4 Post-Install Configuration Tasks

Learn about the post-installation tasks for Oracle Audit Vault and Database Firewall (Oracle AVDF).

4.1 Audit Vault Server Post-Installation Tasks

Complete these recommended post-installation tasks after installing the Audit Vault Server.

  1. Complete the steps in section Accessing the Audit Vault Server Post-Install Configuration Page and set up user names and passwords.

  2. Apply the patch to remove deprecated ciphers after an Audit Vault Server install or upgrade: Deprecated-Cipher-Removal.zip.

    Note:

    Apply this patch on Oracle Audit Vault Server 20.1 after an install or upgrade. For an upgrade, before applying the patch, make sure that all Audit Vault Agents are upgraded to 20.1 and Host Monitor Agents are in the Installed state.

  3. Review the DNS and NTP system service configuration. See Configuring or Changing the Oracle Audit Vault Server Services.
  4. If using high availability, configure resilient pair of Audit Vault Servers. See Configuring High Availability for Audit Vault Servers.
  5. Register the targets for monitoring with Oracle Audit Vault and Database Firewall. See Configuring Targets, Audit Trails, and Database Firewall Monitoring Points.
  6. Configure the data retention policy for every target before configuring audit trails. See Configuring Archive Locations and Retention Policies.
  7. Configure each audit trail for native audit collection. See Preparing Targets for Audit Data Collection.

    1. Deploy an Audit Vault Agent on the machine where the target is installed or on a machine that can connect to the target.

      Note:

      Starting in Oracle AVDF 20.9, you can use agentless collection instead of the Audit Vault Agent for up to 20 Oracle Database table audit trails. Starting in Oracle AVDF 20.10, you can also use agentless collection for Microsoft SQL Server directory audit trails for .sqlaudit and .xel (extended events). The total number of audit trails for agentless collection should not exceed 20. See Adding Audit Trails with Agentless Collection.
    2. Enable native database auditing on the target.
    3. Review and configure the audit trails for the target.
    4. Configure the audit trail cleanup wherever necessary.
  8. For Oracle Database targets, consider provisioning Oracle recommended audit policies. See Creating Audit Policies for Oracle Databases.
    After patching to Oracle AVDF 20.12, you will need to
    1. Rerun the Oracle privileges script for successful audit policy retrieval for container database targets. For more information see Oracle Database Setup Scripts.
    2. Retrieve audit policies before provisioning or viewing audit policies. For more information see Retrieving and Modifying Audit Policies from an Oracle Database
  9. Consider configuring alert policies. See Creating Alerts.

Note:

  • The Audit Vault Server reads the audit log from the target that contains the time stamp of the event. Without this synchronization, events may appear to be archived to the Audit Vault Server before they occur and alerts may appear to be sent before their triggering events occur.
  • Set the user names and passwords of the Audit Vault Server administrator and auditor, as well as the passwords of its root and support users. You can also set the time and domain name service (DNS) servers of the Audit Vault Server.

4.2 Database Firewall Post-Installation Tasks

Learn about Database Firewall post-installation tasks.

After installing the Database Firewall, set the password for support user. This is the Linux operating system user account on Database Firewall. Follow these steps to set the password:

  1. After the installation is complete, log in as root user on the console displayed.

  2. Execute the following command to set the password for the support user:

    passwd support
  3. Enter the new password for the support user when prompted.

  4. Re-enter the password when prompted.

  5. After the password is set successfully, the following message is displayed on the console:

    all authentication tokens updated successfully.

4.3 Accessing the Audit Vault Server Post-Install Configuration Page

Access the Audit Vault Server post-installation configuration page.

To access the Audit Vault Server Post-Install Configuration page:

  1. Using a browser, go to the Audit Vault Server console. Ensure that the browser version you are using supports TLS 1.2 protocol. See Supported Browsers for complete information.
    https://ip_address
    

    For ip_address, use the IP address of the Audit Vault Server. See Installing Audit Vault Server or Database Firewall.

    You may see a message about a problem with the website security certificate. This is due to a self-signed certificate. Click the Continue to this website (or similar) link. You can generate a certificate request later to avoid this message. This is one of the possible reasons. However, there may be other reasons where the browser may prompt about the website being insecure. Use your due caution, verify, and then connect to the correct website.

    See Oracle Audit Vault and Database Firewall Administrator's Guide.

  2. You are prompted to enter the root password.
  3. Click Login. The post-install configuration page appears.

    Post-Install Configuration page (Oracle AVDF release 20.1 to 20.7)

    Post-Install Configuration page (Oracle AVDF release 20.8 and later):

  4. From this page, you must set the usernames and passwords (required), set up the time, and DNS servers.

4.4 Setting the Usernames and Passwords of Audit Vault Server Users

Set up usernames and passwords for Oracle Audit Vault and Database Firewall (Oracle AVDF).

In the post-install configuration page, you set up usernames and passwords for the following Oracle Audit Vault and Database Firewall users:

  • Super Administrator
  • Super Auditor
  • Repository Encryption Keystore
  • Support
  • Root

Changing the root user password on this screen is optional as it is already set during installation.

