1 Overview of Oracle Audit Vault and Database Firewall Installation
Learn to install Oracle Audit Vault and Database Firewall (Oracle AVDF).
See Also:
Oracle Audit Vault and Database Firewall Administrator's Guide for general information about secure installation, data protection, and general recommendations for deploying Oracle Audit Vault and Database Firewall in a network and in special configurations.1.1 Learning About Oracle Audit Vault and Database Firewall
Learn more about Oracle Audit Vault and Database Firewall (Oracle AVDF).
Monitoring database activity to support incident investigation, detect potentially malicious behavior, and fulfill regulatory requirements is essential. Enabling either database auditing or monitoring network events can help you to get this visibility.
Database Activity Monitoring (DAM) is a security technology for monitoring and analyzing database activity. DAM solutions are used to identify and report on fraudulent, illegal, or other undesirable behavior and typically used to address security and compliance needs.
Oracle Audit Vault and Database Firewall (Oracle AVDF) supports native database audit data collection and network-based SQL monitoring to deliver a comprehensive Database Activity Monitoring solution.
Activity monitoring is essential, but organizations are also worried about the security posture of their databases. Were best practices followed when configuring the databases? Are databases in compliance with security standards? What else should be considered to strengthen the Oracle Database further? Database security posture management (DSPM) helps answer those questions, combining the ability to assess database configuration and security settings with sensitive data discovery to provide an integrated picture of a database’s risk and security posture.
Oracle AVDF 20.9 and later expands the product’s capabilities from database activity monitoring (DAM) to database security posture management (DSPM).
Oracle AVDF expands beyond database activity monitoring to manage your Oracle Database’s security posture. AVDF’s best-in-class activity monitoring capabilities are enhanced with visibility into security configuration, user entitlements, stored procedures, and how much and what types of data are in the database.
See theOracle Audit Vault and Database Firewall Concepts Guide for more information about the features, components, users, and deployment of Oracle Audit Vault and Database Firewall.
1.2 Platform Support
Learn about various platforms supported by Oracle AVDF.
1.2.1 Product Compatibility Matrix
See which platforms are supported for installing Oracle Audit Vault and Database Firewall (Oracle AVDF), audit collection, database firewall support, and deploying the Audit Vault Agent and Host Monitor Agent.
- Supported Hardware
- Supported Virtualization Platforms
- Audit Collection and Database Firewall Support for Databases
- Audit Collection Support for Operating Systems
- Audit Collection Support for Directory Services
- Audit Collection Support for File Systems
- Supported Operating Systems for Audit Vault Agent and Host Monitor Agent
- Support for Transaction Log Audit Collection Using Oracle GoldenGate
Note:
Oracle recommends that you update to the latest supported releases or versions at all times to stay current with security and functionality. Interoperability and functionality with older versions of the targets increases complexity and vulnerability.Tip:
See Behavior Changes, Deprecated, and Desupported Platforms and Features to see the latest deprecation and desupport notices.1.2.1.1 Supported Hardware
Oracle Audit Vault and Database Firewall (Oracle AVDF) is delivered as software appliance images that are ready to deploy on physical hardware or in virtualized environments, such as Oracle VM Server or VMware.
You can install and run Oracle AVDF on any Intel x86 64-bit hardware platform that is supported by Oracle AVDF's embedded operating system. Oracle AVDF release 20 uses the following Oracle Linux releases:
| Oracle AVDF Release Update | Supported Oracle Linux release |
|---|---|
| Oracle AVDF 20.1 to 20.5 | Oracle Linux version 7.8 with Unbreakable Enterprise Kernel (UEK) release 5 |
| Oracle AVDF 20.6 to 20.8 | Oracle Linux release 7.9 with UEK release 6 |
| Oracle AVDF 20.9 and later | Oracle Linux release 8.5 with UEK release 6 |
To determine whether your hardware is certified for Oracle Linux, see Hardware Certification List for Oracle Linux and Oracle VM. All Oracle Linux 7 and Oracle Linux 8 updates are also certified, unless otherwise noted.
Note:
- Oracle AVDF 20 supports both BIOS and UEFI boot mode. For systems with boot disks that are greater than 2 TB, Oracle AVDF supports booting in UEFI mode only.
- Oracle AVDF can't be installed on Oracle Exalogic or Exadata appliances.
1.2.1.2 Supported Virtualization Platforms
Oracle Audit Vault and Database Firewall (Oracle AVDF) is delivered as software appliance images that are ready to deploy on physical hardware or in virtualized environments, such as Oracle VM Server or VMware.
