Release Notes contain important information about Oracle Audit Vault and Database Firewall Release 20.1.

1.1 New Features In Oracle Audit Vault and Database Firewall Release 20.1

Expanded Audit Collection

Simplified Database Firewall

Enhanced User Interface

  • A new redesigned user interface with simplified navigation for common workflows.
  • Rich dashboards for auditors and administrators.
  • Supports provisioning of recommended Unified audit policies. See Provisioning Unified Audit Policies for complete information.
  • Unified console for Audit and Firewall management. Registering a target for audit collection and Database Firewall monitoring is simplified. See Registering Targets for complete details.

Improved Enterprise Support

1.2 Product Compatibility Matrix

See section Product Compatibility Matrix in the Oracle Audit Vault and Database Firewall Installation Guide for information on supported targets and deployment options for Audit Vault Server.

1.3 Downloading the Audit Vault and Database Firewall Documentation

1.4 Installing or Upgrading Oracle Audit Vault and Database Firewall

This section contains instructions and references to install or upgrade to 20.1.

Note:

Upgrade to Oracle AVDF 20 at the earliest as premier support for release 12.2 ends in March 2021, as specified in the Oracle Lifetime Support Policy Guide. Refer to Oracle AVDF 20 Installation Guide > Chapter 5 Upgrading Oracle Audit Vault and Database Firewall for complete information.

Before you begin the upgrade, be aware of the following issues:

  • For upgrading to Oracle Audit Vault and Database Firewall version 20.1, you must be on 12.2.0.9.0 or above.
  • In case you have to follow multi hop upgrade to 20.1, perform a single backup operation prior to the first upgrade.

1.5 Known Issues

This section lists the system's current known issues, with workarounds if available. Be sure to apply the latest bundle patch. New installations include the latest bundle patch.

In general, if you experience a problem using the Audit Vault Server console, try running the same command using the AVCLI command line utility.

Note:

For additional known issues in Oracle AVDF 20.1, refer to the MOS note (Doc ID 2688423.1).

1.5.1 Host Monitor Displays 12.2 Version Post Upgrade

Issue: After upgrading Oracle Audit Vault Server and Database Firewall appliance to 20.1, the Host Monitor version on the Audit Vault Server console displays as 12.2.0.0.0. This issue is only observed for Linux/AIX/Solaris hosts and not on Windows hosts.

Workaround: None. If the Host Monitor has version 12.2.0.0.0, is in Installed state, and the Audit Vault Agent version is 20.1, then the Host Monitor has automatically upgraded to version 20.1. It is fully functional. The version displayed in the Audit Vault Server console is incorrect.

1.5.2 Unsupported Character Sets in Oracle Database Directory Trails

Issue: Oracle Database related DIRECTORY and SYSLOG audit trails do not support some of the database character sets.

They are NE8ISO8859P10, JA16DBCS, KO16DBCS, CE8BS2000, CL8BS2000, CL8EBCDIC1158R, EE8BS2000, EL8EBCDIC423R, SE8EBCDIC1143, WE8BS2000, WE8BS2000E, and WE8BS2000L5.

There are 5 characters that are not supported in WE8DEC database character set.

Workaround: None.

1.5.3 DIRECTORY and SYSLOG Audit Trails Do Not Stop

Issue: For Oracle DIRECTORY and SYSLOG audit trails, when the system is unable to determine the character set to open the audit file, the audit trails do not stop.

Workaround: None.

1.5.4 Unable to Drop the Disk from Audit Vault Server Console

Issue: Unable to drop the disk using Audit Vault Server console. The radio button is not visible.

Workaround: Follow these steps to drop the disk:

  1. Log in to the AVCLI as super administrator.

  2. Execute the following command:

    
    ALTER DISKGROUP <SYSTEMDATA|EVENTDATA|RECOVERY> DROP DISK <disk name> [ON SECONDARY]
    

1.5.5 Unable to Set Custom Ports in Audit Vault Server

Issue: Unable to set custom ports in Audit Vault Server.

Workaround: Attempt to set the custom port again using same steps.

1.5.6 Unable to Set the Network Interface for Database Firewall

Issue: Unable to set the network interface for a Database Firewall instance in the Audit Vault Server console. This happens when the name of the network interface is not available.

Workaround: Provide the name of the Network Interface while configuring the network interface. This solves the problem.

