| Oracle® Enterprise Manager Configuration Change Console Quick Start Guide 10g Version 10.2.0.5 Part Number E16464-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Enterprise Manager Configuration Change Console Quick Start Guide 10g Version 10.2.0.5 Part Number E16464-01 |
|
|
PDF · Mobi · ePub |
Configuration Change Console (CCC) provides features for auditing applications for authorized and unauthorized events. As a major function of its compliance-auditing feature, Configuration Change Console compares planned changes to the IT infrastructure, as approved through your change management system, with the actual changes detected by Configuration Change Console.
This guide will walk you through the installation and configuration of a test environment for the Configuration Change Console product. This guide is meant to give you a rapid understanding of the features and capabilities of the product in a short period of time.
The first step of installation is creating a database for the Configuration Change Console repository. You can use an existing Oracle supported database installation by adding a new database or you can install the software on a new system. This guide assumes you already have a supported Oracle database installed in your environment.
See the Configuration Change Console Installation Guide for special issues regarding supported database configuration.
Start the Oracle Database Configuration Assistant and select the option to create a new database. Set the following for the new database you will create for this guide:
| Setting | Value |
|---|---|
|
Type |
General Purpose |
|
SID |
gateway |
|
Character Set |
Unicode (AL32UTF8) |
You can use the default settings for all other settings, or set memory usage according to what is available on your server.
The Configuration Change Console requires three tablespaces be created in the new database. The following are the tablespaces and suggested size of each for evaluation purposes.
| Tablespace | Size | Description |
|---|---|---|
|
GATEWAY |
1000 MB |
Stores configuration data |
|
GATEWAY_LGDATA |
2000 MB |
Stores raw collected data |
|
GATEWAY_INDEX |
4000 MB |
Stores database indexes |
You may create the tablespaces smaller and set them to auto resize to the above limits. Alternatively, if you know your evaluation will involve a lot of data, you may want to make the maximum size of these tablespaces larger.
If you do not want to create the tablespaces manually, there is a script available with the product. Locate the oracle-install.zip file that comes with the Configuration Change Console media. Unzip this file and locate the file oracle-install\scripts\dbstructure\tablespaces.sql.
You can modify this script and run it to create the tablespaces. Note that this script will not work without customization for your environment.
Find the oracle-install.zip file that came with the Configuration Change Console media. Unzip this file into the oracle-install directory. Open a command prompt and change the directory to the following folder:
{ORACLE-INSTALL}/scripts/dbstructure
Follow these steps to log into the database as the sys user.
Prompt> sqlplus /nologSQL> connect sys@gateway as sysdbaEnter password: Enter the password used when creating the DBOnce connected, execute the following script and follow the prompts. Note that you need to enter values at each prompt; hitting return will not work. You can use the example values shown in each prompt for this step.
@users.sql
Ensure that you did not receive any errors during this script execution.
Change your directory back to the oracle-install directory that you created in the previous step, then run the following batch file which will populate all database tables and will output the result to the out.log file.
DBCreateEE.bat gateway gateway gateway > out.log
The fields after the batch file are the user name, the password for gateway user in the database and the service name of the database to use.
Review the out.log file to make sure there are no errors at all. This is a very important step as it could break features later on in the evaluation of the product.
Locate the server.exe that was part of the Configuration Change Console media. Double click on this icon to start the server installation.
Note:
You must locate the server executable file that matches the platform on which you are installing Configuration Change Console. For example, the server executable for Microsoft Windows is server-win32.exe and for Linux it is server-linux-x86-32bit.bin.Specify where you want to install the server software
Select Non-Clustered Installation (without cluster support) for the server type.
Provide the database IP, port and credentials provided during the database installation. If the installer cannot reach the database, the installation will not continue.
Enter a name for your organization, for example, Corporate IT.
Enter passphrases for the two keystore keys we use.
Provide a password to use for the Oracle WebLogic management console. The username will be weblogic.
Provide a password to use for the Configuration Change Console's default administrator account. This will be the password you need to log into the CCC UI.
Specify the ports that will be used both for browser based UI access as well as for the agents to talk to the server. Agents are configured to only use the HTTPS port, you can specify an HTTP and HTTPS port for the browser-based UI access.
Choose the option to start the server when the installation is finished.
Set your memory usage. Without using advanced memory configuration of the OS. The most memory you will be able to assign will be around 1400MB.
After you have gone through the installer and it has finished, it will either start automatically, or you can start the Oracle Configuration Change Console Server service in the Windows Services utility.
