Главная » Linux

Host monitor для linux

Содержание
  1. 7 Enabling and Using Host Monitoring
  2. About Host Monitoring
  3. Installing and Enabling Host Monitoring
  4. Prerequisites for Host Monitoring
  5. Step 1: Register the Computer that will Run the Host Monitor
  6. Step 2: Deploy the Audit Vault Agent and Install the Host Monitor
  7. Deploying the Agent a nd Host Monitor on Windows Hosts
  8. Deploying the Agent and Host Monitor on Linux Hosts
  9. Step 3: Create a Secured Target for the Host-Monitored Database
  10. Step 4: Create an Enforcement Point in DAM Mode
  11. Step 5: Create a NETWORK Audit Trail
  12. 7 Enabling and Using Host Monitoring
  13. 7.1 About Host Monitoring
  14. 7.2 Installing and Enabling Host Monitoring
  15. 7.2.1 Host Monitor Requirements
  16. 7.2.2 Register the Computer that will Run the Host Monitor
  17. 7.2.3 Deploying the Agent and Host Monitor on Microsoft Windows Hosts

7 Enabling and Using Host Monitoring

About Host Monitoring

Ho st monitoring is designed for situations in which you have many small databases in a distributed environment, and you want Oracle AVDF to monitor SQL traffic to all of these databases centrally with one Database Firewall. This allows flexibility in the choice of the network point at which the traffic is monitored. For example, this is helpful in situations where it is not easy to route the traffic through a bridge or to get it from a mirror port.

The host monitor captures the SQL traffic from the network card and sends it over the network to a Database Firewall. This SQL data is then available for reports generated by Oracle AVDF. Host monitoring is used only for monitoring SQL traffic (DAM mode) and cannot be used to block or substitute SQL statements.

To use host monitoring, you deploy the Audit Vault Agent on the host machine that you want to deploy the host monitor on, usually the same machine as the database. For larger databases, the SQL traffic captured by a host monitor will increase network traffic. In this case, you can install the host monitoring software onto a server that is different from the database server. Then you must use a spanning port to connect this database server to the server used for the host monitor.

You can use one Database Firewall to monitor multiple secured target databases on the same host using one host monitor installation. To do this, you create an enforcement point in DAM mode, and a NETWORK audit trail, for each secured target.

To monitor all network traffic for a secured target, the Oracle AVDF auditor must select a firewall policy that will log events, for example, Log Unique . See Oracle Audit Vault and Database Firewall Auditor’s Guide for instructions.

Host monitoring is supported on Linux and Windows platforms, and can monitor any database supported by the Database Firewall. See Table B-1 for supported databases.

Installing and Enabling Host Monitoring

Prerequisites for Host Monitoring

The host mon itor runs on Linux and Windows x8 6-64 platforms. The host monitor is not supported on 32-bit platforms. For additional details and the latest supported plat form matrix, see Article 1536380.1 at the Oracle Support website: https://support.oracle.com

The host m achine on which the host monitor will run must have the following (these may be in any of the system default directories such as /usr/lib , /lib , or /lib64 on a linux system):

OpenSSL — Full version (not «Light»). See http://www.openssl.org/ .

For Windows: OpenSSL 1.0.1c or higher

For Linux: OpenSSL 0.9.8i or higher

For Linux hosts: The libpcap library, version 0.9.4 or higher. See http://www.tcpdump.org/ . Install the following packages on the host computer:

For example, on an Oracle Linux system execute the following command as root :

yum -y install libpcap libpcap-devel

For Windows hosts: The wincap library, version 4.1.2 or higher. See http://www.winpcap.org/ .

Step 1: Register the Computer that will Run the Host Monitor

To register a host in the Audit Vault Server, see «Registering Hosts in the Audit Vault Server».

Step 2: Deploy the Audit Vault Agent and Install the Host Monitor

Deploying the Agent a nd Host Monitor on Windows Hosts

For Windows hosts, the host monitor is automatically installed when the Audit Vault Agent is deployed. See «Deploying the Audit Vault Agent on the Host Computer».

