Installation of Oracle Audit Vault Server 20.1

With this blog post, I am trying something new for me. I will install Oracle Audit Vault Server 20.1 as a virtual machine using Oracle VirtualBox. This blog post will be the first of a multipart series of posts around the topic of the Oracle Audit Vault and Database Firewall 20.1 (AVDF)

  1. Installation of Oracle Audit Vault Server 20.1
  2. Installation of Database Firewall 20.1

Preparation

Download ISO Files

Before we start with the installation, it is time to download the required ISO files from the Oracle Software Delivery Cloud – search for “Audit Vault and Database Firewall” and download the four selected parts.

Download of Audit Vault Server 20.1 installation files

Combine ISO Files

After the download we have three independent ISO files, that we have to combine into one ISO file.

$> dir
 Volume in drive D is Data
 Volume Serial Number is 1CF2-456E

 Directory of D:\AVDF

22/09/2020  09:48    <DIR>          .
22/09/2020  09:48    <DIR>          ..
28/09/2020  22:10     4.194.304.000 V1002977-01.iso
28/09/2020  22:10     4.194.304.000 V1002978-01.iso
28/09/2020  22:05     2.077.229.056 V1002979-01.iso
28/09/2020  07:45             4.866 V999271-01.zip
               3 File(s) 10.465.841.922 bytes
               2 Dir(s)  147.527.020.544 bytes free

$> copy /b V1002977-01.iso+V1002978-01.iso+V1002979-01.iso avs201-install.iso
V1002977-01.iso
V1002978-01.iso
V1002979-01.iso
        1 file(s) copied.

Virtual Machine

The following screenshot shows the configuration of my used Oracle VirtualBox virtual machine. Check the requirements for the Audit Vault Server installation in the Oracle Audit Vault and Database Firewall 20 Installation Guide.

Oracle VirtualBox virtual machine configuration

CAUTION: If your virtual harddrive has a size of below 205 GB, the installer will fail with the following error. If you use VMware as a virtualization platform, then check My Oracle Support note AVDF 20.1 Install Error: Unable to open input kickstart file: curl#37 – Couldn’t open file /tmp/partition-include (Doc ID 2705052.1) if this error persists.

Installer error caused by wrong virtual harddrive size

Installation

Mount the previously created ISO file avs201-install.iso and start the virtual machine. After a few moments, the installer of the Audit Vault Server 20.1.0.0.0 is started. Press ENTER to start the installation.

Start screen of the installation

From now on everything is working fully automated. After a while, the installer asks for the root password and the configuration of the network interfaces.

Set new root password

The virtual machine is restarted a few moments later. Ensure that the installation medium is still mounted after the reboot.

Select network adapter
Configure network adapter

In my case, the installation took more than 3 hours. In the end, the URL to the web console is shown.

End of the installation

Configuration

Open Web Console

After the installation, the server is accessible via a web console using https://<IP/Name of Server>. For the first login, root credentials are required.

Login screen of the web console

Initial Configuration

If you open the web console for the first time, you have to proceed with the initial configuration. The main purpose of the configuration is to set the usernames and passwords for all required users.

Initial configuration

After the initial configuration a login with username/password is possible.

Login screen after initial configuration

Change Hostname

During the installation, the hostname is set to an auto-generated name (e.g. avs080027d3c27b). It is recommended to set it to a value fitting the naming conventions of your company.

To do this login with the Super Administrator (in my case ADMINISTRATOR) credentials to the web console and navigate to Settings > System. Click on the link Network Settings in the Configuration container.

Configuration items

In the popup window change the hostname and – if required – the IP address. After saving the changes, the server is reconfigured and restarted automatically.

Change hostname and IP address

Remove deprecated Cipher

With the help of the downloaded “Deprecated-Cipher-Removal Utility” the deprecated cipher SSL_RSA_WITH_AES_256_CBC_SHA will be removed from the Audit Vault Server. To do this connect to the Audit Vault Server using ssh (e.g. with PuTTY) – because no direct root connection is possible, you have to connect first with the support user.

