Downloading and Installing Oracle Audit Vault and Database Firewall

3 Downloading and Installing Oracle Audit Vault and Database Firewall

Learn how to download and install Oracle Audit Vault and Database Firewall (Oracle AVDF).

3.1 About Oracle Audit Vault and Database Firewall Installation

Understand the process for installing Oracle Audit Vault and Database Firewall (Oracle AVDF).

Here are the steps for installing Oracle AVDF:

Understand the Oracle Audit Vault and Database Firewall components to be installed.
Plan the system configuration that best suits your needs.
Ensure that your system meets the pre-install requirements.
Complete the installation of Audit Vault Server.
Complete the installation of Database Firewall.
Complete the post-install configuration tasks.
Complete the registration of hosts and deployment of Agent.
Complete the registration of targets for audit collection and Database Firewall monitoring.

Note:

The Audit Vault Server and the Database Firewall server are software appliances. You must not make any changes to the Linux operating system through the command line on these servers unless following official Oracle documentation or under guidance from Oracle Support.

3.2 Downloading and Verifying Oracle AVDF Software

Learn about downloading and verifying the software to install Oracle Audit Vault and Database Firewall.

For a fresh installation, you can download the Oracle Audit Vault and Database Firewall software from the Oracle Software Delivery Cloud. You cannot use this package to upgrade. To perform an upgrade from an existing deployment, you can download the upgrade software from the My Oracle Support website.

3.2.1 Downloading the Audit Vault and Database Firewall Software

For a fresh installation of Oracle Audit Vault and Database Firewall, you need to download the software from the Oracle Software Delivery Cloud

Use a web browser to access the Oracle Software Delivery Cloud portal:
https://edelivery.oracle.com
Click Sign In, and if prompted, enter your User ID and Password.
In the All Categories menu, select Release. In the next field, enter Oracle Audit Vault and Database Firewall, and then click Search.
From the list that is displayed, select the Oracle Audit Vault and Database Firewall version you want to install. Or click the Select icon that appears against the specific release.
The download is added to your cart. To check the cart contents, click View Items or Continue in the upper right of the screen.
In the next page, verify the details of the installation package, and then click Continue.

Read the Oracle Standard Terms and Restrictions displayed on the page. Select I reviewed and accept the Oracle License Agreement check box, and then click Continue.

The download page appears and displays the list of ISO files for Oracle Audit Vault and Database Firewall.

Audit vault Server install:

Oracle AVDF 20.4 and later Oracle AVDF 20.1 to 20.3

Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Audit Vault Server

Note: Starting with Oracle AVDF 20.4, there is a single Audit Vault Server ISO file and there is no need to concatenate.

Audit Vault Server installer file is split into 3 parts or files as follows:

Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Audit Vault Server - Part 1 of 3 (MUST DOWNLOAD ALL THE 3 PARTS AND CONCATENATE BEFORE ATTEMPTING INSTALLATION)
Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Audit Vault Server - Part 2 of 3 (MUST DOWNLOAD ALL THE 3 PARTS AND CONCATENATE BEFORE ATTEMPTING INSTALLATION)
Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Audit Vault Server - Part 3 of 3 (MUST DOWNLOAD ALL THE 3 PARTS AND CONCATENATE BEFORE ATTEMPTING INSTALLATION)

Note: Concatenate all the three ISO files to get Audit Vault Server 20.x ISO (avdf-install.iso) before proceeding with installation.

Database Firewall install:
Vpart_number.iso Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Database Firewall

Note:
Verify the checksum value for both (the Audit Vault Server ISO file and the Database Firewall ISO file). In case of any error or mismatch in the checksum values, download the ISO files and validate the checksum values again.
Database Firewall utility:
Vpart_number.zip Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Utilities. This bundle contains the following files:
- Npcap installer required for Host Monitoring on Windows: npcap-utility.zip
- Database Firewall utilities to examine Native Network Encryption traffic for Oracle Database and to gather session information from other database types: dbfw-utility.zip
- Utilities_README: Instructions for deploying Npcap and Database Firewall utilities patch.

Deprecated cipher utility bundle:

Oracle AVDF 20.4 and later Oracle AVDF 20.1 to 20.3

Not applicable.

Vpart_number.zip Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Deprecated-Cipher-Removal Utility

Note: Apply the deprecated cipher removal patch on Audit Vault Server 20.x after installation.

This is optional. However, it is highly recommended.

Vpart_number.pdf Oracle Audit Vault and Database Firewall 20.x.0.0.0 - Release Notes

Next to the Print button, click View Digest Details.
The listing for the ISO files expands to display the SHA-1 and SHA-256 checksum reference numbers for each ISO file.
Click Download. The Download Manager Installation screen is displayed. The size of the combined ISO files exceeds 11 GB, and takes time to download, depending on the network speed. The estimated download time and speed are displayed in the File Download dialog box.
Click Download the installer, and then click Save File.
Choose a location to save the ISO files. Click Save.
Alternately, you can save each file individually by clicking its name and then specifying a location for the download.

(For Oracle AVDF 20.3 and earlier) Combine the three AVS ISO files into one ISO file.

