1 Overview of Oracle Audit Vault and Database Firewall Installation

Learn to install Oracle Audit Vault and Database Firewall (Oracle AVDF).

See Also:

Oracle Audit Vault and Database Firewall Administrator's Guide for general information about secure installation, data protection, and general recommendations for deploying Oracle Audit Vault and Database Firewall in a network and in special configurations.

1.1 Downloading the Latest Version of This Manual

Learn how to download the latest documentation for Oracle Audit Vault and Database Firewall (Oracle AVDF).

See Also:

1.2 Platform Support

You can run Oracle Audit Vault and Database Firewall (Oracle AVDF) on various platforms.

1.2.1 Supported Server Platforms

Oracle Audit Vault and Database Firewall (Oracle AVDF) is delivered as software appliance images ready to be deployed on physical hardware or on virtualized environments such as Oracle VM Server or VMware.

You can install and run Oracle Audit Vault and Database Firewall on the following platforms:

  • Any Intel x86-64-bit hardware platform supported by Oracle Audit Vault and Database Firewall's embedded operating system. Oracle Audit Vault and Database Firewall uses Oracle Linux release 6 with the Unbreakable Enterprise Kernel (UEK) version 4. For a list of compatible hardware, refer to Hardware Certification List for Oracle Linux and Oracle VM. This list contains the minimum version of Oracle Linux certified with the selected hardware. All Oracle Linux updates starting with Oracle Linux release 6 as the minimum are also certified unless otherwise noted.
  • Oracle VM Server for x86, version 3.2.2 - 3.2.9
  • VMware vSphere, version 6.0

Note:

  • Oracle Audit Vault and Database Firewall release 12.2.0.7.0 and prior, do not support hardware that is enabled only with UEFI.
  • Oracle Audit Vault and Database Firewall release 12.2.0.8.0 and onwards, support hardware that is enabled with UEFI boot. Installation on Oracle Server X7-2 is supported.

1.2.2 Audit Data Collection: Supported Secured Target Types and Versions

Learn about the supported secured target types and versions for audit data collection for the current release of Oracle Audit Vault and Database Firewall (Oracle AVDF).

The following tables list supported secured target types and versions for audit data collection.

Table 1-1 Audit Collection: Supported Secured Target Types and Versions for Database

Category Releases/Versions

Autonomous Data Warehouse (Serverless)

Latest version

Autonomous Transaction Processing (Serverless)

Latest version

Oracle Database

10g, 11g, 12c

18c (18.3) in release 12.2.0.9.0 and later

19c in release 12.2.0.11.0 and later

Oracle Exadata

10g, 11g, 12c

18c (18.3) in release 12.2.0.9.0 and later

19c in release 12.2.0.11.0 and later

Oracle Real Application Clusters

10g, 11g, 12c

18c (18.3) in release 12.2.0.9.0 and later

19c in release 12.2.0.11.0 and later

IBM DB2

9.1 - 11.1

IBM DB2 Cluster

HADR (High Availability and Disaster Recovery) on OL 7.x

11.1 is supported in release 12.2.0.12.0 and later

Microsoft SQL Server

2000, 2005, 2008, 2008R2, 2012, 2014

2016 is supported in release 12.2.0.2.0 and later

2017 is supported in release 12.2.0.10.0 and later

Microsoft SQL Server Cluster

2012 R2 is supported in release 12.2.0.12.0 and later

SAP Sybase ASE

15.7

16.0 is supported in release 12.2.0.11.0 and later.

MySQL

5.5 - 5.6

5.7 is supported in release 12.2.0.7.0 and later.

8.0 is supported in release 12.2.0.11.0 and later.

REDO Collector using Oracle Streams

Up to 12.2 using Oracle Streams

Note:

  • Oracle Audit Vault and Database Firewall does not support audit collection and Database Firewall monitoring of Microsoft SQL Server cluster.
  • Oracle Audit Vault and Database Firewall does not support audit collection and Database Firewall monitoring of IBM DB2 cluster.
  • Oracle Audit Vault and Database Firewall does not support audit collection and Database Firewall monitoring of IBM DB2 on AIX platform.

