Symantec Data Loss Prevention Oracle 12c …...Configuring Oracle 12c for use with Symantec Data...

Symantec™ Data LossPrevention Oracle 12cEnterprise ImplementationGuide

Versions 14.5-15.5

Last updated: 30 July 2019

Symantec Data Loss Prevention Oracle 12cImplementation Guide

Documentation version: 15.5b

Legal NoticeCopyright © 2018 Symantec Corporation. All rights reserved.

Symantec, CloudSOC, Blue Coat, the Symantec Logo, the Checkmark Logo, the Blue Coat logo, and theShield Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S.and other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attributionto the third party (“Third Party Programs”). Some of the Third Party Programs are available under opensource or free software licenses. The License Agreement accompanying the Software does not alter anyrights or obligations you may have under those open source or free software licenses. Please see theThird Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantecproduct for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution,and decompilation/reverse engineering. No part of this document may be reproduced in any form by anymeans without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AREDISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLYINVALID. SYMANTECCORPORATIONSHALLNOTBELIABLEFOR INCIDENTALORCONSEQUENTIALDAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THISDOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TOCHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as definedin FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial ComputerSoftware - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software andCommercial Computer Software Documentation," as applicable, and any successor regulations, whetherdelivered by Symantec as on premises or hosted services. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software and Documentation by the U.S. Governmentshall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043

http://www.symantec.com

http://www.symantec.com

Chapter 1 About this guide .................................................................... 6

About updates to the Symantec Data Loss Prevention Oracle 12cEnterprise Implementation Guide ................................................ 6

Chapter 2 Configuring Oracle 12c for use with Symantec DataLoss Prevention ............................................................... 7

Using Oracle 12c Enterprise with Symantec Data LossPrevention .............................................................................. 7

Upgrading from Oracle 11g and Symantec Data Loss Prevention 14.5- 15.0 ..................................................................................... 8

About deploying Oracle to AWS ........................................................ 9

Chapter 3 Installing Oracle 12c on Windows ................................... 10

About installing Oracle 12c Enterprise on Windows ............................. 10Installing Oracle 12c Enterprise on Windows ...................................... 11Creating the Symantec Data Loss Prevention database on

Windows .............................................................................. 13Creating the TNS Listener on Windows ............................................. 14Configuring the local net service name .............................................. 17Creating the Oracle user account for Symantec Data Loss

Prevention ............................................................................ 17Verifying the Symantec Data Loss Prevention database ....................... 18

Chapter 4 Installing Oracle 12c on Linux .......................................... 20

About installing Oracle 12c Enterprise on Linux .................................. 20Performing the preinstallation steps .................................................. 21

Preparing the Linux environment ............................................... 21Installing Oracle 12c Enterprise on Linux ........................................... 23Creating the Symantec Data Loss Prevention database on Linux ........... 26Creating the TNS Listener on Linux .................................................. 27Configuring the local net service name .............................................. 29Verifying tnsnames.ora contents ...................................................... 30Verifying the Symantec Data Loss Prevention database ....................... 31

Contents

Creating the Oracle user account for Symantec Data LossPrevention ............................................................................ 32

Configuring automatic startup and shutdown of the database ................ 33

Chapter 5 Upgrading to Oracle 12c Enterprise Release 2 ............. 35

Set privileges for the Oracle user ..................................................... 35Preparing the upgrade software ....................................................... 35Upgrading to Oracle 12c Enterprise Release 2 ................................... 36

Chapter 6 Configuring an existing Oracle 12c Enterprisedatabase ......................................................................... 40

Configuring your Oracle 12c Enterprise database manually ................... 40Recommended database parameters ............................................... 40Minimum database requirements ..................................................... 41Tablespace information .................................................................. 41Required user privileges ................................................................ 43

5Contents

About this guide

This chapter includes the following topics:

■ About updates to the Symantec Data Loss Prevention Oracle 12c Enterprise ImplementationGuide

About updates to the Symantec Data Loss PreventionOracle 12c Enterprise Implementation Guide

This guide is occasionally updated as new information becomes available. You can find thelatest version of the Symantec™ Data Loss Prevention Oracle 12c Enterprise ImplementationGuide at the following link to the Symantec Support Center article:

https://www.symantec.com/docs/DOC9260.

