2 Overview of Oracle Audit Vault and Database Firewall Installation
Learn to install Oracle Audit Vault and Database Firewall (Oracle AVDF).
See Also:
Oracle Audit Vault and Database Firewall Administrator's Guide for general information about secure installation, data protection, and general recommendations for deploying Oracle Audit Vault and Database Firewall in a network and in special configurations.2.1 Downloading the Latest Version of This Manual
Learn how to download the latest documentation for Oracle Audit Vault and Database Firewall (Oracle AVDF).
See Also:
-
Oracle AVDF 20.1 Books to download all the documents.
-
https://docs.oracle.com for documentation of other Oracle products.
2.2 Platform Support
Learn about various platforms supported by Oracle AVDF.
2.2.1 Product Compatibility Matrix
Learn about supported platforms for Audit Vault Agent, Host Monitor, audit collection, and Database Firewall monitoring or protection.
Oracle Audit Vault and Database Firewall is delivered as software appliance images ready to be deployed on physical hardware or on virtualized environments such as Oracle VM Server or VMware. You can install and run Oracle Audit Vault and Database Firewall on the following platforms:
- Any Intel x86 64-bit hardware platform supported by Oracle Audit Vault and Database Firewall's embedded operating system. Oracle Audit Vault and Database Firewall 20 uses Oracle Linux release 7 with the Unbreakable Enterprise Kernel (UEK) version 5. For a list of compatible hardware, refer to Hardware Certification List for Oracle Linux and Oracle VM. This list contains the minimum version of Oracle Linux certified with the selected hardware. All Oracle Linux updates starting with Oracle Linux release 7 as the minimum are also certified unless otherwise noted.
- Refer to Oracle Linux documentation for more information on the operating system platform.
- Oracle VM Server for x86, versions 3.2.8, 3.2.9, 3.4.4, and 3.4.6.
- VMWare VSphere, version 6.0 and 6.7
- Oracle VM VirtualBox, version 6.0
- Oracle Audit Vault and Database Firewall release 20 supports both BIOS and UEFI boot mode. For system with boot disk greater than 2 TB, Oracle AVDF supports booting in UEFI mode only.
- Audit Vault Server and Database Firewall cannot be installed on Exalogic or Exadata appliances.
- Oracle AVDF 20.1 to 20.4 is built on Oracle Linux version 7.8. Oracle AVDF 20.5 is built on Oracle Linux version 7.9.
- Audit Vault Server and Database Firewall on Kernel-based Virtual Machine (KVM)
Table 2-1 Audit Collection and Database Firewall Support
| Supported Platform | Versions Supported | Audit Collection | Database Firewall Support |
|---|---|---|---|
| Database | |||
| Oracle Database
(Enterprise and Standard editions) |
21c (Starting Oracle AVDF 20.4) 19c 18c 12.2 12.1 11.2.0.4 |
Yes | Yes |
| Autonomous Data Warehouse (Shared) | Not applicable | Yes | Not supported |
| Autonomous Data Warehouse (Dedicated) | Not applicable | Yes (Starting Oracle AVDF 20.3) | Not supported |
| Autonomous Transaction Processing (Shared) | Not applicable | Yes | Not supported |
| Autonomous Transaction Processing (Dedicated) | Not applicable | Yes (Starting Oracle AVDF 20.3) | Not supported |
| Oracle Cloud Database Service |
