to the appliance.

• Start The Upgrade ScriptThe upgrade script mounts the ISO, changes to the correct working directory,executes the upgrade process, and then after the upgrade process is complete,unmounts the ISO.

• Restart The ApplianceSteps to reboot the appliance and continue the upgrade process.

5.3.4.1 Install Oracle AVDF Pre-Upgrade RPMSteps to install Oracle AVDF pre-upgrade RPM.

You must install the pre-upgrade RPM. It puts the system into a state that can besafely upgraded after it checks for suitable space on the file system. When the pre-upgrade RPM is installed, it re-arranges free space on the appliance so that there isenough room to copy the upgrade files to the appliance and start the installation. Afterthe upgrade, the space for the upgrade files is given back to the file system.

The avdf-pre-upgrade-20.1.0.0.0.zip executable includes the upgradeprerequisites and also checks that the platform conditions are met prior to theupgrade.

The pre-upgrade RPM prepares the system for upgrade by creating the /var/dbfw/upgrade directory with enough space to hold the main upgrade ISO file.

Prerequisite

In case of high availability environment, before running the pre-upgrade RPM, checkthe failover status on the primary Audit Vault Server. The failover status should not beSTALLED. If the failover status is STALLED, then wait for a while and check the statusagain. If the status is not changing, then contact Oracle Support.

Follow these steps to check the failover status on the primary Audit Vault Server:

1. Log in to the primary Audit Vault Server console as oracle user.

2. Run the following command:

/usr/local/dbfw/bin/setup_ha.rb --status

3. Check the failover status in the output.

Run Pre-Upgrade RPM

Follow these steps to run the pre-upgrade RPM:

1. Verify the download at this point by using a shasum of the avdf-pre-upgrade-20.1.0.0.0.zip file.


5-11

2. Unzip the bundle using the command:

unzip avdf-pre-upgrade-20.1.0.0.0.zip

3. Log in to the appliance through SSH as user support, and then switch user to root.

su - root

Run the screen command as user root.

Note:

Using the screen command prevents network disconnections interruptingthe upgrade. If the session terminates, resume as follows:

• Connect as user support.

• Switch to user root.

• Run command

screen -r

4. Change directory using the command:

cd /root

5. Run the following command to copy only the pre-upgrade RPM file from thedownloaded location to this appliance:

scp remote_host:/path/to/avdf-pre-upgrade-20.1.0.0.0-0_200707.2000.x86_64.rpm /root

6. Run the following command to install the avdf-pre-upgrade-20.1.0.0.0-0_200707.2000.x86_64.rpm:

rpm -i /root/avdf-pre-upgrade-20.1.0.0.0-0_200707.2000.x86_64.rpm

The following message appears:

SUCCESS: The upgrade media can now be copied to '/var/dbfw/upgrade'.

The upgrade can then be started by running: /usr/bin/avdf-upgrade

To remove the RPM execute the following command as root user:

rpm -e avdf-pre-upgrade

Run the following command if there is an issue with uninstalling the pre-upgrade RPM:

rpm -e avdf-pre-upgrade --noscripts


5-12

Note:

In case the installation of the pre-upgrade RPM identifies any problem inyour environment, then make a note of the remedial action displayed inthe message. First, remove the pre-upgrade RPM by running the commandrpm -e avdf-pre-upgrade as root user. After uninstalling the pre-upgradeRPM, perform the remedial action that was noted earlier from the messagedisplayed. Upon taking the necessary measures, attempt the upgradeprocess again.

The following error may be observed while installing the pre-upgrade RPM:

BUSY:The pre-upgrade process cannot continue because the following logical volumes are busy:Volume: lv_tmpProcess: javaFile(s): /tmp/XXXPlease stop the processes listed here before retrying:java

Follow these steps to resolve this issue:

1. Run commands lsof(8) or fuser(1) to determine the processes usingthe device.

2. Stop these processes.

3. Confirm the volumes are released.

4. Attempt to uninstall and reinstall the pre-upgrade RPM.

5.3.4.2 Transfer The ISO File To The ApplianceSteps to transfer the ISO file to the appliance.

The avdf-upgrade-20.1.0.0.0.iso file is the main upgrade ISO that you generatedearlier by combining the three ISO files downloaded from My Oracle Support.

1. Log in to the appliance as user support.

2. Copy the avdf-upgrade-20.1.0.0.0.iso file as follows:

scp remote_host:/path/to/avdf-upgrade-20.1.0.0.0.iso /var/dbfw/upgrade

5.3.4.3 Start The Upgrade ScriptThe upgrade script mounts the ISO, changes to the correct working directory, executesthe upgrade process, and then after the upgrade process is complete, unmounts theISO.