Linux:

# cat <part1 file name>.iso <part2 file name>.iso <part3 file name>.iso > avdf-install.iso

Microsoft Windows:

copy /b <part1 file name>.iso+<part2 file name>.iso+<part3 file name>.iso avdf-install.iso

After you have successfully downloaded the Audit Vault and Database Firewall software, you will need to generate the checksum values.

3.2.2 Generating the Checksum Values

After downloading the Audit Vault and Database Firewall software, you need to generate the checksum values.

After the ISO files are downloaded to the specified location, generate a SHA256 checksum for the combined Audit Vault Server ISO file and the Database Firewall ISO file. For Oracle AVDF 20.4 and later, there is a single Audit Vault Server ISO file. For example, on a Linux machine run the following command to generate the checksum:
```
$ sha256sum Vpart_number.iso
```
Note:
Ensure that the checksum matches the value specified in the Release Notes document that is available along with the installable files. In case of any error or mismatch in the checksum values, download the ISO files again, concatenate the Audit Vault Server ISO file (for Oracle AVDF 20.3 and earlier), and validate the checksum values again. For Oracle AVDF 20.4 and later, there is a single Audit Vault Server ISO file and there is no need to concatenate.

3.2.3 Copying the ISO Image to External Media

Optionally, the combined Audit Vault Server ISO image (or single Audit Vault Server image for Oracle AVDF 20.4 and later) or the DBFW ISO image can be copied to another media, like USB. If the files are copied to a Linux based USB medium, then execute these steps.

Execute the following command to open the Linux terminal:
```
sudo su -
```
Execute the following command to discover the USB device:
```
lsblk
```
Execute the following command to erase the data on the USB device:
```
dd if=/dev/zero of=/dev/<USB device> status=progress conv=fdatasync
```
Execute the following command to copy the iso file directly to the USB device:
```
dd if=avdf-install.iso of=/dev/<USB device> status=progress conv=fdatasync
```
Boot the system using the USB device. Ensure the appliance is configured to boot from the USB device.
If the files are copied to a Windows (EFI only - Extensible Firmware Interface) based USB medium, then execute these steps:
1. Execute the following command to open the Windows command prompt and to load the diskpart:
```
diskpart
```
2. Execute the following command to discover the USB device:
```
list disk
```
3. Execute the following command to select the USB device:
```
select disk 1
```
4. Execute the following commands to erase or format the data on the USB device:
```
clean
```
```
create partition primary
```
```
format fs=fat32 label=AVS_20_<x>_0_0_0
```
  Or
```
format fs=fat32 label=DBFW_20_<x>_0_0_0
```
  Where x is the specific RU release number in Oracle AVDF. For example, use AVS_20_4_0_0_0 or DBFW_20_4_0_0_0 for Oracle AVDF 20.4 (20 RU4).
5. Execute the following command to add Master Boot Record (MBR) to the USB device:
```
active
```
6. Execute the following command to exit the diskpart:
```
exit
```

3.3 Installing Audit Vault Server or Database Firewall

Steps for installing Audit Vault Server or Database Firewall.

Audit Vault Server and Database Firewall are delivered as software appliance images, ready to be deployed on physical machines or on virtual machines (VM). Start with the installation of Audit Vault Server and later install Database Firewall.

Note:

For Oracle AVDF 20.4 and later, the Audit Vault Server ISO is a single file and there is no need to concatenate. You must combine the downloaded Audit Vault Server ISO files (for Oracle AVDF 20.3 and earlier) into a single ISO file, before starting the Audit Vault Server installation.
If you are installing Audit Vault Server on VMware, then set the VMX configuration parameter disk.EnableUUID to TRUE. Also, you must set your virtual machine to use EFI boot. In some versions of VMware this is done by selecting the VM Options tab, then expanding Boot Options, and then setting the firmware to EFI. You must disable secure boot.Without this setting, the Audit Vault Server installation on VMware will fail.

Choose the .iso file depending on whether you are installing on a Virtual Machine or a physical machine.
Note:
- In case the .iso file is available on the USB device, then ensure to boot the machine using the bootable USB disk created in the previous section to complete the installation.
- In case the .iso file is available remotely on another host, then attach the .iso file using remote installation tools to complete the installation.
The system boots and the initial splash screen appears. It indicates the release number you are installing.
Press the Enter key. The installation proceeds.
Enter the new root password when prompted for change.
Enter the same password when prompted for confirmation.

The system installs the operating system and then reboots.
Continue with the installation and sign in as root user on the console when prompted.

Caution:
Logging in as root during install or upgrade uses tmux, a terminal multiplexer, to display persistent information. A user with access to these screens can create new root shells. If you plan to leave the session unattended, Oracle recommends disconnecting from the blue screen by using the CTRL-b d command. To reconnect, log in as root once more.

The installation continues with the following prompts on the screen one after another:

Installing AVDF bootstrap
Beginning installation of Audit Vault Server dependencies
Creating repository.
Relinking Oracle Database
Installing AVS application.
OR
Installing Database Firewall.
Migrating repository to ASM storage
Updating Oracle Audit Vault and Database Firewall data
Updating UI

....

