Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Version 15.0
Symantec Data Loss Prevention Oracle Installation
Guide
Documentation version: 15.0a
Legal Notice
Copyright © 2017 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Index .................................................................................................................... 53
Chapter 1
Installing Oracle 11g on
Windows
This chapter includes the following topics:
■ Creating the Oracle user account for Symantec Data Loss Prevention
installation. In this case, the database runs on a different computer from the Enforce
Server. See the Symantec Data Loss Prevention Installation Guide for your platform
for more information about installation tiers.
If you implement a three-tier installation, you must install the Oracle Client (SQL*Plus
and Database Utilities) on the Enforce Server. Installation of the Oracle Client
enables database communications between the Oracle database server and the
Enforce Server. The Symantec Data Loss Prevention installer needs SQL*Plus to
create tables and views on the Enforce Server. For this reason, the Windows user
account that is used to install Symantec Data Loss Prevention needs access to
SQL*Plus.
For full details on how to install the Oracle 11g Database Client software, see the
platform-specific documentation from Oracle Corporation, available from the Oracle
Documentation Library at http://docs.oracle.com/cd/B28359_01/nav/portal_11.htm.
Note: After you create the Symantec Data Loss Prevention database and complete
the Symantec Data Loss Prevention installation, you can change the database
password. To change the database password, you use the Symantec Data Loss
Prevention DBPasswordChanger utility.
For more information about the Symantec Data Loss Prevention
DBPasswordChanger utility, see the Symantec Data Loss Prevention Administration
Guide.
Table 1-1 Installing Oracle 11g and creating the Symantec Data Loss
Prevention database
1 Review the system requirements for See the Oracle website for the system requirements for Oracle
Oracle 11g. 11g and the Symantec Data Loss Prevention System
Requirements and Compatibility Guide.
2 Download the Oracle 11g software. See “Downloading the Oracle 11g software for Windows”
on page 8.
3 Install Oracle 11g. See “Installing the Oracle 11g software for Windows”
on page 9.
Installing Oracle 11g on Windows 8
Downloading the Oracle 11g software for Windows
Table 1-1 Installing Oracle 11g and creating the Symantec Data Loss
Prevention database (continued)
4 Create the Symantec Data Loss See “Creating the Symantec Data Loss Prevention database”
Prevention database. on page 11.
5 Create the database listener. See “Creating the TNS Listener on Windows” on page 12.
6 Configure the local net service See “Configuring the local net service name” on page 14.
name.
7 Create the Symantec Data Loss See “Creating the Oracle user account for Symantec Data Loss
Prevention database user. Prevention” on page 16.
8 Install the Oracle Critical Patch See the Oracle documentation that accompanies the CPU
Update (CPU). (available on FileConnect).
Note: Symantec Data Loss Prevention requires the Oracle database to use the
AL32UTF8 character set.
5 To install the Oracle software, use the command prompt to navigate to the
temporary directory where you extracted the win64_11.2.0.4_database.zip
files and run the following command, which includes the paths to the temporary
directories where you extracted the ZIP files in steps 2 and 3:
The installation wizard appears with pre-selected values drawn from the
installation response file. You can confirm these values and click through the
panels without needing to enter information where noted.
6 On the Configure Security Updates panel, I wish to receive security updates
via My Oracle Support is deselected. Click Next.
A dialog box displays that asks you to confirm that you wish to remain
uninformed of critical security issues. Click Yes.
Symantec provides Oracle Critical Patch Updates for use with Symantec Data
Loss Prevention. You do not need to receive these updates from Oracle
Support.
7 On the Download software updates panel, Skip software updates is
selected. Click Next.
8 On the Select Installation Options panel, Install database software only is
selected. Click Next.
9 On the Grid Installation Options panel, Single instance database installation
is selected. Click Next.
10 On the Select Product Languages panel, click Next to accept English as the
default language.
11 On the Select Database Edition panel, Standard Edition is selected. Click
Next.
Note: If you purchased a license for Standard Edition One, select Standard
Edition One in the Database edition field.
12 On the Specify Installation Location panel, the Oracle Base and Software
Location paths fields are populated. Click Next.
Oracle Base: c:\oracle
Software Location: c:\oracle\product\11.2.0.4\db_1
Installing Oracle 11g on Windows 11
Creating the Symantec Data Loss Prevention database
set ORACLE_HOME=c:\oracle\product\11.2.0.4\db_1
If you installed Oracle 11g into a different location, substitute the correct
directory in this command.