Points to note before starting the upgrade

The system may take some time to complete the commands. Do not interrupt theupgrade, otherwise the system may be left in an inconsistent state.


5-13

For this reason it is important to use a reliable and uninterruptible shell, for example, adirect console login (or iLOM equivalent).

If you use a network (ssh) connection to upgrade the appliance, ensure the connectionis reliable. You may also need to set the connection to keepalive. If you are using sshfrom the Oracle Linux command line, you can use the ServerAliveInterval option,for example as follows:

# ssh -o ServerAliveInterval=20 [other ssh options]

Note:

Run the screen command as user root. Using the screen command preventsnetwork disconnections interrupting the upgrade. If the session terminates,resume as follows:

1. Connect as user support.

2. Switch to user root.

3. Run command screen -r

1. Log in to the appliance through SSH as user support, and then switch user (su) toroot.

Note:

Run the screen command as user root. Using the screen commandprevents network disconnections interrupting the upgrade. If the sessionterminates, resume by switching to user root and then run commandscreen -r.

2. Execute the following command to perform appropriate checks before theupgrade:

/usr/bin/avdf-upgrade

3. Follow the system prompt, warning, and instruction to proceed with the upgradeaccordingly.

Output similar to the following appears:

Please wait while validating SHA256 checksum for /var/dbfw/upgrade/avdf-upgrade-20.1.0.0.0.isoChecksum validation successful for /var/dbfw/upgrade/avdf-upgrade-20.1.0.0.0.isoMounting /var/dbfw/upgrade/avdf-upgrade-20.1.0.0.0.iso on /imagesmount: /var/dbfw/upgrade/avdf-upgrade-20.1.0.0.0.iso is write-protected, mounting read-onlySuccessfully mounted /var/dbfw/upgrade/avdf-upgrade-20.1.0.0.0.iso on /images

The following messages have important information about the upgrade


5-14

process.

Power loss during upgrade may cause data loss. Do not power off during upgrade.

This upgrade will erase /root and /images.

Please review Note ID 2235931.1 for a current list of known issues.

The upgrade process is irreversible, please confirm 'y' to continue or 'n' to abort. [y/n]?

4. Enter y to proceed. Output similar to the following is displayed:

Verifying upgrade preconditions1/27: Allocating space for upgrade (simulation)2/27: Ensuring sufficient space on oracle filesystem (simulation)3/27: Applying LVM adjustments (simulation)4/27: Mounting filesystems (1)5/27: Allocating space for upgrade Rounding up size to full physical extent 6.22 GiB Logical volume "lv_ol7root" created.mke2fs 1.43-WIP (20-Jun-2013)Filesystem label=OS type: LinuxBlock size=4096 (log=2)Fragment size=4096 (log=2)Stride=0 blocks, Stripe width=0 blocks408000 inodes, 1630208 blocks81510 blocks (5.00%) reserved for the super userFirst data block=0Maximum filesystem blocks=166933299250 block groups32768 blocks per group, 32768 fragments per group8160 inodes per groupSuperblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: doneWriting inode tables: doneCreating journal (32768 blocks): doneWriting superblocks and filesystem accounting information: done

6/27: Mounting new install root7/27: Extracting minimal root filesystem8/27: Mounting required filesystems (2)9/27: Mounting required filesystems (3)10/27: Creating mountpoints for ASM11/27: Populating new root filesystem12/27: Adding required platform packages13/27: Upgrading packages in new root filesystem14/27: Ensuring sufficient space on oracle filesystem


5-15

15/27: Migrating system history16/27: Installing AVDF packages17/27: Migrating configuration18/27: Creating mountpoints for NFS19/27: Installing systemd upgrade units20/27: Applying LVM adjustments21/27: Disable SELinux22/27: Migrating fstab23/27: Migrating grub24/27: Migrating old root log files25/27: Setting final system status26/27: Unmounting27/27: Migrating old network log filesReboot now to continue the upgrade process.Unmounted /var/dbfw/upgrade/avdf-upgrade-20.1.0.0.0.iso on /images

Note:

The output above varies depending on the base installation level, theappliance type, and the configuration.

5.3.4.4 Restart The ApplianceSteps to reboot the appliance and continue the upgrade process.

To restart, perform the following steps:

1. Log in to the appliance through SSH as user support, and then switch user (su) toroot.

2. Restart the appliance. For example:

reboot

When the appliance restarts, the pre-database and post-database migrations arerun automatically. This process also removes the avdf-pre-upgrade RPM, so youdo not need to manually remove this file.

Note:

After restarting, the migration process can take several hours tocomplete. Please be patient. Do not restart the system while this is inprogress.

