Enable FIPS, SE Linux, and STIG on the DB System Components

This article describes the procedure to add Federal Information Processing Standards (FIPS), Security Enhanced (SE) Linux, and Security Technical Implementation Guide (STIG) standards security enhancements to the DB system.

For more information, see:

• Oracle Database FIPS 140-2 Settings.
• Use SELinux on Oracle Linux.
• Security Technical Implementation Guide (STIG) Tool for the DB System.

Enable FIPS, SE Linux, and STIG

Perform the following steps on each system node.

1. Open an SSH session to the DB system node and switch to the root user, then navigate to /opt/oracle/dcs/bin.

   sudo -s
   cd /opt/oracle/dcs/bin

2. Run the following command.

   dbcli secure-dbsystem -se -sd -fo -fd

   Output:

   Job details
   ----------------------------------------------------------------
   ID: <job_ID_number>
   Description: Secure DB System
   Status: Created
   Created: November 8, 2020 4:12:29 PM UTC
   Progress: 0%
   Message:
   
   Task Name Start Time End Time Status

3. Verify the job details.

   dbcli describe-job -i <job_ID_number>

   The output provides information about the progress, status, and details of the job.

   Job details
   ----------------------------------------------------------------
   ID: <job_ID_number>
   Description: Secure DB System
   Status: Success
   Created: November 8, 2020 4:12:29 PM UTC
   Progress: 100%
   Message:
   
   Task Name Start Time End Time Status
   ------------------------------------------------------------------------ ----------------------------------- -------
   Enable SE Linux [<name>] November 8, 2020 4:12:31 PM UTC November 8, 2020 4:12:31 PM UTC Success
   Enable STIG for DOD [<name>] November 8, 2020 4:12:31 PM UTC November 8, 2020 4:12:49 PM UTC Success
   Enable FIPS for OS [<name>] November 8, 2020 4:12:49 PM UTC November 8, 2020 4:14:43 PM UTC Success
   Enable FIPS for DB Home [<DB_home_name_1>] November 8, 2020 4:14:43 PM UTC November 8, 2020 4:14:43 PM UTC Success
   Enable FIPS for DB[<DB_name_1>] November 8, 2020 4:14:43 PM UTC November 8, 2020 4:14:46 PM UTC Success
   Enable FIPS for DB Home [<DB_home_name_2>] November 8, 2020 4:14:46 PM UTC November 8, 2020 4:14:46 PM UTC Success
   Enable FIPS for DB[<DB_name_2>] November 8, 2020 4:14:46 PM UTC November 8, 2020 4:14:49 PM UTC Success

4. After the job details output shows the Status as "Success", you must restart your DB system node using the Console. This is required because enabling FIPS and SE Linux updates the OS kernel. For instructions, see Reboot a DB System.

Checking a DB System Node for FIPS and SE Linux Configurations

To confirm that FIPS and SE Linux are enabled on your DB system node, use the following dbcli command.

dbcli get-dbsystemsecurestatus

The system returns details as shown in the following example.

{
  "isSELinuxEnabledForOS" : true,
  "isFipsEnabledForOS" : true,
  "fipsStatusForDBs" : [ {
    "databaseResId" : "<DB_ID_number>",
    "status" : true
  } ]
}

---

Title and Copyright Information

Enable FIPS, SE Linux, and STIG on the DB System Components

Copyright © 2022, 2023, Oracle and/or its affiliates. 

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.