Deploying the Agent and Host Monitor on Linux Hosts

Follow one of the procedures below depending on which version of Oracle AVDF you have installed:

Читайте также:  Почему не устанавливается тема windows

Installing a Host Monitor in Oracle AVDF 12.1.2 on Linux Hosts

To install the Host Monitor:

If you have not already done so, deploy the Audit Vault Agent. See «Deploying the Audit Vault Agent on the Host Computer».

Log in as root and identify a root -owned directory on the local hard disk, such as /usr/local , where you will install the host monitor.

Note: The entire directory hierarchy must be root -owned, and must not contain any directories with write permission for other users or group.

Log in to the Audit Vault Server console as an administrator, click the Hosts tab, and then click Agent .

Click the Download button next to Host Monitor (Linux x86-64) , and then save the .zip file to the root -owned directory (on the local hard disk) you identified in Step 2, for example /usr/local .

As root user, unzip the host monitor file.

This creates a directory named hm . This is your HM_Home directory, which in this example is /usr/local/hm .

Ensure that the hostmonsetup file (in the hm directory) has execute permission.

Run the following command:

HM_Home — The directory created in Step 5.

Agent_Home — Enter the Audit Vault Agent installation directory.

Agent_Username — Enter the username of the user who installed the Audit Vault Agent (the user who executed the java -jar agent.jar command).

Agent_Group — Enter the group to which the Agent_Username belongs.

Installing a Host Monitor in Oracle AVDF 12.1.1 on Linux Hosts

To install the Host Monitor:

If you have not already done so, deploy the Audit Vault Agent. See «Deploying and Activating the Audit Vault Agent on Host Computers».

Log in as root and identify a root -owned directory on the local hard disk, such as /usr/local , where you will install the host monitor.

Copy the two host monitor .zip files from the Agent_Home /stage/plugins directory, for example:

The file names should match your supported Linux platform.

Place the copied files in the root -owned directory (on the local hard disk) that you identified in Step 2, and unzip them.

This creates a directory named hm . This is your HM_Home directory, which in this example is /usr/local/hm .

Ensure that the hostmonsetup file permissions include execute .

Run the following command:

Step 3: Create a Secured Target for the Host-Monitored Database

Step 4: Create an Enforcement Point in DAM Mode

You must create an enforcement point in the Audit Vault Server for each database that you will monitor remotely with a host monitor. This enforcement point must use Database Activity Monitoring (DAM) as the Monitoring Mode . See «Configuring Enforcement Points».

Step 5: Create a NETWORK Audit Trail

Create an audit trail for each secured target you are monitoring with a host monitor, specifying the following:

For Audit Trail Type , select NETWORK .

(AVDF 12.1.1 only) For Trail Location , enter NETWORK .

For instructions for adding audit trails see «Adding an Audit Trail in the Audit Vault Server».

Источник

7 Enabling and Using Host Monitoring

7.1 About Host Monitoring

Host monitoring is designed for situations in which you have many small databases in a distributed environment, and you want Oracle Audit Vault and Database Firewall to monitor SQL traffic to all of these databases centrally with one Database Firewall. This allows flexibility in the choice of the network point at which the traffic is monitored. For example, this is helpful in situations where it is not easy to route the traffic through a bridge or to get it from a mirror port.

The host monitor captures the SQL traffic from the network card and sends it over the network to a Database Firewall. This SQL data is then available for reports generated by Oracle Audit Vault and Database Firewall. Host monitoring is used only for monitoring SQL traffic (DAM mode) and cannot be used to block or substitute SQL statements.

To use Host Monitor, you deploy the Audit Vault Agent on the host machine on which you want to deploy the Host Monitor. It should be the same machine as the database. For larger databases, the SQL traffic captured by a host monitor will increase network traffic. In this case, you can install the host monitoring software onto a server that is different from the database server. It is recommended to use a spanning port to connect this database server to the server used for the Host Monitor.

Читайте также:  Виснет мой компьютер windows 10

You can use one Database Firewall to monitor multiple secured target databases on the same host using one host monitor installation. To do this, you create an enforcement point in DAM mode, and a NETWORK audit trail, for each secured target.