3. If you have upgraded a Database Firewall, it may have regenerated the appliancecertificate. In this scenario, you need to re-register the Database Firewall. Tocheck this:

a. Log in to the Audit Vault Server as an administrator.

b. Click the Database Firewalls tab. The Database Firewalls tab in the leftnavigation menu is selected by default. A list of configured Database Firewallinstances is displayed on the page.


5-16

c. Select the specific Database Firewall instance that indicates a certificate errorafter the upgrade.

d. Click Reset Firewall button.

See Also:

Registering a Database Firewall in the Audit Vault Server

Note:

Make sure that you upgrade all the components as mentioned in thesesections:

1. Upgrade The Audit Vault Servers

2. Automatic Upgrade Of The Audit Vault Agents And Host Monitors

3. Upgrade The Database Firewalls

Once the upgrade is complete, perform the post-upgrade changes.

5.4 Post Upgrade TasksPost upgrade tasks for Oracle Audit Vault and Database Firewall (Oracle AVDF).

Note:

Apply the patch to remove deprecated ciphers post AVS install or upgrade:Deprecated-Cipher-Removal.zip. Apply this patch on Oracle Audit VaultServer 20.1 after install or upgrade. In case of upgrade, before applying thepatch, make sure that all Audit vault Agents are upgraded to 20.1 and HostMonitor Agents are in Installed state.

See Also:

Unable to Log in to the Oracle AVDF Appliance through SSH

These topics describe some important post upgrade changes:

• Confirmation Of The Upgrade ProcessHere are the symptoms that validate whether the upgrade was successful or not.

• Unable to Add Pre-upgrade SQL Clusters to New Cluster Sets After Upgrading to20.1Learn how to fix SQL cluster issue post upgrade to Oracle AVDF 20.1.

• Changing Bridge to Equivalent Proxy Configuration Post Upgrade to 20Steps to be taken after upgrading to Oracle AVDF 20, if you have DatabaseFirewall In-line Bridge mode deployed in release 12.2.

Chapter 5Post Upgrade Tasks

5-17

• Possible Changes Required for Existing Archive LocationsLearn about possible changes that may be required for existing archive locations.

• Enable Archiving Functionality Post UpgradeEnable archiving functionality post upgrade is required only if the Audit VaultServer is deployed in a high availability environment.

• Post Upgrade Actions to Clear Unused Kernels From Oracle Audit Vault andDatabase FirewallSee MOS note (Doc ID 2458154.1) for complete instructions to clear unusedkernels from Oracle Audit Vault and Database Firewall (Oracle AVDF).

• Scheduling Maintenance JobsOracle AVDF runs some jobs on the Audit Vault Server for proper and effectivefunctioning of the system.

5.4.1 Confirmation Of The Upgrade ProcessHere are the symptoms that validate whether the upgrade was successful or not.

Use these symptoms to verify a successful upgrade.

Successful Upgrade of Audit Vault Server

1. The Audit Vault Server console can be launched without any issues.

2. Successful log in to Audit Vault Server console as administrator and auditorwithout any issues.

3. The home page of the Audit Vault Server console displays the correct version(Oracle Audit Vault and Database Firewall 20).

4. SSH connection to the Audit Vault Server is successful without any errors.

5. Check the following items:

a. Log in to the Audit Vault Server console as administrator.

b. Click Settings tab, and then click System in the left navigation menu.

c. Check the Uptime on the main page.

d. Check the status of Database Firewall log collection is up (green arrowpointing upwards).

e. Check the status of Background Job is up (green arrow pointing upwards).

f. Check the High Availability Status.

Successful Upgrade of Audit Vault Agents


2. Click Agents tab.

3. The main page contains a list of Audit Vault Agents. The status of the Agents mustbe RUNNING.

4. Check the version in the Agent Details column. It should indicate release 20.

Successful Upgrade of Database Firewall



5-18

2. Click Database Firewalls tab.

3. The main page contains a list of Database Firewall instances. The status must beUp.

4. The Version should indicate release 20.

5. Click on a specific Database Firewall instance under the Name field.

6. Click Health Indicators under the Diagnostics section. All the health indicatorsmust have a green mark.

7. Exit the dialog. Click Database Firewall Monitoring tab in the left navigationmenu.

8. Check the Status of all the monitoring points is Up.

Unsuccessful Upgrade

Symptoms when the upgrade has failed:

• Unable to launch the Audit Vault Server console

• SSH connection or the terminal to the Audit Vault Server displays an error that theupgrade has failed

5.4.2 Unable to Add Pre-upgrade SQL Clusters to New Cluster SetsAfter Upgrading to 20.1

Learn how to fix SQL cluster issue post upgrade to Oracle AVDF 20.1.

