{"id":1527,"date":"2013-10-18T13:05:25","date_gmt":"2013-10-18T11:05:25","guid":{"rendered":"http:\/\/www.oradba.ch\/?p=1527"},"modified":"2013-10-18T13:14:19","modified_gmt":"2013-10-18T11:14:19","slug":"avcli-audit-vault-command-line-interface","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2013\/10\/avcli-audit-vault-command-line-interface\/","title":{"rendered":"AVCLI Audit Vault command line interface"},"content":{"rendered":"

When I started to deal with Oracle Audit Vault and Database Firewall (AVDF), I have always worked with the Web console. Since a few weeks I regularly use the AVCLI and start to like it. It is a simple java based command line utility, from which you can access Audit Vault and Database Firewall servers. The look and feel of AVCLI is comparable with SQLPlus or RMAN utility and allows to configure and administer the Oracle AVDF server. The utility can be used interactive or with scripts. All you need to use it is JDK 1.6 or later and a supported platform. So far I could not find any information about supported operating systems, but I’m assuming that they are the same as for the vault audit agent. The MOS note 1536380.1<\/a> Oracle Audit Vault and Database Firewall 12.1 platform support list the latest informations. At the moment I’m using the AVCLI on Windows 7 and Oracle Enterprise Linux 5u8.<\/p>\n

Download and Install<\/h3>\n

The AVCLI has to be downloaded from the AVCLI Web console. For this navigate to settings<\/strong> tab, in the system menu click manage<\/strong> and click the Download Command Line Utility<\/em> Button to download and save the avcli.jar.
\n\"AVCLI_Download\"<\/a>
\nTo install it just run java with the following parameters:<\/p>\n

\njava -jar avcli.jar -d INSTALLATIONPATH\n<\/pre>\n
First Steps<\/h3>\n
A user account with the AV_ADMIN role is required to use the AVCLI and connect to the AVDF server. On my test and engineering system still using AVADMIN.<\/p>\n
Log in and show the help:<\/p>\n
\noracle@melete2:\/var\/lib\/oracle\/dbfw\/ [dbfwdb] avcli\n\nAVCLI : Release 12.1.1.1.0 - Production on Fri Oct 18 10:28:16 UTC 2013\n\nCopyright (c) 1996, 2013 Oracle.  All Rights Reserved.\n\nAVCLI> connect avadmin\/manager;\nConnected.\nAVCLI> help;\n ---------------------------------------------------------------------\n For detailed help, see HELP [command] e.g., HELP REGISTER SECURED TARGET    \n \n Secured Target Management:\n   * REGISTER SECURED TARGET [secured target name] OF SECURED TARGET TYPE \n        [secured target type name] AT [location] [AUTHENTICATED BY \n        [username\/password]]\n   * ALTER SECURED TARGET [secured target name] SET [options]\n   * ALTER SECURED TARGET [secured target name] ADD ADDRESS [ip:port]\n   * ALTER SECURED TARGET [secured target name] DROP ADDRESS [ip:port]\n   * LIST ATTRIBUTE FOR SECURED TARGET [secured target name]\n   * LIST METRICS FOR SECURED TARGET [secured target name]\n   * LIST SECURED TARGET\n   * LIST SECURED TARGET TYPE\n   * LIST ADDRESS FOR SECURED TARGET [secured target name]\n   * DROP SECURED TARGET [secured target name]\n \n Host Management:\n   * REGISTER HOST [hostname] [WITH IP [ip address]]\n   * ALTER HOST [hostname] SET [options]\n   * ACTIVATE HOST [hostname]\n   * DEACTIVATE HOST [hostname]\n   * LIST HOST\n   * DROP HOST [hostname]\n \n Trail Management:\n   * START COLLECTION FOR SECURED TARGET [options]\n   * STOP COLLECTION FOR SECURED TARGET [options]\n   * LIST TRAIL FOR SECURED TARGET [secured target name]\n   * DROP TRAIL FOR SECURED TARGET [options]\n \n Security Management:\n   * GRANT ADMIN TO [username]\n   * REVOKE ADMIN FROM [username]\n   * GRANT SUPERADMIN TO [username]\n   * REVOKE SUPERADMIN FROM [username]\n   * GRANT ACCESS ON SECURED TARGET [secured target name] TO [username]\n   * GRANT ACCESS ON SECURED TARGET GROUP [secured target group name] \n        TO [username]\n   * REVOKE ACCESS ON SECURED TARGET [secured target name] FROM [username]\n   * REVOKE ACCESS ON SECURED TARGET GROUP [secured target group name]\n        FROM [username]\n \n Plugin Management:\n   * DEPLOY PLUGIN [plugin archive]\n   * UNDEPLOY PLUGIN [plugin id]\n   * LIST PLUGIN FOR SECURED TARGET TYPE [secured target type name]\n \n SMTP Server Integration:\n   * REGISTER SMTP SERVER AT [host[:port]] SENDER ID [sender id]\n        SENDER EMAIL [sender e-mail]\n        [AUTHENTICATED BY [username]\/[password]]\n   * ALTER SMTP SERVER [options]\n   * ALTER SMTP SERVER SECURE MODE ON PROTOCOL [SSL | TLS]\n        [TRUSTSTORE [truststore]]\n   * ALTER SMTP SERVER SECURE MODE OFF\n   * ALTER SMTP SERVER ENABLE\n   * ALTER SMTP SERVER DISABLE\n   * TEST SMTP SERVER SEND EMAIL TO [e-mail address]\n   * LIST ATTRIBUTE OF SMTP SERVER\n   * DROP SMTP SERVER\n \n Server Management:\n   * ALTER SYSTEM SET [options]\n   * SHOW CERTIFICATE FOR SERVER\n \n Firewall Management:\n   * REGISTER FIREWALL [firewall name] WITH IP [ip address]\n   * LIST FIREWALL\n   * REBOOT FIREWALL [firewall name]\n   * POWEROFF FIREWALL [firewall name]\n   * DROP FIREWALL [firewall name]\n   * ALTER FIREWALL [firewall name] SET [options]\n   * SHOW STATUS FOR FIREWALL [firewall name] [WITH DIAGNOSTICS]\n   * CREATE RESILIENT PAIR FOR FIREWALL PRIMARY [ primary firewall]\n        SECONDARY [secondary firewall]\n   * SWAP RESILIENT PAIR HAVING FIREWALL [firewall name]\n   * DROP RESILIENT PAIR HAVING FIREWALL [firewall name]\n \n Enforcement Point Management:\n   * CREATE ENFORCEMENT POINT [enforcement point name] FOR\n        SECURED TARGET [secured target name] USING FIREWALL\n        [firewall name] TRAFFIC SOURCE [traffic source name] \n        WITH MODE [mode name DPE\/DAM]\n   * LIST ENFORCEMENT POINT FOR FIREWALL [firewall name]\n   * LIST ENFORCEMENT POINT FOR SECURED TARGET [secured target name]\n   * START ENFORCEMENT POINT [enforcement point name]\n   * STOP ENFORCEMENT POINT [enforcement point name]\n   * ALTER ENFORCEMENT POINT [enforcement point name] SET [options]\n   * DROP ENFORCEMENT POINT [enforcement point name]\n \n Miscellaneous:\n   * CONNECT [username\/password]\n   * QUIT\n   * HELP\n<\/pre>\n
List the secured targets:<\/p>\n
\nAVCLI> LIST SECURED TARGET;\n---------------------------------------------------------------------------------------------------------------------------------\n| NAME   | DESCRIPTION                                             | LOCATION                               | SECUREDTARGETTYPE |\n=================================================================================================================================\n| TDB11  | Oracle 11.2.0.3.0 Test Database (Use to be 12.1.0.1 DB) | jdbc:oracle:thin:@\/\/urania:1521\/TDB11  | Oracle Database   |\n| TDB11A | Oracle 11.2.0.3.0 Test Database                         | jdbc:oracle:thin:@\/\/urania:1521\/TDB11A | Oracle Database   |\n---------------------------------------------------------------------------------------------------------------------------------\n\n2 row(s) selected.\n\nThe command completed successfully. \n<\/pre>\n
List status of audit trails for a secure target:<\/p>\n
\nAVCLI> LIST TRAIL FOR SECURED TARGET TDB11;\n----------------------------------------------------------------------------------------------------------------\n| AUDIT_TRAIL_TYPE | HOST   | LOCATION                          | STATUS      | REQUEST_STATUS | ERROR_MESSAGE |\n================================================================================================================\n| DIRECTORY        | urania | \/u00\/app\/oracle\/admin\/TDB11\/adump | UNREACHABLE |                |               |\n| TABLE            | urania | SYS.AUD$                          | UNREACHABLE |                |               |\n| TRANSACTION LOG  | urania |                                   | UNREACHABLE |                |               |\n----------------------------------------------------------------------------------------------------------------\n\n3 row(s) selected.\n\nThe command completed successfully. \n<\/pre>\n
Start collection of an audit trail. This requires to specify the agent host and the trail location. Below you see how to start the audit trail for database table SYS.AUD$ and the redo collector.<\/p>\n