21c (Starting Oracle AVDF 20.4) 19c |
Yes | Not supported |
| Oracle Database running on Exadata |
21c (Starting Oracle AVDF 20.4) 19c 18c 12.2 12.1 11.2.0.4 |
Yes | Yes |
| Oracle Real Application Clusters |
21c (Starting Oracle AVDF 20.4) 19c 18c 12.2 12.1 11.2.0.4 |
Yes | Yes |
| MySQL (Enterprise Edition) |
8.0 5.7 5.6 |
Yes | Yes |
|
Microsoft SQL Server (Windows) Enterprise Edition |
2019 (Starting Oracle AVDF 20.3) 2017 2016 2014 2012 |
Yes | Yes |
|
Microsoft SQL Server (Windows) Standard Edition |
2019 (Starting Oracle AVDF 20.6) |
Yes | No |
| Microsoft SQL Server Cluster (Windows Failover Cluster) |
2019 (Starting Oracle AVDF 20.6) 2017 2016 2014 2012 |
Yes |
Yes (Starting Oracle AVDF 20.6) |
| Microsoft SQL Server Always On availability group (Starting with Oracle AVDF release 20.3) |
2017 2016 2014 2012 |
Yes | No |
| MongoDB (By configuring Quick JSON collector) |
4.4 (Starting Oracle AVDF 20.4 4.2 4.0 |
Yes | No |
| PostgreSQL |
9.6 to 11.8 |
Yes | No |
| IBM Db2 |
11.5 11.1 10.5 |
Yes | Yes |
|
IBM Db2 Cluster HADR (High Availability and Disaster Recovery) on OL 7.x |
11.1 |
Yes | Yes |
|
IBM Db2 for AIX 7.2 TL1 and above 7.1 TL4 and TL5 |
11.5 11.1 10.5 |
Yes |
Yes (Starting Oracle AVDF 20.4) |
|
IBM DB2 Database Partitioning Feature (DPF) on Linux and AIX |
11.5 11.1 10.5 |
Yes | No |
| SAP Sybase ASE |
16 15.7 |
Yes | Yes |
| Transaction Log Collector using Oracle GoldenGate 19.1 |
11.2 to 19c |
Yes | Not applicable |
| Operating System | |||
| Oracle Solaris (SPARC64) |
11.3 11.4 |
Yes | Not applicable |
| Oracle Solaris (x86-64) |
11.3 11.4 |
Yes | Not applicable |
| Oracle Linux (64 bit) |
OL 8.2 and 8.3 (requires auditd 3.0) (Starting Oracle AVDF 20.4) OL 8 (requires auditd 3.0) (Starting Oracle AVDF 20.3) OL 7.9 (requires auditd 2.8) (Starting Oracle AVDF 20.4) OL 7.6-7.8 (requires auditd 2.8) (Starting Oracle AVDF 20.2) OL 7.4-7.5 (requires auditd 2.7.6) OL 7.3 (requires auditd 2.6.5) OL 7.1-7.2 (requires auditd 2.4.1) OL 7.0 (requires auditd 2.3.3) OL 6.8-6.9 (requires auditd 2.4.5) OL 6.6-6.7 (requires auditd 2.3.7) OL 6.1-6.5 (requires auditd 2.2.2) OL 6.0 (requires auditd 2.0) |
Yes | Not applicable |
| Red Hat Enterprise Linux |
RHEL 8.2 and 8.3 (requires auditd 3.0) (Starting Oracle AVDF 20.4) RHEL 8 (requires auditd 3.0) (Starting Oracle AVDF 20.3) RHEL 7.9 (requires auditd 2.8) (Starting Oracle AVDF 20.4) RHEL 7.6-7.8 (requires auditd 2.8) (Starting Oracle AVDF 20.2) RHEL 7.5 (requires auditd 2.7.6) RHEL 7.4 (requires auditd 2.7.6) RHEL 7.3 (requires auditd 2.6.5) RHEL 7.2 (requires auditd 2.4.1) RHEL 7.1 (requires auditd 2.4.1) RHEL 7.0 (requires auditd 2.3.3) RHEL 6.10 (requires auditd 2.4.5) RHEL 6.9 (requires auditd 2.4.5) RHEL 6.8 (requires auditd 2.4.5) RHEL 6.7 (requires auditd 2.3.7) |
Yes | Not applicable |
| Microsoft Windows Server (x86-64) |
2019 in release 20.2 (20 RU2) and later 2016 2012 R2 2012 |
Yes | Not applicable |
| IBM AIX on Power Systems (64-bit) |
7.2 TL2 and above 7.1 TL5 |
Yes | Not applicable |
| Directory Service | |||
| Microsoft Active Directory |
2016 2008 |
Yes | Not applicable |
| File System | |||
| Oracle ACFS |
12c |
Yes | Not applicable |
Table 2-2 Supported Platforms for Audit Vault Agent and Host Monitor
