Security Configuration and Auditing Scripts for Oracle E-Business Suite (文档 ID 2069190.1)
This document provides the security configuration and auditing scripts for Oracle E-Business Suite.
The most current version of this document can be obtained in My Oracle Support Knowledge Document 2069190.1.
Section 1: Overview
Section 2: Oracle E-Business Suite Security Configuration Checks
Section 3: Oracle E-Business Suite Auditing Scripts
There is a change log at the end of this document.
Section 1: Overview
This document has two sets of scripts attached: EBSSecConfigChecks.zip and EBSAuditScripts.zip.
EBSSecConfigChecks.zip
EBSSecConfigChecks.zip implements a selection of checks for the advice in the Oracle E-Business Suite Secure Configuration Guide documentation found in:
- Oracle E-Business Suite Security Guide Release 12.2
- My Oracle Support Knowledge Document 403537.1, Secure Configuration for Oracle E-Business Suite Release 12
- My Oracle Support Knowledge Document 189367.1, Secure Configuration for Oracle E-Business Suite Release 11i
EBSAuditScripts.zip
EBSAuditScripts.zip is a set of scripts which can be used for configuring, auditing, checking the audit status, or querying audit records through SQL.
Section 2: Oracle E-Business Suite Security Configuration Checks
This section describes the zip archive EBSSecConfigChecks.zip.
EBSSecConfigChecks.sql is a driver that runs all other SQL scripts. The checks implemented in SQL are:
- Check Profile Errors - EBSCheckProfileErrors.sql
- Check Profile Warnings - EBSCheckProfileWarnings.sql
- Check Missing Profiles - EBSCheckProfileMissing.sql
- Check if new Security Features (in 12.2) are enabled - EBSCheckSecurityFeatures.sql
- Check Application Users With Default Passwords - EBSCheckUserPasswords.sql
- Check DB Users With Default Passwords - EBSCheckDBPasswords.sql
- Secure APPLSYSPUB - EBSCheckApplsyspubPrivs.sql
- Migrate to Password Hash - EBSCheckHashedPasswords.sql
- Use Secure Flag on DBC File (Implement Server Security) - EBSCheckServerSecurity.sql
- Enable Application Tier Secure Socket Layer (SSL) - EBSCheckSSL.sql
- Encrypt Credit Card Data - EBSCheckCCEncryption.sql
- Separation of Duties: Review Access To "Sensitive Administrative Pages" - EBSCheckSensitivePageAccess.sql
- Check status of 12.2 security features - EBSCheckSecurityFeatures.sql
The checks implemented as shell scripts are:
- Validate that Forms Block Characters is set correctly - EBSCheckFormsBlockChar.sh
- Turn on ModSecurity - EBSCheckModSecurity.sh
The shell scripts need to be run individually and require curl to be installed and available. Documentation for running these is available by executing them without any arguments.
Installing the SQL Scripts
The EBSSecConfigChecks.zip archive file unzips all the scripts to a new directory EBSSecConfigChecks.
You can install them on either the database server or on the app-tier, they just need SQL*Net connection to the database.
If you downloaded the zip to your home directory you can simply unzip it right there and the run from the new directory:
$ unzip EBSSecConfigChecks.zip
$ cd EBSSecConfigChecks/Running the SQL Scripts
All the scripts are designed to run as APPS against the database.
You can choose to initially have EBSSecConfigChecks.sql run all the SQL scripts to get an idea of what tasks remain. You can then fix any issues one by one and rerun just the script that pointed out the issue you are currently addressing.
The following is an example of one way to run the script:
$ sqlplus APPS @EBSSecConfigChecks.sql
SQL*Plus: Release …
Copyright (c)…
Enter password:
Connected to:
Oracle Database…
With the Partitioning, OLAP, Data Mining and Real Application Testing options
***************************************************
* Check: Security Profiles: Configuration ERRORS
***************************************************
The EBSSecConfigChecks.sql has an exit at the end. Therefore, after providing the APPS password, the script runs to the end and sqlplus exits.