Table 1-2 Audit Collection: Supported Secured Target Types and Versions for Operating System

Category Releases/Versions

Oracle Solaris (SPARC64)

10.x, 11.x

Oracle Solaris (x86-64)

10.x, 11.x

Oracle Linux

OL 5.8 (requires auditd 1.8)

OL 6.0 (requires auditd 2.0)

OL 6.1-6.5 (requires auditd 2.2.2)

OL 6.6-6.7 (requires auditd 2.3.7)

OL 6.8-6.10 (requires auditd 2.4.5)

OL 7.0 (requires auditd 2.3.3)

OL 7.1-7.2 (requires auditd 2.4.1)

OL 7.3 (requires auditd 2.6.5)

OL 7.4-7.5 (requires auditd 2.7.6)

Red Hat Enterprise Linux

RHEL 6.7 (requires auditd 2.3.7)

RHEL 6.8 (requires auditd 2.4.5)

RHEL 6.9 (requires auditd 2.4.5)

RHEL 6.10 (requires auditd 2.4.5)

RHEL 7.0 (requires auditd 2.3.3)

RHEL 7.1 (requires auditd 2.4.1)

RHEL 7.2 (requires auditd 2.4.1)

RHEL 7.3 (requires auditd 2.6.5)

RHEL 7.4 (requires auditd 2.7.6)

RHEL 7.5 (requires auditd 2.7.6)

IBM AIX on Power Systems (64-bit)

Foot 1

6.1, 7.1, 7.2

Microsoft Windows Server (x86-64)

2008, 2008 R2, 2012, 2012 R2, 2016

Footnote 1 Ensure that the host machine has OpenSSL 1.0.1 (or later) installed for Audit Vault Agent.

Table 1-3 Audit Collection: Supported Secured Target Types and Versions for Directory Service

Category Releases/Versions

Microsoft Active Directory

2008, 2008 R2, 2012, 2016

Table 1-4 Audit Collection: Supported Secured Target Types and Versions for File System

Category Releases/Versions

Oracle ACFS

12c

Table 1-5 Audit Collection: Supported Secured Target Types and Versions for Hadoop System

Category Releases/Versions

Oracle Big Data ApplianceFoot 2

4.3

Footnote 2

This plug-in is not shipped out of the box. Refer to Oracle Big Data Appliance Owner's Guide for more information.

1.2.3 Database Firewall Protection: Supported Secured Target Types and Versions

Learn about the supported secured target types and versions for Database Firewall protection.

Table 1-6 lists supported secured target types and versions for Database Firewall protection for the current release.

Table 1-6 Database Firewall Protection: Supported Secured Target Types and Versions

Database Product Releases/Versions

Oracle Database

9i, 10g, 11g, 12c,

18c (18.3) in release 12.2.0.9.0 and later

19c in release 12.2.0.11.0 and later

Oracle Exadata

10g, 11g, 12c

18c (18.3) in release 12.2.0.9.0 and later

19c in release 12.2.0.11.0 and later

Oracle Real Application Clusters

10g, 11g, 12c

18c (18.3) in release 12.2.0.9.0 and later

19c in release 12.2.0.11.0 and later

MySQL

5.0, 5.1, 5.5, 5.6

IBM DB2

9.1 - 10.5

Microsoft SQL Server

2000, 2005, 2008, 2008 R2, 2012, 2014

2016 is supported in release 12.2.0.2.0 and later

2017 is supported in release 12.2.0.10.0 and later

SAP Sybase ASE

15.7

Note:

  • Oracle Audit Vault and Database Firewall does not support audit collection and Database Firewall monitoring of Microsoft SQL Server cluster.
  • Oracle Audit Vault and Database Firewall does not support audit collection and Database Firewall monitoring of IBM DB2 cluster.
  • Oracle Audit Vault and Database Firewall does not support audit collection and Database Firewall monitoring of IBM DB2 on AIX platform.

1.2.4 Audit Vault Agent: Supported Platforms and Versions

Learn about the supported platforms and versions for the Audit Vault Agent.

Table 1-7 lists supported platforms and versions for the Audit Vault Agent.

Table 1-7 Audit Vault Agent: Supported Platforms and Versions

Operating System Releases/Versions

Linux (x86-64)

OL 5.x, 6.x, 7.x

SLES 11-12

RHEL 5.x, 6.x, 7.x

Asianux 3

Linux (x86-32)

OL 5.x, 6.x

SLES 11-12

RHEL 5.x, 6.x, 7.x

Asianux 3

Microsoft Windows (x86-64)

8

Microsoft Windows Server (x86-64)

2008, 2008R2, 2012, 2012R2, 2016

Microsoft Windows Server (x86-32)Foot 3

2008, 2008R2, 2012, 2012R2, 2016

Oracle Solaris (SPARC64)

10.x, 11.x

Oracle Solaris (x86-64)

10.x, 11.x

IBM AIX on Power Systems (64-bit)Foot 4

6.1, 7.1, 7.2

HP-UX on Itanium

11.31 and above

Footnote 3 Oracle Audit Vault and Database Firewall is compatible with all editions of Microsoft Windows Server.

Footnote 4 Ensure that the host machine has OpenSSL 1.0.1 (or later) installed for Audit Vault Agent.