- Oracle VM Server for x86, release 3.2.8, 3.2.9, 3.4.4, and 3.4.6
- VMWare VSphere, release 6.0, 6.7, and 7.0 (starting with Oracle AVDF 20.7)
- Oracle VM VirtualBox, release 5.2, 6.0, 6.1, and 7.0 (starting with Oracle AVDF 20.9)
- Kernel-based virtual machine (KVM)
The installation of Oracle AVDF on a non-Oracle Cloud platform (for example, AWS EC2) is not internally tested and supported by Oracle. You can conduct tests or proof of concept (POC) in your environment. You might be able to install Oracle AVDF on these platforms successfully. However, in case of any issue, Oracle Support will ask you to reproduce the issue on a supported platform of Oracle AVDF if the issue is already not known.
1.2.1.3 Audit Collection and Database Firewall Support for Databases
See which databases and versions are supported for audit collection and database firewall support in Oracle Audit Vault and Database Firewall (Oracle AVDF).
| Supported Database | Versions Supported | Audit Collection Support | Database Firewall Support |
|---|---|---|---|
| Oracle Database
(Enterprise and Standard editions) |
21c (Starting with Oracle AVDF 20.4) 19c 18c 12.2 12.1 11.2.0.4 |
Yes | Yes |
| Oracle Autonomous Database Serverless (ADB-S, ATP-S, ADW-S) | Not applicable | Yes | Yes (Starting with Oracle AVDF 20.8) |
| Oracle Autonomous Database on Dedicated Exadata Infrastructure (ADB-D, ATP-D, ADW-D) | Not applicable | Yes (Starting with Oracle AVDF 20.3) | Yes (Starting with Oracle AVDF 20.8) |
| Oracle Exadata Database Service on Dedicated Infrastructure (ExaDB-D) | Not applicable | Yes | Yes (Starting with Oracle AVDF 20.8) |
| Autonomous Transaction Processing (Dedicated) | Not applicable | Yes (Starting with Oracle AVDF 20.3) | Yes (Starting with Oracle AVDF 20.8) |
| Oracle Base Database Service |
21c (Starting with Oracle AVDF 20.4) 19c |
Yes | Yes (Starting with Oracle AVDF 20.8) |
| Oracle Database running on Exadata |
21c (Starting with Oracle AVDF 20.4) 19c 18c 12.2 12.1 11.2.0.4 |
Yes | Yes |
| Oracle Real Application Clusters (Oracle RAC) |
21c (Starting with Oracle AVDF 20.4) 19c 18c 12.2 12.1 11.2.0.4 |
Yes | Yes |
| MySQL (Enterprise Edition) |
8.0 5.7 5.6 |
Yes | Yes |
|
Microsoft SQL Server (Windows) Enterprise Edition |
2022 (Starting with Oracle AVDF 20.10) 2019 (Starting with Oracle AVDF 20.3) 2017 2016 2014 2012 |
Yes | Yes |
|
Microsoft SQL Server (Windows) Standard Edition |
2022 (Starting with Oracle AVDF 20.10) 2019 (Starting with Oracle AVDF 20.6) |
Yes | Yes (Starting with Oracle AVDF 20.8 support for Microsoft SQL Server Standard Edition 2019) |
| Microsoft SQL Server Cluster (Windows Failover Cluster) |
2019 (Starting with Oracle AVDF 20.6) 2017 2016 2014 2012 |
Yes |
Yes (Starting with Oracle AVDF 20.6 support for Microsoft SQL Server Cluster 2019) |
| Microsoft SQL Server Always On availability group (Starting with Oracle AVDF 20.3) |
2017 2016 2014 2012 |
Yes | Yes (Starting with Oracle AVDF 20.11) |
| MongoDB (By configuring Quick JSON collector) |
5.0 (Starting with Oracle AVDF 20.8) 4.4 (Starting with Oracle AVDF 20.4) 4.2 4.0 |
Yes | No |
| PostgreSQL |
15 (Starting with Oracle AVDF 20.10) 14 (Starting with Oracle AVDF 20.10) 13 (Starting with Oracle AVDF 20.8) 12 (Starting with Oracle AVDF 20.8) 9.6 to 11.8 |
Yes | No |
| IBM Db2 |
11.5 11.1 10.5 |
Yes | Yes |
|
IBM Db2 Cluster HADR (High Availability and Disaster Recovery) on OL 7.x |
11.1 |
Yes | Yes |
|
IBM Db2 for AIX 7.2 TL1 and above 7.1 TL4 and TL5 |
11.5 11.1 10.5 |
Yes |
Yes (Starting with Oracle AVDF 20.4) |
|
IBM DB2 Database Partitioning Feature (DPF) on Linux and AIX |
11.5 11.1 10.5 |
Yes | No |
| SAP Sybase ASE |
16 15.7 |
Yes | Yes |
1.2.1.4 Audit Collection Support for Operating Systems
See which operating systems(OS) and versions are supported for audit collection in Oracle Audit Vault and Database Firewall (Oracle AVDF).