Note that EBSSecConfigChecks.sql creates a spool file EBSSecConfigChecks.txt in the current directory.
Review the results in EBSSecConfigChecks.txt.
If you rerun the individual scripts, you may want to copy the column specs from EBSSecConfigChecks.sql and set them in sqlplus before running the scripts.
If you have a number of instances to check - and a trusted web server - you can avoid copying the scripts to each server.
You can run them from the web server as follows:
$ sqlplus APPS @http://myserver/top10/EBSSecConfigChecks.sqlSection 3: Oracle E-Business Suite Auditing Scripts
This section describes the audit scripts included in the zip archive EBSAuditScripts.zip.
Documentation on the various auditing features that can be used in Oracle E-Business Suite and more information on these scripts can be found in the Oracle E-Business Suite Security Guide Release 12.2.
EBSAuditScripts.zip contains a variety of scripts which provide guidance for configuring Oracle E-Business Suite to follow our auditing guidance. It also contains example queries which show how to query various auditing records.
Scripts Contained in EBSAuditScripts.zip
Configure DB Auditing
- SystemPrivAuditing.sql - Configure System and Privilege auditing for the Database
- EBSObjectAuditing.sql - Configure Object level auditing per Oracle E-Business Suite guidance
Check the Auditing and Logging Settings
- EBSCheckAuditingSettings.sql - Check the Oracle E-Business Suite profiles and DB configuration settings against the recommended settings
Login and Session Queries
- SessLoginResponsibilites.sql - Session query showing current responsibilities and functions, joining in relevant Login rows
- LoginSessResponsibilites.sql - Login query showing current responsibilities and functions, joining in relevant Login rows (more verbose)
- v$sesssion_by_Fnd_User.sql - Query demonstrating population of Oracle E-Business Suite connection tagging context in v$session
- v$sesssion_last_sql_by_Fnd_User.sql - Query leveraging Oracle E-Business Suite connection tagging to pull the last SQL out of v$session by FND User
Page Access Tracking Queries
- PAT_sessions_by_date.sql - Query Summary of Page Access Tracking session by date
- PAT_sessions_by_user.sql - Query Summary of Page Access Tracking sessions by FND user
- PAT_session_flow.sql - Detail page flow for a given user's sessions for the last 30 days
Other Queries
- ProfileWhoColumnExample.sql - Example of WHO column joins against the profile values table
- UnsuccessfulLogins.sql - Query showing unsuccessful logins for local users in Oracle E-Business Suite
Installing the SQL Scripts
The EBSAuditScripts.zip archive file unzips all the scripts to a new directory EBSAuditScripts.
You can install them on either the database server or on the app-tier, they just need SQL*Net connection to the database.
If you downloaded the zip to your home directory, you can simply unzip it right there and the run from the new directory:
$ unzip EBSAuditScripts.zip
$ cd EBSAuditScripts/Running the SQL Scripts
All the scripts are designed to run as APPS against the database. Alternatively, you can run them against a read-only account that has access to the associated tables. If you do so, you may need to alter the current schema context:
alter session set current_schema=APPSSecurity Configuration and Auditing Scripts for Oracle E-Business Suite (文档 ID 2069190.1)的更多相关文章
- Oracle版本发布规划 (文档 ID 742060.1)
Oracle Database Release Schedule of Current Database Releases (文档 ID 742060.1) Oracle Database RoadM ...
- oracle数据库 PSU,SPU(CPU),Bundle Patches 和 Patchsets 补丁号码快速参考 (文档 ID 1922396.1)
数据库 PSU,SPU(CPU),Bundle Patches 和 Patchsets 补丁号码快速参考 (文档 ID 1922396.1) 文档内容 用途 详细信息 Patchsets ...
- 在Oracle电子商务套件版本12.2中创建自定义应用程序(文档ID 1577707.1)
在本文档中 本笔记介绍了在Oracle电子商务套件版本12.2中创建自定义应用程序所需的基本步骤.如果您要创建新表单,报告等,则需要自定义应用程序.它们允许您将自定义编写的文件与Oracle电子商务套 ...
