Oracle Audit Vault installation and implementation steps:

Introduction

Oracle Audit Vault is a security product that gathers auditing information from remote databases and store them in a single centralized warehouse database. Suppose you have different machine in a different database, that’s time really tough to monitor what happens in different database at a time. By using an audit vault system you can monitor every database in a single dashboard and you can apply policies which alerts you and provide you desires report.

Another Key feature is once audit vault system ready you cannot enter audit database, because system is totally intact, you cannot login putty or other ssh, enter the system you can see only below screen

Audit vault itself has different types of reports like Activity reports, Alert reports, user privileges report, stored procedure audit reports.

Oracle Audit vault raise alerts any types of suspicious transactions.

Capture before/after values from transaction logs.

Automated cleanup of Oracle database audit data on source systems, no need to manage the audit database.

Installation:

Download Audit Vault Software

A. Download Media1. Download media from https://edelivery.oracle.com/.· Open a web browser.· Type https://edelivery.oracle.com/ in the address bar.· Press "<Enter>" key.· Click on "Sign In / Register" button.

2. Login to edeliverySign In / Register button redirects to the login screen.

· Provide login username and password.· Click on Sign in button to login.

3. Search Required Media· In Product pack select Oracle Database.· In Platform select Linux x86-64.· Select "Oracle Audit Vault and Database Firewall 12.1.1 Media Pack for Linux x86-64".· Click on "Go" button to search.

4. Download Media· Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Server"

to download Audit Vault Server.· Click on "Download" button next to "Oracle Audit Vault and Database Firewall (12.1.1.1.0) - Database

Firewall" to download Database Firewall. I will cover this in my next post.

Prerequisites1. Laptop/PC· Latest and fast processors· At least 8GB memory, but I am using 1.5GB memory· Windows 64 bit· At least 120GB Hardisk , rather than 120GB storage you can installed Audit vault server.

Host Machine (Windows 10)IP Address : 172.25.200.1Subnet Mask : 255.255.255.0

AV server (virtual Box, installed Oracle Linux 6)IP Address : 172.25.200.10Subnet Mask : 255.255.255.0

Attached media in virtual Box machine

After startup the Virtual Box this screen come in type install , hit enter key

I stuck here cause I assign 52GB for this , that’s why I will add 120GB disk and re-run the installation again.

Installation in Progress

Applying Configuration· Wait until the installer goes to next screen.

Enter Installation Passphrase· Enter a strong passphrase.

This passphrase will be used later to change other system passwords. It is recommended to note the password securely for future reference.

NOTE: The passphrase should be 8 characters or more and contains an uppercase, lowercase, digit and punctuation. If this policy is violated then following message will be displayed.

Enter password: Ucbl_123

Refreshing link stateServer will automatically refresh the link state and redirect to next screen.

Select Management Interface

After Enter the machine IP 172.25.200.55, reboot machine

Login in Oracle Audit vault Server :

https://172.25.200.55/console/

Oracle Audit Vault has Two Schema

One is AVADMIN where you can do all types of administrator job.

Another is AVAUDITOR which helped you to monitor audit information.

Implementation Audit Server in a database and monitor the activity

Step1: Register a host

Host Name: SolarisM1

IP address: 172.25.200.10

Service: PRIPDB

Register the host

Save the host

Step 2: Download agent

Click download agent

Copy this jar file in below location

Step 3: deploy agent.jar in hosts

Java –jar agent.jar –d agent

Step 4: Now activate the agent

./agentctl activate

Step 5: Now activate it from console. You find agent version

Step 6: Now start the agent with generated KEY

bash-3.2$ ./agentctl start -k OR61-LH3O-KWUA-YSNW-5JDA

Step 7: create Audit user in database avcol

Setup

SQL> @/export/home/oracle/app/oracle/product/agent/av/plugins/com.oracle.av.plugin.oracle/config/oracle_user_setup.sql avcol setup

Step 8: secured target setup

Step 9: add Audit trail

Step 10: start audit trail

Step 11: audit enable basak.employee;

SQL> conn sys@PRIPDB as sysdba

Enter password:

Connected.

SQL> audit all on basak.employee;

Audit succeeded.

Step 12: retrieve audit settings using avauditor user

Download report monitor the activity