To monitor all network traffic for a secured target, the Oracle Audit Vault and Database Firewall auditor must select a firewall policy that will log events, for example, Log Unique .

Host monitoring is supported on Linux, Solaris, AIX, and Windows platforms, and can monitor any database supported by the Database Firewall. See Table B-1 for supported databases.

Host Monitor Agent supports link type Solaris IPNET on Oracle Solaris SPARC64 and x86-64.

Host Monitor Agent supports Ethernet (EN10MB) link type for all supported platforms.

7.2 Installing and Enabling Host Monitoring

7.2.1 Host Monitor Requirements

Host Monitor enables the Database Firewall to directly monitor SQL traffic in a database.

Recommended requirements for installing Host Monitor:

  1. User installing the Host Monitor must have root privileges.
  2. Ensure Audit Vault Agent is running on the host machine.

Ensure the latest version of the following packages from the OS vendor for the specific OS version are installed on the host machine:

  • Libcap (for Linux hosts only)
  • LibPcap
  • OpenSSL
  • Ensure gmake is installed. This is required for Host Monitor to run successfully.
  • Verify and allow communication on ports 2050 — 5100 for Database Firewall.
  • Check directory permissions. All the directories in the path of the Host Monitor install location should have 755 as the permission bits starting from the root directory. Also, Host Monitor must be installed in a root owned location.

    • Specific requirements for installing Host Monitor on Windows platform:

    1. Host Monitor must be installed by user belonging to Administrator group.
    2. Install Npcap that is available in the avdf12.2.0.13.0-utility.zip bundle in ARU. It is part of the Oracle Audit Vault and Database Firewall installable files. Ensure to install Npcap in WinPcap-API-compatible mode.
    3. Install the latest version of OpenSSL (1.1.1g or higher) libraries. Use OpenSSL version 1.1.1i for release Oracle AVDF 12.2.0.14.0.
    4. Ensure the Windows target machine has the latest update of Visual C++ Redistributable for Visual Studio 2010 ( MSVCRT.dll (*) or later) package installed. This is a must to use Host Monitor on Windows.

    Specific requirements for installing Host Monitor on Linux/Unix/AIX/Solaris platforms:

    1. Host Monitor must be installed by root user.
    2. Ensure the Input Output Completion Ports (IOCP) is set to available for IBM AIX on Power Systems (64-bit). It is set to defined by default.
    3. Ensure Libcap is installed for Linux hosts.

    Enabling and Using Host Monitoring for host monitoring instructions and prerequisites.

    7.2.2 Register the Computer that will Run the Host Monitor

    To register a host in the Audit Vault Server, see «Registering Hosts in the Audit Vault Server» .

    7.2.3 Deploying the Agent and Host Monitor on Microsoft Windows Hosts

    Oracle Audit Vault and Database Firewall 12.2.0.13.0 (and later) supports Host Monitoring on Windows. This functionality is supported by additionally installing OpenSSL and Npcap. This section contains the necessary details to be followed before upgrading from older releases in 12.2 (other than 12.2.0.11.0, 12.2.0.12.0), or for a fresh installation of 12.2.0.13.0 (or later).

    OpenSSL 1.1.1g or a higher version must be installed on the Windows host machine. Use OpenSSL 1.1.1i for release Oracle AVDF 12.2.0.14.0. Follow these steps to make system related changes before installing OpenSSL:

    1. In the Windows machine, navigate to Control Panel .
    2. Click System , and then click Advanced system settings .
    3. In the Advanced tab, click on Environment Variables button.
    4. The Environment Variables dialog is displayed. In the System variables box , select Path under the Variable column.
    5. Click Edit button. The Edit environment variable dialog is displayed.

    Add the location of the OpenSSL bin directory at the beginning of the Path variable.

    While installing OpenSSL on Windows machine, you are prompted to choose a location to copy the OpenSSL DLLs as an additional configuration step. It is recommended that you choose the Windows System Directory option, as this location is added to the Path environment variable on Windows machine by default. Else, if you choose the OpenSSL bin directory option, then ensure the location is added to the Path environment variable.

