Enable FIPS, SE Linux, and STIG on the DB System Components
This article describes the procedure to add Federal Information Processing Standards (FIPS), Security Enhanced (SE) Linux, and Security Technical Implementation Guide (STIG) standards security enhancements to the DB system.
Enable FIPS, SE Linux, and STIG
Perform the following steps on each system node.
- Open an SSH session to the DB system node and switch to the root user, then navigate to
/opt/oracle/dcs/bin
.sudo -s cd /opt/oracle/dcs/bin
- Run the following command.
dbcli secure-dbsystem -se -sd -fo -fd
Output:Job details ---------------------------------------------------------------- ID: <job_ID_number> Description: Secure DB System Status: Created Created: November 8, 2020 4:12:29 PM UTC Progress: 0% Message: Task Name Start Time End Time Status
- Verify the job details.
dbcli describe-job -i <job_ID_number>
The output provides information about the progress, status, and details of the job.Job details ---------------------------------------------------------------- ID: <job_ID_number> Description: Secure DB System Status: Success Created: November 8, 2020 4:12:29 PM UTC Progress: 100% Message: Task Name Start Time End Time Status ------------------------------------------------------------------------ ----------------------------------- ------- Enable SE Linux [<name>] November 8, 2020 4:12:31 PM UTC November 8, 2020 4:12:31 PM UTC Success Enable STIG for DOD [<name>] November 8, 2020 4:12:31 PM UTC November 8, 2020 4:12:49 PM UTC Success Enable FIPS for OS [<name>] November 8, 2020 4:12:49 PM UTC November 8, 2020 4:14:43 PM UTC Success Enable FIPS for DB Home [<DB_home_name_1>] November 8, 2020 4:14:43 PM UTC November 8, 2020 4:14:43 PM UTC Success Enable FIPS for DB[<DB_name_1>] November 8, 2020 4:14:43 PM UTC November 8, 2020 4:14:46 PM UTC Success Enable FIPS for DB Home [<DB_home_name_2>] November 8, 2020 4:14:46 PM UTC November 8, 2020 4:14:46 PM UTC Success Enable FIPS for DB[<DB_name_2>] November 8, 2020 4:14:46 PM UTC November 8, 2020 4:14:49 PM UTC Success
- After the job details output shows the Status as "Success", you must restart your DB system node using the Console. This is required because enabling FIPS and SE Linux updates the OS kernel. For instructions, see Reboot a DB System.
Checking a DB System Node for FIPS and SE Linux Configurations
dbcli
command.dbcli get-dbsystemsecurestatus
{
"isSELinuxEnabledForOS" : true,
"isFipsEnabledForOS" : true,
"fipsStatusForDBs" : [ {
"databaseResId" : "<DB_ID_number>",
"status" : true
} ]
}
Enable FIPS, SE Linux, and STIG on the DB System Components
Copyright © 2022, 2023, Oracle and/or its affiliates.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.