Oracle Database Security Assessment Tool
Oracle Database Audit Oracle Database Security Assessment Tool
Oracle Database: Database Audit using the Oracle Database Security Assessment Tool (DBSAT)
#security #oracle #compliance #database #audit
The Oracle DBSAT consists of the following components:
Collector:
The Collector executes SQL queries and runs operating system commands to collect data from
the system to be assessed. It does this primarily by querying database dictionary views.
The collected data is written to a JSON file that is used by the DBSAT Reporter in the
analysis phase.
Reporter:
The Reporter analyzes the collected data and generates the Oracle Database Security
Assessment Report in HTML, Excel, JSON, and Text formats.
Discoverer:
The Discoverer executes SQL queries and collects data from the system to be assessed,
based on the settings specified in the configuration files.
It does this primarily by querying database dictionary views.
The collected data is then used to generate the Oracle Database Sensitive Data Assessment
Report in HTML and CSV formats.
Supported Operating Systems:
- Solaris x64 and Solaris SPARC64
- Linux x86-64
- Windows x64
- HP-UX IA (64-bit)
- IBM AIX (64-bit) & Linux on z Series (64-bit)
Supported Database Versions:
Oracle Database 11.2.0.4 and later releases on on-premises or in the Cloud,
Oracle Database Standard Edition 2 and Oracle Database Enterprise Edition.
Oracle DBSAT can also be run against Autonomous Databases (Shared and Dedicated) and
Oracle Cloud DBCS (DBSystems EE/HP/EP).
Collector Prerequisites:
Oracle DBSAT Collector must be run on the server that contains the database
Oracle DBSAT Collector must be run as an OS user with read permissions on files and
directories under ORACLE_HOME
Reporter Prerequisites:
The Reporter is a platform-independent Python program and
requires Python 2.6 or later to run.
Discoverer Prerequisites:
The Discoverer is a Java program and requires the Java Runtime Environment
(JRE) 1.8 (jdk8-u172) or later to run.
To run the Collector:
Format: $ dbsat collect database_connect_string output_file
$ ./dbsat collect -n system@PRIM output_PRIM
To run the Reporter:
Check that Python version is 2.6 or later is installed
$ python -V
Python 2.7.5
Specify the arguments to run the Reporter
Format: $ dbsat report [-a] [-n] [-g] [-x section] input_file
Example: will include -a for all accounts
[oracle@primsrv dbsat]$ ./dbsat report -a -n output_PRIM
View Oracle Database Security Assessment Report:
HTML,
Excel,
JSON, and
Text formats.
Configuring the Discoverer
Access the directory where Oracle DBSAT is installed,
Navigate to the Discover/conf directory,
Make a copy of the sample_dbsat.config file and rename the file to match your requirements.
For example, you can rename the file to custom_dbsat.config,
Open custom_dbsat.config and make the necessary Configuration Settings changes to...
$ ./dbsat discover -c Discover/conf/prim_dbsat.config PRIM
Follow me:
----------
LinkedIn: / atsohmofor
Twitter: / bindag OR @Bindag
email: bobsukki@gmail.com
Telegram: NI TSOH
RU-vid: / @bobsukki OR NI TSOH
20 апр 2022
