{"id":4105,"date":"2014-11-13T10:47:00","date_gmt":"2014-11-13T09:47:00","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/avdf-post-installation-configuration\/"},"modified":"2014-11-13T10:47:00","modified_gmt":"2014-11-13T09:47:00","slug":"avdf-post-installation-configuration","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/avdf-post-installation-configuration\/","title":{"rendered":"Oracle AVDF post-installation configuration"},"content":{"rendered":"

In one of my last blog, named: “Oracle Audit Vault and Database Firewall (AVDF) 12.1 – installation on VirtualBox<\/a>” I explained how to install AVDF on VirtualBox. Since some of you asked for a blog on “How to configure AVDF”, I decided to write this posting on AVDF post-installation configuration. This one only concerns the post-installation phase, a third blog will be dedicated to practical cases concerning the configuration of Database Firewall Policies.<\/p>\n

Specifying the Audit Vault Server Certificate and IP Address<\/h3>\n

You must associate each Database Firewall with an Audit Vault Server by specifying the server’s certificate and IP address, so that the Audit Vault Server can manage the firewall. If you are using a resilient pair of Audit Vault Servers for high availability, you must associate the firewall to both servers.<\/p>\n

1. Log in to the Audit Vault Server as an administrator, and then click the Settings tab.
\n2. In the Security menu, click Certificate. The server’s certificate is displayed.<\/p>\n

\"avdf001.png\"<\/a><\/p>\n

3. Copy the server’s certificate.
\n4. Log in to the Database Firewall administration console
\n5. In the System menu, click Audit Vault Server.
\n6. Enter the IP Address of the Audit Vault Server.
\n7. Paste the Audit Vault Server’s Certificate in the next field.<\/p>\n

\"avdf002.png\"<\/a><\/p>\n

8.\u00a0 Click Apply.<\/p>\n

Registering Oracle Secured Target<\/h3>\n

Ensure That Auditing Is Enabled in the Oracle Secured Target<\/h4>\n
Databaseoracle@vmtest12c:\/home\/oracle\/ [DUMMY] SOUK\n******** dbi services Ltd. ********\nSTATUS\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : OPEN\nDB_UNIQUE_NAME : SOUK\nOPEN_MODE\u00a0\u00a0\u00a0\u00a0\u00a0 : READ WRITE\nLOG_MODE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : NOARCHIVELOG\nDATABASE_ROLE\u00a0 : PRIMARY\nFLASHBACK_ON\u00a0\u00a0 : NO\nFORCE_LOGGING\u00a0 : NO\nVERSION\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : 11.2.0.3.0\n***********************************\noracle@vmtest12c:\/home\/oracle\/ [SOUK] sqlplus \"\/as sysdba\"SQL*Plus: Release 11.2.0.3.0 Production on Sun Sep 15 22:35:49 2013Copyright (c) 1982, 2011, Oracle.\u00a0 All rights reserved.\nConnected to:\nOracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit ProductionSQL>SQL>\nSQL> SHOW PARAMETER AUDIT_TRAILNAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TYPE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 VALUE\n------------------------------------ ----------- ---------------------------\naudit_trail\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 string\u00a0\u00a0\u00a0\u00a0\u00a0 DB<\/pre>\n
 <\/p>\n
If the output of the SHOW PARAMETER command is NONE or if it is an auditing value that you want to change, then you can change the setting as follows.For example, if you want to change to XML, and if you are using a server parameter file, you would enter the following:<\/p>\n
SQL> ALTER SYSTEM SET AUDIT_TRAIL=XML SCOPE=SPFILE;\nSQL> SHUTDOWN IMMEDIATE;\nSQL> STARTUP;<\/pre>\n
Registering Hosts in the Audit Vault Server<\/h4>\n
1. Log in to the Audit Vault Server console as an administrator.
\n2. Click the Hosts tab. A list of the registered hosts, if present, appears in the Hosts page. To control the view of this list see “Working With Lists of Objects in the UI”.
\n3. Click Register.
\n4. Enter the Host Name and Host IP address.<\/p>\n
\"avdf003.png\"<\/a><\/p>\n
5. Click Save.<\/p>\n
Deploying and Activating the Audit Vault Agent on Secured Target Hosts<\/h4>\n
1. Log in to the Audit Vault Server console as an administrator.
\n2. Click the Hosts tab, and then from the Hosts menu, click Agent.
\n3. Click \u201cDownload Agent\u201d and save the agent.jar file to a location of your choice.<\/p>\n
\"avdf004.png\"<\/a><\/p>\n
4. Using an OS user account, copy the agent.jar file to the secured target’s host computer.
\n5. On the host machine, set JAVA_HOME to the installation directory of the jdk1.6 (or higher version), and make sure the java executable corresponds to this JAVA_HOME setting.<\/p>\n
\"avdf005.png\"<\/a><\/p>\n
6. Start a command prompt with Run as Administrator. In the directory where you placed the agent.jar file, extract it by running:<\/p>\n
java -jar agent.jar -d Agent_Home<\/code><\/p>\n
\"avdf006.png\"<\/a><\/p>\n
Request agent Activation<\/h4>\n
To request activation of the Audit Vault Agent:<\/p>\n
1. On the secured target host computer, go to the following directory:<\/p>\n
Agent_Home\/bin<\/code><\/p>\n
2. Agent_Home is the directory created in the step 7 above.\u00a0 Run the following command:<\/p>\n
.\/agentctl activate<\/code><\/p>\n
\"avdf007.png\"<\/a><\/p>\n
Activate and Start the Agent<\/h4>\n
In this step, you approve the agent activation request in the Audit Vault Server, then start the agent on the secured target host machine.To activate and start the agent:<\/p>\n
1. Log in to the Audit Vault Server console as an administrator.
\n2. Click the Hosts tab.
\n3. Select the host you want to activate, and then click Activate.<\/p>\n
\"avdf008.png\"<\/a><\/p>\n
This will generate a new activation key under the Agent Activation Key column.You can only activate a host if you have completed the procedures in Step 1: Deploy the Audit Vault Agent on the Host Machine. Otherwise the Agent Activation Status for that host will be No Request.<\/p>\n
4. Change directory as follows:<\/p>\n
cd Agent_Home\/bin<\/code><\/p>\n
Agent_Home is the directory created in the step 7 above.<\/p>\n
5. On the secured target host machine, run the following command and provide the activation key from Step 3:<\/p>\n
.\/agentctl start -k key<\/code><\/p>\n
Note: the -k argument is not needed after the initial agentctl start command.<\/p>\n
\"avdf009.png\"<\/a><\/p>\n
\"avdf010.png\"<\/a><\/p>\n
Stopping and Starting the Audit Vault Agent<\/h3>\n
To stop or start the Audit Vault Agent after initial activation and start, run one of the following commands from the Agent_Home\/bin directory on the secured target host machine:<\/p>\n
.\/agentctl stop<\/code><\/code><\/p>\n
.\/agentctl start<\/code><\/p>\n
Changing the Logging Level for the Audit Vault Agent<\/h3>\n
The logging level you set affects the amount of information written to the log files. You may need to take this into account for disc space limitations.The following logging levels are listed in the order of amount of information written to log files, with debug providing the most information:<\/p>\n