The installer prompts for network configuration. Select the appropriate network interfaces and click OK.
The following Network settings screen appears.

Description of the illustration install-network-settings.png
Enter the following fields:
1. IP Address of the network interface
2. Network Mask
3. Gateway: Enter the IP address of the network interface if a gateway is required. Else, clear the field before saving.
Press OK.
Upon completion of the network settings, the installation continues.

Upon successful installation of Audit Vault Server, the following example (for Oracle AVDF 20.1) message is displayed:

Audit Vault Server 20.1.0.0.0 installation has completed.
Post install configuration steps must be completed using the
appliance administration console ...

Press OK. The installation of Audit Vault Server is complete.
Upon successful installation of Database Firewall, the following example (for Oracle AVDF 20.1) message is displayed:
Oracle Database Firewall 20.1.0.0.0 installation has completed.
The installer screen exits and automatically returns to the login prompt.

Note:

The Audit Vault Server and the Database Firewall server are software appliances. You must not make any changes to the Linux operating system through the command line on these servers unless following official Oracle AVDF documentation or under guidance from Oracle Support.

3.4 Installing AVDF on Amazon Web Services (AWS)

Starting with Oracle AVDF 20.13, the installation of AVDF on AWS is supported.

Install the AWS command line interface (CLI).
See Installing or updating to the latest version of the AWS CLI and Setting up the AWS CLI from the AWS documentation for more information.
Create a S3 bucket.
See Create your first S3 bucket from the AWS documentation for more information.
Create a vmimport user and assign it the necessary policies for import.
See Required permissions for VM Import/Export from the AWS documentation for more information.
Upload the AVDF image to the S3 bucket.
```
aws s3 cp your/path/to/image s3://your-bucket-name/image-name.vhd
```
The AVDF image files, avs.vhd and dbfw.vhd, can be found from Oracle Software Delivery Cloud as part of the Audit Vault Server on AWS and Database Firewall on AWS downloads, respectively. You will have to unzip the provided files. See Downloading the Audit Vault and Database Firewall Software for more information.

See the cp entry in the AWS CLI documentation for more information.

Create a container.json file containing the following:

{    
    "Description": "AVDF_AWS_216_IMAGE",
    "Format": "vhd",
    "UserBucket": {
        "S3Bucket": "avdf-images",
        "S3Key": "AVDF_AWS_216.vhd"    
    }
}

Ensure that you change the name of the AVDF image file as necessary.

Create a snapshot from the image file in the S3 bucket. Use the container.json file created in the previous step.
See Importing a disk as a snapshot using VM Import/Export from the AWS documentation for more information.
Create an Amazon Machine Image (AMI) using the snapshot.
See Create an AMI from a snapshot from the AWS documentation for more information.

For the Virtualization type, select hardware virtual machine (HVM).

For the Boot mode, select legacy-bios.
Launch the instance from the AMI image.
See Launch an EC2 instance using the launch instance wizard in the console from the AWS documentation for more information.
Ensure the following:
- Use, at minimum, an c5.xlarge with vCPU: 4 and Memory: 8Gb instance
- For SSH key pairs, generate a ed25519 key
- If using a security group, allow imports from port 22 for SSH and ports 7443 and 443 for HTTP.
Perform the steps in Post Instance Creation Steps
- Audit Vault Server:
  1. Log in to the appliance through SSH and switch to the root user.
    
    See Logging In to Oracle AVDF Appliances Through SSH.
  2. Change root user password by running the following command. The root password is required to troubleshoot the instance using OCI instance console connection.
```
sudo passwd root
```
  3. Generate a one time passphrase by running the command:
```
sudo -u oracle /usr/local/dbfw/bin/generate_post_install_passphrase.py
```
  4. Copy the passphrase that is returned by the above command.
  5. Access the Audit Vault Server console by entering https://<IP address of the instance> as the URL in the browser.
  6. Enter the passphrase copied from the earlier step in the Post Install Authentication page of the Audit Vault Server console.
  7. Fill in the details in the Post Install Configuration page.
  8. In the AVS IP for Agent Communication section, specify the public IP of the Audit Vault Server if you are expecting to collect audit data from any target outside of OCI. See section Deploying Audit Vault Agents for more details.
    
    Note:
    After the post installation step is complete, changing the AVS IP for Agent communication is not supported.
  9. Click Save.
    DNS is automatically set to 169.254.169.254.
    
    See Also:
    DNS in Your Virtual Cloud Network
- Database Firewall:
  1. Log in to the appliance through SSH and switch to the root user.
    
    See Logging In to Oracle AVDF Appliances Through SSH.
  2. Change root user password by running the following command. The root password is required to troubleshoot the instance using OCI instance console connection.
```
sudo passwd root
```
SSH into the instance:
1. Copy the downloaded AWS_SSH.pem file to ~/.ssh/ folder
```
cp AWS_SSH.pem  ~/.ssh/
```
2. Run the following command:
```
ssh -i  “~/.ssh/AWS_SSH.pem” opc@<ip address>
```

Related Topics