2 Navigate to the C:\temp\Oracle\tools folder where you extracted the
11.2.0.4_64_bit_Installation_Tools.zip file.
5 Open a command prompt, and execute the following command (line breaks
added for legibility):
%ORACLE_HOME%\bin\dbca
-progressOnly
-responseFile C:\temp\Oracle\tools\responsefiles\Oracle_11.2.0.4_DBCA_WIN.rsp
SQLNET.AUTHENTICATION_SERVICES=(none)
2 Start the Oracle Net Configuration Assistant by selecting Start > All Programs
> Oracle 11.2.0.4 > Configuration and Migration Tools > Net Configuration
Assistant.
3 On the Welcome panel, select Listener configuration and click Next.
4 On the Listener Configuration, Listener panel, select Add and click Next.
5 On the Listener Configuration, Listener Name panel, enter a listener name
and click Next.
Note: Use the default listener name, LISTENER, unless you must use a different
name.
19 Run the following commands to connect to the database using SQL Plus:
sqlplus /nolog
Services Summary...
Service "protect" has 1 instance(s).
Instance "protect", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
The command completed successfully
7 On the Net Service Name Configuration, Test panel, select No, do not test
and click Next.
Do not test the service configuration, because the listener has not yet started.
8 On the Net Service Name Configuration, Net Service Name panel, select
accept the default name of "protect" and click Next.
9 On the Net Service Name Configuration, Another Net Service Name? panel,
select No and click Next.
10 On the Net Service Name Configuration Done panel, select Next.
11 Click Finish to exit the Oracle Net Configuration Assistant.
sqlplus /nolog
4 Make sure that the output from the query contains the following information,
which identifies the software components as version 11.2.0.4.
BANNER
--------------------------------------------------------------------------
5 Exit SQL*Plus:
SQL> exit
sqlplus /nolog
Installing Oracle 11g on Windows 17
Creating the Oracle user account for Symantec Data Loss Prevention
SQL> @oracle_create_user.sql
4 At the Please enter the password for sys user prompt, enter the password
for the SYS user.
5 At the Please enter sid prompt, enter "protect."
6 At the Please enter required username to be created prompt, enter "protect"
for the user name.
7 At the Please enter a password for the new username prompt, enter a new
password.
Follow these guidelines to create acceptable passwords:
■ Passwords cannot contain more than 30 characters.
■ Passwords cannot contain double quotation marks, commas, or
backslashes.
■ Avoid using the & character.
■ Passwords are case-sensitive by default. You can change the case
sensitivity through an Oracle configuration setting.
■ If your password uses special characters other than _, #, or $, or if your
password begins with a number, you must enclose the password in double
quotes when you configure it.
Store the password in a secure location for future use. You must use this
password to install Symantec Data Loss Prevention. If you need to change the
password after you install Symantec Data Loss Prevention, see the Symantec
Data Loss Prevention Administration Guide for instructions.
Chapter 2
Backing up and restoring
the Oracle database on
Windows
This chapter includes the following topics:
3 Shut down all of the Symantec Data See “Shutting down the Symantec
Loss Prevention and Oracle services. Data Loss Prevention system on
Windows” on page 22.
4 Copy the database files to the backup See “Copying the database files to
location. the backup location on Windows”
on page 22.
Note: The following steps assume you created the backup directory
c:\SymantecDLP_Backup_Files\Recovery_Aid. If you did not, do so now.
Backing up and restoring the Oracle database on Windows 20
Performing a cold backup of the Oracle database on Windows
Note: The normal destination of a trace file is the user_dump directory. Assuming
you followed the installation steps in the Symantec Data Loss Prevention Oracle
Installation and Upgrade Guide, this directory is
\oracle\diag\rdbms\protect\trace. If you installed Oracle differently, issue
SQL*Plus command show parameter user_dump_dest; to display the
user_dump directory.
Exit Sql*Plus:
exit;
Backing up and restoring the Oracle database on Windows 21
Performing a cold backup of the Oracle database on Windows
controlfilebackupMMDDYY.trc
2 Enter the following SQL commands to create lists of files that must be backed
up:
3 Save the list of files returned by the query to use in the following procedures:
C:\SymantecDLP_Backup_Files\Recovery_Aid\oracle_datafile_directories.txt.
4 Exit SQL*Plus:
exit;
Backing up and restoring the Oracle database on Windows 22
Performing a cold backup of the Oracle database on Windows
3 On the computer that hosts the Enforce Server, start the VontuNotifier service
before starting other Symantec Data Loss Prevention services.