Note:
Audit log monitoring for the OS is supported through audit collection and not from the Database Firewall.| Supported Operating System | Versions Supported | Audit Collection Support |
|---|---|---|
| Oracle Solaris (SPARC64) |
11.3 11.4 |
Yes |
| Oracle Solaris (x86-64)
Solaris - x86-64 was deprecated in Oracle AVDF 20.9, and it will be desupported in one of the future releases. |
11.3 11.4 |
Yes |
| Oracle Linux (64 bit) |
OL 9 (requires auditd 3.0.7) (Oracle AVDF 20.9 and later) OL 8.2 and 8.3 (requires auditd 3.0) (Oracle AVDF 20.4 and later) OL 8 (requires auditd 3.0) (Oracle AVDF 20.3 and later) OL 7.9 (requires auditd 2.8) (Oracle AVDF 20.4 and later) OL 7.6-7.8 (requires auditd 2.8) (Oracle AVDF 20.2 and later) OL 7.4-7.5 (requires auditd 2.7.6) OL 7.3 (requires auditd 2.6.5) OL 7.1-7.2 (requires auditd 2.4.1) OL 7.0 (requires auditd 2.3.3) OL 6.8-6.9 (requires auditd 2.4.5) OL 6.6-6.7 (requires auditd 2.3.7) OL 6.1-6.5 (requires auditd 2.2.2) OL 6.0 (requires auditd 2.0) |
Yes |
| Red Hat Enterprise Linux |
RHEL 9 (requires auditd 3.0.7) (Oracle AVDF 20.9 and later) RHEL 8.2 and 8.3 (requires auditd 3.0) (Oracle AVDF 20.4 and later) RHEL 8 (requires auditd 3.0) (Oracle AVDF 20.3 and later) RHEL 7.9 (requires auditd 2.8) (Oracle AVDF 20.4 and later) RHEL 7.6-7.8 (requires auditd 2.8) (Oracle AVDF 20.2 and later) RHEL 7.5 (requires auditd 2.7.6) RHEL 7.4 (requires auditd 2.7.6) RHEL 7.3 (requires auditd 2.6.5) RHEL 7.2 (requires auditd 2.4.1) RHEL 7.1 (requires auditd 2.4.1) RHEL 7.0 (requires auditd 2.3.3) RHEL 6.10 (requires auditd 2.4.5) RHEL 6.9 (requires auditd 2.4.5) RHEL 6.8 (requires auditd 2.4.5) RHEL 6.7 (requires auditd 2.3.7) |
Yes |
| Microsoft Windows Server (x86-64) |
2019 (Oracle AVDF 20.2 and later) 2016 2012 R2 2012 |
Yes |
| IBM AIX on Power Systems (64-bit) |
7.3 (TL0) (Oracle AVDF 20.10 and later) 7.2 (TL2 and above) 7.1 (TL5) |
Yes |
1.2.1.5 Audit Collection Support for Directory Services
See which directory services and versions are supported for audit collection support in Oracle Audit Vault and Database Firewall (Oracle AVDF).
| Supported Directory Service | Versions Supported | Audit Collection Support |
|---|---|---|
| Microsoft Active Directory |
2012 to 2016 |
Yes |
1.2.1.6 Audit Collection Support for File Systems
See which file systems and versions are supported for audit collection support in Oracle Audit Vault and Database Firewall (Oracle AVDF).
| Supported File System | Versions Supported | Audit Collection Support |
|---|---|---|
| Oracle ACFS | 12c | Yes |
Note:
Oracle Automatic Storage Management Cluster File System (Oracle ACFS) or Oracle Advanced Cluster File System was deprecated in Oracle AVDF release 20.7 and desupported in 20.8.1.2.1.7 Supported Operating Systems for Audit Vault Agent and Host Monitor Agent
See which operating systems and versions are supported for deploying the Audit Vault Agent and Host Monitor Agent.
