Skip Headers
Oracle® Audit Vault and Database Firewall Installation Guide
Release 12.1.2

E27778-13
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

1 Overview of Oracle Audit Vault and Database Firewall Installation

This chapter gives an overview of Oracle Audit Vault and Database Firewall (Oracle AVDF) and its installation.

Topics

See Also:

Oracle Audit Vault and Database Firewall Administrator's Guide for general information about secure installation, data protection, and general recommendations for deploying Oracle AVDF in a network and in special configurations

Downloading the Latest Version of This Manual

You can download the latest version of this manual from the following website:

http://www.oracle.com/pls/topic/lookup?ctx=avdf121

You can find documentation for other Oracle products at the following website:

http://docs.oracle.com

Platform Support

Topics

Supported Server Platforms

Oracle AVDF is delivered as software appliance images ready to be deployed on their own hardware, either directly or as virtual appliances. Oracle AVDF can be installed and run on the following platforms:

  • (Recommended) Any Intel x86 64-bit hardware platform supported by Oracle Linux Release 5 Update 10.

    For a complete list of certified hardware that supports Oracle Linux, go to https://linux.oracle.com/hardware.html.

  • Oracle VM Server for x86, version 3.x

Audit Collection: Supported Secured Target Types and Versions

Table 1-1 lists supported secured target types and versions for audit data collection for the current release of Oracle Audit Vault and Database Firewall.

Table 1-1 Audit Collection: Supported Secured Target Types and Versions

Category

Releases/Versions

DATABASE

Oracle Database

10g, 11g

12c

IBM DB2 for LUW (Linux, UNIX, Windows)

9.x

Microsoft SQL Server

2000, 2005, 2008, 2008 R2

2012

SAP Sybase ASE

12.5.4 - 15.7

MySQL

5.5.29 - 5.6.12

OPERATING SYSTEM

Oracle Solaris on SPARC64

10, 11

Oracle Solaris on x86-64

10, 11

Oracle Linux

OL5.8 (requires auditd 1.8)

OL6.0 (requires auditd 2.0)

OL 6.1-6.4 (requires auditd 2.2.2)

Microsoft Windows Server on x86-64

2008, 2008 R2

DIRECTORY SERVICE

Microsoft Active Directory

2008, 2008 R2

FILE SYSTEM

Oracle ACFS

12c

HADOOP SYSTEM

Oracle Big Data Appliance*

2.3


* This plug-in is not shipped out of the box. Refer to Oracle Big Data Appliance Owner's Guide for more information.

Database Firewall Protection: Supported Secured Target Types and Versions

Table 1-2 lists supported secured target types and versions for Database Firewall protection for the current release.

Table 1-2 Database Firewall Protection: Supported Secured Target Types and Versions

Database Product

Releases/Versions

Oracle Database

9i

10g, 11g

12c

IBM DB2 for LUW (Linux, UNIX, Windows)

9.x

Microsoft SQL Server

2000, 2005, 2008, 2008 R2

2012

SAP Sybase ASE

12.5.4 - 15.7

MySQL

5.0, 5.1, 5.5

5.6

SAP Sybase SQL Anywhere

10.0.1


Audit Vault Agent: Supported Platforms and Versions

Table 1-3 lists supported platforms and versions for the Audit Vault Agent for the current release.

Table 1-3 Audit Vault Agent: Supported Platforms and Versions

Operating System

Releases/Versions

Linux x86-64

SLES11, RHEL5,6, Asianux 3, Oracle Linux 5,6

Microsoft Windows x64

7, 8, 8.1

Microsoft Windows Server on x86-64

2003, 2003 R2, 2008, 2008 R2

Oracle Solaris on SPARC64

10, 11

Oracle Solaris on x86-64

10, 11

IBM AIX on POWER Systems (64-bit)

6.1, 7.1

HP-UX on Itanium

11.31

Linux x86-32

SLES11 SP2, RHEL5,6, Asianux 3, Oracle Linux 5,6

Microsoft Windows 32-bit

7, 8, 8.1, 2003, 2003 R2, 2008


Host Monitor: Supported Platforms and Versions

Table 1-4 lists supported platforms and versions for the host monitor for the current release.

Table 1-4 Host Monitor: Supported Platforms and Versions

Operating System

Releases/Versions

Linux x86-64

SLES11, RHEL5,6, Asianux 3, Oracle Linux 5,6

Microsoft Windows Server x86-64

2008, 2008 R2


About Oracle AVDF

Topics

Oracle AVDF Features

Oracle Audit Vault and Database Firewall (AVDF) secures databases and other critical components of IT infrastructure (such as operating systems) in these key ways:

  • Provides a database firewall that can monitor activity and/or block SQL statements on the network based on a firewall policy

  • Collects audit data, and makes it available in audit reports

  • Provides dozens of built-in, customizable activity and compliance reports, and lets you proactively configure alerts and notifications

See Also:

Summary of Oracle AVDF Components and Users

This section briefly describes the Oracle AVDF components that you will install.