4 Start the remaining Symantec Data Loss Prevention services, which might
include the following:
■ VontuManager (on the computer that also host the Enforce Server)
See “Performing a cold backup of the Oracle database on Windows” on page 18.
4 On the computer that hosts the database, stop all of the Oracle services.
5 Copy the contents of the \SymantecDLP_Backup_Files\Database directory
to the %ORACLE_BASE%\oradata\protect directory (for example,
c:\oracle\oradata\protect) on the computer that hosts the new database.
The information about the computers and directories is located on the Recovery
Information Worksheet.
6 To open Oracle SQL*Plus, navigate to Windows > Start > All Programs >
Oracle - OraDb11g_home1 > Application Development > SQL Plus. This
navigation assumes the default locations from the Oracle installation process.
This process is described in the Symantec Data Loss Prevention Installation
Guide.
7 At the SQL> command prompt, to connect as the sysdba user, enter:
startup
Chapter 3
Installing Oracle 11g on
Linux
This chapter includes the following topics:
■ Creating the Oracle user account for Symantec Data Loss Prevention
You can perform a two-tier or single-tier Symantec Data Loss Prevention installation.
In both of these cases, the database runs on the same computer as the Enforce
Server. Alternatively, you can perform a three-tier Symantec Data Loss Prevention
installation. In this case, the database runs on a different computer from the Enforce
Server.
In a three-tier installation, your organization’s database administration team installs,
creates, and maintains the Symantec Data Loss Prevention database. If your
organization already has other databases that run on Oracle 11g, consider using
your organization’s existing Oracle 11g installation. For information about how to
set up the Symantec Data Loss Prevention database in a three-tier environment,
contact your Symantec representative.
If you implement a three-tier installation, you must install the Oracle Client (SQL*Plus
and Database Utilities) on the Enforce Server. Installation of the Oracle Client
enables database communications between the Oracle database server and the
Enforce Server. The Symantec Data Loss Prevention installer needs SQL*Plus to
create tables and views on the Enforce Server. For this reason, the Linux user
account that is used to install Symantec Data Loss Prevention needs access to
SQL*Plus.
For full details on how to install the Oracle 11g Database Client software, see the
platform-specific documentation from Oracle Corporation, available from the Oracle
Documentation Library at
http://www.oracle.com/pls/db111/portal.portal_db?selected=11.
Note: After you create the Symantec Data Loss Prevention database and complete
the Symantec Data Loss Prevention installation, you can change the database
password. To change the database password, you use the Symantec Data Loss
Prevention DBPasswordChanger utility.
For more information about the Symantec Data Loss Prevention
DBPasswordChanger utility, see the Symantec Data Loss Prevention Administration
Guide.
Table 3-1 Installing Oracle 11g and creating the Symantec Data Loss
Prevention database
■ Symantec_DLP_15.0_Platform_Lin-IN.zip
In addition to your Symantec Data Loss Prevention installer, this ZIP file contains
the Oracle_Configuration directory, where you can find an archive file with
the Oracle database template, the database user SQL script, and the response
(.rsp) files, which you use during the installation and configuration of Oracle
11.2.0.4. These items are contained in the
/DLP/15.0/New_Installs/Oracle_Configuration/11.2.0.4_64_bit_Installation_Tools.zip
file.
cd /tmp/oracle_install
./scripts/oracle_prepare.sh
cd /tmp/oracle_install/scripts
./oracle_verify.py
The verification script displays settings (such as RAM, swap space, shared
memory, /tmp disc space) that do not meet the requirements for Oracle. Adjust
any settings to the required values.
If you have mismatched values between kernel parameters and resource limits,
run the oracle_config_kernel_parameters.py script in the
/tmp/oracle_install/scripts directory. This script will set the kernel
parameters to the required settings.
./oracle_config_kernel_parameters.py
5 Restart the server so that the updated kernel parameters take effect.
6 Verify that there is enough space under /var. For a small to medium enterprise,
/var should have at least 15 GB. For a large enterprise, /var should have at
least 30 GB. For a very large enterprise, /var should have at least 45 GB of
free space. As your organization’s traffic expands, these figures should increase,
and you must allocate more free space.
7 Verify that the /opt and /boot file systems have the required free space for
your Symantec Data Loss Prevention installation. See the Symantec Data Loss
Prevention System Requirements and Compatibility Guide for more information.
