B System Configuration Utilities
Run these commands as root
user to manage system
configuration and CLI utilities.
B.1 CONFIG-ASO
Use this command to display the public certificate that is presented to the target for decoding Oracle native encryption (Transparent Data Encryption) on the Database Firewall appliance.
This command is available after installing the Database Firewall diagnostics package.
Syntax
/opt/avdf/config-utils/bin/config-aso help
/opt/avdf/config-utils/bin/config-aso show
Arguments
Argument | Description |
---|---|
help |
To seek help on displaying the public certificate used to present to the target. |
show |
To display the existing public certificate used to present to the target. |
Attributes
Attributes | Key Values |
---|---|
certificate |
The actual certificate details. |
Example
/opt/avdf/config-utils/bin/config-aso show
B.2 CONFIG-AVS
Use this command to establish the communication channel between Database Firewall and Audit Vault Server.
This command is available with the Database Firewall installation.
Syntax
/opt/avdf/config-utils/bin/config-avs help
/opt/avdf/config-utils/bin/config-avs set
/opt/avdf/config-utils/bin/config-avs show
Arguments
Argument | Description |
---|---|
help |
To seek help on establishing the communication channel between Database Firewall and Audit Vault Server. |
show |
To display the existing communication channel between Database Firewall and Audit Vault Server. |
set |
To modify the communication channel between Database Firewall and Audit Vault Server. |
Attributes
Attributes | Key Values |
---|---|
address |
IP address of the Audit Vault Server instance. |
avs |
|
certificate |
The CA certificate of the Audit Vault Server. |
Example
/opt/avdf/config-utils/bin/config-avs set avs=primary address=192.0.2.12 certificate=/root/avscert.crt
B.3 CONFIG-BOND
Use this command to configure bonding between two Network Interface Cards (NIC). The bonding functionality increases the bandwidth and supports redundancy of the network connections on the appliance.
This command is available with the Database Firewall installation.
Note:
The Database Firewall command-line interface (CLI) creates a bond interface with the default configuration for the operating system. To configure specific bonding controls, use the operating system. See the Create Network Bonds using Network Manager CLI documentation or Configuring Network Bonding in the Oracle Linux 8 documentation for details on creating network bonds in Oracle Linux.Syntax
/opt/avdf/config-utils/bin/config-bond help
/opt/avdf/config-utils/bin/config-bond add
/opt/avdf/config-utils/bin/config-bond delete
/opt/avdf/config-utils/bin/config-bond set
/opt/avdf/config-utils/bin/config-bond show
Arguments
Argument | Description |
---|---|
help |
To seek help on configuring bonding between two Network Interface Cards. |
add |
To configure bonding between two Network Interface Cards. |
delete |
To delete the existing bonding between two Network Interface Cards. |
show |
To display the existing bonding between two Network Interface Cards. |
set |
To modify the existing bonding functionality between two Network Interface Cards. |
Attributes
Attributes | Key Values |
---|---|
description |
A short description of the network or service this bond provides. |
device |
User defined name of the bonded device. |
enabled |
This attribute confirms if the bonding between two
Network Interface Cards exists. The allowed values are
|
gateway |
IP address of the gateway. |
ip_address |
IP address of the bond. |
network_mask |
The network mask of the device. |
components |
The names of the component devices. |
Example
/opt/avdf/config-utils/bin/config-bond add device=bond0 components=enp0s18,enp0s19 ip_address=192.168.10.10 network_mask=255.255.255.0 gateway=192.168.10.1 enabled=yes
B.4 CONFIG-CAPTURE
Use this command to monitor the network traffic on the Database Firewall and create packet capture files (PCAP) for Database Firewall configuration.
This command is available with the Database Firewall installation.
Syntax
/opt/avdf/config-utils/bin/config-capture help
/opt/avdf/config-utils/bin/config-capture add
/opt/avdf/config-utils/bin/config-capture delete
/opt/avdf/config-utils/bin/config-capture show
Arguments
Argument | Description |
---|---|
help |
To seek help on configuring traffic capture facility on the Database Firewall appliance. |
add |
To capture traffic using a NIC on the Database Firewall appliance. |
delete |
To delete the results of the traffic captured using a NIC on the Database Firewall appliance. |
show |
To display the list of the recorded traffic captured on the Database Firewall appliance. |
Attributes
Attributes | Key Values |
---|---|
duration |
The amount of time (in seconds) to capture the traffic. |
interface |
The name of the interface. |
size |
The maximum allowed size (in kilobytes) of the traffic capture file. |
Example
/opt/avdf/config-utils/bin/config-capture add interface=enp0s3 duration=300 size=9999
B.5 CONFIG-DIAGNOSTICS
Use this command to run the system diagnostics status which displays current information about a range of processes monitored on the appliance.