| Supported Platform | Versions Supported | Audit Vault Agent Deployment | Host Monitor Deployment |
|---|---|---|---|
| Operating System | |||
| Oracle Solaris (SPARC64) |
11.3 11.4 |
Yes | Yes |
| Oracle Solaris (x86-64) |
11.3 11.4 |
Yes | Yes |
| Oracle Linux (64 bit) |
OL 8.2 and 8.3 (requires auditd 3.0) (Starting Oracle AVDF 20.4) OL 8 (requires auditd 3.0) (Starting Oracle AVDF 20.3) OL 7.9 (requires auditd 2.8) (Starting Oracle AVDF 20.4) OL 7.6-7.8 (requires auditd 2.8) (Starting Oracle AVDF 20.2) OL 7.4-7.5 (requires auditd 2.7.6) OL 7.3 (requires auditd 2.6.5) OL 7.1-7.2 (requires auditd 2.4.1) OL 7.0 (requires auditd 2.3.3) OL 6.8-6.9 (requires auditd 2.4.5) OL 6.6-6.7 (requires auditd 2.3.7) OL 6.1-6.5 (requires auditd 2.2.2) OL 6.0 (requires auditd 2.0) |
Yes | Yes |
| Oracle Linux (64 bit) Cluster | OL 7.x | Yes | No |
| Red Hat Enterprise Linux |
RHEL 8.2 and 8.3 (requires auditd 3.0) (Starting Oracle AVDF 20.4) RHEL 8 (requires auditd 3.0) (Starting Oracle AVDF 20.3) RHEL 7.9 (requires auditd 2.8) (Starting Oracle AVDF 20.4) RHEL 7.6-7.8 (requires auditd 2.8) (Starting Oracle AVDF 20.2) RHEL 7.5 (requires auditd 2.7.6) RHEL 7.4 (requires auditd 2.7.6) RHEL 7.3 (requires auditd 2.6.5) RHEL 7.2 (requires auditd 2.4.1) RHEL 7.1 (requires auditd 2.4.1) RHEL 7.0 (requires auditd 2.3.3) RHEL 6.10 (requires auditd 2.4.5) RHEL 6.9 (requires auditd 2.4.5) RHEL 6.8 (requires auditd 2.4.5) RHEL 6.7 (requires auditd 2.3.7) |
Yes | Yes |
| Red Hat Enterprise Linux Cluster | RHEL 7.x | Yes | No |
| Microsoft Windows Server (x86-64) |
2019 in release 20.2 (20 RU2) and later 2016 2012 R2 2012 |
Yes | Yes |
| IBM AIX on Power Systems (64-bit) |
7.2 TL2 and above 7.1 TL5 |
Yes | Yes |
| IBM AIX on Power Systems (64-bit) Cluster |
7.2 TL2 and above 7.1 TL5 |
Yes | No |
| HP-UX on Itanium | 11.31 | Yes | Not applicable |
Note:
Oracle AVDF encourages you to upgrade to the latest supported versions at all times to stay current with security and functionality. Interoperability and functionality with older versions of the targets increases complexity and vulnerability.Table 2-3 Appliance Deployment: Audit Vault Server and Database Firewall
| Name | Release/Version |
|---|---|
|
Oracle VM VirtualBox |
6.0 5.2 |
|
Oracle VM Server for x86 |
|
|
VMware vSphere |
6.7 6.0 |
2.2.2 Supported Browsers
Learn what browsers are supported with Oracle Audit Vault and Database Firewall (Oracle AVDF).
Oracle Audit Vault and Database Firewall requires a JavaScript-enabled browser and supports the current and prior major release of Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, and Microsoft Edge.
Note:
- Ensure that the browser version you are using supports TLS 1.2 protocol.
- Microsoft Internet Explorer 11 is the prior major release, with Microsoft Edge being the current Microsoft browser. Support for Internet Explorer (IE) 11 is deprecated. Audit Vault Server console does not support Microsoft Internet Explorer 11 (and prior), starting with release 20.6.
2.2.3 Support for External Systems
Learn about external systems supported by Oracle Audit Vault and Database Firewall.
Supported external systems are as follows:
-
Integration offered:
-
Syslog
-
E-mail
-
-
SAN storage
-
iSCSI: It can be used to extend disk space for storing event data.
