2 Installing the Enterprise Manager Management Agent

This chapter provides the instructions for installing the Enterprise Manager (EM) Management Agent onto the Audit Vault Server and Database Firewall Appliance.

Follow the steps below to install the EM Management Agent:

Manually Installing the Enterprise Manager Management Agent

2.1 Manually Installing the Enterprise Manager Management Agent

Follow the steps below to install the Enterprise Manager (EM) Management Agent manually:

Once installed, you will then install or configure the EM Management Agent on each server where an AVDF agent resides.

2.1.1 Manually Installing the EM Management Agent on the Audit Vault Server

Follow the steps below to set the host name, configure the DNS, and to download and install the EM Management Agent on the Audit Vault Server:

Log in to the Audit Vault Server console as a user with the AV_ADMIN role.
Set the hostname to a fully qualified hostname (for example, location.mycompany.com). On the Audit Vault server console, click Settings, then Network under the Systems group header. On the Network page, set the host name.
Configure the DNS on each appliance, which are to be monitored, to be the same as that on the OMS server. Click Settings, then Services under the System group header. On the Services page, configure the DNS.
By default, SSH access into Audit Vault Server and Database Firewall is disabled. For the following steps, SSH is required. Therefore, on the same Services page, replace disabled inside the SSH box either with the IP address of the machine from which you will connect or with all to allow SSH connections from all machines on the network.
Log in to the operating system of the Audit Vault Server as the root user.
Unblock the network port through which the EM Management Agent and the Enterprise Manager server communicate:
Note:

Changes made here to the template-iptables file might be rolled back by a subsequent Oracle Audit Vault and Database Firewall patch or upgrade. If you notice after applying the next patch or upgrade that Enterprise Manager is no longer collecting information about AV Server correctly, then repeat steps 2a and 2b below.
1. Edit the file /usr/local/dbfw/templates/template-iptables file with the following entry:
  Note:
  
  By default, the permissions for this file is read-only. You must change the permissions to allow editing, edit the file, and then change the permissions back to read-only:
  1. As root, change the permissions of the template-iptables file:
    
    # chmod 644 template-iptables
  2. Edit the line as described below.
  3. Change the permissions of the template-iptables file back to read-only:
    
    # chmod 444 template-iptables
```
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW --dport 3872 -j ACCEPT
```
  There may be similar entries already for database listener ports. Make your entry below them.
  
  WARNING:
  
  Take extreme care when modifying the template-iptables file. Any mistakes here could make the system inoperable.
  
  Only make this change and no other.
2. Run the following command as root:
```
# /usr/local/dbfw/bin/priv/configure-networking
```
3. Test your change. If port 3872 is used (this port is officially registered with IANA by Oracle for oem-agent), use:
```
iptables -L | grep oem
```
  If another port was used, use:
```
iptables -L -n | grep <port number>
```
  You will see that there is now an ACCEPT rule for the Management Agent.
While logged in as the root user on the Audit Vault Server, run the following command to become the oracle user:
```
# su - oracle
```

Download the AgentPull.sh script as follows:

$ cd /tmp
$ curl "https://<OMS_HOST>:<OMS_PORT>/em/install/getAgentImage" -k -o AgentPull.sh

Give execute permission to the AgentPull.sh script:
```
$ chmod +x AgentPull.sh
```

Create a response agent.rsp file:

LOGIN_USER=sysman
PLATFORM="Linux x86-64"

Run the AgentPull.sh script to download and install the Management Agent:
```
$ ./AgentPull.sh RSPFILE_LOC=/tmp/agent.rsp AGENT_BASE_DIR=/var/lib/oracle/emagent ORACLE_HOSTNAME=location.mycompany.com AGENT_PORT=3872
```
Where ORACLE_HOSTNAME is the fully qualified hostname of the Audit Vault Server where the EM Management Agent is being installed.

Note:

You will be prompted for two passwords immediately upon executing this command.

The installation of the EM Management Agent starts automatically as soon as the download has finished. At the end of the installation, you will be prompted to run a script as root.

After running that script, continue with Discovering the Oracle AVDF Target.

2.1.2 Manually Installing the EM Management Agent on the Database Firewall Appliance

Follow the steps below to set the host name, configure the DNS, and to download and install the EM Management Agent on the Database Firewall appliance:

Log in to Database Firewall appliance console as a user with Firewall Admin privileges.
Set the hostname to a fully qualified hostname (for example, location.mycompany.com). On the Database Firewall console, click Network under the System header, and then click the Change button on the lower right-hand corner of the page.
Configure the DNS to be the same as that on the OMS server. Click System and then Services. On the Services page, configure the DNS.

By default, SSH access into Database Firewall is disabled. For the following steps, SSH is required. Therefore, on the same Services page, replace disabled inside the SSH box either with the IP address of the machine from which you will connect or with all to allow SSH connections from all machines on the network.
Log in to the operating system of the Database Firewall appliance as the root user.
Unblock the network port through which the EM Management Agent and the Enterprise Manager server communicate:

Note:

Changes made here to the template-iptables file might be rolled back by a subsequent Oracle Audit Vault and Database Firewall patch or upgrade. If you notice after applying the next patch or upgrade that Enterprise Manager is no longer collecting information about Database Firewall correctly, then repeat steps 2a and 2b below.
1. Edit the file /usr/local/dbfw/templates/template-iptables file with the following entry:
  Note:
  
  By default, the permissions for this file is read-only. You must change the permissions to allow editing, edit the file, and then change the permissions back to read-only:
  1. As root, change the permissions of the template-iptables file:
    
    # chmod 640 template-iptables
  2. Edit the line as described below.
  3. Change the permissions of the template-iptables file back to read-only:
    
    # chmod 440 template-iptables
```
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW --dport 3872 -j ACCEPT
```
  There may be similar entries already for database listener ports. Make your entry below them.
  
  WARNING:
  
  Take extreme care when modifying the template-iptables file. Any mistakes here could make the system inoperable.
  
  Only make this change and no other.
2. Run the following command:
```
# /usr/local/dbfw/bin/priv/configure-networking
```
3. Test your change. If port 3872 is used (this port is officially registered with IANA by Oracle for oem-agent), use:
```
iptables -L | grep oem
```
  If another port was used, use:
```
iptables -L -n | grep <port number>
```
  You will see that there is now an ACCEPT rule for the Management Agent.
While logged in as the root user on the Audit Vault Server, run the following command to become the oracle user:
```
# su - oracle
```

Download the AgentPull.sh script as follows:

$ cd /tmp
$ curl "https://<OMS_HOST>:<OMS_PORT>/em/install/getAgentImage" -k -o AgentPull.sh

Give execute permission to the AgentPull.sh script:
```
$ chmod +x AgentPull.sh
```

Create a response agent.rsp file:

LOGIN_USER=sysman
PLATFORM="Linux x86-64"

Run the AgentPull.sh script to download and install the Management Agent:
```
$ ./AgentPull.sh RSPFILE_LOC=/tmp/agent.rsp AGENT_BASE_DIR=/var/lib/oracle/emagent ORACLE_HOSTNAME=location.mycompany.com AGENT_PORT=3872
```
Where ORACLE_HOSTNAME is the fully qualified hostname of the Database Firewall where the EM Management Agent is being installed.

Note:

You will be prompted for two passwords immediately upon executing this command.

The installation of the EM Management Agent starts automatically as soon as the download has finished. At the end of the installation, you will be prompted to run a script as root.

After running that script, continue with Discovering the Oracle AVDF Target.