This command is available after installing the Database Firewall diagnostics package.
Syntax
/opt/avdf/config-utils/bin/config-diagnostics help
/opt/avdf/config-utils/bin/config-diagnostics show
Arguments
Argument | Description |
---|---|
help |
To seek help on system diagnostic processes monitored on the appliance. |
show |
To display the existing system diagnostic capturing process on the appliance. |
Example
/opt/avdf/config-utils/bin/config-diagnostics show
B.6 CONFIG-DNS
Use this command to get and set the DNS server addresses on the appliance.
This command is available after installing the Audit Vault Server and Database Firewall diagnostics packages.
Syntax
/opt/avdf/config-utils/bin/config-dns help
/opt/avdf/config-utils/bin/config-dns set
/opt/avdf/config-utils/bin/config-dns show
Arguments
Argument | Description |
---|---|
help |
To seek help on configuring DNS server addresses on the appliance. |
set |
To configure the DNS server address on the appliance. |
show |
To display the existing DNS server configuration on the appliance. |
Attributes
Attributes | Key Values |
---|---|
servers |
Up to three DNS server IP addresses separated by comma. |
Example
/opt/avdf/config-utils/bin/config-dns set servers="192.0.2.1 192.0.2.2 192.0.2.3"
B.7 CONFIG-KEYTABLE
Use this command to configure keyboard locale on the appliance.
This command is available after installing the Audit Vault Server and Database Firewall diagnostics packages.
Syntax
/opt/avdf/config-utils/bin/config-keytable help
/opt/avdf/config-utils/bin/config-keytable set
/opt/avdf/config-utils/bin/config-keytable show
Arguments
Argument | Description |
---|---|
help |
To seek help on configuring keyboard locale on the appliance. |
set |
To configure the keyboard locale on the appliance. |
show |
To display the existing keyboard locale settings on the appliance. |
Attributes
Attributes | Key Values |
---|---|
layout |
Any value from
|
Example
/opt/avdf/config-utils/bin/config-keytable set layout=us
B.8 CONFIG-NIC
Use this command to configure secondary network interfaces on the appliance.
This command is available with the Audit Vault Server and the Database Firewall installation.
Syntax
/opt/avdf/config-utils/bin/config-nic help
/opt/avdf/config-utils/bin/config-nic set
/opt/avdf/config-utils/bin/config-nic show
Note:
This command should be used for debugging purpose only. It is advisable to use the Audit Vault Server console to perform the NIC configuration.Arguments
Argument | Description |
---|---|
help |
To seek help on configuring secondary network interfaces on the appliance. |
set |
To configure secondary network interfaces on the appliance. |
show |
To display the current settings of secondary network interfaces on the appliance. |
delete |
To delete a configured secondary network interface on the appliance. |
Attributes
Attributes | Key Values |
---|---|
description |
User defined name of the interface. |
device |
Device name of the interface on the appliance. |
enabled |
|
gateway |
IP address of the gateway. |
hostname |
User defined hostname for all the NICs. |
info |
System level information about the NIC. |
ip_address |
IP address of the secondary NIC. |
network_mask |
The network mask of the NIC. |
Example
/opt/avdf/config-utils/bin/config-nic set device=enp0s3 ip_address=192.0.2.22 network_mask=255.255.255.0 gateway=192.0.2.1 enabled=true
B.9 CONFIG-NTP
Use this command to configure up to 3 NTP server addresses on the appliance.
This command is available with the Database Firewall installation. This command is also available after installing the Audit Vault Server diagnostics package.