See Also:

Separation of Duties for a description of each user.

Note:

Do not use the root or support users unless instructed to do so in documentation or by a customer support representative.

4.4.1 About Administrator and Auditor User Names

Oracle recommends that you create administrator and auditor user accounts after you install Oracle Audit Vault and Database Firewall (Oracle AVDF).

The administrator and auditor user names must follow these rules:

  • The first character has to be alphabetical.
  • 1 to 30 characters long.
  • Each remaining character is either alphanumeric or an underscore (_), dollar sign ($), or number sign (#).

Note:

The administrator and auditor user names are upshifted (that is, any lowercase alphabetic characters are replaced by their uppercase equivalents). Also, the Audit Vault Server does not support quoted user names.

See Also:

Separation of Duties for a description of each user account.

4.4.2 Password Requirements

Set password management guidelines for the Audit Vault and Database Firewall (Oracle AVDF) user accounts.

For example, you may require that users change their passwords on a regular basis, such as every 120 days, and that they create passwords that are not easily guessed.

The following sections describe the minimum password requirements for Oracle Audit Vault and Database Firewall.

Requirements for Passwords Containing Unicode Characters

If your password contains unicode characters (such as non-English characters with accent marks), the password requirement is that it:

  • Be between 8 and 30 characters long.

Requirements for English-Only (ASCII) Passwords

If you are using English-only, ASCII printable characters, Oracle Audit Vault and Database Firewall requires that passwords:

  • Be between 8 and 30 characters long.

  • Contain at least one of each of the following:

    • Lowercase letters: a-z.

    • Uppercase letters: A-Z.

    • Digits: 0-9.

    • Punctuation marks: comma (,), period (.), plus sign (+), colon(:), exclamation mark (!), and underscore (_)

  • Not contain double quotes ("), back space, or control characters.

In addition, Oracle recommends that passwords:

  • Not be the same as the user name.

  • Not be an Oracle reserved word.

  • Not be an obvious word (such as welcome, account, database, and user).

  • Not contain any repeating characters.

See Also:

4.4.3 Setting the Passwords For Audit Vault Server Users

Steps for setting the passwords for the Audit Vault Server users.

To set the passwords of the Audit Vault Server administrator, auditor, root, and support user:

  1. Access the Audit Vault Server Post-Install Configuration page.
  2. Under User Setup:
    • In the Super Administrator field, enter the administrative user name.

    • Under the Super Administrator field, enter the administrator Super Administrator Password, then confirm it in the Re-enter Password field.

    • Click Validate username.

      The administrator username that you entered is validated. If this name is valid, then you can use it; if not, then you must enter a valid name.

    • In the Super Auditor field, enter the super auditor user name.

    • Under the Super Auditor, field, enter the auditor Super Auditor Password, then confirm it in the Re-enter Password field.

    • Click Validate username.

      The auditor username that you entered is validated. If this name is valid, then you can use it; if not, then you must enter a valid name.

  3. Under Repository Encryption, enter the Keystore Password, and then re-enter it.

    On new, full installations of Oracle Audit Vault and Database Firewall 12.2 or later, audit event data in the Audit Vault Server's repository is automatically encrypted using Oracle Database Transparent Data Encryption (TDE). The repository encryption keystore password is required to reset the TDE master key.

  4. Under Root Password, in the fields labeled Root Password and Re-enter New Password, type the password for root.
  5. Under Support User Password, in the fields labeled Support Password and Re-enter New Password, type the password for the support user.

4.5 Setting the Audit Vault Server Time (Strongly Recommended)

Steps to set the Audit Vault Server time.

To set the Audit Vault Server time:

  1. Access the Audit Vault Server Post-Install Configuration page.

  2. Expand the Time Setup section.

  3. Select either Set Manually or Use NTP.

    Note:

    Oracle strongly recommends that you select Use NTP. In addition, it is recommended that you also use an NTP service on your targets to avoid confusion on timestamps on the alerts raised by the Audit Vault Server.
  4. If in step 3 you selected Use NTP, then for each of the fields Server 1 Address, Server 2 Address, and Server 3 Address:

    1. Type either the IP address or name of a preferred time server.

      If you type a name, the DNS server specified in the System Services page is used for name resolution.

    2. Click Test Server.

      The time from the specified server appears.

  5. If in step 3 you selected Set Manually, then set the Date fields to your current local day and time.

  6. Either click Save or proceed to set the DNS servers for the Audit Vault Server.

4.6 Setting the Audit Vault Server DNS Servers (Recommended)

Steps to set the DNS servers for the Audit Vault Server.

The Audit Vault Server DNS servers are used to resolve any host names that Audit Vault Server might use.

Note:

Set Audit Vault Server DNS server values only if the network has DNS servers, otherwise system performance will be impaired.

To set the DNS servers for the Audit Vault Server:

  1. Enter the IP addresses of up to three DNS servers on the network in the Server 1, Server 2, and Server 3 fields.

    Leave the fields blank if there are no DNS servers.

  2. Click Save.

4.7 Networking Setup And Configuration

Oracle Audit Vault and Database Firewall can be setup or configured for access through DNS.

The host name must match the FQDN used for access.