Once the service has started (may take a few minutes depending on load on your machine), you can log into the CCC UI at the following URL:
Locate the agent installer that you want to install. For Windows, the agent installer will be called agent-win.exe. Double click on this icon to start the agent installation.
If you are installing from a command line, start the installation by typing:
Prompt> agent-win.exe -i console You will then be guided through the following steps to install the agent.
Select the location where you want to install the agent software.
Enter the host server connection URL to the primary server. If the primary server is on a host called HOST1 and the HTTPS port is 443, then enter the following:
t3s://HOST1:443
To secure communications between the agent and server, you must authenticate with the server at installation time. To do this, enter a Configuration Change Console administrator user name (such as administrator) and the corresponding password.
You will be asked to set Audit Enabled on some platforms. If you have auditing enabled as specified in the installation guide (such as using BSM on Solaris), then choose Yes. If you do not, then file monitoring will not be in real time, but will be using the snapshot module.
It is always best to choose Yes unless you know that you will never use OS auditing for file changes on this agent.
After installation finishes, the agent may start automatically, or you can start it manually via one of the following options:
On Windows, there is a new service called Oracle Configuration Change Console Agent.
On Unix, a new daemon will be added under /etc/init.d. To start this daemon, type the following at the command prompt:
cd /etc/init.d/./arprobe startAfter the agent starts, you can verify that it is communicating properly with the server by logging into the server UI and going to Administration > Devices > Devices and looking for an entry in the list of registered devices for this machine that the agent is installed on.
This section outlines some of the basic usage scenarios of the Configuration Change Console. The walk throughs here are meant to help you learn how to develop your own configurations and use the product for your own environment.
New accounts in Configuration Change Console can be created by using the Add or Update a Person page. An individual who can log in to CCC is called a person. Note that CCC also has the concept of a 'user', which refers to an actual account on a managed device. A person may or may not be associated to certain user(s).
Navigate to Administrator -> People -> People.
Select Add Person.
Enter all required fields, such as Login Name, First Name, Last Name, Password, Password (verify), Email Address, and so on
Optionally configure preference settings for the new account, such as Organization and Product Settings
Click Save when finished.
Make sure that each account is associated to an existing Team by using the checkboxes in Teams section under Organization Settings, in the Add or Update a Person screen.
The first step of change monitoring and auditing is to configure the components and applications. In this guide we use CCC server component as an example, you can create the components that match the change monitoring requirements in your specific environment.
Navigate to Policy -> Operations Management -> Components.
Select Custom Components from the View filter.
Click the Add Component Type link to the right of Component Type filter.
Click Add Component Type to add the type for CCC server component.
Enter Application Server as the Component Type Name. Optionally enter a description.
Save the component type and click Done on the component types page.
Click Add Custom Component on the Component page.
Enter the following values:
Component Type: Application Server
OS: WINNT
Name: CCC Server
Version: 1.0
Enter an optional description
Save and verify that CCC Server is displayed in the component list.
Click the Rule Sets link (0) on the CCC Server row.
Click Go to add File Event rule set.
Click the Edit Rules link on File Rule Set header.
Provide the following:
Files: <CCC server install directory>\deploy
Pattern Type: write
Description: Include main CCC server directory
Version: 1.0
Enter an optional description
Click Save when finished.
Click Add Instance, then select the Exclude radio button.
Provide the following:
Files: <CCC server install directory>deploy\activereasoning.ear\gateway.war\temp
Description: Exclude temp director
Click Go to add the Process Event rule set.
Click the Edit Rules link in the Process Rule Set header.
Provide the following:
Include processes: arocc.exe
Pattern Type: event
Description: Include main CCC server process
Click Save when finished.
If you only want to monitor file and process changes made by specific users, Add a User Event Rule Set, and include those users, and check Filter change data by Users defined in Component check box in the File and Process Event rule sets.
After returning to Add or Update Component Rule Sets page, clicking Done should complete the configuration of the 'EMCCC Server' component rule sets.
The first step of change monitoring and auditing is to configure the components and applications. In this guide we use CCC server component as an example. You can create the components that match the change monitoring requirements in your specific environment.
Navigate to Policy -> Operations Management -> Components.
Select Custom Components from the View filter on the top.
Click the Add Component Type link to the right of Component Type filter.
Click Add Component Type to add the type for CCC agent component.
Enter Agent as the Component Type Name. Optionally enter a description.
Save the component type, then click Done on the Component Types page.
Click Add Custom Component on the Component page.
Provide the following:
Component Type: Agent
OS: WINNT
Name: CCC Agent
Version: 1.0
Enter an optional description
Save and verify that CCC Agent is displayed in component list.
Click the Rule Sets link (0) on the CCC Agent row.