Syntax
/opt/avdf/config-utils/bin/config-ntp help
/opt/avdf/config-utils/bin/config-ntp set
/opt/avdf/config-utils/bin/config-ntp show
Arguments
Argument | Description |
---|---|
help |
To seek help on setting NTP server address on the appliance. |
set |
To set NTP server address on the appliance. |
show |
To display the current NTP server settings on the appliance. |
Attributes
Attributes | Key Values |
---|---|
enabled |
|
panic |
The amount of time drift that the NTP synchronization ends. It can be an integer. |
servers |
Comma separated IP addresses or hostnames of NTP servers on the appliance. |
sync_on_save |
To synchronize the time when settings are saved. |
time_differences |
To get the time difference of different NTP servers on the appliance. |
Example
/opt/avdf/config-utils/bin/config-ntp set servers=192.0.2.0,192.0.2.2,192.0.2.22
B.10 CONFIG-PROXY
Use this command to configure traffic proxy ports on the Database Firwewall appliance.
This command is available after installing the Database Firewall diagnostics package.
Syntax
/opt/avdf/config-utils/bin/config-proxy help
/opt/avdf/config-utils/bin/config-proxy add
/opt/avdf/config-utils/bin/config-proxy delete
/opt/avdf/config-utils/bin/config-proxy set
/opt/avdf/config-utils/bin/config-proxy show
Note:
This command should be used for debugging purpose only. It is advisable to use the Audit Vault Server console to configure proxy ports.Arguments
Argument | Description |
---|---|
add |
To add a proxy port on the Database Firewall appliance. |
delete |
To delete an existing proxy port on the Database Firewall appliance. |
help |
To seek help on proxy port configuration for the Database Firewall appliance. |
set |
To modify a proxy port on the Database Firewall appliance. |
show |
To display the existing traffic proxy ports on the Database Firewall appliance. |
Attributes
Attributes | Key Values |
---|---|
description |
User defined name of the port. |
enabled |
|
id |
A unique ID has to be set for the proxy port on the Database Firewall appliance. |
network_id |
To set the network interface used for the proxy port on the Database Firewall appliance. |
port |
To set a specific port as a proxy for the Database Firewall appliance. |
Example
/opt/avdf/config-utils/bin/config-proxy set id=1 network_id=enp0s8 port=9999 enabled=true description='Sales proxy port'
B.11 CONFIG-SNMP
Use this command to configure SNMP access on the appliance.
This command is available after installing the Audit Vault Server and Database Firewall diagnostics packages.
Syntax
/opt/avdf/config-utils/bin/config-snmp help
/opt/avdf/config-utils/bin/config-snmp set
/opt/avdf/config-utils/bin/config-snmp show
Arguments
Argument | Description |
---|---|
set |
To set SNMP access on the appliance. |
show |
To display the current SNMP access settings on the appliance. |
help |
To get help on setting SNMP access on the appliance. |
Attributes
Attributes | Key Values |
---|---|
access |
To set SNMP access to the appliance, provide a list of IP addresses separated by comma. |
community |
To set SNMP community string on the appliance. |
Example
/opt/avdf/config-utils/bin/config-snmp set access=192.0.2.0,192.0.2.2,192.0.2.22,192.0.2.24
B.12 CONFIG-SSH
Use this command to configure SSH access on the appliance.
This command is available with the Database Firewall installation. This command is also available after installing the Audit Vault Server diagnostics package.
Syntax
/opt/avdf/config-utils/bin/config-ssh help
/opt/avdf/config-utils/bin/config-ssh set
/opt/avdf/config-utils/bin/config-ssh show
Arguments
Argument | Description |
---|---|
set |
To set SSH access on the appliance. |
show |
To display the current SSH access settings on the appliance. |
help |
To get help on setting SSH access on the appliance. |
Attributes
Attributes | Key Values |
---|---|
access |
To set SSH access to the appliance, provide a list of IP addresses separated by comma. |
Example
/opt/avdf/config-utils/bin/config-ssh set access=192.0.2.0,192.0.2.2,192.0.2.22,192.0.2.24
B.13 CONFIG-STATUS
Use this command to display the current status of updates on various Database Firewall components.
This command is available after installing the Database Firewall diagnostics package.