1.5.7 Deleting Session Context Rule in Firewall Policy Fails With Error

Issue: Deleting session context rule in a Firewall policy fails with the following error:

ERROR DELETING SESSION CONTEXT RULE(S)

Workaround: Follow these steps to delete the session context:

  1. Click on the session context rule that needs to be deleted.
  2. Change the name of the session context rule.
  3. Click Save.
  4. Select the renamed session context rule from the list.
  5. Click Delete. The session context rule is successfully deleted.

1.5.8 Unable to Apply Firewall Policies to any Target

Issue: Unable to apply Database Firewall policies to any target. This occurs when the Audit Vault Server is upgraded to 20.1 and the Database Firewall instance is on 12.2 version.

Workaround: Upgrade the Database Firewall instance to version 20.1.

1.5.9 Unable to Synchronize NTP Server Time

Issue: Unable to synchronize the NTP server time for the Database Firewall instance using the Audit Vault Server console.

Workaround: Log in to the console as root user and execute the following command:

/opt/avdf/config-utils/bin/config-ntp set servers="<NTP server IPs separated by space>" sync_on_save=true enabled=true

1.5.10 Firewall Policies Applied on Non Oracle Databases

Issue: Firewall policies appear to be applied on non Oracle Databases, when it is originally applied on Oracle Databases. This occurs when the user selects Pass All Firewall policy and applies on the Oracle Database targets. The Audit Vault Server console displays that the policy is applied on other targets as well.

Workaround: Follow these steps to resolve the issue:

  1. Log in to the Audit Vault Server console as auditor. The auditor has access to non Oracle Database targets.
  2. Click Targets in the main tab.
  3. Select the specific target for which the Firewall policy has to be checked.
  4. Navigate to the Database Firewall Monitoring tab.
  5. Take necessary action.

1.5.11 OAV-46992 Error Encountered While Creating Firewall Monitoring Point

Issue: Duplicate records or instances are displayed in the Audit Vault Server console while creating Database Firewall monitoring point for resilient pair. OAV-46992 error is encountered when registering a target and when creating a monitoring point in Monitoring / Blocking (Proxy) mode. The target is created successfully even with the error encountered. However, the monitoring point is not created.

Workaround: Log in to the Audit Vault Server console as administrator. Create a Database Firewall monitoring point for the registered target.

1.5.12 Unable to Access the AVS Console After Changing the Audit Vault Server Time using NTP Server or Manually

Issue: After changing the Audit Vault Server time using NTP server or manually, there may be a difference in few minutes. This may bring down the Automatic Storage Management and the database. This results in an error and the Audit Vault Server console is not accessible.

Workaround:

  1. Log in as root user.

  2. Execute the following command:

    systemctl stop dbfwdb

    Note:

    Check the exit status of the command by running the echo $? command. If the exit status is non-zero, then contact Oracle Support. If the exit status is zero, then only proceed with executing the next command.
  3. Execute the remaining commands in a sequence and proceed only if the exit status is zero:

    systemctl stop asmdb
    systemctl start asmdb
    systemctl start dbfwdb

1.5.13 Archive Location Is Not Accessible During Archiving Or Retrieving

Issue: The archive location is not accessible. This issue may be encountered during archiving or retrieving post upgrade or installation of release 12.2.0.11.0.

Workaround: This may be due to a "-" (dash or hyphen) in the export directory name for NFS archiving locations. Check for "-" (dash or hyphen) in the export directory name and delete that filesystem from the Audit Vault Server.

Note:

  • Oracle AVDF 20.1 and later supports Network File System (NFS) versions v3 and v4 for archive or retrieve functionality.

  • NFS v3 only is not supported.

  • If your NFS server supports and permits both v3 and v4 for archive or retrieve, then no action is required.

  • In case you have NFS v4 only in your environment for archive or retrieve, then set the _SHOWMOUNT_DISABLED parameter to TRUE using the following steps:

    1. Log in to the Audit Vault Server as root.
    2. Switch user to oracle: su oracle
    3. Start SQL*Plus connection as sqlplus /nolog without the username or password.
    4. In SQL*Plus execute the command: connect <super administrator>
    5. Enter the password when prompted. Alternatively, execute the command: connect <super administrator/password>
    6. Execute the command: exec avsys.adm.add_config_param('_SHOWMOUNT_DISABLED','TRUE');

1.5.14 Unable To SSH Into Oracle Audit Vault And Database Firewall After Upgrade

Issue: SSH no longer connects after upgrade to Oracle Audit Vault And Database Firewall 12.2.0.11.0.

Workaround: Upgrade SSH client to a version that supports SHA-256.

