Prerequisites
1. Laptop/PC
• Latest and fast processors
• At least 8GB memory
• Windows 64 bit
• At least 50 GB free HDD (Hard Disk Drive)
• VirtualBox pre-installed. VirtualBox can be downloaded from https://www.virtualbox.org/wiki/Downloads. The activity was performed with release 4.3.4r91027 version of VirtualBox.
• Host machine should be able to access guest machine. Later host machine has to access web console of audit vault server.
Host Machine:
IP Address : 192.168.169.174
Subnet Mask : 255.255.255.0
Gateway : 192.168.169.1
Guest Machine (AV Server):
IP Address : 192.168.169.21
Subnet Mask : 255.255.255.0
Gateway : 192.168.169.1
Installation
1. Set Default Machine Folder.
• Open VirtualBox
• Select File -> Preferences
• Enter "D:\ORACLEAVDF\12111" as Default Machine Folder. Once this is set all the VMs created hence forth will be redirected to this location.
2. Create new virtual machine for Audit Vault Server.
• Click on "New" icon to create new virtual machine for Audit Vault Serve
3. Give a name for Oracle Audit Vault Server.
• Select Type as "Linux"
• Select Version as "Oracle (64 Bit)"
• Click on "Next" button to continue.
4. Specify memory size for the Virtual Machine.
For testing purpose 1.5 GB memory should work.
• Enter required memory. Since I have 16 GB RAM in my laptop so I have allocated 3072MB memory.
• Click on "Next" button to continue.
5. Add Virtual Hard Disk Drive.
• Select "Create a virtual hard drive now" option.
• Click on "Create" button.
6. Select Hard Drive File Type
• Select "Create a Virtual hark disk now".
• Click on "Next" button to continue.
This file type allows to split files into size of less than 2GB. A number of files will be automatically created by Virtual Box based on the size of Hard Drive that we specify in coming steps.
Select "VMDK (Virtual Machine Disk)".
7. Storage on Physical Hard Drive
• Select "Dynamically Allocated" option.
• Select "Split into files of less than 2GB" check box. If this check box is selected then single Hard Disk file will be split into smaller files of less than 2GB each.
• Click on "Next" button to continue.
8. Choose a location for Hard Disk file
• Provide appropriate file name for the virtual hard disk file.
• Choose appropriate location to store virtual hard disk file.
• Click on "Save" button to save the virtual hard disk file.
9. File Location and Size.
• Review the file location.
• Enter "130 GB" as the size of file.
• Click on "Create" button to create Virtual Hard Disk File.
NOTE: If the size of the file is less than 120 GB the installation will terminate with as shown in screenshot below.
VM Created
10. Virtual Machine Details.
The screen below shows details of virtual machine just created. Review the details and modify if necessary. Use Settings icon to modify any settings.
11. Select Audit Vault Installation Media.
• In the main screen of VirtualBox, select "Audit Vault" Virtual machine.
• Click on "Settings" icon.
• Click on "Storage"
• Click on "Empty" CD icon.
• Click on "CD icon" on the right side.
• Click on "Choose a virtual CD/DVD disk file.
14. Set Network Adapter.
• Select Network on the left pane.
• Select Enable Network Adapter on the right pane.
• Select Attached to as "Bridged Adapter".
• Select Name as the available network adapter of your machine.
• Click on "OK" button.
13. Details of Installation media.
• Review the details of Audit Vault Server installation media.
15. Start installation of Oracle Audit Vault.
• Select Audit Vault Virtual Machine on the left pane.
• Review the details of Virtual Machine on the right pane.
• Click on Start button to start the installation of Oracle Audit Vault Server
Installation Main Screen
• Type "install" and press "" to continue.
17. Installation in Progress
18. Applying Configuration
• Wait until the installer goes to next screen.
19. Enter Installation Passphrase
• Enter a strong passphrase. Welcome+1
This passphrase will be used later to change other system passwords. It is recommended to note the password securely for future reference.
NOTE: The passphrase should be 8 characters or more and contains an uppercase, lowercase, digit and punctuation. If this policy is violated then following message will be displayed.
20. Confirm Installation Passphrase
• Re-enter the installation passphrase for confirmation.
• Press "" key to go to next screen.
21. Oracle Audit Vault Installation Successful.
Congratulations if you get screen like below screenshot. Installation of Oracle Audit Vault is now completed successfully.
• Press "" button to go to next screen.
vv
21. Oracle Audit Vault Installation Successful.
Congratulations if you get screen like below screenshot. Installation of Oracle Audit Vault is now completed successfully.
• Press "" button to go to next screen.
16.