$> su -
$> cd /tmp
$> unzip -d cru V999271-01.zip

$> # Provide the name of the Super Administrator as a parameter
$> sh cru/cipher-update.sh ADMINISTRATOR
The Oracle base has been set to /var/lib/oracle
Enter ADMINISTRATOR Password:
The Oracle base has been set to /var/lib/oracle
Checking agents and host monitor status..
Updated templates for sqlnet.ora and listener.ora to remove the deprecated cipher

Insights

In this chapter I want to give some insights about the installed and used components of the Audit Vault Server 20.1.

Operating System

$> cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="7.8"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.8"
PRETTY_NAME="Oracle Linux Server 7.8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:8:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"

ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.8
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.8

Oracle Software

Role separation is used to separate the installations of the Grid Infrastructure (grid) and the Oracle Database (oracle). The Oracle Central Inventory is located in /var/lib/oracle/oraInventory.

  1. Oracle Grid Infrastructure 19c – /var/lib/oracle/grid
  2. Oracle Database 19c – /var/lib/oracle/dbfw

For both users, /var/lib/oracle is set as Oracle Base. Both homes are patched to the January 2020 release update.

$> /var/lib/oracle/grid/OPatch/opatch lspatches
31488227;OCW Interim patch for 31488227
30898856;TOMCAT RELEASE UPDATE 19.0.0.0.0 (30898856)
30869304;ACFS RELEASE UPDATE 19.7.0.0.0 (30869304)
30869156;Database Release Update : 19.7.0.0.200414 (30869156)

OPatch succeeded.

$> /var/lib/oracle/grid/OPatch/opatch lspatches
30448182;AUTO_LOGIN WALLET NOT WORKING WITH DBMS_LDAP_OPEN_SSL
31019249;ORACLE EXECUTES AN AUDIT POLICY CONDITION WITH ORA-10980 ERROR
30663646;STRESS FA PRJ-COMBO ORA 600 [PFRI.C#103  BAD LU TYPE] PFRI.C PFRINS ( SYN TRANSLATION ) - ASM_FEATURE_PUB.IS_FEATURE_ENABLED
30894985;OCW RELEASE UPDATE 19.7.0.0.0 (30894985)
30869156;Database Release Update : 19.7.0.0.200414 (30869156)

OPatch succeeded.

Grid Infrastructure Resources

$> crsctl stat res -t
--------------------------------------------------------------------------------
Name           Target  State        Server                   State details
--------------------------------------------------------------------------------
Local Resources
--------------------------------------------------------------------------------
ora.EVENTDATA.dg
               ONLINE  ONLINE       avs20-s1                 STABLE
ora.RECOVERY.dg
               ONLINE  ONLINE       avds0-s1                 STABLE
ora.SYSTEMDATA.dg
               ONLINE  ONLINE       avs20-s1                 STABLE
ora.asm
               ONLINE  ONLINE       avs20-s1                 Started,STABLE
ora.ons
               OFFLINE OFFLINE      avs20-s1                 STABLE
--------------------------------------------------------------------------------
Cluster Resources
--------------------------------------------------------------------------------
ora.cssd
      1        ONLINE  ONLINE       avs20-s1                 STABLE
ora.diskmon
      1        OFFLINE OFFLINE                               STABLE
ora.evmd
      1        ONLINE  ONLINE       avs20-s1                 STABLE
--------------------------------------------------------------------------------

Database Storage

ASM is used to provide the storage for the database dbfwdb. Permissions and paths are handled by ASMLib.

$> asmcmd lsdg
State    Type    Rebal  Sector  Logical_Sector  Block       AU  Total_MB  Free_MB  Req_mir_free_MB  Usable_file_MB  Offline_disks  Voting_files  Name
MOUNTED  EXTERN  N         512             512   4096  1048576     54151    52580                0           52580              0             N  EVENTDATA/
MOUNTED  EXTERN  N         512             512   4096  1048576     54151    50454                0           50454              0             N  RECOVERY/
MOUNTED  EXTERN  N         512             512   4096  1048576     54150    50477                0           50477              0             N  SYSTEMDATA/

$> asmcmd lsdsk
Path
ORCL:EVENTDATA1
ORCL:RECOVERY1
ORCL:SYSTEMDATA1

Databases

The database dbfwdb (Enterprise Edition) is automatically created.

