With this blog post, I am trying something new for me. I will install Oracle Audit Vault Server 20.1 as a virtual machine using Oracle VirtualBox. This blog post will be the first of a multipart series of posts around the topic of the Oracle Audit Vault and Database Firewall 20.1 (AVDF)
Table of Contents
Preparation
Download ISO Files
Before we start with the installation, it is time to download the required ISO files from the Oracle Software Delivery Cloud – search for “Audit Vault and Database Firewall” and download the four selected parts.
Combine ISO Files
After the download we have three independent ISO files, that we have to combine into one ISO file.
$> dir
Volume in drive D is Data
Volume Serial Number is 1CF2-456E
Directory of D:\AVDF
22/09/2020 09:48 <DIR> .
22/09/2020 09:48 <DIR> ..
28/09/2020 22:10 4.194.304.000 V1002977-01.iso
28/09/2020 22:10 4.194.304.000 V1002978-01.iso
28/09/2020 22:05 2.077.229.056 V1002979-01.iso
28/09/2020 07:45 4.866 V999271-01.zip
3 File(s) 10.465.841.922 bytes
2 Dir(s) 147.527.020.544 bytes free
$> copy /b V1002977-01.iso+V1002978-01.iso+V1002979-01.iso avs201-install.iso
V1002977-01.iso
V1002978-01.iso
V1002979-01.iso
1 file(s) copied.
Virtual Machine
The following screenshot shows the configuration of my used Oracle VirtualBox virtual machine. Check the requirements for the Audit Vault Server installation in the Oracle Audit Vault and Database Firewall 20 Installation Guide.
CAUTION: If your virtual harddrive has a size of below 205 GB, the installer will fail with the following error. If you use VMware as a virtualization platform, then check My Oracle Support note AVDF 20.1 Install Error: Unable to open input kickstart file: curl#37 – Couldn’t open file /tmp/partition-include (Doc ID 2705052.1) if this error persists.
Installation
Mount the previously created ISO file avs201-install.iso and start the virtual machine. After a few moments, the installer of the Audit Vault Server 20.1.0.0.0 is started. Press ENTER to start the installation.
From now on everything is working fully automated. After a while, the installer asks for the root password and the configuration of the network interfaces.
The virtual machine is restarted a few moments later. Ensure that the installation medium is still mounted after the reboot.
In my case, the installation took more than 3 hours. In the end, the URL to the web console is shown.
Configuration
Open Web Console
After the installation, the server is accessible via a web console using https://<IP/Name of Server>. For the first login, root credentials are required.
Initial Configuration
If you open the web console for the first time, you have to proceed with the initial configuration. The main purpose of the configuration is to set the usernames and passwords for all required users.
After the initial configuration a login with username/password is possible.
Change Hostname
During the installation, the hostname is set to an auto-generated name (e.g. avs080027d3c27b). It is recommended to set it to a value fitting the naming conventions of your company.
To do this login with the Super Administrator (in my case ADMINISTRATOR) credentials to the web console and navigate to Settings > System. Click on the link Network Settings in the Configuration container.
In the popup window change the hostname and – if required – the IP address. After saving the changes, the server is reconfigured and restarted automatically.
Remove deprecated Cipher
With the help of the downloaded “Deprecated-Cipher-Removal Utility” the deprecated cipher SSL_RSA_WITH_AES_256_CBC_SHA will be removed from the Audit Vault Server. To do this connect to the Audit Vault Server using ssh (e.g. with PuTTY) – because no direct root connection is possible, you have to connect first with the support user.
$> su -
$> cd /tmp
$> unzip -d cru V999271-01.zip
$> # Provide the name of the Super Administrator as a parameter
$> sh cru/cipher-update.sh ADMINISTRATOR
The Oracle base has been set to /var/lib/oracle
Enter ADMINISTRATOR Password:
The Oracle base has been set to /var/lib/oracle
Checking agents and host monitor status..