Subscribe to the article at the Support Center to be notified when there are updates.

The following table provides the history of updates to this version of the Symantec™ DataLoss Prevention Oracle 12c Enterprise Implementation Guide.

Table 1-1

DescriptionDate

Added information about converting LOB tables from BasicFiles to SecureFiles format.30 July 2019

1Chapter

https://www.symantec.com/docs/DOC9260

Configuring Oracle 12c foruse with Symantec DataLoss Prevention


■ Using Oracle 12c Enterprise with Symantec Data Loss Prevention

■ Upgrading from Oracle 11g and Symantec Data Loss Prevention 14.5 - 15.0

■ About deploying Oracle to AWS

UsingOracle 12c Enterprisewith SymantecData LossPrevention

You can use the following Oracle 12c Enterprise versions with Symantec Data Loss Prevention:

■ Oracle 12c Enterprise Release 1 (12.1.x) starting with Symantec Data Loss Prevention14.5

■ Oracle 12c Enterprise Release 2 (12.2.x) starting with Symantec Data Loss Prevention14.6

You can use Oracle 12c Enterprise for new installations as well as upgrades from SymantecData Loss Prevention 14.x.

Symantec does not provide the Oracle 12c Enterprise database software. You must licenseand acquire the software directly from Oracle.

Symantec provides anOracle 12c database template, a database user SQL script, and response(.rsp) files that you can use during the installation and configuration of Oracle 12c Enterpriseon either the Windows or the Red Hat Enterprise Linux platforms.

2Chapter

See “About installing Oracle 12c Enterprise on Windows” on page 10.

See “About installing Oracle 12c Enterprise on Linux” on page 20.

You can upgrade manually from Symantec Data Loss Prevention 14.x and Oracle 11g toSymantec Data Loss Prevention 15.5 and Oracle 12c.

See “Upgrading from Oracle 11g and Symantec Data Loss Prevention 14.5 - 15.0” on page 8.

You can also install and configure an existing Oracle 12c Enterprise database manually foruse with Symantec Data Loss Prevention 15.5.

See “Configuring your Oracle 12c Enterprise database manually” on page 40.

Upgrading from Oracle 11g and Symantec Data LossPrevention 14.5 - 15.0

You can upgrade from a Symantec Data Loss Prevention system using Oracle 11g Standardor Standard One to Oracle 12c Enterprise using the following procedure.

Note: The procedure that is described here provides high-level details. Before you begin theupgrade process, ensure that you have available the Oracle upgrade documentation and theSymantec Data Loss Prevention Upgrade Guide appropriate for your operating system. TheSymantec Data Loss Prevention 15.5 Upgrade Guide is available at:https://support.symantec.com/en_US/article.DOC9258.html

Upgrading to Oracle 12c Enterprise and Symantec Data Loss Prevention

1 Convert your Oracle11g LOB tables from BasicFiles to SecureFiles format following theprocedure in this Support Center article: https://www.symantec.com/docs/TECH252716.

2 On your Symantec Data Loss Prevention 14.5 - 15.0 Enforce Server, stop all SymantecData Loss Prevention services except the Symantec DLP Update Service. For informationon stopping Symantec Data Loss Prevention services, see chapter 5 in the SymantecData Loss Prevention 15.5 Upgrade Guide.

3 Follow the procedures in your documentation from Oracle to upgrade Oracle from 11gStandard or Standard One to 12c Enterprise.

4 (Optional) Configure Oracle 12c Enterprise with the system parameters, tablespaceguidelines, and the user privileges that are specified in this guide.

See “Configuring your Oracle 12c Enterprise database manually” on page 40.

5 On your Symantec Data Loss Prevention system, confirm that the Symantec DLP UpdateService is running.

8Configuring Oracle 12c for use with Symantec Data Loss PreventionUpgrading from Oracle 11g and Symantec Data Loss Prevention 14.5 - 15.0

https://support.symantec.com/en_US/article.DOC9258.html

https://www.symantec.com/docs/TECH252716

6 Following the procedures in the Symantec Data Loss Prevention 15.5 Upgrade Guide,upgrade your Symantec Data Loss Prevention 14.5 - 15.0 system to Symantec Data LossPrevention 15.5.

See the Symantec Data Loss Prevention 15.5 Upgrade Guide athttp://www.symantec.com/docs/DOC9258.