23. Select Management Interface
• Select one of the available interface as Management Interface. This will be used to connect to the audit vault server through terminals like ssh, putty e.t.c. for maintenance operations.
• Press"" key to make the selection and go to next screen.
25. Specify IP address
• Enter IP address, subnet mask and gateway for the management interface.
• Press "" key to complete the installation and reboot the server.
26. First Reboot
The first reboot of the server could take up to an hour depending upon the configuration of the machine that is being used. There is nothing much to do here other than wait until the installation completes.
27. Audit Vault Server Installation Complete
Screenshot below shows the final screen after the installation of Oracle Audit Vault server is completed. Use Up/Down arrow keys and press "" key to make appropriate selection.
D. Post Installation
Login to Database Vault Web Console
1. Open a web browser in your host machine and enter following url in the address bar https://192.168.169.21
2. Press "" key to go to the specified url.
3. Click on "Proceed Anyway" button.
Enter Installation Passphrase
• Enter Installation Passphrase.
• Click on "Login" button.
Time and DNS configuration
Time Setup:
Select "Set Manually" option.
Set proper date and time.
DNS Setup:
We will not use DNS in this setup.
Click on "Save" button at the upper right corner.
Login to Audit Vault Server console
• After "Save" button is clicked, system will automatically redirect to Login page.
• Login as "AVADMIN" user. Provide the username and password.
• Click on "Login" button.
AAudit Vault Home page
After successful login, system redirects to Audit Vault Server console home page. Congratulations.......! Audit Vault Server 12.1.1.1.0 installation completed successfully.
User Configuration
• Enter username and password for the users to be configured.
• User Setup:
Users AVADMIN and AVAUDITOR are created in Oracle database.
• Users "root" and "support" are created in operating system. While connecting to the audit vault server using terminals like ssh and putty, first login as support user then switch to other users. User "oracle" is implicitly created in the operating system.
6. Time and DNS configuration
Time Setup:
Select "Set Manually" option.
Set proper date and time.
DNS Setup:
We will not use DNS in this setup.
Click on "Save" button at the upper right corner.
7. Login to Audit Vault Server console
• After "Save" button is clicked, system will automatically redirect to Login page.
• Login as "AVADMIN" user. Provide the username and password.
• Click on "Login" button.
Audit Vault Home page
After successful login, system redirects to Audit Vault Server console home page. Congratulations.......! Audit Vault Server 12.1.1.1.0 installation completed successfully.
DB FIREWALL INSTALLATION
5. Add Virtual Hard Disk Drive.
• Select "Create a virtual hard drive now" option.
• Click on "Create" button.
7. Storage on Physical Hard Drive
• Select "Dynamically Allocated" option.
• Select "Split into files of less than 2GB" check box. If this check box is selected then single Hard Disk file will be split into smaller files of less than 2GB each. Small size of files help during transfer to external hard disk drives for testing purposes.
• Click on "Next" button to continue.
9. File Location and Size.
• Review the file location.
• Enter "130 GB" as the size of file.
• Click on "Create" button to create Virtual Hard Disk File.
NOTE: If the size of the file is less than 80 GB the installation will terminate with as shown in screenshot below.
11. Select Database Firewall Installation Media.
• In the main screen of VirtualBox, select "Database Firewall" Virtual machine.
• Click on "Settings" icon.
• Click on "Storage"
• Click on "Empty" CD icon.
• Click on "CD icon" on the right side.
• Click on "Choose a virtual CD/DVD disk file
14. Set Network Adapter.
Installation of Oracle Database Firewall requires 3 network adapters.
Network Adapter 1:
• Select Network on the left pane.
• Select "Adapter 1" tab
• Select Enable Network Adapter on the right pane.
• Select Attached to as "Bridged Adapter".
• Select Name as the available network adapter of your machine.
Network 1
15. Start installation of Oracle Database Firewall Server.
• Select Database Firewall Virtual Machine on the left pane.
• Review the details of Virtual Machine on the right pane.
• Click on Start button to start the installation.
192.168.1.124 dbfirewall
https://192.168.1.121
5. Post Installation Configuration
As a part of post installation configuration an administrator user for Database Firewall has to be created and password of root and support user has to be reset.
• Enter FWADMIN as username. Usually administrator user for Database Firewall is named as FWADMIN. THIS USERNAME IS CASE SENSITIVE.
• Users "root" and "support" are created in operating system. While connecting to this server using terminals like ssh and putty, first login as support user then switch to other users. User "oracle" is implicitly created in the operating system. By default database named "dbfwdb" is created.
• Click on "Save" button after all the information has been filled.
Welcome+1
6. Login to Database Firewall web console
System will redirect to the login screen after Save button is clicked in the earlier screen.