$> cat /ect/oratab
#Backup file is  /var/lib/oracle/crsdata/avdf20-s1/output/oratab.bak.avdf20-s1.grid line added by Agent
dbfwdb:/var/lib/oracle/dbfw:N
+ASM:/var/lib/oracle/grid:N             # line added by Agent

Non-CDB architecture is used, Flashback is disabled.

SQL> SELCCT name, cdb, flashback_on 
       FROM v$database;

NAME      CDB FLASHBACK_ON
--------- --- ------------------
DBFWDB    NO  NO

APEX is installed, but seems to be in an invalid state. Other components were removed.

SQL> SELECT comp_name, version, status
       FROM dba_registry
   ORDER BY comp_name;

COMP_NAME                                VERSION          STATUS
---------------------------------------- ---------------- ------------
JServer JAVA Virtual Machine             19.0.0.0.0       REMOVED
Oracle Application Express               18.2.0.00.12     INVALID
Oracle Database Catalog Views            19.0.0.0.0       VALID
Oracle Database Java Packages            19.0.0.0.0       REMOVED
Oracle Database Packages and Types       19.0.0.0.0       VALID
Oracle Database Vault                    19.0.0.0.0       VALID
Oracle Label Security                    19.0.0.0.0       VALID
Oracle Real Application Clusters         19.0.0.0.0       OPTION OFF
Oracle XDK                               19.0.0.0.0       REMOVED
Oracle XML Database                      19.0.0.0.0       VALID

APEX Applications

Oracle Audit Vault Server UI is implemented as APEX application.

SQL> SELECT application_id, owner, application_name, alias 
       FROM apex_applications;

APPLICATION_ID OWNER           APPLICATION_NAME                                   ALIAS
-------------- --------------- -------------------------------------------------- --------
          7700 AVREPORTUSER    Audit Vault and Database Firewall                  AV
          4411 APEX_180200     Oracle APEX  System Messages and Native Types      4411
          4155 APEX_180200     Scheme Authentication Login                        4155
          8842 APEX_180200     Universal Theme Sample Application                 8940
          8851 APEX_180200     Mobile Master Theme                                F108851

References

9 comments

  1. Hi
    It is a good guide.
    I installed AV Server.
    But When I tried to install DBFireWall server V999270-01.iso the install screen show that the installation finished successfully, but the console nevers starts.
    “netstat -na | grep LISTEN” only shows the port 22 and 743.
    Do you know why?
    The documentations doesn’t show something about.

    1. Hi,
      which console do you mean? After I installed Database Firewall, I was able to register it on the Audit Vault Server. Database Firewall has no own web console. Next week I will post the second part of the series – Installation and configuration of Database Firewall.
      Cheers
      Christian

  2. Do you mean that after installing the DF there is no web console to perform the post-installation configuration? I would very much like to see the second part of your post about the avdf installation, the way you describe it is very interesting!

    1. You use the web console of the Audit Server to configure the Database Firewall. Shame on me, the last weeks were very busy. Hope to find some time next week to write the second part.

  3. Thank you very much you saved my day !!!
    I was hitting “Error: Unable to open input kickstart file: curl#37 – “Couldn’t open file /tmp/partition-include”. Mos note was saying to set “EnableUUID” on Virtual machine but i had same error on virtual machine and virtual box.
    When i increased the disk space as you mentioned, It was just able to continue .

  4. I installed AVDF 20.5 on Oracle VM but unable to get into the console it says the website refused to connect. Is this something with my VM network settings? NIC 1 is bridge adapter and NIC2 is host-only adapter.

Leave a Reply to Christian Gohmann Cancel reply

Your email address will not be published. Required fields are marked *