In the hustle and bustle of the Christmas season, it went under that Oracle had released a new version of Oracle Audit Vault respectively Oracle Audit Vault and Database Firewall. This weekend I found some time to take a first look into the new release.
About a year ago Oracle released the Audit Vault Server 10.3. (see New release of Oracle Audit Vault). During this update Oracle mainly moved internally to a 220.127.116.11 database. The architecture has remained more or less the same. But this has changed now. Oracle is trying to complete its security portfolio. Therefore Oracle has merged the two Oracle Audit Vault and Oracle Database Firewall into the new Oracle Audit Vault and Database Firewall. From the security officer point of view it is definitely more interesting to only have one platform. On the other hand a software appliance is one of the favorites of the DBA and Unix admins. What about, updates, HA, backup & recovery etc? I’ll try to consider these thoughts in a later post on installing and configuring the new Oracle Audit Vault and Database Firewall.
Some short notes on the new features:
- Oracle Audit Vault and Database Firewall is released as a software appliance-based platform
- Internally Oracle does use Oracle 18.104.22.168 including Advance Security and Database Vault to enforce Database security and segregation of duties
- One simple setup does install and configure the operating system, software, database, web frontend etc
- Audit Vault Agents for:
- Oracle Database 10g
- Oracle Database 11g
- Microsoft SQL Server 2000
- Microsoft SQL Server 2005
- Microsoft SQL Server 2008
- Sybase Adaptive Server Enterprise (ASE) versions 12.5.4 to 15.0.x
- IBM DB2 version 9.x (Linux, UNIX, Microsoft Windows)
- Solaris operating system
- Oracle ACFS
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 R2
- Microsoft Active Directory 2008
- Microsoft Active Directory 2008 R2 on 64 bit
As initially mentioned Audit Vault and Database Firewall are moving closer. Oracle Audit Vault is now also the data storage and analysis platform for the Oracle Database Firewall. Former Database Firewall Management Server is eliminated and thus is replaced with Oracle Audit Vault.
An important note here is that Oracle Audit Vault can not be installed on different platforms as before. It is rather a software appliance like the Oracle Database Firewall. The license for each Oracle Audit Vault and Oracle Database Firewall includes always a license for Oracle Enterprise Linux as well. To install only the appropriate hardware is required. This can be a virtual or a physical host. To setup my test environment, I’ve use as usual virtual servers.
Oracle AVDF Requirements
To install Oracle AVDF the following minimal Hardware Requirements must be met. See as the online installation guide for more details on the installation requirements in particular for the supported secured target products (agents).
- x86 64-bit Server
- 2 GB Ram
- single hard drive 125 GB
- 1 NIC for Audit Vault Server
- 1 NIC for Database Firewall Proxy Mode
- 2 NICs for Database Firewall DAM Mode (monitoring)
- 3 NICs for Database Firewall DPE Mode (blocking)
In addition to the hardware the following software is required to begin the installation:
- Oracle Linux Release 5 Update 8 for x86_64 (64 Bit) V31120-01 (3.7GB)
- Oracle Audit Vault and Database Firewall (22.214.171.124.0) – Server V35715-01 (3.4GB)
- Oracle Audit Vault and Database Firewall (126.96.36.199.0) – Database Firewall V35716-01 (3.1GB)
The server can not be used for other activities, setup of either Oracle Audit Vault or Oracle Database Firewall will completely reimage the server. But I’ll post more details on the installation later this month.
Links all around the new Oracle Audit Vault and Database Firewall…
Earlier this year, oracle released there first version of Oracle Database Firewall. Since a couple of week’s now a bunch of patches are available. The latest seems to be available since today. As usual the patch can be obtained through the Patch Search on My Oracle Support.
The patches are delivered as a ZIP archive with misc RPM. These RPM’s have to be copied onto the Database Firewall or the Management Server. As soon as this is done the can be installed with rpm as root. After a reboot the update is complete. By the way, to be able to copy the patch’s and access the system via ssh / command line, terminal access has to be enabled in the system configuration (DB Firewall Web Console).
Installing the latest patch on the Database Firewall would be done according the following procedure :
scp dbfw-multi-5.0-134.i686.rpm firstname.lastname@example.org:/tmp/
rpm --freshen --repackage dbfw-multi-5.0-134.i686.rpm
/bin/ls /var/spool/repackage -t | /usr/bin/head -n1 \
Don’t forget to review the readme.txt before installing any patch. It’s a text file very short and readable within seconds 😉
List of available Patches
Below you find a list of available patch’s for Oracle Database Firewall. The amount of patches is still manageable, so that the entire list fits into this post 😉 There is one more (11794289) but this one is supersede by bundled patch 1.
||BUNDLED PATCH 1
||Mar 16, 2011
||HOT FIX FOR BNY RESTORING CONFIGURATION
||Mar 18, 2011
||BNY Audit Reports
||Mar 30, 2011
||LOG SEARCH RESULTS: LONG (>4000 BYTE) STATEMENTS CAUSING ERROR IN SYSTEM LOG
||Apr 7, 2011
||DBFW 5.0 – BUNDLED PATCH 2
||Apr 12, 2011
||Alerting and Reporting Hot Fix
||May 10, 2011
Reference and Links
I’ve tried to have a closer look into the new Oracle Database Firewall. Unfortunately I’ve struggled around already with the installation or more with the setup of the test environment. But lets start at the beginning. According to the Installation Guide Oracle® Database Firewall Installation Guide Database Firewall and Management Server has the following hardware requirements:
- Oracle Enterprise Linux 5 Update 5
- 1 GB Memory
- 80 GB of disk space
- Three network ports
Because I planned to set up the Database Firewall in in-line mode, therefor I’ve decided to setup three VM’s. a Database Server, a Windows Client and the Database Firewall VM (see picture further down). All VM’s has been configured with network interface type host-only. I’ve just assumed that the TCP/IP network (eg. subnet’s) can be configured a bit later and I’ve “overread” that the Database Firewall is working as a network bridge rather than a router. So I’ve ended up with a network bridge where both ports have been connected to the same switch. If I would have to setup the test environment physically I would never get the idea to do this 🙂
Configure the in-line mode means setting up a transparent network bridge between two physical separated network. The IP network is the same as without Database Firewall.
For my test environment on VMWare Fusion I’ve created a second host-only network vmnet2. VMWare Workstation has a utility to add more network’s but on VMWare Fusion this has to be done manually (config files or with tokamak.sh). This second network has the same IP range and network mask as the vmnet1, but it is only available through the database firewall. That means on the host system is no routing configured.
As you can see in the image below, the Database VM and on interface of the Database Firewall are configured to use vmnet2. The two other interface on the Database Firewall as well the Windows Client VM are configured to use vmnet1.
As soon as the VM’s are configured with the right networks, it is an easy task to install and configure the Database Firewall according the short Documentation (Installing Oracle Database Firewall ).
Since I have now a running test environment I’ll start to make a few test with the Database Firewall. Stay tuned to read more….
I’ve screwed up somehow this post and created a new one Oracle Database Firewall Test Environment. This is mini post is just to make sure that an already published permalink does not points to /dev/null…