- xtts v4for oracle 11g&12c(文档ID 2471245
xtts v4for oracle 11g&12c(文档ID 2471245.1) 序号 主机 操作项目 操作内容 备注: 阶段一:初始阶段 1.1 源端 环境验证 migrate_check ...
- Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (文档 ID 393931.1)
In This Document Section 1: Overview Section 2: Pre-Upgrade Steps Section 3: Upgrade and Configurati ...
- Oracle Created Database Users: Password, Usage and Files References (文档 ID 160861.1)
This document is no longer actively maintained, for info on specific (new) users in recent product e ...
- Oracle 12c RAC 安装文档
参考文档: https://docs.oracle.com/en/database/oracle/oracle-database/12.2/cwlin/index.html https://docs. ...
- Database Initialization Parameters for Oracle E-Business Suite Release 12 (文档 ID 396009.1)
In This Document Section 1: Common Database Initialization Parameters For All Releases Section 2: Re ...
- Oracle RAC安装部署文档
1. 部署环境步骤 1.1 软件环境 操作系统:CentOS release 6.5(推荐使用5.*的系统)192.168.1.151 racnode1 192.168.1.152 ...
随机推荐
- Coursera Machine Learning : Regression 多元回归
多元回归 回顾一下简单线性回归:一个特征,两个相关系数 实际的应用要比这种情况复杂的多,比如 1.房价和房屋面积并不只是简单的线性关系. 2.影响房价的因素有很多,不仅仅是房屋面积,还包括很多其他因素 ...
- Trie / Radix Tree / Suffix Tree
Trie (字典树) "A", "to", "tea", "ted", "ten", "i ...
- Android长时间后台运行Service
项目需要在后台获取GPS经纬度.当用户对手机有一段时间没有操作后,屏幕(Screen)将从高亮(Bright)变为暗淡(Dim),如果再过段时间没操作, 屏幕(Screen)将又由暗淡(Di ...
- 64位windows 7下成功配置TortoiseGit使用Github服务器
最近感觉自己电脑上的代码太乱了,东一块.西一块……于是决定使用正规的源代码管理软件来管理自己以后写的代码.以前做小项目的时候用过TortoiseSVN,感觉不错,但是速度上有点慢,于是决定尝试一下新东 ...
- [Arduino] Arduino猪头笔记
1. 步进电机驱动 今天才发现....原来在不同的步进电机驱动模块里面,循环时钟是不一样的.... 步进电机驱动模块以及电路配置: 驱动代码的主要部分: int sp_param = 16383; d ...
- 如何查看SharePoint未知错误的详细信息
在sharepoint 开发的时候,需要查看具体的sharepoint报错信息需要在配置文件中配置如下 通过下面方法就可以直接在出错页面查看错误信息.修改Web应用程序根目录上的Web.config文 ...
- LXD 2.0 系列(四):资源控制
LXD 提供了各种资源限制.其中一些与容器本身相关,如内存配额.CPU 限制和 I/O 优先级.而另外一些则与特定设备相关,如 I/O 带宽或磁盘用量限制.-- Stéphane Graber 本文导 ...
- 【转】HTTP POST GET 本质区别详解
一 原理区别 一般在浏览器中输入网址访问资源都是通过GET方式:在FORM提交中,可以通过Method指定提交方式为GET或者POST,默认为GET提交 Http定义了与服务器交互的不同方法,最基本的 ...
- Shell--用户配置
vim /etc/profileexport PS1='\[\e[1;33m\]\h\[\e[m\] \t [\[\e[1;36m\]\w\[\e[m\]] [\u] ' export LANG= ...
- 如果因特网中的所有链路都提供可靠的交付服务,TCP可靠传输服务是多余的吗?
IP协议因为是无连接的, 所以其传输是不可靠的.虽然链路保证了数据包在端到端的传输中不发生差错,但是它不能保证IP数据包是按照正确的书需到达最终的目的地.IP数据包可以使用不同的路由通过网络,到达接收 ...