After upgrading to Oracle AVDF 20.1, the pre-existing SQL clusters from release12.2 cannot be added to new cluster sets. This is encountered while create a newDatabase Firewall policy and when attempting to create a new SQL cluster set inrelease 20.1. To resolve this issue, run the populate_cluster_job.sql script immediatelyafter upgrading to Oracle AVDF 20.1. This script resolves the issue in the event logtable and the user can create cluster sets based on the clusters that were generatedprior to 20.1 upgrade.

Note:

This issue is observed in Oracle AVDF 20.1 only. It is resolved in OracleAVDF 20.2 (20 RU2).

Follow these steps to run the populate_cluster_job.sql script:

1. Download the populate_cluster_job.sql script from ARU or My Oracle Support.

2. The Database Firewall monitoring points or traffic need not be stopped. However,if the monitoring points and other traffic is stopped, then the script execution isfaster.

3. The path is executed on the Audit Vault Server. Connect to the Audit Vault Serverthrough SSH as support user.

4. Switch user to root: su - root

5. Unlock the avsys user by following these steps:


5-19

a. You are connected to the Audit Vault Server through SSH as root user now.

b. Switch user to dvaccountmgr: su - dvaccountmgr

c. Run sqlplus /

d. Execute the command: alter user avsys identified by <passwd> accountunlock;

e. Run exit to quit SQL*Plus.

6. Run exit to connect back as root user.

7. Switch user to oracle: su - oracle

8. Connect to the Audit Vault Server database as avsys user using SQL*Plus asfollows:

sqlplus /nolog

connect avsys

9. Enter the password when prompted.

10. Execute the script using the following command:

@<file path of the populate_cluster_job.sql script>

11. The script runs in the background. The duration of the script execution is based onthe traffic, and sometimes may take longer. Check the status of the job in the AuditVault Server console as follows:

a. Log in to the Audit Vault Server console as administrator.

b. Click Settings tab, and then click the System tab in the left navigation menu.

c. Click Jobs.

d. Check the status of the job type Retrieve_clusters. In case the script hasfailed, repeat the steps and execute the script again.

5.4.3 Changing Bridge to Equivalent Proxy Configuration PostUpgrade to 20

Steps to be taken after upgrading to Oracle AVDF 20, if you have Database FirewallIn-line Bridge mode deployed in release 12.2.

Database Firewall In-line bridge deployment mode is de-supported in Oracle AVDF 20.The deprecation notice was issued in 12.2. Follow these steps, after upgrading to 20, ifyou have Database Firewall In-line Bridge mode deployed in release 12.2.

Oracle Audit Vault and Database Firewall 20 requires configuration changes tomaintain network separation originally provided by a traffic source (bridge). The orderof the Network Interface Cards (NIC) and the components connected cannot bedetermined. If your current installation is 12.2, and has Database Firewall In-linebridge mode deployed, then certain measures have to be taken after upgrading torelease 20.


5-20

Note:

A single proxy port is required for every target. A single proxy port cannotservice multiple target databases. Add more traffic proxy ports as required.

This topic contains the necessary steps to change the configuration to an equivalentproxy mode.

Upgrade Prerequisites

• Current Database Firewall is on 12.2 version

• Database Firewall is currently deployed in monitoring (DAM) or blocking (DPE)mode with 1 or more traffic sources configured as a bridge

Execute the following steps after upgrading to release 20 in the following scenarios:

• Only if you wish to maintain your existing network segmentation.

• The interfaces are used for monitoring only.

• The default bridge device is created or repurposed to create the monitoring pointservices.

1. After upgrade to 20, the network interface cards used have the original bridgeconfiguration.

2. Log in to the Audit Vault Server console to check the current status of theDatabase Firewall network configuration.

3. From the available Database Firewall configuration information, the networkconnections of the two interfaces used by the traffic source are not known.Determine the information of the network segment and the interfaces plugged in,by using tools such as ping.

4. Find out the client side NIC among the two NICs and make a note. Ensure thedevice has a valid IP address and is up.

Note:

Ensure to add a valid proxy port for this interface. A default port numberis created automatically.

5. Find out the database facing NIC among the two NICs and make a note. Ensurethe device has a valid IP address and is up.

6. After collecting the required data and gaining fair amount of knowledge on theDatabase Firewall configuration, ping the target addresses from the databasefacing device.

7. Enable 1 NIC device at a time and attempt to the ping the target addresses fromthe appliance. If you cannot find any information on the first interface, then checkon the second one. If the target addresses are not available, then try pinging thelocal gateway. This approach usually directs towards the clients.

