This document provides the security configuration and auditing scripts for Oracle E-Business Suite.

The most current version of this document can be obtained in My Oracle Support Knowledge Document 2069190.1.

Section 1: Overview
Section 2: Oracle E-Business Suite Security Configuration Checks
Section 3: Oracle E-Business Suite Auditing Scripts

There is a change log at the end of this document.

Section 1: Overview

This document has two sets of scripts attached: EBSSecConfigChecks.zip and EBSAuditScripts.zip.

EBSSecConfigChecks.zip

EBSSecConfigChecks.zip implements a selection of checks for the advice in the Oracle E-Business Suite Secure Configuration Guide documentation found in:

EBSAuditScripts.zip

EBSAuditScripts.zip is a set of scripts which can be used for configuring, auditing, checking the audit status, or querying audit records through SQL.

Section 2: Oracle E-Business Suite Security Configuration Checks

This section describes the zip archive EBSSecConfigChecks.zip.

EBSSecConfigChecks.sql is a driver that runs all other SQL scripts. The checks implemented in SQL are:

  • Check Profile Errors - EBSCheckProfileErrors.sql
  • Check Profile Warnings - EBSCheckProfileWarnings.sql
  • Check Missing Profiles - EBSCheckProfileMissing.sql
  • Check if new Security Features (in 12.2) are enabled - EBSCheckSecurityFeatures.sql
  • Check Application Users With Default Passwords - EBSCheckUserPasswords.sql
  • Check DB Users With Default Passwords - EBSCheckDBPasswords.sql
  • Secure APPLSYSPUB - EBSCheckApplsyspubPrivs.sql
  • Migrate to Password Hash - EBSCheckHashedPasswords.sql
  • Use Secure Flag on DBC File (Implement Server Security) - EBSCheckServerSecurity.sql
  • Enable Application Tier Secure Socket Layer (SSL) - EBSCheckSSL.sql
  • Encrypt Credit Card Data - EBSCheckCCEncryption.sql
  • Separation of Duties: Review Access To "Sensitive Administrative Pages" - EBSCheckSensitivePageAccess.sql
  • Check status of 12.2 security features - EBSCheckSecurityFeatures.sql

The checks implemented as shell scripts are:

  • Validate that Forms Block Characters is set correctly - EBSCheckFormsBlockChar.sh
  • Turn on ModSecurity - EBSCheckModSecurity.sh

The shell scripts need to be run individually and require curl to be installed and available. Documentation for running these is available by executing them without any arguments.

Installing the SQL Scripts

The EBSSecConfigChecks.zip archive file unzips all the scripts to a new directory EBSSecConfigChecks.

You can install them on either the database server or on the app-tier, they just need SQL*Net connection to the database.

If you downloaded the zip to your home directory you can simply unzip it right there and the run from the new directory:

$ unzip EBSSecConfigChecks.zip
$ cd EBSSecConfigChecks/

Running the SQL Scripts

All the scripts are designed to run as APPS against the database.

You can choose to initially have EBSSecConfigChecks.sql run all the SQL scripts to get an idea of what tasks remain. You can then fix any issues one by one and rerun just the script that pointed out the issue you are currently addressing.

The following is an example of one way to run the script:

$ sqlplus APPS @EBSSecConfigChecks.sql

SQL*Plus: Release …

Copyright (c)…

Enter password:

Connected to:

Oracle Database…

With the Partitioning, OLAP, Data Mining and Real Application Testing options

***************************************************

* Check: Security Profiles: Configuration ERRORS

***************************************************

The EBSSecConfigChecks.sql has an exit at the end. Therefore, after providing the APPS password, the script runs to the end and sqlplus exits.

Note that EBSSecConfigChecks.sql creates a spool file EBSSecConfigChecks.txt in the current directory.

Review the results in EBSSecConfigChecks.txt.

If you rerun the individual scripts, you may want to copy the column specs from EBSSecConfigChecks.sql and set them in sqlplus before running the scripts.

If you have a number of instances to check - and a trusted web server - you can avoid copying the scripts to each server.

You can run them from the web server as follows:

$ sqlplus APPS @http://myserver/top10/EBSSecConfigChecks.sql

Section 3: Oracle E-Business Suite Auditing Scripts

This section describes the audit scripts included in the zip archive EBSAuditScripts.zip.

Documentation on the various auditing features that can be used in Oracle E-Business Suite and more information on these scripts can be found in the Oracle E-Business Suite Security Guide Release 12.2.

EBSAuditScripts.zip contains a variety of scripts which provide guidance for configuring Oracle E-Business Suite to follow our auditing guidance. It also contains example queries which show how to query various auditing records.

Scripts Contained in EBSAuditScripts.zip

Configure DB Auditing

  • SystemPrivAuditing.sql - Configure System and Privilege auditing for the Database
  • EBSObjectAuditing.sql - Configure Object level auditing per Oracle E-Business Suite guidance

Check the Auditing and Logging Settings

  • EBSCheckAuditingSettings.sql - Check the Oracle E-Business Suite profiles and DB configuration settings against the recommended settings

Login and Session Queries

  • SessLoginResponsibilites.sql - Session query showing current responsibilities and functions, joining in relevant Login rows
  • LoginSessResponsibilites.sql - Login query showing current responsibilities and functions, joining in relevant Login rows (more verbose)
  • v$sesssion_by_Fnd_User.sql - Query demonstrating population of Oracle E-Business Suite connection tagging context in v$session
  • v$sesssion_last_sql_by_Fnd_User.sql - Query leveraging Oracle E-Business Suite connection tagging to pull the last SQL out of v$session by FND User

Page Access Tracking Queries

  • PAT_sessions_by_date.sql - Query Summary of Page Access Tracking session by date
  • PAT_sessions_by_user.sql - Query Summary of Page Access Tracking sessions by FND user
  • PAT_session_flow.sql - Detail page flow for a given user's sessions for the last 30 days

Other Queries

  • ProfileWhoColumnExample.sql - Example of WHO column joins against the profile values table
  • UnsuccessfulLogins.sql - Query showing unsuccessful logins for local users in Oracle E-Business Suite

Installing the SQL Scripts

The EBSAuditScripts.zip archive file unzips all the scripts to a new directory EBSAuditScripts.