| Supported Operating System | Versions Supported | Audit Vault Agent Deployment | Host Monitor Agent Deployment |
|---|---|---|---|
| Oracle Solaris (SPARC64) |
11.3 11.4 |
Yes | Yes |
| Oracle Solaris (x86-64)
Solaris - x86-64 was deprecated in Oracle AVDF 20.9, and it will be desupported in one of the future releases. |
11.3 11.4 |
Yes | Yes |
| Oracle Linux (64 bit)
Oracle Linux 6 was deprecated in Oracle AVDF 20.10, and it will be desupported in one of the future releases. |
OL 9 (requires auditd 3.0.7) (Oracle AVDF 20.9 and later) OL 8.2 and 8.3 (requires auditd 3.0) (Oracle AVDF 20.4 and later) OL 8 (requires auditd 3.0) (Oracle AVDF 20.3 and later) OL 7.9 (requires auditd 2.8) (Oracle AVDF 20.4 and later) OL 7.6-7.8 (requires auditd 2.8) (Oracle AVDF 20.2 and later) OL 7.4-7.5 (requires auditd 2.7.6) OL 7.3 (requires auditd 2.6.5) OL 7.1-7.2 (requires auditd 2.4.1) OL 7.0 (requires auditd 2.3.3) OL 6.8-6.9 (requires auditd 2.4.5) OL 6.6-6.7 (requires auditd 2.3.7) OL 6.1-6.5 (requires auditd 2.2.2) OL 6.0 (requires auditd 2.0) |
Yes | Yes |
| Oracle Linux (64 bit) Cluster | OL 7.x | Yes | No |
| Red Hat Enterprise Linux |
RHEL 9 (requires auditd 3.0.7) (Oracle AVDF 20.9 and later) RHEL 8.2 and 8.3 (requires auditd 3.0) (Oracle AVDF 20.4 and later) RHEL 8 (requires auditd 3.0) (Oracle AVDF 20.3 and later) RHEL 7.9 (requires auditd 2.8) (Oracle AVDF 20.4 and later) RHEL 7.6-7.8 (requires auditd 2.8) (Oracle AVDF 20.2 and later) RHEL 7.5 (requires auditd 2.7.6) RHEL 7.4 (requires auditd 2.7.6) RHEL 7.3 (requires auditd 2.6.5) RHEL 7.2 (requires auditd 2.4.1) RHEL 7.1 (requires auditd 2.4.1) RHEL 7.0 (requires auditd 2.3.3) RHEL 6.10 (requires auditd 2.4.5) RHEL 6.9 (requires auditd 2.4.5) RHEL 6.8 (requires auditd 2.4.5) RHEL 6.7 (requires auditd 2.3.7) |
Yes | Yes |
| Red Hat Enterprise Linux Cluster | RHEL 7.x | Yes | No |
| Microsoft Windows Server (x86-64) |
2019 in release 20.2 (20 RU2) and later 2016 2012 R2 2012 |
Yes | Yes |
| IBM AIX on Power Systems (64-bit) |
7.3 (TL0) (Oracle AVDF 20.10 and later) 7.2 (TL2 and above) 7.1 (TL5) |
Yes | Yes |
| IBM AIX on Power Systems (64-bit) Cluster |
7.3 (TL0) (Oracle AVDF 20.10 and later) 7.2 (TL2 and above) 7.1 (TL5) |
Yes | No |
| Linux on IBM Z |
RHEL 8 (Oracle AVDF 20.10 and later) RHEL 9 (Oracle AVDF 20.10 and later) |
Yes | No |
| HP-UX on Itanium
HP-UX on Itanium was deprecated in Oracle AVDF 20.9, and it will be desupported in one of the future releases. |
11.31 | Yes | Not applicable |
1.2.1.8 Support for Transaction Log Audit Collection Using Oracle GoldenGate
See which versions of Oracle GoldenGate are supported for collecting transaction log audit data from supported database targets.
| Minimum Supported Oracle GoldenGate Version | Supported Target Databases and Versions | Supported Oracle AVDF Release |
|---|---|---|
| Oracle GoldenGate 19c (19.1.0.0.4) | Oracle Database 11.2 to 19c | Oracle AVDF 20.1 to 20.9 |
| Oracle GoldenGate 19c (19.1.0.0.200414) | Microsoft SQL Server 2012, 2014, 2016, 2017, 2019 | Oracle AVDF 20.9 |
| Oracle GoldenGate 21c (21.4) | Microsoft SQL Server 2017, 2019 | Oracle AVDF 20.10 and later |
| Oracle GoldenGate 21c (21.9) | Oracle Database 19c | Oracle AVDF 20.10 and later |
| Oracle GoldenGate 21c (21.11) | MySQL 8.0 | Oracle AVDF 20.11 and later |
Note:
To support Oracle Databases before 12.2, Downstream Mining needs to be configured.1.2.2 Supported Browsers
Learn what browsers are supported with Oracle Audit Vault and Database Firewall (Oracle AVDF).