8. Assuming that there are no other network changes made, the network maskremains the same.


5-21

9. After the NICs are enabled and the changes incorporated, the settings in theNET_SERVICE_MAP within the dbfw.conf file file is similar to the following:

NET_SERVICE_MAP="{"enp0s9":{"ip4":{"address":"192.0.2.21/24","gateway":"","enabled":true}},"enp0s10":{"ip4":{"address":"192.0.2.20/24","gateway":"","enabled":true}}}"

10. Routes are required so that the proxy can send the traffic between the clients andthe database. Add the routes to the NET_SERVICE_MAP as follows:

NET_SERVICE_MAP="{"enp0s9":{"ip4":{"address":"192.0.2.21/24","gateway":"","enabled":true},'route':{'ip4route':['192.0.2.4/22 192.0.2.21',...]}},...}

The routing requires a general range for the clients as follows:

ip route add 192.0.2.21/24 via 192.0.2.20 dev enp0s10

The routing range for the targets is as follows:

ip route add 192.0.2.4 via 192.0.2.21 dev enp0s9

11. Run the following command to apply all the settings:

configure-networking

12. Test the client connectivity with the database.

See Also:

Configuring Oracle Database Firewall as a Traffic Proxy

5.4.4 Possible Changes Required for Existing Archive LocationsLearn about possible changes that may be required for existing archive locations.

• After the upgrade, new behavior is enforced on archive locations. New archivelocations are owned by the user with administrator role who created them.

• The user with super administrator role can view all archive locations.

• Existing archive locations can only be accessed by the user with superadministrator role. In order for the regular user with administrator role to accessthese locations, you must do the following task for each archive location:

Log in to Audit Vault Server as root OS user, then perform the followingcommands:

su - dvaccountmgrsqlplus /alter user avsys identified by <password> account unlock;exit;exit;su - oraclesqlplus avsys/<password>


5-22

update avsys.archive_host set created_by=<adminuser> where name=<archive location name>;commit;exit;exit;su - dvaccountmgrsqlplus /alter user avsys account lock;exit;exit;

5.4.5 Enable Archiving Functionality Post UpgradeEnable archiving functionality post upgrade is required only if the Audit Vault Server isdeployed in a high availability environment.

In case there are NFS locations and archived data files, ensure all the data files areavailable in the respective NFS locations. Upon completion of the upgrade process,archiving is disabled. User must follow the below steps to enable archiving.

Note:

• Oracle AVDF 20.1 and later supports Network File System (NFS)versions v3 and v4 for archive or retrieve functionality.

• NFS v3 only is not supported.

• If your NFS server supports and permits both v3 and v4 for archive orretrieve, then no action is required.

• In case you have NFS v4 only in your environment for archive orretrieve, then set the _SHOWMOUNT_DISABLED parameter to TRUE using thefollowing steps:

1. Log in to the Audit Vault Server as root.

2. Switch user to oracle: su - oracle

3. Start SQL*Plus connection as sqlplus /nolog without the usernameor password.

4. In SQL*Plus execute the command: connect <superadministrator>

5. Enter the password when prompted. Alternatively, execute thecommand: connect <super administrator/password>

6. Execute the command: execavsys.adm.add_config_param('_SHOWMOUNT_DISABLED','TRUE');

1. Connect to the primary Audit Vault Server using SSH.

2. Switch to root user and then to oracle user by executing the following commands:

su - root

su - oracle


5-23

3. Create new NFS locations using the Audit Vault Server console. These newlocations created consider the newly mounted NFS points for both the primaryand secondary Audit Vault Servers. Ensure there is sufficient space in the newlycreated NFS locations to store all the necessary data files archived.

4. Start SQL*Plus connection as sqlplus /nolog without the username or password.

5. In SQL*Plus execute the command: connect super administrator

6. Enter the password when prompted. Alternatively, execute the command: connectsuper administrator/password

7. Enable the archiving functionality by executing the following command:

exec management.ar.run_hailm_job('<NFS location name defined>');

This command triggers a back ground job. The status can be viewed under theJobs page. The name of the job is HAILM POST UPGRADE JOB.

8. Once this functionality is enabled, all the archived data files are moved to the newNFS location. Archiving is enabled once this job completes successfully.

5.4.6 Post Upgrade Actions to Clear Unused Kernels From OracleAudit Vault and Database Firewall

See MOS note (Doc ID 2458154.1) for complete instructions to clear unused kernelsfrom Oracle Audit Vault and Database Firewall (Oracle AVDF).

5.4.7 Scheduling Maintenance JobsOracle AVDF runs some jobs on the Audit Vault Server for proper and effectivefunctioning of the system.

Oracle recommends that you run these jobs during a period when the Audit Vaultserver usage is low, such as night. You can schedule these jobs as per your time zone.

