| Oracle® Audit Vault Server Installation Guide 10g Release 2 (10.2.2) for AIX 5L Based Systems (64-Bit) Part Number E10120-01 |
|
|
View PDF |
| Oracle® Audit Vault Server Installation Guide 10g Release 2 (10.2.2) for AIX 5L Based Systems (64-Bit) Part Number E10120-01 |
|
|
View PDF |
Oracle Audit Vault is a powerful enterprisewide audit solution that efficiently consolidates, detects, monitors, alerts, and reports on audit data for security auditing and compliance. Oracle Audit Vault provides the ability to consolidate audit data and critical events into a centralized and secure audit warehouse.
Compliance regulations and legislations such as the U.S. Sarbanes-Oxley Act (SOX), U.S. Gramm-Leach-Bliley Act (GLBA), U.S. Healthcare Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Data Security Standard, Japan privacy laws, and European Union privacy directives require businesses to secure business and personal data related to customers, employees, and partners, and to demonstrate compliance with these regulations by auditing users, activities, and associated data.
Businesses use a wide variety of systems, databases, and applications that produce vast quantities of audit log data and must consolidate and monitor this data for a holistic view of enterprise data access. Auditors must analyze the audit log data in a timely fashion across disparate and heterogeneous systems. To facilitate the process, it is essential that audit data from multiple systems reside in a single audit data warehouse that is secure, scalable, reliable, and highly available.
Oracle Audit Vault solves these security and audit problems by:
Consolidating audit information from multiple systems across the enterprise
Detecting data changes associated with regular and privileged users
Protecting audit data from modification and tampering
Figure 1-1 shows an overview of the Oracle Audit Vault architecture. The architecture consists of a set of services and its collection system working within an enterprise. This set of services helps to facilitate storage management, policy enforcement, alerting, analysis, and reporting activities. The collection infrastructure enables the utilization of audit collectors that function as adaptors between an audit source and Oracle Audit Vault.
Figure 1-1 Oracle Audit Vault Architecture
Oracle Audit Vault Components
Oracle Audit Vault consists of:
Audit Vault Server
Audit Vault Agents
Audit Vault Server
Audit Vault Server consists of:
Audit event repository
Audit Vault console
The following services:
Audit data collection and storage
Creating and managing alerts
Managing and monitoring collectors
Configuration to assist in defining information about what sources are known to Audit Vault. It stores information (metadata) about the sources of audit data and policy information (database audit settings and alerts).
Creating and managing reports
Published data warehouse that can be used with reporting tools like Oracle BI Publisher to create customized reports
Audit policy management
Audit Vault Agents
Audit Vault Agents consists of:
Oracle Database client
Oracle Container for Java (OC4J)
Audit Vault management services
Audit data collectors for Oracle Database
Collecting audit data from Oracle Database operating system (OSAUD) audit logs, database (DBAUD) audit logs, and (REDO) redo logs
Oracle Audit Vault Interfaces and Administrator Access
Oracle Audit Vault provides a GUI interface and the Audit Vault Configuration Assistant (AVCA), Audit Vault Control (AVCTL), and Audit Vault Oracle Database (AVORCLDB) command-line utilities to manage the system. These components provide the ability to manage and monitor agents and collectors, and populate the data warehouse. See Oracle Audit Vault Administrator's Guide for information about these interfaces.
Auditors, compliance, and information technology (IT) security can use built-in reports based on user access and activity such as failed login attempts, use of system privileges, and changes to database structures. The drill-down capability offered through the Oracle Audit Vault Console provides full visibility into the details of the "what", the "where", the "when", and the "who" of the audit events. In addition, the Audit Vault Console can be used to monitor the alerts and the audit events across the enterprise.
Administrators are assigned different roles and gain access to Audit Vault to manage various components based on the role assigned. Table 1-1 describes the various Audit Vault administrator roles and the tasks permitted for each role.
Oracle Database Vault is used to protect the audit data warehouse from unauthorized access. See Oracle Database Vault Administrator's Guide for more information. Oracle Database Vault roles are essential for creating database user accounts and granting roles to Audit Vault administrators.
Table 1-1 Audit Vault Administrator Roles and Their Assigned Tasks
| Role | When Is Role Granted | Role Is Granted To Whom | Description |
|---|---|---|---|
|
|
During Server installation |
Audit Vault administrator |
Accesses Oracle Audit Vault services to administer, configure, and manage a running Oracle Audit Vault system. A user granted this role configures and manages audit sources, agents, collectors, the set up of the source with the agent, and the warehouse. A user is created and granted this role during the Audit Vault Server installation. |
|
|
During Server installation |
Audit Vault auditor |
Accesses Audit Vault reporting and analysis services to monitor components, detect security risks, create and evaluate alert scenarios, create detail and summary reports of events across systems, and manage the reports. A user granted this role manages central audit settings and alerts. This user also uses the data warehouse services to further analyze the audit data to assist in looking for trends, intrusions, anomalies, and other items of interest. A user is created and granted this role during the Audit Vault Server installation. |
|
|
Before agent installation |
Agent software component |
Manages agents and collectors by starting, stopping, and resetting them. A user is created and granted this role prior to an agent installation. The Agent software uses this role at run time to query Audit Vault for configuration information |
|
|
Before source registration |
Collector software component |
Manages the setting up of the sources for audit data collection. A user is created and granted this role prior to source and collector configuration. The collector software uses this role at run time to send audit data to Audit Vault |
|
|
Before archiving audit data |
Audit Vault archiver |
Archives and deletes audit data from Audit Vault and cleans up old unused metadata and alerts that have already been processed. A user granted this role can archive raw audit data. |
|
|
During Server installation |
Database Vault owner |
Manages Database Vault roles and configuration and grants Audit Vault roles. |
|
|
During Server installation |
Database Vault account manager |
Manages database user accounts. |
It is important to protect and ensure the integrity of the audit trail data against modification and tampering. Either external or internal intruders may try to "cover their tracks" by modifying audit trail records. Oracle Audit Vault delivers a "locked-down" audit warehouse that has been designed for the sole purpose of protecting and securing audit data. Access to the Oracle Audit Vault is only allowed for the predefined roles described in Table 1-1. All other roles, including the database administrator (DBA), are denied access to the audit data.
