Security

Oracle DBSAT first experience

spa1 Kommentar

dbsat_chart

Last year in October Oracle released the Oracle Database Security Assessment Tool (DBSAT) to analyzes database configurations and security policies to improve the security in your environment.

Real benefits

  • quickly identify security configuration errors in the database environment
  • lauch Security best practices
  • increase the security level of your Oracle Databases
  • reduce the attack and exposure risk

What does DBSAT check

  • User Accounts, Privileges and Roles
  • Authorization Control
  • Data Encryption
  • Fine-grained Access Control
  • Auditing Policies
  • Database Configuration
  • Listener Configuration
  • Operating System*

Installation and Requirements

DBSAT runs on
Solaris x64 and Solaris SPARC
Linux x86-64
Windows x64
HP-UX IA (64-bit)
IBM AIX & zSeries Based Linux

Supported Database Versions
on Oracle Database 10.2.0.5 and later releases.

Download DBSAT
Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1)

Installation and Setup

create directory on the target System
mkdir -p /home/oracle/dbsat

unzip dbsat.zip
unzip dbsat.zip -d /home/oracle/dbsat

cd /home/oracle/dbsat

Run the Collector

Set your Oracle environment

./dbsat collect „sys/manager as sysdba“ orcl

DBSAT Collector completed successfully.

Calling /u01/app/oracle/product/12.1.0/dbhome_1/bin/zip to encrypt orcl.json…

Enter password:

Verify password:

  adding: orcl.json (deflated 87%)

zip completed successfully

The .json file was created and is the base of the report

Create the report

./dbsat report orcl

Archive: orcl.zip
[orcl.zip] orcl.json password:
inflating: orcl.json
Database Security Assessment Tool version 1.0.2 (October 2016)
DBSAT Reporter ran successfully.

Calling /usr/bin/zip to encrypt the generated reports…

Enter password:
Verify password:
adding: orcl.txt (deflated 76%)
adding: orcl.html (deflated 82%)
adding: orcl.xlsx (deflated 3%)
zip completed successfully.

-rw——-. 1 oracle oracle 63075 Feb 1 22:22 orcl_report.zip

Transfer the files to your local PC

Here an example  I converted the XLS File as PDF

orcl

Start reviewing the security report and fix the critical findings

Summary

  • easy and fast setup
  • really good reports in  different layout (html, csv, etc.)
  • fix real security issues
  • no extra costs if you have a support contract
  • findings are highlighted (green, red, yellow, blue)

Note

While running dbsat in a 12c Multitenant environment you must create the report on every PDB, otherwise you will get only a report from the CDB

Try it and have fun :-)