7 Start your Enforce Server.

8 Perform any necessary post-upgrade tasks. See the Symantec Data Loss Prevention15.5 Upgrade Guide.

About deploying Oracle to AWSYou can deploy the Oracle database server or Oracle RDS on Amazon Web Services (AWS).You do not have to modify the servers or perform any special configurations to deploy theOracle database Server on AWS. For deploying Oracle RDS on AWS, you need to configureTLS as described in the Support Center article “About securing communications between theEnforce Server and Amazon RDS for Oracle” at https://www.symantec.com/docs/TECH252583.

See the Symantec Data Loss Prevention Deployment Guide for Amazon Web Services formore information.


9Configuring Oracle 12c for use with Symantec Data Loss PreventionAbout deploying Oracle to AWS

http://www.symantec.com/docs/DOC9258





Installing Oracle 12c onWindows


■ About installing Oracle 12c Enterprise on Windows

■ Installing Oracle 12c Enterprise on Windows

■ Creating the Symantec Data Loss Prevention database on Windows

■ Creating the TNS Listener on Windows

■ Configuring the local net service name

■ Creating the Oracle user account for Symantec Data Loss Prevention

■ Verifying the Symantec Data Loss Prevention database

About installing Oracle 12c Enterprise on WindowsSymantec provides anOracle 12c database template, a database user SQL script, and response(.rsp) files that you can use during the installation and configuration of Oracle 12c Enterprise.These items are located in a ZIP archive within the Symantec_DLP_15.5_Platform_Win-IN.zipfile, which you can download from Symantec Software Downloads. The installation tools fileis named\DLP\15.5\New_Installs\Oracle_Configuration\12.2.0.1_64_bit_Installation_Tools.zip.The tools file and all contents therein are compatible with both Oracle 12.1.0.2 and 12.2.0.1Enterprise.

3Chapter

Note: If you are running Symantec Data Loss Prevention version 14.5 through 15.0, you obtainthe 12.2.0.1_64_bit_Installation_Tools.zip file from theSymantec_DLP_15.5_Platform_Win-IN.zip file. You download this file from SymantecSoftware Downloads.

Table 3-1 provides a high-level view of the Oracle 12c installation process. You can findadditional detail for each step of the process as indicated in the table.

Table 3-1 Oracle 12c Enterprise installation overview

DescriptionActionStep

See “Installing Oracle 12c Enterprise on Windows”on page 11.

Install Oracle 12c.1

See “Creating the Symantec Data Loss Preventiondatabase on Windows” on page 13.

Create the Symantec Data LossPrevention database.

2

See “Creating the TNS Listener on Windows”on page 14.

Create the database listener.3

See “Configuring the local net service name” on page 17.Configure the local net servicename.

4

See “Creating the Oracle user account for SymantecData Loss Prevention” on page 17.

Create the Symantec Data LossPrevention database user.

5

Installing Oracle 12c Enterprise on WindowsThe Enforce Server uses the Oracle thin driver and the Oracle Client (for three-tierdeployments). Symantec Data Loss Prevention packages the JAR files for the Oracle thindriver with the Symantec Data Loss Prevention software. But, you must also install the OracleClient. The Symantec Data Loss Prevention installer needs SQL*Plus to create tables andviews on the Enforce Server. Therefore, the Windows user account that is used to installSymantec Data Loss Prevention must be able to access SQL*Plus.

To install Oracle 12c Enterprise on Windows

1 Shut down the following services if they are running in Windows Services:

■ All Oracle services

■ Distributed Transaction Coordinator service

11Installing Oracle 12c on WindowsInstalling Oracle 12c Enterprise on Windows

To view the services go to Start > Control Panel > Administrative Tools > ComputerManagement, and then expand Services and Applications and click Services.

2 Extract your Oracle 12c software into a temporary directory, such as C:\temp\Oracle.The contents of the extracted database directory should be in a temporary directory suchas C:\temp\Oracle\database.

3 Extract the 12.2.0.1_64_bit_Installation_Tools.zip file fromDownloadHome\DLP\15.5\New_Installs\Oracle_Configuration into a temporarydirectory, such as C:\temp\Oracle\tools.