1.2.5 Host Monitor: Supported Platforms and Versions

Learn about the supported platforms and versions for the host monitor for Oracle Audit Vault and Database Firewall (Oracle AVDF).

Table 1-8 lists supported platforms and versions for the host monitor.

Table 1-8 Host Monitor: Supported Platforms and Versions

Operating System Releases/Versions

Linux x86-64

SLES 11-12

RHEL 5-7

OL 5.x, 6.x, 7.x

Asianux 3

Microsoft Windows Server x86-64

2008, 2008R2, 2012, 2012R2

2016 (Starting Oracle Audit Vault and Database Firewall release 12.2.0.10.0

Note: Ensure that the Windows target machine has Microsoft Visual C++ 2010 (or later) Redistributable package installed for Host Monitor.

Note: Ensure to install the supported version of Java on the Host Monitor Agent. See Audit Vault Agent: Supported and Tested Java Runtime Environment.

Caution: Host Monitor on Windows platform is not certified in release 12.2.0.11.0 and 12.2.0.12.0. On release 12.2.0.10.0 and prior, Host Monitor functionality on Windows platform is certified.

Oracle Solaris (x86-64)

11.x

Oracle Solaris (SPARC64)

11.x

IBM AIX on Power Systems (64-bit)Foot 5

6.1, 7.1

IBM AIX is supported starting Oracle Audit Vault and Database Firewall release 12.2.0.1.0 and later.

IBM AIX 7.2 is supported starting Oracle Audit Vault and Database Firewall release 12.2.0.10.0 and later.

Note: For IBM AIX on Power Systems (64-bit) the Input Output Completion Ports (IOCP) is set to defined by default. Change this to available as root user.

Footnote 5 Ensure that the target machine has all security patches recommended by OS vendor.

1.2.6 Supported Firewall Network Interface Cards (NICs)

Learn in what Oracle Audit Vault and Database Firewall (Oracle AVDF) release Niagara cards are supported.

Caution:

Oracle Audit Vault and Database Firewall release 12.2.0.11.0 and onwards do not support Niagara cards. Do not upgrade to release 12.2.0.11.0 and onwards if you have Niagara cards in your system.

Oracle Audit Vault and Database Firewall is compatible with all cards that are supported by Oracle Linux.

The Supported Server Platforms section contains the list of certified compatible hardware for most of the firewall deployment architectures. These deployments include out-of-band mode, proxy mode, and in-line bridge mode when fail-closed is appropriate.

The following Network Interface Cards are certified for in-line bridge deployments where fail-open is desired:

Card Number Number of interfaces Interface Type Driver

N2264

4

Copper

Intel e1000/e1000e

N2264L

4

Copper

Intel e1000/e1000e

N2265

2

Copper

Intel e1000/e1000e

N2266

6

Copper

Intel e1000/e1000e

N2284

4

Fiber

Intel e1000/e1000e

N2285

2

Fiber

Intel e1000/e1000e

N2282

2

Fiber

Intel e1000/e1000e

N2283

4

Fiber

Intel e1000/e1000e

N2261E

2

Copper

Intel e1000/e1000e

N32264

4

Copper

Intel IGB

N32265

2

Copper

Intel IGB

N32266

6

Copper

Intel IGB

N32284

4

Fiber

Intel IGB

N32285

2

Fiber

Intel IGB

N42264

4

Copper

Intel IGB

N42264-1620

4

Copper

Intel IGB

N52264

4

Copper

Intel IGB

N52284

4

Fiber

Intel IGB

N52285

2

Fiber

Intel IGB

N32710

2

Fiber

Intel IXGBE

N32710-TX

2

Copper

Intel IXGBE

Note:

For more information visit http://interfacemasters.com/

Note:

In-line bridge mode is deprecated in release 12.2.0.8.0, and will be desupported in release 19.1.0.0.0.

See Also:

1.2.7 Supported Browsers

Learn what browsers are supported with Oracle Audit Vault and Database Firewall (Oracle AVDF).

Table 1-9 lists supported browsers.

Table 1-9 Browser Support Matrix

Browser Release/Version

Firefox

38 and later

Chrome

45 and later

Internet Explorer

IE 11 and later

Note:

  • Ensure that the browser version you are using supports TLS 1.2 protocol.
  • The browser versions listed in the table above are supported for Oracle Audit Vault and Database Firewall releases prior to 12.2.0.9.0.
  • Oracle Audit Vault and Database Firewall release 12.2.0.10.0 and onwards, supports all major releases of Google Chrome, Mozilla Firefox, Microsoft Internet Explorer that are JavaScript-enabled.

1.2.8 Oracle Audit Vault Support for External Systems

Learn about the supported external systems for Oracle Audit Vault.