• Enter the username and password for the administrator user of Oracle Database Firewall.
• Click on Login button to login to the web console.
7. Check System Status
On initial login, Database Firewall web console shows the status.
• Click on Show Report button to check Diagnostic Status.
8. Configure Network Interfaces and Hostname
• Click on "Network" link on the left panel.
• Click on "Change" button at the bottom of the right corner.
• Change the hostname to "fwserver01".
• In "Proxy Ports" section, select "Enabled" check box, enter "15211" as port number and click on "Add" button.
• In Traffic Sources section, change the IP address from "192.168.0.220" to "192.168.168.23".
• Click on "Save" button. This usually requires a reboot but we will restart the server once all the post-installation configuration is complete. Review the image below.
before
after
9. DNS and Access configuration
• Click on "Services" link on the left panel.
• Click on "Change" button on the right panel.
• Leave the DNS Server configuration unchanged i.e. leave values of "DNS Server 1", "DNS Server 2" and "DNS Server 3" to "disabled".
• Set the value of "Web Access" to "all".
• Set the value of "SSH Access" to list of IP address from where this server will be accessed. The list of IP addresses should be separated by space.
• Leave the value of "SNMP Access" to "disabled".
• Review the changes.
• Click on "Save" button.
10. Change Date and Time
• Click on "Date and Time" from system menu on the left panel.
• Click on "Change" button at the corner of right panel in the bottom.
11. Change Keyboard Layout
12. Post-Install Configuration Complete
• This completes post-installation configuration of Oracle Database Firewall.
• After network settings has been changed Database Firewall asks for reboot of server. In such cases it is recommended to reboot the server.
13. Reboot Server
• Login to the database firewall server.
• Select "Power Off" using Up/Down arrow keys as shown in image below.
• Press "Enter" button.
• Enter "root" user pasword when prompted.
• Press "Enter" to shutdown the server.
• To start server, select Database Firewall machine in VirtualBox Manager and click on start ico
====
Register the Database Firewall in the Audit Vault Server 12.1.1.1
integrating Audit Vault and Database Firewall.
You must associate each Database Firewall with an Audit Vault Server by specifying the server's certificate and IP address, so that the Audit Vault Server can manage the firewall. If you are using a resilient pair of Audit Vault Servers for high availability, you must associate the firewall to both servers.
Note: You must specify the Audit Vault Server certificate and IP address to the Database Firewall
before you register the firewall in the Audit Vault Server.
Registering database firewall in audit vault server requires 2 steps. They are:
A. Specify the Audit Vault Server certificate and IP address in Database Firewall
B. Register the Database Firewall in the Audit Vault Server
A. To specify the Audit Vault Server certificate and IP address in Database Firewall
1. Log in to the Audit Vault Server as AVADMIN.
2. Copy Audit Vault Server certificate.
• Click the Settings tab.
• In the Security menu, click Certificate. The server’s certificate is displayed.
• Copy the server’s certificate into your clipboard or into a text file (if you use a text file it must be securely deleted afterwards). Make sure you also copy the header and footer (-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
Audit Vault certificate:
-----BEGIN CERTIFICATE-----
MIIFlzCCA3+gAwIBAgIJAK13Xmyu3+j2MA0GCSqGSIb3DQEBBQUAMDsxOTA3BgNV
BAMMMEFWU19DQV9DZXJ0LTkwZGJhOTYwLTU0ODUtNGY0My1iYmMxLTM1OTg3ODk3
N2U3ZTAeFw0xNTExMjUwODE3MzJaFw0yNTExMjIwODE3MzJaMDsxOTA3BgNVBAMM
