Oracle Database Security Assessment Tool (DBSAT)
Introduction:
The oracle Database security assesment tool it is known as DBSAT tool is used to scan the complete database scan and provide report security configuration and vulnerability list
DBSAT has two components
The Collector: Collector is to collect all information from the database by running SQL and OS aginst database
The Reporter : Reporter it will Analyze the database and gives the complete report for the database
Let us Start the Process
Step 1.Download the DBSAT TOOL from oracle support website in category Oracle Database security Asssement tool
Step 2.Copy the DBSAT tool and unzip it
unzip dbsat.zip
Archive: dbsat.zip
inflating: dbsat
inflating: dbsat.bat
inflating: sat_reporter.py
inflating: sat_analysis.py
inflating: sat_collector.sql
inflating: xlsxwriter/app.py
inflating: xlsxwriter/chart_area.py
inflating: xlsxwriter/chart_bar.py
inflating: xlsxwriter/chart_column.py
inflating: xlsxwriter/chart_doughnut.py
inflating: xlsxwriter/chart_line.py
inflating: xlsxwriter/chart_pie.py
inflating: xlsxwriter/chart.py
inflating: xlsxwriter/chart_radar.py
inflating: xlsxwriter/chart_scatter.py
inflating: xlsxwriter/chartsheet.py
inflating: xlsxwriter/chart_stock.py
inflating: xlsxwriter/comments.py
inflating: xlsxwriter/compat_collections.py
inflating: xlsxwriter/compatibility.py
inflating: xlsxwriter/contenttypes.py
inflating: xlsxwriter/core.py
inflating: xlsxwriter/drawing.py
inflating: xlsxwriter/format.py
inflating: xlsxwriter/__init__.py
inflating: xlsxwriter/packager.py
inflating: xlsxwriter/relationships.py
inflating: xlsxwriter/shape.py
inflating: xlsxwriter/sharedstrings.py
inflating: xlsxwriter/styles.py
inflating: xlsxwriter/table.py
inflating: xlsxwriter/theme.py
inflating: xlsxwriter/utility.py
inflating: xlsxwriter/vml.py
inflating: xlsxwriter/workbook.py
inflating: xlsxwriter/worksheet.py
inflating: xlsxwriter/xmlwriter.py
inflating: xlsxwriter/LICENSE.txt
Step 3. Now use the Collect Command before that make sure to set proper ORACLE_HOME , ORACLE_SID and PATH before running this command
./dbsat collect {username/password} {DESTINATION_PATH}
./dbsat collect system/oracle /export/home/oracle/chaitanya
This tool is intended to assist in you in identifying potential
vulnerabilities in your system, but you are solely responsible for
your system and the effect and results of the execution of this tool
(including, without limitation, any damage or data loss). Further,
the output generated by this tool may include potentially sensitive
system configuration data and information that could be used by a
skilled attacker to penetrate your system. You are solely responsible
for ensuring that the output of this tool, including any generated
reports, is handled in accordance with your company's policies.
Connecting to the target Oracle database...
SQL*Plus: Release 12.1.0.2.0 Production on Tue Aug 25 15:30:03 2020
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Last Successful login time: Tue Aug 10 2020 13:16:12 +03:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
Database Security Assessment Tool version 1.0.2 (October 2016)
Setup complete.
SQL queries complete.
/oracle/app/oracle/product/12.1.0/dbhome/bin/osdbagrp -r
Usage: /oracle/app/oracle/product/12.1.0/dbhome/bin/osdbagrp -a | -d | -o | -b | -g | -k
Warning: Exit status 256 from OS rule: sysrac_group
OS commands complete.
Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
DBSAT Collector completed successfully.
Calling /oracle/app/oracle/product/12.1.0/dbhome/bin/zip to encrypt chaitanya.json...
Enter password:
Verify password:
adding: chaitanya.json (deflated 86%)
zip completed successfully.
This will generate file called chaitanya.zip
Step 4. Generate the Report
./dbsat report {DESTINATION_FILE}
./dbsat report /export/home/oracle/audit_sec
This tool is intended to assist in you in identifying potential
vulnerabilities in your system, but you are solely responsible for
your system and the effect and results of the execution of this tool
(including, without limitation, any damage or data loss). Further,
the output generated by this tool may include potentially sensitive
system configuration data and information that could be used by a
skilled attacker to penetrate your system. You are solely responsible
for ensuring that the output of this tool, including any generated
reports, is handled in accordance with your company's policies.
Archive: bsstdba.zip
[bsstdba.zip] bsstdba.json password:
inflating: bsstdba.json
Database Security Assessment Tool version 1.0.2 (October 2016)
DBSAT Reporter ran successfully.
Calling /usr/bin/zip to encrypt the generated reports...
Enter password:
Verify password:
adding: chaitanya.txt (deflated 78%)
adding: chaitanya.html (deflated 84%)
adding: chaitanya.xlsx (deflated 3%)
zip completed successfully.
audit_sec_report.zip file will be generated
Step 5. The report will looks like:
While unzipping the file, it will ask for the password, (pass the same which we used while generating the report)
/export/home/oracle# unzip audit_sec_report.zip
Archive: bsstdba_report.zip
[bsstdba_report.zip] chaitanya.txt password:
inflating:chaitanya.txt
inflating: chaitanya.html
inflating: chaitanya.xlsx
Note: Info on DBSAT tool it may be differ on your environment like production,testing ,development etc and naming conventions and directory structure
THANKS FOR VIEWING MY BLOG FOR MORE UPDATES FOLLOW ME OR SUBSCRIBE ME