Installing Oracle 11g on Linux 31
Installing the Oracle 11g software for Linux
export DISPLAY=ip_address:display_number
As you run the GUI tools later, you might get a response similar to the following:
Note: Symantec Data Loss Prevention requires the Oracle database to use the
AL32UTF8 character set.
su -l root
xhost +SI:localuser:oracle
unzip linux64_11.2.0.4_database_1of2.zip
unzip linux64_11.2.0.4_database_2of2.zip
You must run the unzip command as the Oracle user. If you run it as the root
user, then the Oracle user is not able to view the extracted files unless you
change the permissions. However, changing the permissions is not advisable
from a security standpoint.
5 Combine the contents of each directory titled database from the ZIP files you
extracted to /home/oracle into a single directory titled database. You should
now have a directory with the contents of both extracted database folders
here: /home/oracle/database.
6 Change directory to:
cd /home/oracle/database/stage/cvu/cv/admin
cp cvu_config backup_cvu_config
CV_ASSUME_DISTID=OEL4
to
CV_ASSUME_DISTID=OEL6
10 In the Oracle user terminal execute this command (line break added for
legibility):
/home/oracle/database/runInstaller -noconfig
-responseFile /home/oracle/oracle_install/responsefiles/Oracle_11.2.0.4_Installation_Linux.rsp
Note: If you purchased a license for Standard Edition One, select Standard
Edition One in the Database edition field.
18 On the Specify Installation Location panel, enter the following paths are
specified. Click Next:
■ Oracle Base: /opt/oracle
■ Software Location: /opt/oracle/product/11.2.0.4/db_1
Installing Oracle 11g on Linux 34
Creating the Symantec Data Loss Prevention database
19 If this is the first Oracle installation on the server computer, the installer
application displays the Create Inventory panel. The inventory path is entered
as /opt/oracle/oraInventory and the group name is entered as oinstall.
Click Next.
The installer may display a warning message recommending that you place
the central inventory location outside of the Oracle base directory. You can
safely ignore this message for Symantec Data Loss Prevention database
installations.
20 On the Privileged Operating System Groups panel, click Next to grant the
Database Administrator and Database Operator privileges to the default DBA
group.
The installer application performs a prerequisite check and displays the results.
21 On the Summary panel, click Install to begin the installation.
The installer application installs the Oracle 11g software on your computer.
22 The installer displays the Execute Configuration scripts window, which
instructs you to execute two scripts as the root user. From the root xterm
window, run the following two scripts:
/opt/oracle/oraInventory/orainstRoot.sh
/opt/oracle/product/11.2.0.4/db_1/root.sh
export ORACLE_HOME=/opt/oracle/product/11.2.0.4/db_1
export ORACLE_SID=protect
If you installed Oracle 11g into a different location, substitute the correct
directory in this command.
You may want to add these commands to your user profile configuration so
that the ORACLE_HOME and ORACLE_SID environment variables are defined
each time you log on. See your Linux documentation for details about setting
environment variables.
2 Navigate to /tmp/oracle_install where you extracted the
11.2.0.4_64_bit_Installation_Tools.tar.gz file.
4 At the command prompt, execute the following command (line break added
for legibility):
$ORACLE_HOME/bin/dbca -progressOnly
-responseFile /home/oracle/oracle_install/responsefiles/Oracle_11.2.0.4_DBCA_Linux.rsp
8 Click OK.
$ORACLE_HOME/bin/netca
Note: Use the default listener name, LISTENER, unless you must use a different
name.
9 Leave the Oracle Net Configuration Assistant open to configure the Local Net
Service Name.
10 Log into the Oracle host computer as the Oracle user.
su - oracle
Services Summary...
Service "protect" has 1 instance(s).
Instance "protect", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
The command completed successfully
$ORACLE_HOME/bin/netca
2 On the Welcome panel, select Local Net Service Name configuration and
click Next.
3 On the Net Service Name Configuration panel, select Add and click Next.
4 On the Net Service Name Configuration, Service Name panel, enter "protect"
in the Service Name field and click Next.
5 On the Net Service Name Configuration, Select Protocols panel, select
TCP and click Next.
6 On the Net Service Name Configuration, TCP/IP Protocol panel:
■ Enter the IP address of the Oracle server computer in the Host name field.
■ Select Use the standard port number of 1521 (the default value).
■ Click Next.
7 On the Net Service Name Configuration, Test panel, select No, do not test
and click Next.
Do not test the service configuration, because the listener has not yet started.
Installing Oracle 11g on Linux 39
Verifying the Symantec Data Loss Prevention database
8 On the Net Service Name Configuration, Net Service Name panel, select
accept the default name of "protect" and click Next.
9 On the Net Service Name Configuration, Another Net Service Name? panel,
select No and click Next.