MEFWU19DQV9DZXJ0LTkwZGJhOTYwLTU0ODUtNGY0My1iYmMxLTM1OTg3ODk3N2U3
ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJQgf/z9g+3S1Xh3PkwO
HCEWbQk8VsIBczwGka3Xa8muASkKpLzJ4RGr4Dy/5EyJ5irAdDcdIhAb05HYZFwk
PAJn+3TRXT2MFJ1NG6hwytDEZo82n5Ruhmlx/oJAoTbczFswK9R3i7ePKG6JHkqj
CLgUFqBxS1PhFOz8m2vfn8pblq1h/mpYmzJOrnfZLSarPCx/rpM6lRna+xK/ulzW
Bp8ndMAecQ03iyrLiTsM0QR4WhSM07WOob2HUO+f17Cz5w/+GG3tsxIbUiGbHy+7
GALjSBK57x35iw7RsMK0eu0KlVuR6V3RYBFQ3vvWbT254fh9TRQuuo8mkyVkg5aW
WDMq2cKHTO74R/n0XDZ3XtmHVg35jWgHK0v7NxCx4RSdxFh7ryoP+rsEMIZ5AisC
THh/L8xWej1jS2AOtP5POl7J+fsfmPhUGGMLCmvQSw9zzibqc96iDg9Dsvii73q3
59yModzaJw+Q/0fQ4j3zqDOpqcKIk5zjrMGVCa/zr9AVDQ53h+eMZ4t28mVAZdZL
uJf20j82Zybq/lrjqKHDBqFue48A2VFGGoIn5xehZuqEkWvP5S/j3K9tig21CJQ9
Up4c555O0edrbmzGcXNXjoHeYKSll6z5c+euqzEoGnLtoUOAwdPDsfHaSzDPCtf8
6x/qTD3zSPP/1NW4cZ2QUm+pAgMBAAGjgZ0wgZowHQYDVR0OBBYEFFsOZMD9taTw
310oN2M/obLdmEnxMGsGA1UdIwRkMGKAFFsOZMD9taTw310oN2M/obLdmEnxoT+k
PTA7MTkwNwYDVQQDDDBBVlNfQ0FfQ2VydC05MGRiYTk2MC01NDg1LTRmNDMtYmJj
MS0zNTk4Nzg5NzdlN2WCCQCtd15srt/o9jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBQUAA4ICAQA2BBpzM3xyljZGrNVHi/WfVpcXrj8pRpnXGuAZpBHrvjmO6VNG
Ft3tH2/SGr65W589Q8PXzhou+WFtI7IzJ3GLYgJYBbFOjLhGPfCMKdJtWvzKcmUu
I15CkbqKlNFGQc/8x/9vRctC6tE/dD7rbKv8v1z1blAcMJHNTOqXRd8lxSMGcO/u
SQcYgE+qljXhlQjL1AocFhhFsk8IF5R0AW7B8sajA9VjewV3572mg0eyLuijH2Vd
22sWZPtSWD0mhU3qPT5SKGfJmLu7BX58vbUVH5LxeoXtdQ+bsMMvXGMXxjVjUMEz
nAE/HZFbKoowPe5OuwvINpUC77s4xL4O12XDkzwcJc498jNgpEKWiF4+QcyIT3n7
BgbIhndDrfygsNKL2R9r30Wv1bkaBQKQDtDKJaUJzvUAhemUzd8nBcSQ5BDshjNp
pjfVPlIfHXPoHAVkFgUceYfTpn0JrAc9sn99Db2Enp+0ynzbaut3g1IJ8ZJfXsZf
7b5I2is8K9mPar0XienaevD+fFNcJ6aG1Q1oNBPoBxiatHAiq5Gf/ho1ZFS0GM2C
fAGjWKr/BPjiDM76HpvMcywhmGAl07GcJ9CNAC8gRawDvfCP6Ue02u1NLCaqF/Pa
TTMtg2e6lfin8RviYE/o92nbFkWa+GUUTTZJYBTxWTx5O/uHr1LPpMcpxA==
-----END CERTIFICATE----
3. Log in to the Database Firewall administration console.
4. In the System menu, click Audit Vault Server.
• Enter the IP Address of the Audit Vault Server: 192.168.169.21
• Paste the Audit Vault Server’s Certificate in the next field.
• Click on "Apply" button.
B. Register the Database Firewall in the Audit Vault Server
You must register the Database Firewall in the Audit Vault Server in order to enable communication between the two. To register a Database Firewall in the Audit Vault Server:
1. Log in to the Audit Vault Server as an administrator (AVADMIN)
2. Register Database Firewall in Audit Vault Server
• Click on "Firewall" tab.
• Click on "Register" button. This will open new page.
3. Save Registration
• Enter name of the Database Firewall in the "Name" field.
• Enter IP Address of the Database Firewall in the "Address" field. It is preferred to use the actual hostname for the firewall that you had set earlier. It makes it easier to keep track of servers in production environment.
• Click on "Save" button.
In the above screen the user logged in is fmwadmin . create user fwadmin ..and copy the vault server ceritvicate to fw console ..then try registering . it will work
4. Registered Firewalls
• You will see screen like in below screenshot if you have successfully completed above steps.
5. Test Database Firewall Diagnostics
• Click on "Settings => Status => Test Diagnostics" to ensure that everything is running correctly.
• Everything should have a green "OK" next to it like in the next screenshot.
6. Check Database Firewall Status
• Click on Home, and check the firewall status.
• If the status is "GREEN" then all set up correctly.
• If there is an error message that indicates that there is a problem with the certificate, check that the date and time are the same on the Audit Vault server and the Database Firewall Appliance.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment