Security Assessment Tool User Guide
Release 2.0.2
E72220-05
July 2018
The Oracle Database Security Assessment Tool (DBSAT) analyzes database configurations, users, their entitlements, security policies and identifies where sensitive data resides to uncover security risks and improve the security posture of Oracle Databases within your organization.
You can use DBSAT report findings to:
Fix immediate short-term risks
Implement a comprehensive security strategy
Support your regulatory compliance program
Promote security best practices
Using DBSAT, you can:
Quickly and easily assess the current security status and identify sensitive data within the Oracle Database.
Reduce risk exposure using proven Oracle Database Security best practices and CIS benchmark recommendations.
Leverage security findings to accelerate compliance with EU GDPR and other regulations.
Improve the security posture of your Oracle Databases and promote security best practices.
Note:
DBSAT is a light weight utility that will not impair system performance in a measurable way.
The Database Security Assessment Tool (DBSAT) consists of the following components:
Collector:
The Collector executes SQL queries and runs operating system commands to collect data from the system to be assessed. It does this primarily by querying database dictionary views. The collected data is written to a JSON file that is used by the DBSAT Reporter in the analysis phase.
Reporter:
The Reporter analyzes the collected data and generates a Database Security Assessment Report in HTML, Excel, JSON, and Text formats. The Reporter can run on any machine: PC, laptop, or server. You are not limited to running the Reporter on the database server or the same machine as the Collector.
Discoverer:
The Discoverer executes SQL queries and collects data from the system to be assessed, based on the settings specified in the configuration files. It does this primarily by querying database dictionary views. The collected data is then used to generate a Database Sensitive Data Assessment Report in HTML and CSV formats. The Discoverer can run on any machine: PC, laptop, or server. You are not limited to running the Discoverer on the database server or the same machine as the Collector or Reporter.
The following figure shows the components, sources, and reports of the Database Security Assessment Tool.
Figure - DBSAT Components, Sources, and Reports
For more information about the Collector, Reporter, and Discoverer, see Using the Database Security Assessment Tool.
The following sections outline the prerequisites for the Database Security Assessment Tool:
The database configuration collection queries run on most supported Oracle Database platforms. However, currently the OS data collection will be skipped on Windows platforms.
DBSAT runs on:
Solaris x64 and Solaris SPARC64
Linux x86-64
Windows x64
HP-UX IA (64-bit)
IBM AIX (64-bit) & Linux on zSeries (64-bit)
You can run the DBSAT tool on Oracle Database 10.2.0.5 and later releases.
Ensure that the directories holding these files are secured with the appropriate permissions.
Delete the files securely after you implement the recommendations they contain.
Share them with others in their (by default) encrypted form.
Grant user permissions on a short-term basis and revoke these when no longer necessary.
Caution:
This tool is intended to assist in you in identifying potential sensitive data and vulnerabilities in your system. Further, the output generated by this tool may include potentially sensitive system configuration data and information that could be used by a skilled attacker to penetrate your system. You are solely responsible for ensuring that the output of this tool, including any generated reports, is handled in accordance with your company's policies.
DBSAT uses Zip and Unzip to compress or decompress the generated files. DBSAT searches for Zip and Unzip utilities in the default locations shown below. In order to use other Zip and Unzip utilities, update the following lines in the relevant script.
Windows (dbsat.bat script):
SET ZIP_CMD=%ORACLE_HOME%\bin\zip.exe SET UNZIP_CMD=%ORACLE_HOME%\bin\unzip.exe
Note:
The Unzip utility is not included in Oracle Database 12.2 and higher. Ensure that you have installed an utility such as WinZip or WinRar, and add the path to the utility in theSET UNZIP_CMD
parameter.All other platforms (dbsat script):
ZIP=/usr/bin/zip UNZIP=/usr/bin/unzip DBZIP=${ORACLE_HOME}/bin/zip
The following are the prerequisites for the components of the Database Security Assessment Tool:
In order to collect complete data, the DBSAT Collector must be run on the server that contains the database, because it executes some operating system commands to collect process and file system information that cannot be obtained from the database. In addition, the DBSAT Collector must be run as an OS user with read permissions on files and directories under ORACLE_HOME
in order to collect and process file system data using OS commands.
The DBSAT Collector collects most of its data by querying database views. It must connect to the database as a user with sufficient privileges to select from these views. You can grant the DBSAT user the individual privileges in the following list, or you can grant this user the DBA role plus the DV_SECANALYST
role if needed.
If you plan to run only the Discoverer component, you can use just the privileges marked with an asterisk (*) below.
Required privileges and roles:
CREATE SESSION
*
READ
or SELECT
on SYS.REGISTRY$HISTORY
Role SELECT_CATALOG_ROLE
*
Role DV_SECANALYST
* (if Database Vault is enabled)
Role AUDIT_VIEWER
(12c and later)
Role CAPTURE_ADMIN
(12c and later)
READ
or SELECT
on SYS.DBA_USERS_WITH_DEFPWD
(11g and later)
READ
or SELECT
on AUDSYS.AUD$UNIFIED
(12c and later)
Note:
In order to successfully collect Database Vault information in a Database Vault protected environment, you must connect as a non-SYS user with the DV_SECANALYST role.The Reporter is a platform-independent Python program and requires Python 2.6 or later to run.
The Discoverer is a Java program and requires the Java Runtime Environment (JRE) 1.8 (jdk8-u172) or later to run.
The Discoverer collects metadata from database dictionary views and matches them against the patterns specified to discover sensitive data. The Discoverer must connect to the database as a user with sufficient privileges to select from these views. For more information about DBSAT user privileges, see Collector Prerequisites.
Note:
The Discoverer relies on table statistics to get row counts. In order to get accurate row count results,DBMS_STATS
should be executed by the Database Administrator before the DBSAT user runs the Discoverer.The Database Security Assessment Tool (DBSAT) is installed on the database server.
You can run the Collector, Reporter, and Discoverer from the /home/oracle/dbsat
directory.
You can also add this directory to your PATH
and skip the step of going to the directory every time you want to run the tool.
You can generate the following reports with the Collector, Reporter, and Discoverer components:
Database Security Assessment Report
The Collector and Reporter components are used to generate a Database Security Assessment Report.
The following figure shows the components and architecture of the Collector and Reporter.
Figure - Collector and Reporter Components and Architecture
Database Sensitive Data Assessment Report
The Discoverer component is used to generate a Database Sensitive Data Assessment Report.
The following figure shows the components and architecture of the Discoverer.
Figure - Discoverer Components and Architecture
The following sections describe how to run these components:
The Collector queries the database to collect data that will be analyzed by the Reporter.
Note:
The Collector connects to the database. Ensure that the target database and listener are running before running the Collector.The Reporter analyses the data collected by the Collector and makes recommendations to improve the security of the database.
dbsat report
.The Discoverer executes SQL queries and collects data from the system to be assessed, based on the settings specified in the configuration and pattern files.
The settings in the configuration file determine the behavior of the Discoverer.