1. Log in to the Audit Vault Server as an administrator.

2. Click Settings tab.

3. Click System tab in the left navigation menu.

4. In the Configuration section:

For Oracle AVDF Release Click

20.1 and 20.2 Manage

20.3 and later Maintenance

5. To schedule a new maintenance job, select Start Time. Enter the time in hoursand minutes for the maintenance job to start at a specific time. The time specifiedhere is the time on the browser.

6. In the Time Out (In hours) field, enter the duration of the maintenance job inhours.


5-24

Note:

In case the job does not complete within the duration specified, it istimed out.

7. In the Repeat Frequency field, select the frequency of the maintenance job to berepeated.

Note:

This field cannot be edited, and by default the value remains Daily. Thejob runs at the specified start time daily.

8. Click Save.

5.5 Recovering the Database in the Event of a FailedUpgrade

Always take back up Oracle Audit Vault and Database Firewall before upgrading incase the upgrade fails for an unforeseen reason.

If there is enough space in the Audit Vault Server's flash recovery area, you maybe able to recover the database after a failed upgrade under the guidance of OracleSupport.

As a rule of thumb, to make recovery of the database possible, you should have thefollowing amount of free space in the flash recovery area:

20 GB or 150% of the amount of data stored in the Audit Vault Server database,whichever is larger.

See Also:

• Back Up The Current Oracle Audit Vault And Database FirewallInstallation

• Oracle Audit Vault and Database Firewall Administrator's Guide forinformation on monitoring the flash recovery area.

Chapter 5Recovering the Database in the Event of a Failed Upgrade

5-25

6Uninstalling Oracle Audit Vault andDatabase Firewall

This chapter provides information on how to uninstall or remove Oracle Audit Vault andDatabase Firewall.

• Uninstalling Audit Vault Agents Deployed on Target Host MachinesUninstall the Audit Vault Server and the Database Firewall appliances, and theAudit Vault Agents, that are deployed on target host machines.

• Reimage Oracle Database Firewall and Restore from Audit Vault ServerAbout reimaging Oracle Database Firewall and restoring from Audit Vault Server.

6.1 Uninstalling Audit Vault Agents Deployed on Target HostMachines

Uninstall the Audit Vault Server and the Database Firewall appliances, and the AuditVault Agents, that are deployed on target host machines.

To remove the Audit Vault Agents from target host machines:

1. In the Audit Vault Server, stop all audit trails for the target host.

2. If the target host has Host Monitor installed, uninstall it.

3. Verify the Audit Vault Agent is in STOPPED state.

4. In the Audit Vault Server, deactivate the Audit Vault Agent for the target host.

5. In the Audit Vault Server, delete the target host.

6. In the target host, delete the Audit Vault Agent install directory.

Note:

To uninstall the Audit Vault Server or Database Firewall, turn off thecomputers on which they are installed, and follow the procedures forsafely decomissioning the hardware.

See Also:

Oracle Audit Vault and Database Firewall Administrator's Guide

6-1

6.2 Reimage Oracle Database Firewall and Restore fromAudit Vault Server

About reimaging Oracle Database Firewall and restoring from Audit Vault Server.

Use this procedure to reimage the Oracle Database Firewall appliance and restore theconfiguration from the Audit Vault Server console.

1. Reinstall Database Firewall.


Note:

• Keep the same number of Network Interface Cards that wereavailable in the previous instance and in the same order. However,there is no need to configure them manually except the ManagementInterface which is configured during installation. This task isaccomplished by the reset Firewall operation.

• Similarly, the proxy ports need not be created manually. This task isaccomplished by the reset Firewall operation.

• In case the Network Interface Cards or the proxy ports are createdmanually using the Audit Vault Server console, then the resetFirewall operation may not succeed and the state of the Firewallinstance may not be same as before.

• Do not execute CONFIG-NIC and CONFIG-PROXY commands toconfigure NIC and proxy ports.








Chapter 6Reimage Oracle Database Firewall and Restore from Audit Vault Server

6-2

10. Check the overall health status of the Database Firewall instance. Navigate backto the Database Firewalls tab, and click on the specific instance. Click HealthIndicators link, under Diagnostics section.

11. Expand the Certificates block. There is a message pertaining to certificatevalidation failure in the list, and take appropriate action.

12. Expand the Database Firewall Monitoring section and ensure everything isgreen. Click the Close button in the bottom right corner of the dialog.

Chapter 6Reimage Oracle Database Firewall and Restore from Audit Vault Server

6-3

ATroubleshooting Oracle Audit Vault andDatabase Firewall

Oracle Audit Vault and Database Firewall provides troubleshooting advice for a rangeof installation or upgrade scenarios.

• Install or Upgrade Failure Due to New File System Added to Oracle AVDFLearn how to resolve the error pertaining to new file system added to OracleAVDF.

• Cannot Access the Audit Vault Server ConsoleLearn the workaround for when you cannot access the Audit Vault server userinterface or console.