Topics

See Also:

Oracle Audit Vault and Database Firewall Administrator's Guide for more information about Oracle AVDF components, including a diagram of how they work together

Audit Vault Server

An Audit Vault Server is a dedicated server that has:

  • Tools to configure Oracle AVDF to collect audit data from secured targets, and/or apply firewall policies to secured targets.

    For more information about the secured targets, see Oracle Audit Vault and Database Firewall Administrator's Guide.

  • An Oracle database, which provides a data repository for audit and firewall events.

    Note:

    You should not attempt to administer or set password policies for the Oracle Database embedded in the Audit Vault Server.

For more information about the Audit Vault Server, see Oracle Audit Vault and Database Firewall Administrator's Guide.

Database Firewalls

A Database Firewall is a dedicated server that collects SQL data from network traffic going to and from a database and sends the data to the Audit Vault Server. Oracle AVDF can support one or more Database Firewalls, depending on your network scenario. For more information about Database Firewalls, see Oracle Audit Vault and Database Firewall Administrator's Guide.

Audit Vault Agents

An Audit Vault Agent retrieves audit trail data from a secured target database or nondatabase (such as an operating system) and sends it to the Audit Vault Server. Each secured target is associated with an Audit Vault Agent, which retrieves data from one or more of its audit trails. For information about the Audit Vault Agent and deploying it on secured target computers, see Oracle Audit Vault and Database Firewall Administrator's Guide.

Oracle AVDF Users

Oracle AVDF has the following users for the Audit Vault Server:

  • Administrator: The administrator user can access the Audit Vault Server administration functions. A super administrator can create other super administrator or administrator users. Administrators perform all system configuration tasks including setting up connections to secured targets, audit trails, system and network services, maintenance, backup, high availablity, and third-party integrations. See Oracle Audit Vault and Database Firewall Administrator's Guide for detailed information.

  • Auditor: The auditor user can access the Audit Vault Server auditing functions. A super auditor can create other super auditor or auditor users. Auditors perform Oracle AVDF auditing functions such as setting up audit and firewall policies, generating reports, retrieving entitlement information, setting up alerts, and creating customer reports. See Oracle Audit Vault and Database Firewall Auditor's Guide for detailed information.

  • support: This the Linux operating system user who does Audit Vault Server updates, and diagnostic or remedial tasks. Only use this account as documented, or as instructed by Oracle Support.

  • root: This is the Linux operating system user with the highest system privileges, and can do the same tasks as the support user, as well as additional tasks as required by Oracle AVDF. Only use this account as documented, or as instructed by Oracle Support.

Oracle AVDF has the following users for the Database Firewall:

  • Administration User: This user can the Database Firewall administration interface. The administration user can perform all configuration tasks on the Database Firewall, including setting up system networking and services, traffic sources, proxy configuration, view diagnostic information, configuring high availablity, etc. See Oracle Audit Vault and Database Firewall Administrator's Guide for detailed information.

  • support: This the Linux operating system user who does Database Firewall updates, and diagnostic or remedial tasks. Only use this account as documented, or as instructed by Oracle Support.

  • root: This is the Linux operating system user with the highest system privileges, and can do the same tasks as the support user, as well as additional tasks as required by Oracle AVDF. Only use this account as documented, or as instructed by Oracle Support.

About Oracle AVDF Installation

Briefly, the Oracle AVDF installation steps are:

  1. Understand the Oracle AVDF components to be installed.

    For information about the components, see "Summary of Oracle AVDF Components and Users".

  2. Plan the system configuration that best suits your needs.

    For details, see Oracle Audit Vault and Database Firewall Administrator's Guide.

  3. Ensure that your system meets the pre-install requirements.

    For details, see Chapter 2, "Oracle Audit Vault and Database Firewall Pre-Install Requirements."

  4. Install the Oracle AVDF software.

    For details, see Chapter 3, "Installing Oracle Audit Vault and Database Firewall Software."

  5. Do the post-install configuration tasks.

    For details, see Chapter 4, "Post-Install Configuration Tasks."

Periodically, you might need to update the Oracle AVDF software. For instructions, see "Upgrading or Removing Oracle Audit Vault and Database Firewall"

If you must remove Oracle AVDF software from your system, see the instructions in "Removing the Oracle AVDF Software".

CAUTION:

The Audit Vault Server and the Database Firewall server are software appliances. You must not make any changes to the Linux operating system through the command line on these servers unless following official Oracle documentation or under guidance from Oracle Support.

Supported Secured Targets

Secured targets are the systems (such as a database or operating system) that you will monitor using Oracle AVDF. Each type of supported secured target has a corresponding plug-in in Oracle AVDF. See Oracle Audit Vault and Database Firewall Administrator's Guide for detailed information on plug-ins shipped out-of-the-box.

See these topics for secured targets supported for auditing and firewall functions:

In addition, you can find supported platforms for prior releases in Article 1536380.1 at the following website:

https://support.oracle.com

Compatible Third-Party Products

You can use Oracle AVDF with these third-party products:

  • HP ArcSight Security Information Event Management (SIEM), which logs, analyzes, and manages network user activity that is recorded in syslog messages from different sources

  • F5 BIG-IP ASM (Application Security Manager) (versions 9.5.x and 10.x), which provides protection against Web-based attacks