Syntax
/opt/avdf/config-utils/bin/config-status show
/opt/avdf/config-utils/bin/config-status help
Arguments
Argument | Description |
---|---|
show |
To display the current status of updates on various Database Firewall components. |
help |
To get help on the commands for retrieving the status of updates on various Database Firewall components. |
Attributes
Attributes | Key Values |
---|---|
component_version |
Defines the version of the Database Firewall component, like 20.1.0.0.0. |
diagnostic_status |
Defines the diagnostic status of the Database
Firewall component, like |
free_space |
Defines the free available space on the Database Firewall component. |
grammar_versions |
Defines the SQL grammar version on the Database Firewall component. |
software_version |
Defines the software version of the Database Firewall component. |
Examples
/opt/avdf/config-utils/bin/config-status show
/opt/avdf/config-utils/bin/config-status show component_version
/opt/avdf/config-utils/bin/config-status show diagnostic_status
/opt/avdf/config-utils/bin/config-status show free_space
/opt/avdf/config-utils/bin/config-status set grammar_versions
/opt/avdf/config-utils/bin/config-status set software_version
B.14 CONFIG-SYSLOG
Use this command to configure syslog destinations on the appliance. It can also be used to set the active syslog categories and the maximum message length.
This command is available after installing the Database Firewall diagnostics package.
Syntax
/opt/avdf/config-utils/bin/config-syslog set
/opt/avdf/config-utils/bin/config-syslog show
/opt/avdf/config-utils/bin/config-syslog help
Arguments
Argument | Description |
---|---|
set |
To set syslog destinations on the appliance. |
show |
To display the current syslog destinations on the appliance. |
help |
To get help of the available commands and supported attributes. |
Attributes
Attributes | Key Values |
---|---|
categories |
|
max_message_length |
Defines the maximum length of the syslog messages. It can be any integer between 1024 and 1048576. |
tcp_destinations |
The TCP destinations on the appliance includes IP
address, or the hostname, and the port number. For example,
|
udp_destinations |
The UDP destinations on the appliance includes IP
address or the hostname. For example,
The default port number is 514. |
Example
/opt/avdf/config-utils/bin/config-syslog set categories=system,alerts,info,debug,hearbeat max_message_length=2000 tcp_destinations=my.host:1234,second.host:4321 udp_destinations=my.host
B.15 CONFIG-TIME
Use this command to configure the time on the appliance.
This command is available after installing the Audit Vault Server and Database Firewall diagnostics packages.
Syntax
/opt/avdf/config-utils/bin/config-time set
/opt/avdf/config-utils/bin/config-time show
/opt/avdf/config-utils/bin/config-time help
Arguments
Argument | Description |
---|---|
set |
To set the time on the appliance. |
show |
To display the current time on the appliance. |
help |
To get help of the available commands and supported attributes. |
Attributes
Attribute | Key Values |
---|---|
time |
Define the date and time in ISO8601 format:
|
Example
/opt/avdf/config-utils/bin/config-time set time=2020-02-15T14:31:01
B.16 CONFIG-PKI_IDENTITY
Use this command to list, add, delete, and validate TLS identities (keys, certificates, Certificate Signing Requests) for Database Firewall.
Note:
This command is available starting with Oracle AVDF 20.7.Syntax
/opt/avdf/config-utils/bin/config-pki_identity show
/opt/avdf/config-utils/bin/config-pki_identity help
Arguments
Argument | Description |
---|---|
show |
To display the list of certificates and Certificate Signing Requests. |
add |
To create a Certificate Signing Request with specified attributes. |
set |
To self sign or import external signed certificates to a specified path. |
delete |
To delete a certificate with the specified
|
help |
To get help of the available commands and supported attributes. |
Attributes
Attribute | Key Values |
---|---|
common_name |
Common name of the certificate. |
alt_dns alt_email alt_ip alt_uri common_name country locality organisation organisational_unit state |
Generic certificate attributes used for creating a CSR
( |
cert_gid cert_mode cert_path cert_uid |
File system setting for the generated CSR. |
key_gid key_mode key_path key_uid |
File system setting for the generated key. |
self_sign |
Argument to self sign the CSR with the local CA. |
Example
/opt/avdf/config-utils/bin/config-pki_identity show common_name=foobar.example.com
/opt/avdf/config-utils/bin/config-pki_identity set cert_path=/usr/local/dbfw/certificate.crt
/opt/avdf/config-utils/bin/config-pki_identity delete common_name=foobar.example.com
/opt/avdf/config-utils/bin/config-pki_identity add \
common_name=foobar.example.com \
country=US \
email=first.last@example.invalid \
locality=city \
organisation=company \
organisational_unit=group \
state=area \
cert_uid=user \
cert_gid=group \
cert_mode=444 \
key_uid=root \
key_gid=privilegedgroup \
key_mode=440 \
key_path=/usr/local/dbfw/private.key \
cert_path=/usr/local/dbfw/certificate.csr