• Collecting Logs to Debug Installation FailuresTo collect logs for debug installation failures, follow this procedure.

• Failure While Adding DisksIf you experience disk failures when adding disks during an upgrade, then use thisprocedure.

• Unable to Reach Gateway ErrorLearn to fix incorrect Gateway details entered during installation.

• RPM Upgrade FailedRead the troubleshooting advice if RPM upgrades fail.

A.1 Install or Upgrade Failure Due to New File SystemAdded to Oracle AVDF

Learn how to resolve the error pertaining to new file system added to Oracle AVDF.

Problem

Pre-existing file system, LVM, or device mapper metadata may result in upgrade orinstallation failure.

Symptom

The symptoms of any pre-existing LVM or other device mapper metadata include, butare not limited to:

• Two vg_root volume groups.

• Hard drive devices becoming unavailable during install or upgrade. This may leadto input or output errors and eventually result in upgrade failure.

Solution

To remove any such metadata, follow these steps:

A-1

1. Run the following command on the device:

# dd of=/dev/<device name> if=/dev/zero bs=1024k

Best Practice:

To ensure you only erase the correct drive, place it in a standalonesystem to run this command. On successful completion, add the drive toOracle AVDF appliance.

2. Reboot the device.

3. Verify the partition table and metadata.

Note:

This will erase data from the drive.

A.2 Cannot Access the Audit Vault Server ConsoleLearn the workaround for when you cannot access the Audit Vault server userinterface or console.

Problem

The Audit Vault Server console is not accessible.

Solution

There are two remedies that you can perform depending on when this problem occurs:

• The problem occurs immediately after Audit Vault Server installation.

In this case, the installation may not have been completed correctly. Perform theinstallation again.

• The problem occurs after the system is already running.

In this case, check that the disk is not full and that the Oracle Audit Vault Serverdatabase is running using this command:

/etc/init.d/dbfwdb status

To restart the database, use run this command as root:

/etc/init.d/dbfwdb start

If you have a problem restarting the database, then contact Oracle Support.

Appendix ACannot Access the Audit Vault Server Console

A-2

A.3 Collecting Logs to Debug Installation FailuresTo collect logs for debug installation failures, follow this procedure.

Problem

You may encounter issues during installation or upgrade.

Pre-reboot installation failure

To collect logs for debugging pre-reboot installation failures, follow this procedure:

1. During installation or upgrade, after mounting the .iso file, press Tab andinterrupt the normal boot process.

2. To collect logs, the installer must run with command line access. To enablecommand line access, remove the noshell from the boot option.

3. After the failure occurs, press the Alt + Right Arrow key to access the commandline.

4. Run the following command to start the collection tool:

python /run/install/repo/collect_diagnostics.py

5. Follow the instructions to collect the diagnostics file.

Post-reboot installation failure

To collect logs for debugging post-reboot installation failures, follow this procedure:

1. Using the password you have previously set, log in as root on the console or usingssh.

2. Run the following command to start the collection tool:

python /media/avdf-install/collect_diagnostics.py

3. Follow the instructions to collect the diagnostics file.

Collecting the diagnostics file

Use this procedure to collect the diagnostics file for analyzing or debugging issues.

1. The collection tool creates a diagnostic or log file in the following location:

/root/install-diagnostics.tgz

2. Follow the instructions that are displayed on the prompt to transfer the diagnosticfile for analysis. Use the following command to transfer the file:

scp /root/install-diagnostics.tgz <user>@<Ip address>:<Path>

Appendix ACollecting Logs to Debug Installation Failures

A-3

3. The following steps and commands pertaining to configuring the network are alsodisplayed on the command prompt:

ip addr add <IP address>/<sub net> dev <Interface>

ip link set <Interface> up

ip route add default via <Gateway>

4. Use the information available in the diagnostic file for analyzing the issue. Attemptto redo the installation after addressing the issue.

A.4 Failure While Adding DisksIf you experience disk failures when adding disks during an upgrade, then use thisprocedure.

Problem

Failure while adding additional disk or failure during upgrade. The symptoms include,but are not limited to:

• Two vg_root volume groups. This results in failure during install or upgrade.

• Hard drive devices becoming unavailable during install or upgrade. This leads toinput or output errors and failure.

Solution

Ensure that any disk added to the appliance has no pre-existing LVM or other devicemapper metadata. To remove any such metadata, follow these steps:

1. Execute the following command:

dd of=/dev/<device name> if=/dev/zero bs=1024k

Best Practice:

To ensure you only erase the correct drive, place it in a standalonesystem to execute this command. On successful completion, add thedrive to the Oracle Audit Vault and Database Firewall appliance.