Oracle Audit Vault and Database Firewall requires a JavaScript-enabled browser and supports the current and prior major release of Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, and Microsoft Edge.
Note:
- Ensure that the browser version you are using supports TLS 1.2 protocol.
- Microsoft Internet Explorer 11 is the prior major release, with Microsoft Edge being the current Microsoft browser. Support for Internet Explorer (IE) 11 is deprecated. Audit Vault Server console does not support Microsoft Internet Explorer 11 (and prior), starting with release 20.6.
1.2.3 Support for External Systems
Learn about external systems supported by Oracle Audit Vault and Database Firewall.
For the storage area network (SAN), iSCSI can be used to extend disk space for storing event data.
- Server message block (SMB)
- Secure copy protocol (SCP)
- Network file system (NFS)
- NFS v3 only: Oracle AVDF 20.4 and later
Starting in Oracle AVDF 20.9, NFS v3 over User Datagram Protocol (UDP) is not supported.
- NFS v3 and v4: Oracle AVDF 20.1 and later
- NFS v4 only: Oracle AVDF 20.1 and later
In case you only have NFS v4 in your environment for archive or retrieve, then set the
_SHOWMOUNT_DISABLEDparameter toTRUEusing the following steps:-
Log in to the Audit Vault Server through SSH and switch to the
rootuser. -
Switch to the
oracleuser.su - oracle - Start SQL*Plus as
sqlplus /nologwithout the user name and password. -
In SQL*Plus, run the following command:
connect super administrator - Enter the password when prompted.
-
Run the following command:
exec avsys.adm.add_config_param('_SHOWMOUNT_DISABLED','TRUE');
You can check the current value of the_SHOWMOUNT_DISABLEDparameter by runningselect avsys.adm.get_config_param('_SHOWMOUNT_DISABLED') from dual;You can reset the_SHOWMOUNT_DISABLEDparameter by runningexec avsys.adm.delete_config_param('_SHOWMOUNT_DISABLED'); -
If your NFS server supports and permits both v3 and v4 for archive or retrieve, then no action is required.
- NFS v3 only: Oracle AVDF 20.4 and later
Note:
If you're using the OCI Marketplace image to provision the AVDF instance only NFS location is supported.- Syslog
1.2.4 Audit Vault Agent: Supported and Tested Java Runtime Environment
Learn about the supported and tested Java Runtime Environment (JRE) for the Audit Vault Agent.
Table 1-1 lists supported versions of Java Runtime Environment (JRE).
Table 1-1 JRE Support Matrix
| JRE Version | Release/Version |
|---|---|
|
1.8 |
1.8.0_45 and later |
|
11 |
11.0.3 |
|
17 (Starting with Oracle AVDF release 20.8) |
17.0.2 |
Note:
- JRE version 11 is not supported on AIX platform in Oracle AVDF release 20.7 and earlier. For AIX platform use JRE version 1.8.0_241 (minimum).
- JRE versions 11 and 17 are supported on AIX platform starting with Oracle AVDF release 20.8.
1.2.5 Compatibility with Oracle Enterprise Manager
Learn about the supported versions of Oracle Enterprise Manager and Oracle Audit Vault Database Firewall.
Oracle Audit Vault and Database Firewall (Oracle AVDF) plug-in provides an interface within Enterprise Manager Cloud Control for administrators to manage and monitor Oracle Audit Vault and Database Firewall components.
Table 1-2 lists supported versions of Oracle Enterprise Manager and Oracle Audit Vault Database Firewall.
Table 1-2 Oracle Enterprise Manager Support Matrix
| Oracle Enterprise Manager Release | Oracle Audit Vault Database Firewall Release |
|---|---|
|
13.5 |
20.6 and later |
|
13.4 |
20.x |
|
12.2.x |
Note:
Oracle Audit Vault and Database Firewall (Oracle AVDF) plug-in is supported only with the above mentioned Enterprise Manager releases.
See Also:
- Refer to System Monitoring Plug-in User's Guide for Audit Vault and Database Firewall for complete information.
- Refer to MOS note (Doc ID 2855345.1) for more information to manually deploy Oracle Enterprise Manager 13.x Agent on Audit Vault Server using the pull method.