The following table describes the configuration settings in the dbsat.config
file:
Section | Key | Value | Description |
[Database] | DB_HOSTNAME |
|
Hostname or IP Address of the target database server |
DB_PORT |
The default is 1521. |
Listener port number for the target database. If a port number is not specified, the default port 1521 is used. |
|
DB_SERVICE_NAME |
|
Service name for the target database |
|
SSL_ENABLED |
The default is |
Specifies if SSL is enabled or disabled when connecting to the Database Server. This is an optional argument. It is recommended that the If |
|
SSL_TRUSTSTORE |
Example: |
Specifies the absolute path to the TrustStore, and the TrustStore file name. Mandatory if |
|
SSL_TRUSTSTORE_TYPE |
|
Specifies the type of TrustStore. Use Use Use |
|
SSL_KEYSTORE |
Example: |
Specifies the absolute path to the KeyStore, and the KeyStore file name. If Mandatory if the Database server requires client authentication. |
|
SSL_KEYSTORE_TYPE |
|
Specifies the type of KeyStore. Use Use Use |
|
SSL_DN |
|
Distinguished Name (DN) of the target Database server. Specify the DN if the server’s DN needs to be checked. This is an optional argument. |
|
SSL_VERSION |
The default is |
Specifies the version of the SSL protocol to use when connecting to the Database Server. This is an optional argument. Use Use Use |
|
SSL_CIPHER_SUITES |
Example: |
Specifies the Cryptographic Algorithms to be used. Multiple entries can be specified as a comma-separated list. This is an optional argument. For information about supported cryptographic suites, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html. |
|
[Discovery Parameters] | SENSITIVE_PATTERN_FILES |
The default is |
Specifies the pattern files to be used. Multiple files can be specified as a comma-separated list. The limit is 10 files. For more information about configuring the Sensitive Data Type pattern file, see Pattern File Configuration. |
SCHEMAS_SCOPE |
The default is |
Specifies the schemas to be scanned. Multiple schemas can be specified as a comma-separated list. |
|
MINROWS |
The default is |
Specifies the minimum number of rows in a table for that table to be scanned. Tables with a number of rows less than what is specified in the |
|
EXCLUSION_LIST_FILE |
|
Specifies the file to be used to exclude schemas, tables, or columns from the scan. For more information about configuring the Exclusion List file, see Configuring the Exclusion List file. |
|
[Sensitive_Category] |
The [Sensitive_Category] section defines which Sensitive Categories are used. The default risk levels are:
The types of sensitive data are defined in the Sensitive Data Type pattern file. For more information about configuring the Sensitive Data Type pattern file, see Pattern File Configuration. |
The Database Security Assessment Tool searches for the types of sensitive data defined in the Pattern file(s).
Pattern files contain the patterns to search for. A Pattern file is grouped into sections, defined by the section heading format [SENSITIVE_TYPE_NAME]
. Each section constitutes a Sensitive Type.
The following example shows a sample Sensitive Type section for FULL_NAME
.
[FULL_NAME] COL_NAME_PATTERN = ^(PERSON|FULL).*NAME$ COL_COMMENT_PATTERN = (Full|Person).*Name SENSITIVE_CATEGORY = PII
The Sensitive Type name [SENSITIVE_TYPE_NAME]
is displayed in the Sensitive Type column of the Database Sensitive Data Assessment Report — Sensitive Column Details section. For more information about the Database Sensitive Data Assessment Report, see Database Sensitive Data Assessment Report.
Each Sensitive Type is defined by the following three parameters: COL_NAME_PATTERN
, COL_COMMENT_PATTERN
, and SENSITIVE_CATEGORY
.
COL_NAME_PATTERN
The COL_NAME_PATTERN
parameter specifies the text to search for in the Regular Expression (RegExp
) patterns of the database column names.
(^LNAME$)|((LAST|FAMILY|SUR|PATERNAL).*NAME$)
In the example above, the following text will be searched for in the RegExp
patterns of the database column names:
(^LNAME$)
— Searches for a column titled LNAME
.
((LAST|FAMILY|SUR|PATERNAL).*NAME$)
— Searches for column names that contain LAST
, FAMILY
, SUR
, or PATERNAL
, followed by any characters and ending with NAME
. For example, LAST_NAME
or CUSTOMER_SURNAME
.
COL_COMMENT_PATTERN
The COL_COMMENT_PATTERN
parameter specifies the text to search for in the Regular Expression (RegExp
) patterns of the database column comments.
SENSITIVE_CATEGORY
The SENSITIVE_CATEGORY
parameter specifies the type of sensitive data. The risk levels associated with exposing types of sensitive data are specified in the sample_dbsat.config
file. The risk levels are:
Low Risk
Medium Risk
High Risk
For more information about configuring the sample_dbsat.config
file, see Configuration Settings.
mydbsat.config
file, see Configuring dbsat.config.The search parameters are defined using Regular Expressions such as Character Classes, Quantifiers, and Boundary Matchers. Regular Expressions are used to specify COL_NAME_PATTERN
and COL_COMMENT_PATTERN
parameters.