Click Go to add the File Event rule set.
Click the Edit Rules link on File Rule Set header
Enter the following values:
Files: <CCC agent install directory>\bin
Pattern Type: write
Description as 'Include main CCC server directory'.
Note the Include radio button is selected by default.
Click Add Instance.
Click Save when finished.
Click Go to add the Process Event rule set.
Click the Edit Rules link on the Process Rule Set header.
Enter the following values:
Include Processes:
Pattern Type: event
Description as 'Include main CCC server process'.
Click Save when finished
Click the Edit Rules link on the Process Rule Set header
Enter the following values:
Include Processes: arocc.exe
Pattern Type: event
Description as 'Include main CCC server process'.
Click Save when finished.
If you only want to monitor file and process changes made by specific users, Add a User Event Rule Set, and include those users, and check 'Filter change data by Users defined in Component' check box in the File and Process Event rule sets.
After returning to Add or Update Component Rule Sets page, click Done. This should complete the configuration of the 'EMCCC Server' component rule sets.
After components are created, the devices that need to be monitored should be assigned to the components. The components that have devices assigned to them are called Component Instances.
On the Components page, click the Component Instances link within the CCC Server row.
Click Modify Device Assingment.
Expand Device Groups and select the host the CCC server is running on.
Click Save, then Done.
Repeat these steps for the CCC Agent.
After Components are created and devices are assigned to them, the component definitions need to be propagated to the monitoring agents running on the component instance devices.
Click Update Agents.
Select the devices that are assigned to the components.
Click either Update Selected or Update All to update all agents in the console.
If your application is made up of more than one component, you must create a new application that includes all components. You will create 'CCC Application' as an example.
Navigate to Policy -> Operations Management -> Applications.
Click Add Application.
Enter CCC Application as the Application Name. Optionally enter a description.
Click Save.
Click the # of Component Instances link on the CCC Application row.
Click on Modify Component Instance Assignments.
Expand the check boxes and select CCC Server 1.0 WINNT and CCC Agent 1.0 WINNT.
Click Save. Verify that the # of Component Instances value is updated to "2" for CCC Application.
Once an application has been created, you can view events happening within it.
Navigate to Visualization -> Event Visualization -> Application Events.
Select the CCC Application checkbox. The CCC Server 1.0 WINNT on device … and CCC Agent 1.0 WINNT on device … options are also selected.
Click Generate Report.
Drill down to the CCC Application link.
Click the Device links to see changes on the components CCC Server on WINNT and CCC Agent on WINNT components.
Drill down to the File or Process links to view event details such as Timestamp, File/Process names, Event (created, deleted, or modified for files), etc.
Note thatyou can filter event data even further by select start date/time, and scale (by Month, Day, Hour etc)
You can also view events occuring on a specific monitored device.
Navigate to Visualization -> Event Visualization -> Server Events.
Expand all device groups and select the CCC Server and CCC Agent host devices.
Click Generate Report.
Drill down to the device name link.
Drill down to File or Process links to view event details such as Timestamp, File/Process names, event (created, deleted, or modified for files) etc.
Note thatyou can filter event data even further by select start date/time, and scale (by Month, Day, Hour etc)
You can also view events initiated by a specific user.
Navigate to Visualization -> Event Visualization -> User Events.
Select Operating System Users from the User Type drop list.
Enter a user name or * for all users in the in the Search for user by name starts with field.
Click the user account you want to view.
Click the name of the monitored device where the user account exists.
Browse to see user events that are one of following types: Login/Logout; Process Activity (process events initiated by the user); File Activity (file events initiated by the user); and CPU Usage % (CPU resource consumed by the user processes).
Change events detected by the Configuration Change Console can be audited through Change Management system such as Remedy. Unauthorized changes are captured and compliance can be measured directly based on the policies and controls defined for the monitored environment.
The following steps use Remedy ARS 6.3.0 as an example.
Navigate to Administration -> Server Configuration -> Change Management Server.
Pick Remedy ARS 6.3.0 WINNT as Ticket Management Type.
Enter the host (device) name the Ticket Server is running on.
Enter the following connection parameters:
Server IP: the IP address ticket server running on
Username/Password: the account that CCC should use to connect to CM server
Consolidate CTI: CT+D, so that tickets are consolidated by category and device
Check all check-boxes for Enter Ticket Correlation Criteria. This ensures that the change events are correlated with the time window, device(s), user, and approval timeout (status for emergency ticket) of the tickets.
Select the following for Configure Outbound Ticket: Unauthorized/Unauthorized/Unauthorized for Category, Type and Item.
Enter Supervisor and Group names that the ticket should be assigned to in the Change Management Server.