1.5.15 AVS Reboot with SAN Storage Can Cause Proxy Errors

Cause: If the same iSCSI target is shared between more than one AVS instance, it can cause proxy errors.

Workaround: Ensure that each iSCSI target is exclusive to an AVS instance.

1.5.16 Pre-Upgrade Process Failed After Remove and Re-Install

Cause: The RPM process can hold open file descriptors after it has removed the pre-upgrade RPM, making it produce an error when attempting to re-install.

Workaround: Reboot the appliance and reinstall the pre-upgrade RPM to work round this issue.

1.5.17 Rebooting After Running Pre-Upgrade RPM Results in /var/dbfw/upgrade Not Mounted

Cause: After the pre-upgrade RPM is installed, you must manually mount the upgrade media partition if the appliance is rebooted.

Workaround: Run mount /var/dbfw/upgrade to remount the partition.

1.5.18 Check For Busy Devices Before Starting The Upgrade Process

Cause: Check for any busy devices before starting the upgrade process. The upgrade may not check for busy volumes and may result in an error.

Workaround: Run lsof against /tmp and /usr/local/dbfw/tmp to discover any open temporary files. Ensure that no logs are open when starting the upgrade process.

1.5.19 Upgrade Fails If The Time Settings For The Primary And Standby Servers Are Out Of Synch By More Than 3 Minutes

Cause: If the primary and standby server time settings are out of sync by more than 3 minutes, then upgrade will fail raising the following error: ORA-29005: The certificate is invalid.

Workaround: You must synchronize the time on the primary and standby servers before commencing upgrade.

1.5.20 "Failed Install Or Upgrade" Dialog Box Appears During Installation Or Upgrade

Problem: I see a blue screen that states:

The system has encountered a problem, and will start minimal services so that you can log in and recover.

It provides the current status of the installation or upgrade and asks you to check the system log for more information and contact Oracle Support.

Workaround: Upon seeing this blue screen, perform the following:

  1. Log in as root user.

  2. Execute the following command to install the diagnostic tool:

    rpm -i /usr/local/dbfw/packages/avs-diagnostic-20.1.0.0.0-0_*.x86_64.rpm
  3. Capture the diagnostics archive by running the following diagnostics package to output the name of the archive file:

    /usr/local/dbfw/bin/priv/dbfw-diagnostics-package.rb

    Note:

    If this command creates a file diagnostics-not-enabled.readme follow the instructions in that file to enable the diagnostics and generate the archive.

  4. File a Service Request (SR) and attach the archive to the SR.

Note:

Once Oracle Audit Vault and Database Firewall detects an error in the installation or upgrade, it will not start any more services, but it will retain any started services so that they can be debugged.

1.5.21 Oracle Audit Vault And Database Firewall May Fail To Install On Sun X4-2

Symptoms: The pre-reboot part of install is normal. However, after reboot, the system presents the user with a black screen containing only the text Hard disk error.

Cause: These servers include a small internal USB drive for the Oracle System Assistant. This device contains a Linux installation, which conflicts with the bootloader in Oracle Audit Vault and Database Firewall 20.1 and later.

Solution: To install Oracle Audit Vault and Database Firewall 20.1 or later, you must first disable Oracle System Assistant from the BIOS menu. If the option to disable the OSA is greyed out, reset the BIOS to enable it.

1.5.22 Before Re-booting The System During The Upgrade Process, Check The Group Status Volume To Ensure Only A Single Instance Of VG (vg_root) Exists

Cause: Re-using storage from a previous installation. Having two instances of vg_root in the (VG), may result in kernel panic or upgrade failure upon reboot of the system. The cases may include iSCSI or re-using the hard drives.

In addition, it is possible for the system to go into kernel panic mode if the additional storage to vg_root VG is iSCSI-based storage.

Solution: Only a single instance of VG (vg_root) can exist. In case there are more instances, they must be removed. Failure to comply may result in kernel panic or upgrade failure.

Contact Oracle Support for assistance.

1.5.23 Error While Pairing Database Firewall With Audit Vault Server

Cause: An error OAV-46599: internal error Unable to remove data from previous paring of this firewall with AVS is encountered while pairing Database Firewall which impacts registration of a newly installed Database Firewall with Audit Vault Server.

Workaround: Reboot Firewall and register Firewall again on the Audit Vault Server.

1.5.24 Problem Encountered While Installing Agent On Host Computer With Multiple Network Interface Cards

Cause: You may encounter a problem while installing the agent on a host computer with Multiple Network Interface Cards leading to Audit Vault Server.