-
-
Archive system
-
SMB
-
SCP
-
NFS
-
Note:
-
Oracle AVDF 20.1 and later supports archive and retrieve functionality with Network File System (NFS) server which support both versions v3 and v4.
-
Only NFS version v3 is not supported for releases 20.3 and prior. It is supported starting Oracle AVDF release 20.4.
-
If your NFS server supports and permits both v3 and v4 for archive or retrieve, then no action is required.
-
In case you have NFS v4 only in your environment for archive or retrieve, then set the
_SHOWMOUNT_DISABLEDparameter toTRUEusing the following steps:- Log in to the Audit Vault Server as root.
- Switch user to oracle:
su - oracle - Start SQL*Plus connection as
sqlplus /nologwithout the username or password. - In SQL*Plus execute the command:
connect super administrator - Enter the password when prompted. Alternatively, execute
the command:
connect super administrator/password - Execute the command:
exec avsys.adm.add_config_param('_SHOWMOUNT_DISABLED','TRUE');
2.2.4 Audit Vault Agent: Supported and Tested Java Runtime Environment
Learn about the supported and tested Java Runtime Environment (JRE) for the Audit Vault Agent.
Table 2-4 lists supported versions of Java Runtime Environment (JRE).
Table 2-4 JRE Support Matrix
| JRE Version | Release/Version |
|---|---|
|
1.8 |
1.8.0_45 and later |
|
11 |
11.0.3 |
Note:
JRE version 11 is not supported on AIX platform. For AIX platform use JRE version1.8.0_241 (minimum).
2.2.5 Compatibility with Oracle Enterprise Manager
Learn about the supported versions of Oracle Enterprise Manager and Oracle Audit Vault Database Firewall.
Oracle Audit Vault and Database Firewall (Oracle AVDF) plug-in provides an interface within Enterprise Manager Cloud Control for administrators to manage and monitor Oracle Audit Vault and Database Firewall components.
Table 2-5 lists supported versions of Oracle Enterprise Manager and Oracle Audit Vault Database Firewall.
Table 2-5 Oracle Enterprise Manager Support Matrix
| Oracle Enterprise Manager Release | Oracle Audit Vault Database Firewall Release |
|---|---|
|
13.5 |
20.6 and later |
|
13.4 |
20.x |
|
12.2.x |
Note:
Oracle Audit Vault and Database Firewall (Oracle AVDF) plug-in is supported only with the above mentioned Enterprise Manager releases.
See Also:
Refer to System Monitoring Plug-in User's Guide for Audit Vault and Database Firewall for complete information.2.3 Learning About Oracle Audit Vault and Database Firewall
Learn more about Oracle Audit Vault and Database Firewall (Oracle AVDF).
See Also:
Oracle Audit Vault and Database Firewall Concepts Guide to understand the features, components, users, and deployment of Oracle Audit Vault and Database Firewall.
2.4 About Oracle Audit Vault and Database Firewall Installation
Understand the process for installing Oracle Audit Vault and Database Firewall (Oracle AVDF).
Here are the steps for installing Oracle AVDF:
- Understand the Oracle Audit Vault and Database Firewall components to be installed.
- Plan the system configuration that best suits your needs.
- Ensure that your system meets the pre-install requirements.
- Complete the installation of Audit Vault Server.
- Complete the installation of Database Firewall.
- Complete the post-install configuration tasks.
- Complete the registration of hosts and deployment of Agent.
- Complete the registration of targets for audit collection and Database Firewall monitoring.
Note:
The Audit Vault Server and the Database Firewall server are software appliances. You must not make any changes to the Linux operating system through the command line on these servers unless following official Oracle documentation or under guidance from Oracle Support.
See Also:
-
Oracle Audit Vault and Database Firewall Concepts Guide for information about the components.
-
Oracle Audit Vault and Database Firewall Administrator's Guide to plan the system configuration that best suits your needs.
-
Upgrading Oracle Audit Vault and Database Firewall for instructions to update the Oracle Audit Vault and Database Firewall software periodically.
-
Oracle Audit Vault and Database Firewall Pre-Install Requirements
-
Uninstalling Audit Vault Agents Deployed on Target Host Machines