Updated templates for sqlnet.ora and listener.ora to remove the deprecated cipher
Insights
In this chapter I want to give some insights about the installed and used components of the Audit Vault Server 20.1.
Operating System
$> cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="7.8"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.8"
PRETTY_NAME="Oracle Linux Server 7.8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:8:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.8
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.8
Oracle Software
Role separation is used to separate the installations of the Grid Infrastructure (grid) and the Oracle Database (oracle). The Oracle Central Inventory is located in /var/lib/oracle/oraInventory.
- Oracle Grid Infrastructure 19c – /var/lib/oracle/grid
- Oracle Database 19c – /var/lib/oracle/dbfw
For both users, /var/lib/oracle is set as Oracle Base. Both homes are patched to the January 2020 release update.
$> /var/lib/oracle/grid/OPatch/opatch lspatches
31488227;OCW Interim patch for 31488227
30898856;TOMCAT RELEASE UPDATE 19.0.0.0.0 (30898856)
30869304;ACFS RELEASE UPDATE 19.7.0.0.0 (30869304)
30869156;Database Release Update : 19.7.0.0.200414 (30869156)
OPatch succeeded.
$> /var/lib/oracle/grid/OPatch/opatch lspatches
30448182;AUTO_LOGIN WALLET NOT WORKING WITH DBMS_LDAP_OPEN_SSL
31019249;ORACLE EXECUTES AN AUDIT POLICY CONDITION WITH ORA-10980 ERROR
30663646;STRESS FA PRJ-COMBO ORA 600 [PFRI.C#103 BAD LU TYPE] PFRI.C PFRINS ( SYN TRANSLATION ) - ASM_FEATURE_PUB.IS_FEATURE_ENABLED
30894985;OCW RELEASE UPDATE 19.7.0.0.0 (30894985)
30869156;Database Release Update : 19.7.0.0.200414 (30869156)
OPatch succeeded.
Grid Infrastructure Resources
$> crsctl stat res -t
--------------------------------------------------------------------------------
Name Target State Server State details
--------------------------------------------------------------------------------
Local Resources
--------------------------------------------------------------------------------
ora.EVENTDATA.dg
ONLINE ONLINE avs20-s1 STABLE
ora.RECOVERY.dg
ONLINE ONLINE avds0-s1 STABLE
ora.SYSTEMDATA.dg
ONLINE ONLINE avs20-s1 STABLE
ora.asm
ONLINE ONLINE avs20-s1 Started,STABLE
ora.ons
OFFLINE OFFLINE avs20-s1 STABLE
--------------------------------------------------------------------------------
Cluster Resources
--------------------------------------------------------------------------------
ora.cssd
1 ONLINE ONLINE avs20-s1 STABLE
ora.diskmon
1 OFFLINE OFFLINE STABLE
ora.evmd
1 ONLINE ONLINE avs20-s1 STABLE
--------------------------------------------------------------------------------
Database Storage
ASM is used to provide the storage for the database dbfwdb. Permissions and paths are handled by ASMLib.
$> asmcmd lsdg
State Type Rebal Sector Logical_Sector Block AU Total_MB Free_MB Req_mir_free_MB Usable_file_MB Offline_disks Voting_files Name
MOUNTED EXTERN N 512 512 4096 1048576 54151 52580 0 52580 0 N EVENTDATA/
MOUNTED EXTERN N 512 512 4096 1048576 54151 50454 0 50454 0 N RECOVERY/
MOUNTED EXTERN N 512 512 4096 1048576 54150 50477 0 50477 0 N SYSTEMDATA/
$> asmcmd lsdsk
Path
ORCL:EVENTDATA1
ORCL:RECOVERY1
ORCL:SYSTEMDATA1
Databases
The database dbfwdb (Enterprise Edition) is automatically created.