\n\nAVCLI> START COLLECTION FOR SECURED TARGET TDB11 USING HOST urania FROM TABLE 'SYS.AUD$';\n\nRequest submitted successfully.\n\nAVCLI> START COLLECTION FOR SECURED TARGET TDB11 USING HOST urania FROM TRANSACTION LOG;\n\nRequest submitted successfully.\n\nAVCLI> LIST TRAIL FOR SECURED TARGET TDB11;\n----------------------------------------------------------------------------------------------------------------\n| AUDIT_TRAIL_TYPE | HOST   | LOCATION                          | STATUS      | REQUEST_STATUS | ERROR_MESSAGE |\n================================================================================================================\n| DIRECTORY        | urania | \/u00\/app\/oracle\/admin\/TDB11\/adump | UNREACHABLE |                |               |\n| TABLE            | urania | SYS.AUD$                          | IDLE        |                |               |\n| TRANSACTION LOG  | urania |                                   | COLLECTING  |                |               |\n----------------------------------------------------------------------------------------------------------------\n\n3 row(s) selected.\n\nThe command completed successfully. \n<\/pre>\n
Run Scripts<\/h3>\n
Scripts can be executed directly as command line parameter when starting AVCLI or interactively when using the AVCLI.<\/p>\n
Start a script from the command line with specifying the user and script name. <\/p>\n
\noracle@melete2:~\/ [dbfwdb] avcli -u avadmin -f report_av_status.av\n\nAVCLI : Release 12.1.1.1.0 - Production on Fri Oct 18 10:40:04 UTC 2013\n\nCopyright (c) 1996, 2013 Oracle.  All Rights Reserved.\n\nEnter password for 'avadmin':        \n\nConnected to:\nOracle Audit Vault Server - Version : 12.1.1.1.0\n\nAVCLI> \n---------------------------------------------------------------------------------------------------------------------------------\n| NAME   | DESCRIPTION                                             | LOCATION                               | SECUREDTARGETTYPE |\n=================================================================================================================================\n| TDB11  | Oracle 11.2.0.3.0 Test Database (Use to be 12.1.0.1 DB) | jdbc:oracle:thin:@\/\/urania:1521\/TDB11  | Oracle Database   |\n| TDB11A | Oracle 11.2.0.3.0 Test Database                         | jdbc:oracle:thin:@\/\/urania:1521\/TDB11A | Oracle Database   |\n---------------------------------------------------------------------------------------------------------------------------------\n\n2 row(s) selected.\n\nThe command completed successfully. \n\nAVCLI> \n----------------------------------------------------------------------------------------------------------------\n| AUDIT_TRAIL_TYPE | HOST   | LOCATION                          | STATUS      | REQUEST_STATUS | ERROR_MESSAGE |\n================================================================================================================\n| DIRECTORY        | urania | \/u00\/app\/oracle\/admin\/TDB11\/adump | UNREACHABLE |                |               |\n| TABLE            | urania | SYS.AUD$                          | IDLE        |                |               |\n| TRANSACTION LOG  | urania |                                   | COLLECTING  |                |               |\n----------------------------------------------------------------------------------------------------------------\n\n3 row(s) selected.\n\nThe command completed successfully. \n\nAVCLI> \n<\/pre>\n
Or with username\/password in the script.<\/p>\n
\noracle@melete2:~\/ [dbfwdb] avcli -f start_trails_TDB11.av \n\nAVCLI : Release 12.1.1.1.0 - Production on Fri Oct 18 10:46:45 UTC 2013\n\nCopyright (c) 1996, 2013 Oracle.  All Rights Reserved.\n\nAVCLI> Connected.\nAVCLI> AVCLI> \nRequest submitted successfully.\n\nAVCLI> \nRequest submitted successfully.\n\nAVCLI> \nRequest submitted successfully.\n\nAVCLI> \n\noracle@melete2:~\/ [dbfwdb] cat start_trails_TDB11.av \nconnect avadmin\/manager;\n\nSTART COLLECTION FOR SECURED TARGET TDB11 USING HOST urania FROM TABLE 'SYS.AUD$';\nSTART COLLECTION FOR SECURED TARGET TDB11 USING HOST urania FROM TRANSACTION LOG;\nSTART COLLECTION FOR SECURED TARGET TDB11 USING HOST urania FROM DIRECTORY '\/u00\/app\/oracle\/admin\/TDB11\/adump';\n<\/pre>\n
The downside is that the password is stored in the script or it must be entered interactively.<\/p>\n
Conclusion<\/h3>\n
Is a nice little tool that is worth looking at more closely. In addition to the automation of administrative tasks it is a handy day to day tool for the AV administrator with a bit room for improvement. \ud83d\ude42 Ok would be helpful, if there is an alternative for username\/passwords to automatically execute scripts without storing the passwords in cleartext. Why not have something similar to secure external password store or the emcli function to store credentials? <\/p>\n
A few possible use cases for AVCLI:<\/p>\n