Configure Ticket Expiry and Emergency Ticket similarly, but change Item to Expiry and Emergency.
Click Save when finished.
The Change Management Server is only configured once after installation. You can export the configuration and reuse it by importing to another Configuration Change Console if needed.
Navigate to Policy -> Policy Management -> Audit Actions.
Click Add New Audit Action.
Enter CCC Application Audit Action as the Audit Action Name.
Click the Application radio button in Component Assignment, then select CCC Application.
Check the File, Process, User and Component Internal check boxes in the Events to Detect section.
Check the Update Ticket and Create Ticket check boxes in the Actions section.
Click Save when finished.
At this point, the CCC Application has been configured so that all events detected within CCC Server and CCC Agent component instances will be audited by correlating events with tickets in Remedy. All changes events on the device where CCC Server and Agent are running will cause an Unauthorized event to be created in CM server, and corresponding administrator will be assigned.
Once change events are detected by the Configuration Change Console, it can also send email notifications, or generate reports and send those to administrators.
To do this, in Audit Action configuration, configure CCC using Email Administration, and select Send Notification and Generate Report and Send accordingly on Audit Action configuration page.
Configuration Change Console allows you to manage and audit configuration changes in the context of frameworks, policies and controls. Policy compliance can be easily managed and controlled by monitoring what changes are happening and whether they are authorized changes or not.
You can create custom frameworks and policies that are made up of specific controls that are mapped with application components. CCC also provides a set of predefined frameworks, policies, and controls that serve as starting points to create custom policies.
Navigate to Policy -> Policy Management -> Frameworks
Select Create Custom Framework.
Enter Application Change Management FW as the Framework Name.
Click Save.
Navigate to Policy -> Policy Management -> Policies
Click Create Custom Policy.
Enter Application Change Management as the Policy Name.
Select Application Change Management FW as the framwork.
Enter Critical changes to application should be monitored as the description.
Optionally enter values for policy text, Reference URL, and Owner, then Save.
Verify Application Change Management is in the Custom Policies list.
Click on '0' under the Control column for Application Change Management, then click Modify Control Assignment.
Select the Application Change and Application Availability check boxes.
Click Save when finished.
You now need to map application components with the appropriate policies so that policy compliance can be associated with change events. Select Policy -> Operations Management -> Components.
In the CCC Agent and CCC Server component rows, click on the 0 link under the Controls column.
Expand Frameworks and select Application Change Management policy for both components. You should now see '2' under Controls for both components.
Once you have defined your environment using components and applications, and created policies and controls, you can now easily manage policy compliances.
The compliance status of each policy in the framework is displayed in the Dashboard. If a change management system is used, the percentage of unauthorized events is used to measure compliance. If no change management system is used, the deviation of change events from baseline is used to measure compliance.
Now drill down to each policy. You will see a detailed view of how many changes were captured, and what controls and applications are affected. You will also see the users who made the changes, and devices on which these changes occurred.
The following are advanced example use cases.
Configuration Change Console allows you to monitor changes that were made by a specific user.
Add a User Rule Set in the same component that has the file event rule set.
Include 'X' as Patterns and 'user' as Pattern Type.
Select the User for filtering other types only, not for inclusion/exclusion of user login/logout events checkbox to filter event changes by user.
Note that login/logout events for the users will not be detected if this option is selected. If you want to capture these events, do not select this option.
Click Save.
Click Edit Rules in the File Rule Set header.
Select the Filter change data by Users defined in the Component checkbox.
In a shared file system environment, file change monitoring can be done depending on the way file system is shared.
Mounting a share from another host
Install an agent on the source machine. This will be real-time monitoring of file changes on the source machine. This is no different from normal file change monitoring on non-fileshare systems.
Mounting NFS share/NAS/Network Storage
Switch agent to 'snapshot' agent and monitor one machine where the share is mounted. This only works on Unix, and some event details such as users who made the changes will not be provided. This needs to be done manually post installation.
As an example, assume that one Windows XP folder X:/ is shared to a Linux host L. In order to monitor file changes in X:/ use following steps:
Install the Linux agent on host L as documented in the Installation Guide.
Change the symbolic link for {agent_install_dir}\bin\filwatch from {agent_install_dir}\bin\filewatcha to {agent_install_dir}\bin\filewatchp.
Alternatively, you can rename filewatch to filewatch.renamed, and then rename filewatchp to filewatch.
Restart the agent.
Once this is done, you can configure components on the server the same way you did as before, but now file monitoring on this agent will be done using the snapshot method instead of the real time method.
|
 Copyright © 2003, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|