$> cat /ect/oratab
#Backup file is /var/lib/oracle/crsdata/avdf20-s1/output/oratab.bak.avdf20-s1.grid line added by Agent
dbfwdb:/var/lib/oracle/dbfw:N
+ASM:/var/lib/oracle/grid:N # line added by Agent
Non-CDB architecture is used, Flashback is disabled.
SQL> SELCCT name, cdb, flashback_on
FROM v$database;
NAME CDB FLASHBACK_ON
--------- --- ------------------
DBFWDB NO NO
APEX is installed, but seems to be in an invalid state. Other components were removed.
SQL> SELECT comp_name, version, status
FROM dba_registry
ORDER BY comp_name;
COMP_NAME VERSION STATUS
---------------------------------------- ---------------- ------------
JServer JAVA Virtual Machine 19.0.0.0.0 REMOVED
Oracle Application Express 18.2.0.00.12 INVALID
Oracle Database Catalog Views 19.0.0.0.0 VALID
Oracle Database Java Packages 19.0.0.0.0 REMOVED
Oracle Database Packages and Types 19.0.0.0.0 VALID
Oracle Database Vault 19.0.0.0.0 VALID
Oracle Label Security 19.0.0.0.0 VALID
Oracle Real Application Clusters 19.0.0.0.0 OPTION OFF
Oracle XDK 19.0.0.0.0 REMOVED
Oracle XML Database 19.0.0.0.0 VALID
APEX Applications
Oracle Audit Vault Server UI is implemented as APEX application.
SQL> SELECT application_id, owner, application_name, alias
FROM apex_applications;
APPLICATION_ID OWNER APPLICATION_NAME ALIAS
-------------- --------------- -------------------------------------------------- --------
7700 AVREPORTUSER Audit Vault and Database Firewall AV
4411 APEX_180200 Oracle APEX System Messages and Native Types 4411
4155 APEX_180200 Scheme Authentication Login 4155
8842 APEX_180200 Universal Theme Sample Application 8940
8851 APEX_180200 Mobile Master Theme F108851
References
- Announcing Oracle Audit Vault and Database Firewall 20 (Doc ID 2698985.1)
- AVDF 20.1 Install Error: Unable to open input kickstart file: curl#37 – Couldn’t open file /tmp/partition-include (Doc ID 2705052.1)
- Oracle Audit Vault and Database Firewall 20 Installation Guide
- AVDF 20.1 Known Issues (Doc ID 2688423.1)
Hi
It is a good guide.
I installed AV Server.
But When I tried to install DBFireWall server V999270-01.iso the install screen show that the installation finished successfully, but the console nevers starts.
“netstat -na | grep LISTEN” only shows the port 22 and 743.
Do you know why?
The documentations doesn’t show something about.
Hi,
which console do you mean? After I installed Database Firewall, I was able to register it on the Audit Vault Server. Database Firewall has no own web console. Next week I will post the second part of the series – Installation and configuration of Database Firewall.
Cheers
Christian
Do you mean that after installing the DF there is no web console to perform the post-installation configuration? I would very much like to see the second part of your post about the avdf installation, the way you describe it is very interesting!
You use the web console of the Audit Server to configure the Database Firewall. Shame on me, the last weeks were very busy. Hope to find some time next week to write the second part.
The second part of the series is now online. You find the blog post here: https://christian-gohmann.de/2020/12/21/installation-of-database-firewall-20-1/
Thank you very much you saved my day !!!
I was hitting “Error: Unable to open input kickstart file: curl#37 – “Couldn’t open file /tmp/partition-include”. Mos note was saying to set “EnableUUID” on Virtual machine but i had same error on virtual machine and virtual box.
When i increased the disk space as you mentioned, It was just able to continue .
Glad, that I could help you. It is really a very misleading error.
I installed AVDF 20.5 on Oracle VM but unable to get into the console it says the website refused to connect. Is this something with my VM network settings? NIC 1 is bridge adapter and NIC2 is host-only adapter.
Great work.
Thank you.