Oracle Database Security Assessment Tool (DBSAT)

 Oracle Database Security Assessment Tool (DBSAT) 

Introduction:

The oracle Database security assesment tool it is known as DBSAT tool is used to scan the complete database scan and provide report security configuration and vulnerability list

DBSAT has two components

The Collector: Collector is to collect all information from the database by running SQL and OS aginst database

The Reporter : Reporter it will Analyze the database and gives the complete report for the database

Let us Start the Process

Step 1.Download the DBSAT TOOL from oracle support website in category Oracle Database security Asssement tool

Step 2.Copy the DBSAT tool and unzip it

unzip dbsat.zip

Archive:  dbsat.zip

  inflating: dbsat

  inflating: dbsat.bat

  inflating: sat_reporter.py

  inflating: sat_analysis.py

  inflating: sat_collector.sql

  inflating: xlsxwriter/app.py

  inflating: xlsxwriter/chart_area.py

  inflating: xlsxwriter/chart_bar.py

  inflating: xlsxwriter/chart_column.py

  inflating: xlsxwriter/chart_doughnut.py

  inflating: xlsxwriter/chart_line.py

  inflating: xlsxwriter/chart_pie.py

  inflating: xlsxwriter/chart.py

  inflating: xlsxwriter/chart_radar.py

  inflating: xlsxwriter/chart_scatter.py

  inflating: xlsxwriter/chartsheet.py

  inflating: xlsxwriter/chart_stock.py

  inflating: xlsxwriter/comments.py

  inflating: xlsxwriter/compat_collections.py

  inflating: xlsxwriter/compatibility.py

  inflating: xlsxwriter/contenttypes.py

  inflating: xlsxwriter/core.py

  inflating: xlsxwriter/drawing.py

  inflating: xlsxwriter/format.py

  inflating: xlsxwriter/__init__.py

  inflating: xlsxwriter/packager.py

  inflating: xlsxwriter/relationships.py

  inflating: xlsxwriter/shape.py

  inflating: xlsxwriter/sharedstrings.py

  inflating: xlsxwriter/styles.py

  inflating: xlsxwriter/table.py

  inflating: xlsxwriter/theme.py

  inflating: xlsxwriter/utility.py

  inflating: xlsxwriter/vml.py

  inflating: xlsxwriter/workbook.py

  inflating: xlsxwriter/worksheet.py

  inflating: xlsxwriter/xmlwriter.py

  inflating: xlsxwriter/LICENSE.txt

Step 3. Now use the Collect Command before that make sure to set proper ORACLE_HOME , ORACLE_SID and PATH before running this command

             ./dbsat collect {username/password} {DESTINATION_PATH}

 

./dbsat collect system/oracle /export/home/oracle/chaitanya

 

This tool is intended to assist in you in identifying potential

vulnerabilities in your system, but you are solely responsible for

your system and the effect and results of the execution of this tool

(including, without limitation, any damage or data loss). Further,

the output generated by this tool may include potentially sensitive

system configuration data and information that could be used by a

skilled attacker to penetrate your system. You are solely responsible

for ensuring that the output of this tool, including any generated

reports, is handled in accordance with your company's policies.

 

Connecting to the target Oracle database...

 

 

SQL*Plus: Release 12.1.0.2.0 Production on Tue Aug 25 15:30:03 2020

 

Copyright (c) 1982, 2014, Oracle.  All rights reserved.

 

Last Successful login time: Tue Aug 10 2020 13:16:12 +03:00

 

Connected to:

Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production

With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

 

Database Security Assessment Tool version 1.0.2 (October 2016)

Setup complete.

SQL queries complete.

/oracle/app/oracle/product/12.1.0/dbhome/bin/osdbagrp -r

Usage: /oracle/app/oracle/product/12.1.0/dbhome/bin/osdbagrp -a | -d | -o | -b | -g | -k

Warning: Exit status 256 from OS rule: sysrac_group

OS commands complete.

Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production

With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

DBSAT Collector completed successfully.

 

Calling /oracle/app/oracle/product/12.1.0/dbhome/bin/zip to encrypt chaitanya.json...

 

Enter password:

Verify password:

  adding: chaitanya.json (deflated 86%)

zip completed successfully.

This will generate file called chaitanya.zip

 

Step 4. Generate  the Report

           ./dbsat report {DESTINATION_FILE}

./dbsat  report /export/home/oracle/audit_sec

This tool is intended to assist in you in identifying potential

vulnerabilities in your system, but you are solely responsible for

your system and the effect and results of the execution of this tool

(including, without limitation, any damage or data loss). Further,

the output generated by this tool may include potentially sensitive

system configuration data and information that could be used by a

skilled attacker to penetrate your system. You are solely responsible

for ensuring that the output of this tool, including any generated

reports, is handled in accordance with your company's policies.

 

Archive:  bsstdba.zip

[bsstdba.zip] bsstdba.json password:

  inflating: bsstdba.json

Database Security Assessment Tool version 1.0.2 (October 2016)

DBSAT Reporter ran successfully.

 

Calling /usr/bin/zip to encrypt the generated reports...

 

Enter password:

Verify password:

  adding: chaitanya.txt (deflated 78%)

  adding: chaitanya.html (deflated 84%)

  adding: chaitanya.xlsx (deflated 3%)

zip completed successfully.

 

audit_sec_report.zip file will be generated

Step 5.  The report will  looks like:

While unzipping the file, it will ask for the password, (pass the same which we used while generating the report)

/export/home/oracle# unzip audit_sec_report.zip

Archive:  bsstdba_report.zip

[bsstdba_report.zip] chaitanya.txt password:

  inflating:chaitanya.txt

  inflating: chaitanya.html

  inflating: chaitanya.xlsx

Note: Info on DBSAT tool it may be differ on your environment like production,testing ,development etc and naming conventions and directory structure

THANKS FOR VIEWING MY BLOG FOR MORE UPDATES FOLLOW ME OR SUBSCRIBE ME