Last year in October Oracle released the Oracle Database Security Assessment Tool (DBSAT) to analyzes database configurations and security policies to improve the security in your environment.
Real benefits
- quickly identify security configuration errors in the database environment
- lauch Security best practices
- increase the security level of your Oracle Databases
- reduce the attack and exposure risk
What does DBSAT check
- User Accounts, Privileges and Roles
- Authorization Control
- Data Encryption
- Fine-grained Access Control
- Auditing Policies
- Database Configuration
- Listener Configuration
- Operating System*
Installation and Requirements
DBSAT runs on
Solaris x64 and Solaris SPARC
Linux x86-64
Windows x64
HP-UX IA (64-bit)
IBM AIX & zSeries Based Linux
Supported Database Versions
on Oracle Database 10.2.0.5 and later releases.
Download DBSAT
Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1)
Installation and Setup
create directory on the target System
mkdir -p /home/oracle/dbsat
unzip dbsat.zip
unzip dbsat.zip -d /home/oracle/dbsat
cd /home/oracle/dbsat
Run the Collector
Set your Oracle environment
./dbsat collect „sys/manager as sysdba“ orcl
DBSAT Collector completed successfully.
Calling /u01/app/oracle/product/12.1.0/dbhome_1/bin/zip to encrypt orcl.json…
Enter password:
Verify password:
adding: orcl.json (deflated 87%)
zip completed successfully
The .json file was created and is the base of the report
Create the report
./dbsat report orcl
Archive: orcl.zip
[orcl.zip] orcl.json password:
inflating: orcl.json
Database Security Assessment Tool version 1.0.2 (October 2016)
DBSAT Reporter ran successfully.
Calling /usr/bin/zip to encrypt the generated reports…
Enter password:
Verify password:
adding: orcl.txt (deflated 76%)
adding: orcl.html (deflated 82%)
adding: orcl.xlsx (deflated 3%)
zip completed successfully.
-rw——-. 1 oracle oracle 63075 Feb 1 22:22 orcl_report.zip
Transfer the files to your local PC
Here an example I converted the XLS File as PDF
Start reviewing the security report and fix the critical findings
Summary
- easy and fast setup
- really good reports in different layout (html, csv, etc.)
- fix real security issues
- no extra costs if you have a support contract
- findings are highlighted (green, red, yellow, blue)
Note
While running dbsat in a 12c Multitenant environment you must create the report on every PDB, otherwise you will get only a report from the CDB
Try it and have fun :-)