You cannot deinstall the Database Firewall and Management Server. However, you can reimage the computers on which you have installed these components.
This section contains:
Removing Oracle Database Firewall from Microsoft SQL Server Databases
Removing Oracle Database Firewall from Sybase ASE and SQL Anywhere Databases
Removing Oracle Database Firewall from IBM DB2 SQL Databases
To disable local monitoring and remove the Oracle Database Firewall-associated user accounts and other objects from Oracle databases:
From the Management Server, log in to the Administration Console as the admin
user.
Disable local monitoring as follows:
Click the Monitoring tab.
Click the Settings button for the appropriate enforcement point.
Deselect the Activate Database Interrogation, Activate Local Monitor, Activate Stored Procedure Monitoring, and Activate Stored Procedure Auditing check boxes.
Click Save.
From the Oracle Database Firewall Utilities 5.0
disk, copy the following scripts to the server on which Oracle Database is installed:
dcam_drop.sql and dcam_remove_user.sql: Disables local monitoring. Located in the database/localmonitor
directory in compressed format (.tar
and .zip
files named for the database product).
spa_drop.sql: Disables stored procedure auditing. Located in the database/spa
directory in compressed format (.tar
and .zip
files named for the database product).
ura_drop.sql: Disables user role auditing. Located in the database/ura
directory in compressed format (.tar
and .zip
files named for the database product).
Review each script to ensure that the user in the script has the appropriate privileges to perform the tasks.
For example, if the database has been enabled with Oracle Database Vault, you must edit the scripts so that a user who has been granted the DV_ACCTMGR
role can drop the user accounts.
You can find this user by running the following query in SQL*Plus:
SQL> SELECT USERNAME FROM USER_ROLE_PRIVS WHERE GRANTED ROLE = 'DV_ACCTMGR';
Enter the granted role, DV_ACCTMGR
, in upper-case letters, because that is the case in which Oracle Database stores user names and roles.
Log in to Oracle Database as user DBFW_CONSOLE_ACCESS
.
For example:
sqlplus dbfw_console_access
Enter password: password
Connected.
SQL>
Run the dcam_drop.sql
script.
SQL> @dcam_drop.sql
Connect as a user who has privileges to drop users.
For example, if the database was enabled with Oracle Database Vault, then log in as the DV_ACCTMGR
user. If not, then log in as a user with the SYSDBA
privilege.
For example:
connect sys/as sysdba
Enter password: password
Connected.
SQL>
Run each script as follows:
SQL> @ddi_drop_user.sql SQL> @dcam_remove_user.sql SQL> @spa_drop.sql SQL> @ura_drop.sql
Exit SQL*Plus.
SQL> exit
If necessary, delete the localmonitoring
directory.
To disable local monitoring and remove the Oracle Database Firewall-associated user accounts and other objects from SQL Server databases:
From the Management Server, log in to the Administration Console as the admin
user.
Disable local monitoring as follows:
Click the Monitoring tab.
Click the Settings button for the appropriate enforcement point.
Deselect the Activate Database Interrogation, Activate Local Monitor, Activate Stored Procedure Monitoring, and Activate Stored Procedure Auditing check boxes.
Click Save.
From the Oracle Database Firewall Utilities 5.0
disk, copy the following scripts to the server on which Microsoft SQL Server is installed:
ddi_drop_user.sql: Disables direct database interrogation (DDI). Located in the database/ddi
directory in compressed format (.tar
and .zip
files named for the database product).
dcam_drop.sql and dcam_remove_user.sql: Disables local monitoring. Located in the database/localmonitor
directory in compressed format (.tar
and .zip
files named for the database product).
spa_drop.sql: Disables stored procedure auditing. Located in the database/spa
directory in compressed format (.tar
and .zip
files named for the database product).
ura_drop.sql: Disables user role auditing. Located in the database/ura
directory in compressed format (.tar
and .zip
files named for the database product).
Review each script to ensure that the user in the script has the appropriate privileges to perform the tasks.
If you want to remove the local monitoring objects, then log in to the Microsoft SQL Server database as user DBFW_CONSOLE_ACCESS
and run the dcam_drop.sql
script.
sqlcmd -S server_name -U dbfw_console_access -P password 1> :r dcam_drop.sql
Log in to the Microsoft SQL Server database as a user who has privileges to drop user accounts.