Figure 1-2 shows a detailed view of the various Audit Vault usage scenarios for which each of the Oracle Audit Vault administrator roles described in Table 1-1 plays an important role.
Figure 1-2 Usage Scenario Showing Important Roles of Audit Vault Administrators
This chapter provides an overview of the Oracle Audit Vault installation process. This chapter includes the following sections:
Oracle Audit Vault software installation consists of two parts:
Oracle Audit Vault Server installation that can be either:
Single Instance installation
Clustered using Oracle Real Application Clusters (Oracle RAC) installation
Oracle Audit Vault Agent installation (see Oracle Audit Vault Agent Installation Guide)
You can choose different installation methods to install Oracle Audit Vault, as follows:
When you use the interactive method to install Oracle Audit Vault, Oracle Universal Installer displays a series of screens that enable you to specify all of the required information to install the Oracle Audit Vault software.
Audit Vault provides a response file template for Audit Vault Server (av.rsp). The response template file can be found in the <AV installer location>/response directory on the Audit Vault Server installation media.
When you start Oracle Universal Installer and specify a response file, you can automate all of the Oracle Audit Vault Server installation. These automated installation methods are useful if you need to perform multiple installations on similarly configured systems or if the system where you want to install the software does not have X Window system software installed.
For Audit Vault, Oracle Universal Installer can run in silent or non-interactive mode. In silent mode, specify both the -silent and -responseFile options followed by the path of the response file on the command line when you invoke Oracle Universal Installer. For example:
./runInstaller -silent -responseFile <Path of response file>
Oracle Universal Installer runs in silent mode if you use a response file that specifies all required information. None of the Oracle Universal Installer screens are displayed and all interaction (standard output and error messages) and install logs appear on the command line.
Prepare the response file by entering values for all parameters that are missing in the first part of the response file, then save the file. Do not edit any values in the second part of either response file.
See Section 3.6 for information about performing an Audit Vault silent installation:
Note:
The Basic installation is not supported in silent mode. Silent installation is only supported for the Advanced installation.The server installation consists of two options:
Basic installation -- simplifies the installation process and prompts for a minimal set of inputs from the user to perform a full installation. An Oracle RAC installation is not supported through this option; only a single instance installation is supported.
Advanced installation -- offers the user more control and options for the installation process, including storage options and backup options. This option supports the installation of Audit Vault Server on a cluster and as a single instance.
The Audit Vault Console uses a wallet in the $ORACLE_HOME/network/admin/avwallet directory. An Oracle wallet is a password-protected container that stores credentials, such as certificates, authentication credentials, and private keys, all of which are used by Secure Sockets Layer (SSL) for strong authentication. Oracle wallets are managed through the Oracle Wallet Manager. The Oracle Wallet Manager can perform tasks such as creating wallets, requesting certificate generation, and importing certificates into the wallet.
The wallet is used to store the user name and password of the user granted the AV_ADMIN role. This user name is used by the Audit Vault Console to allow communication with Audit Vault. Audit Vault Console provides the management service that initiates the communication with agents using HTTP. Audit Vault Configuration Assistant (AVCA) modifies the Oracle Enterprise Manager Database Control console server.xml file and other related files to enable Audit Vault management through the Audit Vault Console.
If certificate-based authentication is used for communication with any agent, the Audit Vault Administrator must acquire the necessary server-side certificates and set up Oracle Wallet for storing the certificates on the server. This server-side certificate is used for authenticating the Audit Vault Server to the agent. Similarly, agents must each have a certificate to authenticate each agent to the Audit Vault Server.
Communication at the management level between Audit Vault Server and Audit Vault Agent can be secured after the installation is complete. This is done as part of the postinstallation configuration, in which SSL is configured for the mutual authentication between the Audit Vault Management Service on the server side and each agent over HTTPS.
After checking the requirements described in Section 1.6, the general steps to install Oracle Audit Vault Server include these tasks:
Run Oracle Universal Installer to perform Audit Vault Server installation.
Run postinstallation and configuration tasks using AVCA.
This section contains information that you should consider before deciding how to install this product. It contains the following sections:
The platform-specific hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system versions might be certified after this guide is published, review the certification matrix on the OracleMetaLink Web site for the most up-to-date list of certified hardware platforms and operating system versions. The OracleMetaLink Web site is available at:
http://metalink.oracle.com
If you do not have a current Oracle Support Services contract, then you can access the same information at:
http://www.oracle.com/technology/support/metalink/content.html