2. Reboot the device.

3. Verify the partition table and metadata.

Note:

Fiber Channel based storage with multipath is supported in Oracle AuditVault and Database Firewall release 20.1 and onwards.

Appendix AFailure While Adding Disks

A-4

A.5 Unable to Reach Gateway ErrorLearn to fix incorrect Gateway details entered during installation.

Problem

Incorrect or invalid Gateway details entered while installing Audit Vault Sever orDatabase Firewall. The following error message may be encountered:

Gateway is not reachable from host

Solution

The Gateway details can to be corrected by following these steps:

1. Log in to Terminal-1 as root user. Alternately, Terminal-1 can be accessed bypressing Ctrl+Alt+Right Arrow Key.

2. Access and open the dbfw.conf file by executing this command:

vi /usr/local/dbfw/etc/dbfw.conf

3. Set the correct value for the GATEWAY field by overwriting the existing value.

4. Save and close the file.

5. Execute the command to apply the modified value:

/usr/local/dbfw/bin/priv/configure-networking

6. Return back to the appliance screen by pressing Ctrl+Alt+Left Arrow Key.

Note:

The network settings entered during installation can be modified, bychoosing the Change IP Settings option in the installer or appliance screen.

A.6 RPM Upgrade FailedRead the troubleshooting advice if RPM upgrades fail.

Problem

An RPM upgrade failed with the following error:

error: %post(dbfw-mgmtsvr-###) scriptlet failed, exit status 1

Solution

1. Check that there is at least 10MB of free /tmp space.

2. Remove the new RPM:

rpm -e dbfw-mgmtsvr-###

Appendix AUnable to Reach Gateway Error

A-5

3. Retry the upgrade.

Appendix ARPM Upgrade Failed

A-6

Index

Numerics12.2 in-line bridge deployment, 5-20

Aarchive functionality

enabling, 5-23audit vault agent requirements, 3-2Audit Vault and Database Firewall

documentation, downloading latest, 2-1Audit Vault Server

administrative taskschanging user passwords, 4-6

installing, 1-6post-installation tasks for, 4-1

audit vault server installationprerequisite, 3-2

Audit Vault Server time, setting, 4-8

Bbackups, 5-3boot partition space issue, 5-5browser requirements, 3-8

Ccertificate

Web UI, trusting post-installation, 4-3changing configuration to proxy mode post

upgrade 20, 5-20

DDatabase Firewall

installing, 1-6post-install tasks, 4-2

disk space requirements, 3-5DNS servers, setting, 4-8documentation, AVDF, downloading latest, 2-1domain name service (DNS) servers, setting, 4-8download Oracle AVDF software, 1-3

Eenabling

archive functionality, 5-23enabling archive functionality, 5-23

Ffixing SQL cluster issue post upgrade to Oracle

AVDF 20.1, 5-19

Hhardware requirements, 3-4host monitor requirements, 3-2

Iinstallation

about, 2-10Audit Vault Server, 1-6Database Firewall, 1-6files, 1-1privileges required for, 3-3

installation passphraseusing during configuration

of Audit Vault Server, 4-3issue

boot device space 2 TB, 5-4

MMaintenance Job

Scheduling, 5-24memory and space requirements, 3-4

Nnetwork interface card (NIC) requirements, 3-6

OOracle Solaris

target requirement, 3-8

Index-1

Oracle VM, support, 2-2

Ppassword

settingAudit Vault Server user, 4-7

passwordsrequirements, 4-6

platforms supported, 2-1server, 2-2VM, Oracle VM, 2-2

post-install tasksfor Database Firewall, 4-2usernames and passwords, 4-4

post-installation tasks, 4-1for Audit Vault Server, 4-1

pre-install requirements, 3-1prerequisite

audit vault server installation, 3-2privileges for installation, 3-3

Rreimage Database Firewall, 6-2requirements

audit vault agent, 3-2browsers, 3-8charts, interactive reports, 3-8disk space, 3-5hardware, 3-4host monitor, 3-2memory, 3-4network interface card (NIC), 3-6pre-install, 3-1software, 3-7

SScheduling

Maintenance Job, 5-24Scheduling Maintenance Job, 5-24software requirements, 3-7SQL Clusters before upgrading to 20.1, 5-19

Ttargets

requirements, 3-8troubleshooting

RPM upgrade failed, A-5

Uuninstall Agents, 6-1uninstalling, 6-1upgrade, 5-2upgrading, 5-1

backups before, 5-3Npcap and OpenSSL libraries, 5-2recovering database, 5-25

upgrading Oracle Audit Vault and DatabaseFirewall, 5-1

usernames, 4-4

Vvirtual environments, Oracle VM, 2-2

WWeb UI

trusting certificate post-installation, 4-3

Index

Index-2