    New Installation of Host Monitor for Windows

    Host Monitoring on Windows functionality is supported by additionally installing Npcap. Follow these steps to install Npcap for a fresh installation of Host Monitor in release 12.2.0.13.0 (or later):

    1. Log in to ARU.
    2. Install Npcap that is available in the utility.zip bundle in Oracle Software Delivery Cloud. It is part of the Oracle Audit Vault and Database Firewall installable files.

    Complete the Npcap installation on the Windows host machine. Ensure to install in WinPcap-API-compatible mode.

    Installing Npcap in WinPcap API compatible mode removes any existing installation of WinPcap from the Windows machine.

    In addition to the Windows System directory, Npcap copies the DLL files to the Npcap sub-directory inside the Windows System directory. Do not remove the DLL files from the Windows System directory.

    Installing Npcap in WinPcap API compatible mode, adds the Npcap DLL files to the Windows System directory which is already there in the system Path environment variable.

    Optionally add the Npcap sub directory inside the Windows System directory to the Path environment variable, by following the steps below:

    1. Navigate to Control Panel .
    2. Click System , and then click Advanced system settings .
    3. In the Advanced tab, click on Environment Variables button.
    4. The Environment Variables dialog is displayed. In the System variables box , select Path under the Variable column.
    5. Click Edit button. The Edit environment variable dialog is displayed.
    6. Add the location of the Npcap DLL files at the beginning of the Path variable. For example: C:\Windows\System32\Npcap
    7. Click OK to save the changes, and then exit all the dialogs.
  • Confirm the changes in the Path environment variable.

    • Upgrading Host Monitor on Windows

    Host Monitoring on Windows functionality is supported by additionally installing Npcap. Follow these steps to continue using Host Monitor on Windows on releases 12.2.0.9.0; 12.2.0.10.0; or 12.2.0.13.0; before upgrading to Oracle AVDF release 12.2.0.14.0:

    1. Stop the Audit Vault Agent running on the Windows host machine.
    2. Log in to the Audit Vault Server console.
    3. Verify the audit trails and the Audit Vault Agent are in STOPPED state.
    4. Log in to ARU, and download Npcap software that is available with Oracle AVDF utility.zip bundle of the specific release.

    Complete the Npcap installation on the Windows host machine. Ensure to install in WinPcap-API-compatible mode.

    Installing Npcap in WinPcap API compatible mode removes any existing installation of WinPcap/Npcap from the Windows machine.

    In addition to the Windows System directory, Npcap copies the DLL files to the Npcap sub-directory inside the Windows System directory. Do not remove the DLL files from the Windows System directory.

    Installing Npcap in WinPcap API compatible mode, adds the Npcap DLL files to the Windows System directory which is already there in the system Path environment variable.

    Optionally add the Npcap sub-directory inside the Windows System directory to the Path environment variable, by following the steps below:

    1. Navigate to Control Panel .
    2. Click System , and then click Advanced system settings .
    3. In the Advanced tab, click on Environment Variables button.
    4. The Environment Variables dialog is displayed. In the System variables box , select Path under the Variable column.
    5. Click Edit button. The Edit environment variable dialog is displayed.
    6. Add the location of the Npcap DLL files at the beginning of the Path variable. For example: C:\Windows\System32\Npcap
    7. Click OK to save the changes, and then exit all the dialogs.
  • Confirm the changes in the Path environment variable.
  • Restart the Audit Vault Agent on the Windows host machine.
  • The Host Monitor is now powered by Npcap during runtime. Verify the network trail collection.
  • Proceed with the appliance upgrade.
    • Ensure the audit trails and the Audit Vault Agent are in STOPPED state, before installing Npcap. Else, an error may be encountered.
    • Do not delete the DLL files as they are created newly by Npcap installation.

    Источник

    Читайте также:  Windows поиск по дате съемки
    Оцените статью
    © 2024 Советы по настройке компьютера