You can install them on either the database server or on the app-tier, they just need SQL*Net connection to the database.

If you downloaded the zip to your home directory, you can simply unzip it right there and the run from the new directory:

$ unzip EBSAuditScripts.zip
$ cd EBSAuditScripts/

Running the SQL Scripts

All the scripts are designed to run as APPS against the database. Alternatively, you can run them against a read-only account that has access to the associated tables. If you do so, you may need to alter the current schema context:

alter session set current_schema=APPS

Security Configuration and Auditing Scripts for Oracle E-Business Suite (文档 ID 2069190.1)的更多相关文章

  1. Oracle版本发布规划 (文档 ID 742060.1)

    Oracle Database Release Schedule of Current Database Releases (文档 ID 742060.1) Oracle Database RoadM ...

  2. oracle数据库 PSU,SPU(CPU),Bundle Patches 和 Patchsets 补丁号码快速参考 (文档 ID 1922396.1)

    数据库 PSU,SPU(CPU),Bundle Patches 和 Patchsets 补丁号码快速参考 (文档 ID 1922396.1) 文档内容   用途   详细信息   Patchsets ...

  3. 在Oracle电子商务套件版本12.2中创建自定义应用程序(文档ID 1577707.1)

    在本文档中 本笔记介绍了在Oracle电子商务套件版本12.2中创建自定义应用程序所需的基本步骤.如果您要创建新表单,报告等,则需要自定义应用程序.它们允许您将自定义编写的文件与Oracle电子商务套 ...

  4. xtts v4for oracle 11g&12c(文档ID 2471245

    xtts v4for oracle 11g&12c(文档ID 2471245.1) 序号 主机 操作项目 操作内容 备注: 阶段一:初始阶段 1.1 源端 环境验证 migrate_check ...

  5. Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)

    In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...

  6. Oracle Created Database Users: Password, Usage and Files References (文档 ID 160861.1)

    This document is no longer actively maintained, for info on specific (new) users in recent product e ...

  7. Oracle 12c RAC 安装文档

    参考文档: https://docs.oracle.com/en/database/oracle/oracle-database/12.2/cwlin/index.html https://docs. ...

  8. Database Initialization Parameters for Oracle E-Business Suite Release 12 (文档 ID 396009.1)

    In This Document Section 1: Common Database Initialization Parameters For All Releases Section 2: Re ...

  9. Oracle RAC安装部署文档

    1.    部署环境步骤 1.1 软件环境 操作系统:CentOS release 6.5(推荐使用5.*的系统)192.168.1.151    racnode1 192.168.1.152    ...

随机推荐

  1. delphi7 在虚拟机 vbox里面安装失败

    提示Error 1324.The path My Pictures contains an invalid character. 解决办法:新建一个文件夹,123, 设置 我的文档文件夹 目录指向 “ ...

  2. java javacv调用摄像头并拍照

    调用摄像头并拍张照片,我一开始用的java的jmf媒体框架,但这个有很多的局限性不好使并且很有麻烦,兜了一圈发现javacv东西,研究之后这东西简单,方便:废话不多说了来重点. javacv官网:点击 ...

  3. cvInRangeS函数演示

    camshift算法中,用到了cvInRangeS函数,作为初学者,对这个函数很不理解,所以就写了个程序演示效果,加强理解. 代码: #include "cv.h" #includ ...

  4. ip地址合法性

    /* * Java语法上正则化表达式的使用技巧,对于'.'要用'\\.' (2)注意空字符串“”和null的区别,判断一个字符串是不是空字符串用.equals("") * (1,判 ...

  5. Shell--用户配置

    vim /etc/profileexport PS1='\[\e[1;33m\]\h\[\e[m\] \t [\[\e[1;36m\]\w\[\e[m\]] [\u] '   export LANG= ...

  6. 接微软技术(c#,.net,vb.net, asp.net, sql server, bi, dw etc)项目

    最近闲赋在家,接微软技术的项目,主要有c#,.net,vb.net, asp.net, sql server, bi, dw etc,欢迎推荐.不好意思,借首页发一下.

  7. SQL数据库

    SQL是Structured Query Language(结构化查询语言)的缩写.SQL是专为数据库而建立的操作命令集,是一种功能齐全的数据库语言.在使用它时,只需要发出“做什么”的命令,“怎么做” ...

  8. hibernate配置文件中的schema="dbo"在MySQL数据库不可用

    把项目的数据库由SQL Server更改为MySQL之后,发现hibernate报错. 问题在于schema="dbo",使用SQL Sever数据库时正常,使用MySQL数据库需 ...

  9. Ip地址查询

    $url = 'http://ip.taobao.com/service/getIpInfo.php?ip=115.239.211.112'; $info = file_get_contents($u ...

  10. hasOwnProperty和in

    返回一个布尔值,指出一个对象是否具有指定名称的属性. hasOwnProperty 此方法无法检查该对象的原型链中是否具有该属in 可以检查原型链中是否具有该属