Workaround:

  • The administrator has to ensure that relevant routes are in place on the host machine in such a way that one network interface card leads to one Audit Vault Server.

  • The administrator must configure the network and plan the routing table to accommodate multiple network interface cards. The network routing table determines how the packets are routed, their path, and the preferred network adapter. In case this is not effectively designed, then the agent installation may fail.

1.5.25 Missing Data File In The Archive Page Post Upgrade Of Oracle Audit Vault And Database Firewall

Cause: In case there are archive files in the Audit Vault Server that are not encrypted post upgrade followed by restore and release operations, it may result in missing data file.

Workaround:

  1. Execute the encryption script. See section Data Encryption on Upgraded Instances.

  2. In case the archive files are remote, click Set Tablespaces Available on the Audit Vault GUI to encrypt the remote data file.

  3. The data file is now listed on the archive page.

1.5.26 Unable To Remove Pre-Upgrade RPM

Cause: It may not be possible to remove the pre-upgrade RPM if there are open SSH connections on the appliance.

Workaround: Close all the open SSH connections and attempt to remove the pre-upgrade RPM.

1.5.27 Host Monitor Selects Wrong Net Device On Windows With Multiple Preferred

Host Monitor might choose incorrect network device if multiple preferred devices exist.

This can occur when the default network adapter that the host monitor uses (of type Intel(R) PRO/1000 MT Network Adapter) is for the wrong network.

Workaround:

Change the network adapter the host monitor uses so that traffic is captured from the correct network for the target. Follow these steps:

  1. Check the Host Monitor log file and look for a section similar to:

    The selected network device for capturing is:
    \Device\NPF_{22E6D6FF-43E2-4212-9970-05C446A33A35}. To change the device update the network_device_name_for_hostmonitor attribute at Collection Attributes to any one value from the list:
    \Device\NPF_{17C832B3-B8FC-44F4-9C99-6ECFF1706DD1},
    \Device\NPF_{22E6D6FF-43E2-4212-9970-05C446A33A35},
    \Device\NPF_{60611262-3FCC-4374-9333-BD69BF51DEEA} and restart the trail
    

    This indicates which device is being used, and which devices are available. For more information on the available devices, you can run the host monitor in debug mode.

  2. In the Audit Vault Server console, Targets tab, click the target you want.

  3. In the Modify Collection Attributes section, Attribute Name field, enter:

    network_device_name_for_hostmonitor
  4. In the Attribute Value field, enter the device name. For example: \Device\NPF_{17C832B3-B8FC-44F4-9C99-6ECFF1706DD1}

  5. Click Add, and then Save.

  6. Restart the audit trail for this target.

Note:

Alternatively follow the steps documented in section Create a Network Audit Trail for Windows hosts in Administrators Guide.

1.5.28 Custom Collection Plugin Packaged on Windows Does Not Work on Linux

The avpack plug-in that is packaged on Windows does not work on Linux. In other words, you cannot run the avpack plug-in on Linux after you have packaged it on Windows. To produce this error:

  1. Download the Oracle AVSDK on Windows.

  2. Package the plug-in on Windows.

  3. Deploy the plug-in on Oracle AVDF.

  4. Install an Oracle AVDF Agent on Linux.

  5. Start an audit trail for this Linux host. However, the audit trail cannot start.

Workaround: If you want to run the Agent and audit trail collection on Linux, then package the plug-in on Linux, not on Windows. If you package the plug-in on Linux, then Agent and audit trail collection can run on either Linux or Windows.

1.5.29 Agent Host Is Not Registered When Machine Has Multiple Interfaces

Agent installation fails with java -jar agent.jar -d $ORACLE_BASE/av_agent error.

Workaround:

  • The administrator has to ensure that relevant routes are in place on the host machine in such a way that one network interface card leads to one Audit Vault Server.
  • The user must have sufficient privileges to the Management Interface to add hosts and assign IP addresses.
  • The administrator must configure the network and plan the routing table to accommodate multiple network interface cards. The network routing table determines how the packets are routed, their path, and the preferred network adapter. In case this is not effectively designed, then the Agent installation may fail.

1.5.30 Database Firewall is Unable to Monitor Root Container Database Targets With Native Encryption Enabled

Issue

Database Firewall does not support decryption of traffic using with native encryption for root container databases. Running ASO advance security integration script on root container database does not work. Set up Database Firewall ASO integration on every pluggable databases and configure the Database Firewall to monitor them.

Workaround

None.

1.6 Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.