Supported external systems are as follows:

  • Connectors

    • HP ArcSight

      Note:

      Micro Focus Security ArcSight SIEM (previously known as HP ArcSight SIEM) is deprecated in 12.2.0.8.0 and is desupported in 12.2.0.9.0. Use the syslog integration feature instead.

    • Syslog

    • E-mail

    • F5 BIG-IP ASM

      Note:

      • This functionality is only supported on F5 BIG-IP ASM version 10.2.1.

      • F5 BIG-IP ASM integration is deprecated in release 12.2.0.7.0, and will be desupported in 19.1.0.0.0.

  • SAN storage

    • iSCSI: It can be used to extend disk space for storing event data.

    • FC SAN: It can be used to extend disk space for storing event data.

  • Archive system

    • SMB

    • SSH Server

1.2.9 Audit Vault Agent: Supported and Tested Java Runtime Environment

Learn about the supported and tested Java Runtime Environment (JRE) for the Audit Vault Agent.

Table 1-10 lists supported versions of Java Runtime Environment (JRE).

Table 1-10 JRE Support Matrix

JRE Version Release/Version

1.8

1.8.0_45 and later

11

11.0.3

Starting Oracle Audit Vault and Database Firewall release 12.2.0.11.0.

Note:

  • If any Agent is using Java 1.6, then upgrade the Java version to 1.8.

  • JRE version 1.6 is deprecated in release 12.2.0.8.0 and is desupported in 12.2.0.9.0.

  • JRE version 1.7 is deprecated in release 12.2.0.8.0 and is desupported in 12.2.0.11.0.

  • JRE version 11 is not supported on AIX platform.

1.2.10 Compatibility with Oracle Enterprise Manager

Learn about the supported versions of Oracle Enterprise Manager and Oracle Audit Vault Database Firewall (Oracle AVDF).

Oracle Audit Vault and Database Firewall (AVDF) plug-in provides an interface within Enterprise Manager Cloud Control for administrators to manage and monitor Audit Vault and Database Firewall components.

Table 1-11 lists supported versions of Oracle Enterprise Manager and Oracle Audit Vault Database Firewall.

Table 1-11 Oracle Enterprise Manager Support Matrix

Oracle Enterprise Manager Release Oracle Audit Vault Database Firewall Release
  • 13.2.1

  • 13.3

12.2.x

Note:

Oracle Audit Vault and Database Firewall (AVDF) plug-in is supported only with the above mentioned Enterprise Manager releases.

1.3 Learning About Oracle Audit Vault and Database Firewall

Learn more about Oracle Audit Vault and Database Firewall (Oracle AVDF).

See Also:

Oracle Audit Vault and Database Firewall Concepts Guide to understand the features, components, users, and deployment of Oracle Audit Vault and Database Firewall.

1.4 About Oracle Audit Vault and Database Firewall Installation

Understand the process for installing Oracle Audit Vault and Database Firewall (Oracle AVDF).

Briefly, the steps are:

  1. Understand the Oracle Audit Vault and Database Firewall components to be installed.

  2. Plan the system configuration that best suits your needs.

  3. Ensure that your system meets the pre-install requirements.

  4. Install the Oracle Audit Vault and Database Firewall software.

  5. Do the post-install configuration tasks.

  6. If necessary, migrate the Oracle Audit Vault Release 10.3 configuration to Oracle Audit Vault and Database Firewall Release 12.2.

Note:

The Audit Vault Server and the Database Firewall server are software appliances. You must not make any changes to the Linux operating system through the command line on these servers unless following official Oracle documentation or under guidance from Oracle Support.

1.5 Supported Secured Targets

Secured targets are the systems (such as a database or operating system) that you will monitor using Oracle Audit Vault and Database Firewall (Oracle AVDF).

Each type of supported secured target has a corresponding plug-in in Oracle Audit Vault and Database Firewall.

See Also:

1.6 Compatible Third-Party Products

Learn about the third-party products that you can use with Oracle Audit Vault and Database Firewall (Oracle AVDF).

  • HP ArcSight Security Information Event Management (SIEM), which logs, analyzes, and manages network user activity that is recorded in syslog messages from different sources

    Note:

    Micro Focus Security ArcSight SIEM (previously known as HP ArcSight SIEM) is deprecated in 12.2.0.8.0 and is desupported in 12.2.0.9.0. Use the syslog integration feature instead.

  • F5 BIG-IP ASM (Application Security Manager) which provides protection against Web-based attacks

    Note:

    • This functionality is only supported on F5 BIG-IP ASM version 10.2.1.

    • F5 BIG-IP ASM integration is deprecated in release 12.2.0.7.0, and will be desupported in 19.1.0.0.0.