Commonly used Regular Expressions are:
Boundary Matchers
Boundary Matchers are used to make pattern matches more precise by specifying the location in the string to search for the pattern match.
Table - Boundary Matchers
Boundary Construct |
Description |
|
Searches for the specified text at the beginning of a string ( Example: |
|
Searches for the specified text at the end of a string ( Example: |
|
Marks a word boundary. Searches for an exact match of the specified text anywhere within a string ( Example: |
If no Boundary Matchers are specified, a contains
search is performed.
Example: ELECTORAL
searches for database column names and column comments containing ELECTORAL
. The search identifies occurrences such as ELECTORAL_ID
, ID_ELECTORAL
, and ELECTORALID
.
An exact match
search can also be performed by using ^
and $
together.
Example: ^ADDRESS$
searches for database column names and column comments containing ADDRESS
. The search identifies occurrences such as PRIMARY_ADDRESS
and ADDRESS_HOME
. Occurrences such as ADDRESSES
and EMPLOYEEADDRESS
are ignored.
For more information about Boundary Matchers, see Boundary Matchers.
Logical Operators
Logical operators are used to specify an AND
or OR
search.
Example: NAME DESIGNATION
searches for database column names and column comments containing NAME
AND DESIGNATION
. NAME | DESIGNATION
searches for database column names and column comments containing NAME
OR DESIGNATION
.
Character Classes
Character classes are used to specify a character search. DBSAT supports predefined Regex character classes.
The most used one is the dot (.). The dot (.) searches for database column names and column comments containing any character. Used in conjunction with *, the search identifies occurrences of any character any number of times.
Example: JOB.*
searches for database column names and column comments containing JOB
followed by any other character.
For more information about Character Classes, see Character Classes.
Quantifiers
Quantifiers allow you to specify the number of occurrences to match against.
Table - Quantifiers
Quantifier |
Description |
|
Searches for occurrences of specified text Example: |
|
Searches for occurrences of specified text Example: |
For more information about Quantifiers, see Quantifiers.
Example - Regular Expressions — Examples
The following examples show how to use regular expressions to specify COL_NAME_PATTERN
and COL_COMMENT_PATTERN
parameters:
(^JOB.*(TITLE|PROFILE|POSITION)$)|^POSITION
JOB
, followed by zero or more occurrences of any character, and ending with TITLE
, PROFILE
, or POSITION
. The search will also identify database column names and column comments beginning with POSITION
.
Note:
Use a backslash (“\”) to escape meta characters in regular expressions.For more information about Regular Expressions, see Regular Expressions.
You can specify schemas, tables, or columns to exclude from the scan in the Exclusion List file. This is an optional step but often required to fine tune the Discoverer to exclude false positives.
For increased security, Oracle Database provides Secure Sockets Layer (SSL) support to encrypt the connection between clients and server. If SSL (TLS) encryption is configured on the Database Server, the Discoverer needs to be configured in order to connect and discover data. Configuration parameters for SSL can be found in the dbsat.config
file.
To establish an SSL connection with the Discoverer, the Database Server sends its certificate, which is stored in its wallet. The client may or may not need a certificate or wallet, depending on the server configuration.
Note:
Configuring certificates and wallets is an optional step and needs to be performed only when using SSL to connect to the Oracle Database server.For more information about configuring certificates and wallets, see Support for SSL in the Oracle Database JDBC Developer's Guide.
DBSAT produces output in multiple formats for various audiences and purposes.
Topics:
The Collector and Reporter components are used to generate a Database Security Assessment Report in HTML, Excel, JSON, and Text formats.
