Database Security Assessment Tool use for Oracle Database

Database Security Assessment Tool Use for Oracle Database

It is the basic tool which let you know about your Oracle database security.
oracle is not responsible for this tool. You can download it from Oracle Site for general checkup for your oracle database.

Requirement:

1. Download Database Security Assessment Tool from Oracle Site.
2. Download and install Python https://www.python.org/downloads/

Steps to fetch the Database Security Assessment Report

1. Unzip the Database security Assessment Tool.

2. Install the Python latest version and Set its PATH in environment variable

3. Set the Oracle Home on Environment Variable
Note: I am using window platform

SET ORACLE_HOME=D:\oraclexe\app\oracle\product\11.2.0\server
SET PATH=%ORACLE_HOME%\bin;%PATH%

4. Run the dbstat command to collect the data for report

Syntax:

dbstat collect

In following example when we run the following commands, it is connected with scott user and generate output at C:\tmp location with mydb.zip file.

dbsat collect scott C:\tmp\mydb

Example
we will disable the encryption with -n option and connected with sysdba user and get output in D:\oracleexe\output location with dbstatdata.json file

dbsat collect -n "/ as sysdba" D:\oraclexe\output\dbstatdata

D:\oraclexe\dbsat>dbsat collect -n "/ as sysdba" D:\oraclexe\output\dbstatdata

Database Security Assessment Tool version 2.0.2 (May 2018)
This tool is intended to assist in you in securing your Oracle database
system. You are solely responsible for your system and the effect and
results of the execution of this tool (including, without limitation,
any damage or data loss). Further, the output generated by this tool may
include potentially sensitive system configuration data and information
that could be used by a skilled attacker to penetrate your system. You
are solely responsible for ensuring that the output of this tool,
including any generated reports, is handled in accordance with your
company's policies.

Connecting to the target Oracle database...
SQL*Plus: Release 11.2.0.2.0 Production on Thu Aug 30 14:37:26 2018
Copyright (c) 1982, 2014, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production

Setup complete.
SQL queries complete.
OS Commands Skipped.
BEGIN
*
ERROR at line 1:
ORA-20002: Complete without OS Commands.
ORA-06512: at line 4

Disconnected from Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
DBSAT Collector completed successfully.
D:\oraclexe\dbsat>

5. Run the dbstat report command to generate report
it will generate report in all format xls, txt, json and html format
Sytnax:
-a option is used for covering all thing in reports

dbsat report -n -a

dbsat report -n -a D:\oraclexe\output\dbstatdata

Example

D:\oraclexe\dbsat>dbsat report -n -a D:\oraclexe\output\dbstatdata

Database Security Assessment Tool version 2.0.2 (May 2018)

This tool is intended to assist in you in securing your Oracle database
system. You are solely responsible for your system and the effect and
results of the execution of this tool (including, without limitation,
any damage or data loss). Further, the output generated by this tool may
include potentially sensitive system configuration data and information
that could be used by a skilled attacker to penetrate your system. You
are solely responsible for ensuring that the output of this tool,
including any generated reports, is handled in accordance with your
company's policies.

DBSAT Reporter ran successfully.

6. Down the example of report in excel format as shown in example above.
dbstatdata_report

Show the snapshot of HTML report:

DataAssessmentReport

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.