Learn about the post-installation tasks for Oracle Audit Vault and Database Firewall (Oracle AVDF).
4.1 Audit Vault Server Post-Installation Tasks
Execute recommended post-installation tasks after installing the Audit Vault Server.
Recommended post-installation steps for Audit Vault Server:
Complete the steps in section Accessing the Audit Vault Server Post-Install Configuration Page and set up usernames and passwords.
Apply the patch to remove deprecated ciphers post AVS install or upgrade:
Note: Apply this patch on Oracle Audit Vault Server 20.1 after install or upgrade. In case of upgrade, before applying the patch, make sure that all Audit vault Agents are upgraded to 20.1 and Host Monitor Agents are in
- Review the DNS and NTP system service configuration. See Configuring or Changing the Oracle Audit Vault Server Services.
- Configure resilient pair of Audit Vault Servers. See Managing A Resilient Audit Vault Server Pair.
- Register the targets for monitoring using Oracle Audit Vault and Database Firewall. See Configuring Targets, Audit Trails, and Database Firewall Monitoring Points.
- Ensure to configure the data retention policy for every target before configuring audit trails. See Configuring Archive Locations and Retention Policies.
Follow these steps for configuring each audit trail for native audit collection. See Preparing Targets for Audit Data Collection.
- Deploy an Audit Vault Agent on the machine where the target is installed or on a machine that can connect to the target.
- Enable native database auditing on the target.
- Review and configure the audit trails for the target as per the requirement.
- Configure the audit trail cleanup wherever necessary.
- For Oracle Database targets, consider provisioning Oracle recommended audit policies. See Creating Audit Policies for Oracle Databases.
- Consider configuring alert policies. See Creating Alerts.
- The Audit Vault Server reads the audit log from the target that contains the timestamp of the event. Without this synchronization, events may appear to be archived to the Audit Vault Server before they occur and alerts may appear to be sent before their triggering events occur.
- You must set the usernames and passwords of its administrator and auditor, and the passwords of its root and support user. You can also set the time and domain name service (DNS) servers of the Audit Vault Server.
4.2 Database Firewall Post-Installation Tasks
Learn about Database Firewall post-installation tasks.
After installing the Database Firewall, set the password for
support user. This is the Linux operating system user account on
Database Firewall. Follow these steps to set the password:
After the installation is complete, log in as
rootuser on the console displayed.
Execute the following command to set the password for the
Enter the new password for the
supportuser when prompted.
Re-enter the password when prompted.
After the password is set successfully, the following message is displayed on the console:
all authentication tokens updated successfully.
4.3 Accessing the Audit Vault Server Post-Install Configuration Page
Access the Audit Vault Server post-installation configuration page.
To access the Audit Vault Server Post-Install Configuration page:
- Using a browser, go to the Audit Vault Server console. Ensure that the browser version you are using supports TLS 1.2 protocol. See Supported Browsers for complete information.
ip_address, use the IP address of the Audit Vault Server. See Installing Audit Vault Server or Database Firewall.
You may see a message about a problem with the website security certificate. This is due to a self-signed certificate. Click the Continue to this website (or similar) link. You can generate a certificate request later to avoid this message. This is one of the possible reasons. However, there may be other reasons where the browser may prompt about the website being insecure. Use your due caution, verify, and then connect to the correct website.
- You are prompted to enter the root password.
- Click Login.
The Post-Install Configuration page appears:
From this page, you must set the usernames and passwords (required), set up the time, and DNS servers.
4.4 Setting the Usernames and Passwords of Audit Vault Server Users
Set up usernames and passwords for Oracle Audit Vault and Database Firewall (Oracle AVDF).
In the post-install configuration page, you set up usernames and passwords for the following Oracle Audit Vault and Database Firewall users:
Repository Encryption Keystore
root user password on this screen is optional as it is
already set during installation.
Separation of Duties for a description of each user.
Do not use the root or support users unless instructed to do so in documentation or by a customer support representative.
4.4.1 About Administrator and Auditor User Names
Oracle recommends that you create administrator and auditor user accounts after you install Oracle Audit Vault and Database Firewall (Oracle AVDF).
The administrator and auditor user names must be simple SQL names of 1 to 30 characters, and must follow these rules:
The first character is alphabetical.
Each remaining character is either alphanumeric or an underscore (_), dollar sign ($), or number sign (#).