The HTML report provides detailed results of the assessment in a format that is easy to navigate. The Excel format provides a high-level summary of each finding without the detailed output included in the HTML report. It also allows you to add columns for your tracking and prioritization purposes. A report in text format makes it convenient to copy portions of the output for other usage. Finally, a JSON document containing the report contents is provided for easier filtering, comparison, aggregation, and integration with other tools.
The following figure displays the first three tables of the Database Security Assessment Report — Summary.
Figure - Database Security Assessment Report — Summary
The resulting analysis is reported in units called Findings. An example follows:
Figure - Database Security Assessment Report — Users with Default Password
Each Finding consists of the following components:
Title and Unique ID for the Rule
The ID has two parts: the prefix identifies the report section, and the suffix identifies the specific rule.
Status
Pass: no error found
Evaluate: needs manual analysis
Low Risk
Medium Risk
High Risk
Advisory: improve security posture by enabling additional security features and technology. Poses an opportunity for improvement.
Summary
A brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
Details
Provides detailed information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
Remarks
Explains the reason for the rule and recommended actions for remediation. It may also explain the recommended actions for remediation if a risk is reported.
References
Provides information on whether the finding is related to a CIS Oracle Database Benchmark 12c v2.0.0 recommendation or related to a GDPR Article/Recital.
Note:
These recommendations reflect best practices for database security and should be part of any strategy for Data Protection by Design and by Default. The tool recommendations may help in addressing Articles 25 and 32 of the EU General Data Protection Regulation as well as other data privacy regulations. Technical controls alone are not sufficient for compliance. Passing all findings does not guarantee compliance.
Based on Oracle Database security best practices, DBSAT highlights findings that relate to the CIS Oracle Database 12c Benchmark v2.0.0. In some cases DBSAT rules relate to multiple CIS Benchmark recommendations. DBSAT does not execute all CIS Benchmark checks.
The Discoverer component is used to generate a Database Sensitive Data Assessment Report in HTML and CSV formats.
The HTML report is the main report and contains the discovered sensitive data and its categories along with target database information and Discoverer parameters.
The CSV report can be loaded into Oracle Audit Vault and Database Firewall to add sensitive data context to the new Data Privacy reports. For more information about this functionality, see Importing Sensitive Data Into AVDF Repository in the Oracle Audit Vault and Database Firewall Auditor's Guide.
Database Sensitive Data Assessment Report — High-Level Summary
The following figure displays the first four tables of the Database Sensitive Data Assessment Report — High-Level Summary section.
Figure - Database Sensitive Data Assessment Report — High-Level Summary
The Database Sensitive Data Assessment Report — High-Level Summary section contains the following information:
Section | Description |
Assessment Time & Date | Displays when the Sensitive Data Assessment report was generated. The DBSAT Discoverer version is also displayed. |
Database Identity | Displays the details of the database assessed by the Discoverer. |
Database Version | Displays the version of the database assessed by the Discoverer. |
Discovery Parameters | Displays the Discovery Parameters specified in the configuration file. For more information about Discovery Parameters, see Configuration Settings. |
Database Sensitive Data Assessment Report — Summary
The Database Sensitive Data Assessment Report — Summary section displays information about the number of tables, columns, and rows identified as sensitive data, grouped by Sensitive Category. The following figure displays the information displayed in the Database Sensitive Data Assessment Report — Summary section.
Figure - Database Sensitive Data Assessment Report — Summary
Note:
A single database table could contain columns or column comments that match more than one Sensitive Category, causing a higher number to be displayed in the# Sensitive Tables
and # Sensitive Rows
columns. However, the Total
row displays the unique number of tables and rows identified as sensitive data.For more information about configuring Sensitive Categories, see Pattern File Configuration.
Database Sensitive Data Assessment Report — Sensitive Data
The Database Sensitive Data Assessment Report — Sensitive Data section displays information about the schemas and tables containing sensitive data. The following figure displays the information displayed in the Database Sensitive Data Assessment Report — Sensitive Data section.