10 On the Net Service Name Configuration Done panel, select Next.
11 Click Finish to exit the Oracle Net Configuration Assistant.
$ORACLE_HOME/bin/sqlplus /nolog
4 Make sure that the output from the query contains the following information,
which identifies the software components as version 11.2.0.4. The output
should read:
BANNER
--------------------------------------------------------------------------
5 Exit SQL*Plus:
SQL> exit
sqlplus /nolog
SQL> @oracle_create_user.sql
5 At the Please enter the password for sys user prompt, enter the password
for the SYS user.
6 At the Please enter sid prompt, enter protect.
Installing Oracle 11g on Linux 41
Configuring automatic startup and shutdown of the database
cd /tmp/oracle/oracle_install
Installing Oracle 11g on Linux 42
Configuring automatic startup and shutdown of the database
./scripts/oracle_post.sh
4 Verify that the script completed successfully by checking if the very last line of
the output is:
You may see errors before the last line (for example, cannot access
/var/log/dbora). You can ignore these errors.
Chapter 4
Backing up and restoring
the Oracle database on
Linux
This chapter includes the following topics:
3 Shut down all of the Symantec Data See “Shutting down the Symantec
Loss Prevention and Oracle Services. Data Loss Prevention system on
Linux” on page 46.
4 Copy the database files to the backup See “Copying the database files to
location. the backup location on Linux”
on page 47.
6 Restart the Oracle and Symantec See “Restarting the system on Linux”
Data Loss Prevention services. on page 49.
sqlplus /nolog
Backing up and restoring the Oracle database on Linux 45
Performing a cold backup of the Oracle database on Linux
6 If you have not already done so, create the recovery aid directory on the
computer that hosts the Oracle database:
/opt/oracle/Recovery_Aid
7 To find the directory in which the trace file was created, in the next line, enter:
exit
10 Change to the directory from step 7. Copy the trace file from the Recovery_Aid
subdirectory on the computer that hosts the Oracle database to the
/Recovery_Aid subdirectory on the backup computer that you created earlier.
Other trace files are located in the user_dump directory. Be sure to copy the
file with the most recent date and timestamp.
To check the date and the timestamps of the files in the directory, enter:
ls -l *controlfile.trc
See “Performing a cold backup of the Oracle database on Linux” on page 43.
2 Enter following SQL commands to create lists of files that must be backed up:
4 Exit SQL*Plus:
exit;
./VontuMonitor.sh stop (on the computers that also host a detection server)
Services can be stopped by changing to the /etc directory and running the
following command:
./init.d/VontuServiceName stop
4 On the computer that hosts the database, log on as the oracle user.
5 To open Oracle SQL*Plus, enter:
sqlplus /nolog
shutdown immediate
See “Performing a cold backup of the Oracle database on Linux” on page 43.
3 Copy the /Recovery_Aid/ subdirectory from the computer that hosts the
database to the backup compter.
If you have not yet created this directory, create the following directory on a
computer or storage device other than the computer that hosts the Oracle
database:
/opt/SymantecDLP_Backup_Files/Recovery_Aid
Set permissions for this directory for the Oracle user by running the following
command:
chmod 777 /opt/SymantecDLP_Backup_Files/ -R
sqlplus /nolog
startup
7 Before starting other Symantec Data Loss Prevention services, start the
VontuNotifier service.
./VontuNotifier.sh start
Services can be stopped by changing to the etc directory and running the
following command:
./init.d/VontuServiceName stop.
See “Performing a cold backup of the Oracle database on Linux” on page 43.
deleted, you can restore the database to a point in time when the important file
still existed.
See “Restoring an existing database on Linux” on page 51.
./VontuMonitor.sh stop (on the computers that also host a detection server)
Services can be started by changing to the etc directory and running the
following command:
./init.d/VontuServiceName start
Backing up and restoring the Oracle database on Linux 52
Restoring an existing database on Linux
5 On the computer that hosts the database, log on as the oracle user.
To open Oracle SQL*Plus, enter:
sqlplus /nolog
where password is the password created for single-tier and two-tier installations.
See the Symantec Data Loss Prevention Installation Guide.
6 After receiving the "Connected" message, at the SQL> command prompt, stop
all of the Oracle services by entering:
shutdown immediate
exit
sqlplus /nolog
three-tier installations 7, 27
TNS listener
configuring 14, 38
creating 12, 36
two-tier installations 7, 27
U
user accounts 9, 16, 31, 40
three-tier requirement for 7, 27
W
Windows. See Microsoft Windows
X
X server 31