The administrator and auditor user names are upshifted (that is, any lowercase alphabetic characters are replaced by their uppercase equivalents). Also, the Audit Vault Server does not support quoted user names.
Separation of Duties for a description of each user account.
4.4.2 Password Requirements
Set password management guidelines for the Audit Vault and Database Firewall (Oracle AVDF) user accounts.
For example, you may require that users change their passwords on a regular basis, such as every 120 days, and that they create passwords that are not easily guessed.
The following sections describe the minimum password requirements for Oracle Audit Vault and Database Firewall.
Requirements for Passwords Containing Unicode Characters
If your password contains unicode characters (such as non-English characters with accent marks), the password requirement is that it:
Be between 8 and 30 characters long.
Requirements for English-Only (ASCII) Passwords
If you are using English-only, ASCII printable characters, Oracle Audit Vault and Database Firewall requires that passwords:
Be between 8 and 30 characters long.
Contain at least one of each of the following:
Lowercase letters: a-z.
Uppercase letters: A-Z.
Punctuation marks: comma (,), period (.), plus sign (+), colon(:), exclamation mark (!), and underscore (_)
Not contain double quotes ("), back space, or control characters.
In addition, Oracle recommends that passwords:
Not be the same as the user name.
Not be an Oracle reserved word.
Not be an obvious word (such as welcome, account, database, and user).
Not contain any repeating characters.
4.4.3 Setting the Passwords For Audit Vault Server Users
Steps for setting the passwords for the Audit Vault Server users.
To set the passwords of the Audit Vault Server administrator, auditor, root, and support user:
- Access the Audit Vault Server Post-Install Configuration page.
- Under User Setup:
In the Super Administrator field, enter the administrative user name.
Under the Super Administrator field, enter the administrator Super Administrator Password, then confirm it in the Re-enter Password field.
Click Validate username.
The administrator username that you entered is validated. If this name is valid, then you can use it; if not, then you must enter a valid name.
In the Super Auditor field, enter the super auditor user name.
Under the Super Auditor, field, enter the auditor Super Auditor Password, then confirm it in the Re-enter Password field.
Click Validate username.
The auditor username that you entered is validated. If this name is valid, then you can use it; if not, then you must enter a valid name.
- Under Repository Encryption, enter the Keystore Password, and
then re-enter it.
On new, full installations of Oracle Audit Vault and Database Firewall 12.2 or later, audit event data in the Audit Vault Server's repository is automatically encrypted using Oracle Database Transparent Data Encryption (TDE). The repository encryption keystore password is required to reset the TDE master key.
- Under Root Password, in the fields labeled Root Password and Re-enter New Password, type the password for root.
- Under Support User Password, in the fields labeled Support Password and Re-enter New Password, type the password for the support user.
4.5 Setting the Audit Vault Server Time (Strongly Recommended)
Steps to set the Audit Vault Server time.
To set the Audit Vault Server time:
Access the Audit Vault Server Post-Install Configuration page.
Expand the Time Setup section.
Select either Set Manually or Use NTP.
Note:Oracle strongly recommends that you select Use NTP. In addition, it is recommended that you also use an NTP service on your targets to avoid confusion on timestamps on the alerts raised by the Audit Vault Server.
If in step 3 you selected Use NTP, then for each of the fields Server 1 Address, Server 2 Address, and Server 3 Address:
Type either the IP address or name of a preferred time server.
If you type a name, the DNS server specified in the System Services page is used for name resolution.
Click Test Server.
The time from the specified server appears.
If in step 3 you selected Set Manually, then set the Date fields to your current local day and time.
Either click Save or proceed to set the DNS servers for the Audit Vault Server.
4.6 Setting the Audit Vault Server DNS Servers (Recommended)
Steps to set the DNS servers for the Audit Vault Server.
The Audit Vault Server DNS servers are used to resolve any host names that Audit Vault Server might use.
Note:Set Audit Vault Server DNS server values only if the network has DNS servers, otherwise system performance will be impaired.
To set the DNS servers for the Audit Vault Server:
- Enter the IP addresses of up to three DNS servers on the network in the
Server 1, Server 2, and Server 3 fields.
Leave the fields blank if there are no DNS servers.
- Click Save.
4.7 Networking Setup And Configuration
Oracle Audit Vault and Database Firewall can be setup or configured for access through DNS.
The host name must match the FQDN used for access.