Figure - Database Sensitive Data Assessment Report — Sensitive Data
Entries for custom sensitive categories will also be present in this report section.
The Database Sensitive Data Assessment Report — Sensitive Data section contains the following information:
Section | Description |
Risk Level(s) | Displays the Risk Level(s) of the sensitive data identified in the schema or table of the database assessed by the Discoverer. |
Summary | Displays a summary of the occurrence of sensitive data in the schema or table. |
Location | Displays the names of the schemas or tables containing sensitive data. |
Database Sensitive Data Assessment Report — Schema View
The Database Sensitive Data Assessment Report — Schema View section displays information about the schemas, tables, columns, and rows containing sensitive data. The Sensitive Category is also displayed. The following figure highlights the information displayed in the Database Sensitive Data Assessment Report — Schema View section.
Figure - Database Sensitive Data Assessment Report — Schema View
Database Sensitive Data Assessment Report — Sensitive Column Details
The Database Sensitive Data Assessment Report — Sensitive Column Details section displays information about the columns containing sensitive data. The Sensitive Category and Type are also displayed. The following figure displays the information displayed in the Database Sensitive Data Assessment Report — Sensitive Column Details section.
Figure - Database Sensitive Data Assessment Report — Sensitive Column Details
You can create a user with required minimum privileges to run the Database Security Assessment Tool Collector with a script.
Purpose
Create a DBSAT user to run the DBSAT Collector script with required privileges.
Sample Script
create user dbsat_user identified by dbsat_user; // If Database Vault is enabled, connect as DV_ACCTMGR to run this command grant create session to dbsat_user; grant select_catalog_role to dbsat_user; grant select on sys.registry$history to dbsat_user; grant select on sys.dba_users_with_defpwd to dbsat_user; // 11g and 12c grant select on audsys.aud$unified to dbsat_user; // 12c only grant audit_viewer to dbsat_user; // 12c grant capture_admin to dbsat_user;// 12c covers sys.dba_priv_captures, sys.priv_capture$, sys.capture_run_log$ // if Database Vault is enabled, connect as DV_OWNER to run this command grant DV_SECANALYST to dbsat_user;
The following are the Known Issues in Database Security Assessment Tool Release 2.0.2:
Some versions of Microsoft Excel may display text on the screen using a font that is too large to fit in the spreadsheet cells, even though it is sized correctly in printed output. If this happens, you can resize columns to be slightly wider in order to make the text visible.
Data is collected by running SQL queries and operating system commands. On Windows, the DBSAT Collector collects data only from SQL queries. Since the data from the operating system commands is missing, the DBSAT Reporter runs a subset of rules on this data.
Third-party licenses used in the Database Security Assessment Tool Release 2.0.2.
About Third-Party Licenses
For third party technology that you receive from Oracle in binary form which is licensed under an open source license that gives you the right to receive the source code for that binary, you can obtain a copy of the applicable source code from this page. If the source code for the technology was not provided to you with the binary, you can also receive a copy of the source code on physical media by submitting a written request to:
Oracle America, Inc. Attn: Associate General Counsel Development and Engineering Legal 500 Oracle Parkway, 10th Floor Redwood Shores, CA 94065
Or, you may send an email to Oracle using this form. Your request should include:
The name of the component or binary file(s) for which you are requesting the source code The name and version number of the Oracle product The date you received the Oracle product Your name Your company name (if applicable) Your return mailing address and email A telephone number in the event we need to reach you
We may charge you a fee to cover the cost of physical media and processing. Your request must be sent (i) within three (3) years of the date you received the Oracle product that included the component or binary file(s) that are the subject of your request, or (ii) in the case of code licensed under the GPL v3, for as long as Oracle offers spare parts or customer support for that product model
XlsxWriter, Version: 1.0.2
Copyright (c) 2013–2017, John McNamara <jmcnamara@cpan.org>
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of the FreeBSD Project.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Database Security Assessment Tool User Guide, Release 2.0.2
E72220-05
Copyright © 2016, 2018, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.