For example:
sqlcmd -S server_name -U sa -P password
Run each script as follows:
1> :r ddi_drop_user.sql 2> :r dcam_remove_user.sql 3> :r spa_drop.sql 4> :r ura_drop.sql
Exit the Microsoft SQL Server database.
To disable local monitoring and remove Oracle Database Firewall user accounts and other objects from Sybase ASE and SQL Anywhere databases:
From the Management Server, log in to the Administration Console as the admin
user.
Disable local monitoring as follows:
Click the Monitoring tab.
Click the Settings button for the appropriate enforcement point.
Deselect the Activate Database Interrogation, Activate Local Monitor, Activate Stored Procedure Monitoring, and Activate Stored Procedure Auditing check boxes.
Click Save.
From the Oracle Database Firewall Utilities 5.0
disk, copy the following scripts to the server on which Sybase ASE is installed:
ddi_drop_user.sql: Disables direct database interrogation (DDI) from Sybase SQL Anywhere databases. Located in the database/ddi
directory in compressed format (.tar
and .zip
files named for the database product).
dcam_drop.sql and dcam_remove_user.sql: Disables local monitoring. Located in the database/localmonitor
directory in compressed format (.tar
and .zip
files named for the database product).
spa_drop.sql: Disables stored procedure auditing. Located in the database/spa
directory in compressed format (.tar
and .zip
files named for the database product).
ura_drop.sql: Disables user role auditing. Located in the database/ura
directory in compressed format (.tar
and .zip
files named for the database product).
Review each script to ensure that the user in the script has the appropriate privileges to perform the tasks.
If you want to remove the local monitoring objects, then log in to the Sybase ASE database as user DBFW_CONSOLE_ACCESS
and run the dcam_drop.sql
script.
sqlcmd -S server_name -U dbfw_console_access -P password 1> :r dcam_drop.sql
Log in to the Sybase ASE database as a user who has privileges to drop user accounts.
For example:
sqlcmd -S server_name -U sa -P password
Run each script as follows:
1> :r dcam_remove_user.sql 2> :r spa_drop.sql 3> :r ura_drop.sql
If you ran the dcam_drop.sql
script, then restart the Sybase ASE database.
Exit the Sybase ASE database.
Log in to the Sybase SQL Anywhere database as a user who has privileges to drop user accounts.
For example:
sqlcmd -S server_name -U sa -P password
Run the ddi_drop_user.sql
script as follows:
1> :r ddi_drop_user.sql
To remove Oracle Database Firewall stored procedure and user role auditing privileges from user accounts on IBM DB2 SQL databases:
Log in to the IBM DB2 Windows, UNIX, or Linux database that you used to audit stored procedures or user roles.
Revoke the following privilege from the user account that is responsible for stored procedure auditing:
revoke select on syscat.routines from user
Revoke the following privileges from the user account that is responsible for user role auditing:
revoke select on sysibmadm.authorizationids from user revoke select on syscat.dbauth from user
To remove the remote monitor software:
As user root
, log in to the Linux server where you installed the remote monitor files, the remote-agent
script and the remote-agent.conf
file.
Go to the directories where you copied these files.
The remote-agent
script should be in the /bin
directory and the remote-agent.conf
file should be in the /etc
directory.
For the remote-agent
script, stop its process.
Delete the remote-agent
script and the remote-agent.conf
file.
If you updated your startup script to run the remote-agent
script, then remove the reference to this script from the startup script.
As user admin
, log in to the Administration Console for the Database Firewall that runs the remote monitor.
Select the Monitoring tab.
By default, the Enforcement Points page appears. If it does not, then click List in the Enforcement Points menu on the left side of the page.
Find the enforcement point for the remote monitor, and then click the Settings button for that enforcement point.
The Monitor Settings page appears.
Clear the Activate Remote Monitor check box.
Scroll to the end of the Monitor Settings page, and then click the Save button.
To remove Oracle Database Analyzer:
From the Windows Control Panel, select Add or Remove Programs.
From the Currently installed programs list, select Oracle Database Firewall Analyzer.
Click the Change/Remove button.
In the Oracle Database Firewall Analyzer Uninstall window, click the Uninstall button.
When the Completing the Oracle Database Firewall Analyzer Unistall Wizard page appears, click Finish.