Database Reference
In-Depth Information
■
tripwire Ltd, the company that owns tripwire, does not actively maintain the open source tripwire product
anymore. to my view, it appears that the product is going through a commercialization phase similar to nessus, where
the free version starts to become less maintained and usable, and gains install issues, as the aim from the manufacturer
is to sell folks up to the commercial version, which is now mature.
Caution
Even though Tripwire is the preconceived industry solution, I found the free version to be unreliable during
install. If you're like me you may be thinking that Tripwire could be overkill anyway, and that it has contradicted our
principle of keeping it simple, in which case here is a really easy way of verifying key Oracle file integritys without
installing extra software.
All we need to do is task root with checking the Oracle OS file of interest, in this case
glogin.sql:
root@orlin $ vi ora_int_check.sh
#!/bin/bash
/usr/bin/md5sum /home/oracle/app/oracle2/product/12.1.0/dbhome_2/sqlplus/admin/glogin.sql >
/root/gloginnew.md5
/usr/bin/diff /root/gloginnew.md5 /root/glogin.md5 > /root/diff.txt
if [ -s diff.txt ];
then
echo "glogin.sql has changed"
cat /root/diff.txt|mailx -s "glogin.sql checksum has changed" paulmwright@oraclesecurity.com
sleep 4
echo ""
else
echo "Oracle glogin.sql checksum verified Ok"
fi
root@orlin $ chmod 755 ora_int_check.sh
root@orlin $ ./ora_int_check.sh
Oracle glogin.sql checksum verified Ok
Or after modification of the
glogin.sql:
root@orlin $ ./ora_int_check.sh
glogin.sql has changed
Then from cron, once a day at 1A.M., as an example:
Crontab -e
* 1 * * * /root/ora_int_check.sh
This is very simple, but you are in control of it and you know how it works, and as it uses the standard *nix cron
software, it will be reliable without the need for upgrade and maintenance.
Securing the DB from the OS
The previous checksum automation concept can be expanded to cover the key OS files, namely:
tnsnames.ora , sqlnet.ora, config.c (.s), listener.ora, spfile, orapw<sid>
