Tuesday, October 21, 2008

Database Vault

# Download database vault for the database ORACLE_HOME version.

unset LANG
./runInstaller

#It install Label Security and will ask which database to install in, and will register itself with the OEM dbconsole.

http://t-dev-oranode-50.cmc.local:1158/dva

SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';

select username from dba_users where username = 'DVSYS';

select name from REALM_T$;


# INSTALL DATABASE VAULT (run by runInstaller)
/opt/oracle/product/10.2.0/dv/bin/dvca -action option -oh /opt/oracle/product/10.2.0/dv -s_path /tmp -logfile /opt/oracle/product/10.2.0/dv/cfgtoollogs/dvca_install.log -owner_account dvowner -owner_passwd password -jdbc_str jdbc:oracle:oci:@dv1 -sys_passwd password -lockout -nodecrypt -silent

# ENABLE DATABASE VAULT :-
dvca -action enable -service dv -sys_passwd password -owner_account dvowner -owner_passwd dvowner#1 -logfile dvenable.log -nodecrypt

emctl stop dbconsole

sqlplus "sys / as sysoper"
shutdown immediate;
exit

cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_on
cd $ORACLE_HOME/bin
relink oracle

sqlplus "sys / as sysoper"
startup
exit

# DISABLE DATABASE VAULT

emctl stop dbconsole
sqlplus "SYS / AS SYSOPER"
shutdown immediate;
exit

cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_off
cd $ORACLE_HOME/bin
relink oracle
sqlplus "SYS / AS SYSOPER"
startup
exit

CONNECT SYS / AS SYSDBA
ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;

dvca -action disable
-service service_name
-instance Oracle_instance_name
-dbname database_name
-sys_passwd SYS_password
-owner_account DV_owner_account_name
-owner_passwd DV_owner_account_password
[-logfile ./dvca.log]
[-nodecrypt]
[-racnode node]

  • -silent is the option to run in command line mode.

  • -nodecrypt is the option to read plaintext passwords.

  • -lockout is the flag to use to disable SYSDBA operating system authentication.

# Recreate password file (note the nosysdba=n)
orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID password=mysyspassword force=y nosysdba=n