Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Discover Unmonitored Databases in Hybrid Cloud Environments and Secure them with Oracle Data Safe

Introduction

In today’s rapidly evolving technological landscape, the hybrid cloud environment has become a cornerstone for many organizations seeking flexibility and scalability in their IT infrastructure. However, with this shift comes the challenge of managing and securing vast amounts of data across various platforms. Unmonitored databases within these hybrid environments pose significant risks, including data breaches and unauthorized access.

This tutorial delves into the critical task of identifying these unmonitored databases and provides a comprehensive guide on leveraging Oracle Data Safe to secure them effectively.

Discovering all your Oracle databases in a hybrid environment involves identifying databases both on-premises and in the cloud.

Audience

• Database administrators and Oracle Cloud Infrastructure (OCI) administrators.

Objectives

• We will comprehensively discover and inventory all Oracle databases across cloud and on-premises environments, ensuring their security and compliance through the implementation of Oracle Data Safe monitoring.

  We are going to focus on how to retrieve the existing Oracle database details with a simple use case.

  Use Case: Discover the unmonitored databases in hybrid cloud environments and secure them with Oracle Data Safe.

  • OCI Database discovery.
  • On-premises and other cloud provided Oracle database discovery.
  • Register unmonitored databases with Oracle Data Safe.

Prerequisites

• OCI Compute instance with Oracle Linux: Configure OCI Compute instance with Oracle Linux V8. For more information, see Creating an Instance and Tutorial - Launching Your First Linux Instance.

• Install Nmap Package: Nmap is an open-source network scanning tool for Linux. It is used for network exploration, host discovery, and security auditing.

  yum install nmap
  nmap --version
  

  Output:

  [root@linuxdb:~]$ nmap --version
  
  Nmap version 7.92 ( https://nmap.org )
  
  Platform: x86_64-redhat-linux-gnu
  
  Compiled with: nmap-liblua-5.3.5 openssl-1.1.1k libz-1.2.11 libpcre-8.42 libpcap-1.9.1
  nmap-libdnet-1.12 ipv6
  
  Compiled without: libssh2
  
  Available nsock engines: epoll poll select
  

Task 1: Run OCI Cloud Shell

Access the OCI Cloud Shell to utilize its integrated capabilities.

1. Log in to the OCI Console.

   

2. Click Cloud Shell from the drop-down menu. Note that the OCI Command Line Interface (CLI) running in the OCI Cloud Shell will run commands against the region selected in the console’s region selection menu when the OCI Cloud Shell was started.

   

Task 2: Identify All OCI Databases

Utilize the OCI Cloud Shell to comprehensively discover and catalog all OCI Databases in your environment.

1. Run the following command to list all Oracle Autonomous Database.

   oci db autonomous-database list --compartment-id <compartment-id>  | jq -r '.data[]."db-name"'
   

   

2. Run the following command to list all Database-as-a-Service (DBaaS) databases.

   oci db database list --compartment-id <compartment-id>  | jq -r '.data[]."db-name"'
   

   

3. Run the following command to list all DBaaS Pluggable Database (PDB) databases.

   oci db database list --compartment-id <compartment-id>  | jq -r '.data[]."pdb-name"'
   

   

4. Run the following command to list all the databases by OCI search.

   oci search resource structured-search --query-text "query dbsystem,AutonomousDatabase resources" --output json | jq -r '.[][][]."display-name"'
   

   

Task 3: Scan On-Premises and Other Cloud Databases

Employ Nmap to detect and inventory all Oracle databases hosted On-Premises and across other cloud providers.

1. List the databases with Nmap.

   • Run the following Nmap command to get the list of server IP’s.

     cat server_list.txt
     nmap -sV -p 1521 -iL server_list.txt -oG - | grep '/open/' | awk 'BEGIN { FS="[ /]"; print "Server,Service,Version" }/open/ { print $2 "," $8 "," $13 }'
     

     

2. List the databases with Nmap with IP range.

   • Run the following Nmap command with IP’s range.

     nmap -sV -p 1521 129.**.**.0/24 -oG - | grep '/open/' | awk 'BEGIN { FS="[ /]"; print "Server,Service,Version" }/open/ { print $2 "," $8 "," $13 }'
     

     

Task 4: Secure Database Monitoring

Implement robust security monitoring for all databases using Oracle Data Safe to ensure ongoing protection and compliance.

1. List the Target Databases registered with Oracle Data Safe.

   oci search resource structured-search --query-text "query DataSafeTargetDatabase resources" --output json |jq -r '.[][][]."display-name"'
   

   The list of databases registered with Oracle Data Safe.

   

2. Register the remaining unmonitored databases with Oracle Data Safe.

   In this tutorial, we register all the autonomous databases that are not yet registered in Oracle Data Safe. We use the OCI CLI through OCI Cloud Shell. Using a OCI CLI is easy and efficient for this task. For more information, see OCI CLI Command Reference.

   Run the following command to register the autonomous database with Oracle Data Safe in OCI CLI.

   oci db autonomous-database data-safe register --autonomous-database-id $autonomous_database_id --pdb-admin-password $pdb_admin_password
   

   Expected Output:

   

Note:

• For more information about how to register Target Databases with Oracle Data Safe, see Target Database Registration

• Using Data Safe Console: To register databases and manage security posture with Oracle Data Safe, see Simplify Database Security Posture Management with Oracle Data Safe.

Related Links

• Oracle Data Safe

• Oracle Cloud Infrastructure (OCI) Cloud Shell

• OCI CLI Command Reference

• Installing the OCI CLI

Acknowledgments

• Author - Alex Kovuru (Principal Cloud Architect)

• Contributor - Indiradarshni Balasundaram (Cloud Engineer)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Discover Unmonitored Databases in Hybrid Cloud Environments and Secure them with Oracle Data Safe

G13012-01

August 2024

Copyright ©2024,

Oracle and/or its affiliates.