4 To install the Oracle software, use the command prompt to navigate to the temporarydirectory where you extracted the Oracle 12c files and run the following command, whichincludes the paths to the temporary directories where you extracted the ZIP files in steps2 and 3 (line break added for legibility):

C:\temp\Oracle\database\setup.exe -noconfig -responsefile

C:\temp\Oracle\tools\responsefiles\Oracle_12.2.0.1_Enterprise_Edition_Installation_WIN.rsp

The installation wizard appears with pre-selected values drawn from the installationresponse file. You can confirm these values and click through the panels without needingto enter information where noted.

5 On the Configure Security Updates panel, I wish to receive security updates via MyOracle Support is selected. Click Next.

6 On the Select Installation Options panel, Install database software only is selected.Click Next.

7 On the Grid Installation Options panel, Single instance database installation isselected. Click Next.

8 On the Select Product Languages panel, click Next to accept English as the defaultlanguage.

9 On the Select Database Edition panel, Enterprise Edition is selected. Click Next.

10 On the Oracle Home User panel, enter a user name and password for the Oracle HomeUser. The default name for the Oracle Home User is protect.

Note: The Oracle Home User is the Windows user account that runs Windows servicesfor %ORACLE_HOME. It is not the Symantec Data Loss Prevention Oracle user account.

Confirm the password, then click Next.

12Installing Oracle 12c on WindowsInstalling Oracle 12c Enterprise on Windows

11 On the Specify Installation Location panel, the Oracle Base and Software Locationpaths fields are populated. Click Next.

Oracle Base: c:\oracle

Software Location: c:\oracle\product\[Oracle12c-version]\db_1

Replace [Oracle12c-version] with the Oracle 12c version you are running (either 12.1.0.2or 12.2.0.1).

12 On the Summary panel, click Install to begin the installation.

The installer application installs the Oracle 12c software to your computer.

13 On the Finish panel, click Close to exit the installer application. You can safely ignorethe configuration note that displays on this panel.

Creating theSymantecDataLossPreventiondatabaseon Windows

Follow this procedure to create the Symantec Data Loss Prevention database on Windowssystems.

To create the Symantec Data Loss Prevention database on Windows

1 Set the ORACLE_HOME environment variable for your new installation. Open a commandprompt, and enter:

set ORACLE_HOME=c:\oracle\product\[Oracle12c-version]\db_1

Replace [Oracle12c-version] with the Oracle 12c version you are running (either 12.1.0.2or 12.2.0.1). If you installed Oracle 12c to a different location, substitute the correct directoryin this command.

2 Navigate to the C:\temp\Oracle\tools folder where you extracted the12.2.0.1_64_bit_Installation_Tools.zip file.

3 Copy the database template file (Oracle_12.2.0.1_Template_for_64_bit_WIN.dbt)from the C:\temp\Oracle\tools\templates folder to thec:\oracle\product\12.2.0.1\db_1\assistants\dbca\templates folder. This databasetemplate file works for both Oracle 12.1.0.2 and 12.2.0.1 Enterprise.

4 (Optional) Rename the OraDb12c_home1 section of theWindows Start menu item toOracle_12.1.0.2 (for Oracle 12c Enterprise Release 1) or Oracle_12.2.0.1 (for Oracle12c Enterprise Release 2).

13Installing Oracle 12c on WindowsCreating the Symantec Data Loss Prevention database on Windows

5 Open a command prompt, and execute the following command (line breaks added forlegibility):

%ORACLE_HOME%\bin\dbca

-createDatabase

-progressOnly

-responseFile C:\temp\Oracle\tools\responsefiles\Oracle_12.2.0.1_DBCA_WIN.rsp

6 Enter the SYS user password at the prompt.

7 Enter the SYSTEM user password at the prompt.

Follow these guidelines to create acceptable passwords:

■ Passwords cannot contain more than 30 characters.

■ Passwords cannot contain double quotation marks, commas, or backslashes.

■ Avoid using the & character.

■ Passwords are case-sensitive by default. You can change the case sensitivity throughan Oracle configuration setting.

■ If your password uses special characters other than _, #, or $, or if your passwordbegins with a number, you must enclose the password in double quotes when youconfigure it.

The database creation process displays on the terminal window and can take up to 20minutes to complete.

8 If the database services OracleServicePROTECT and Distributed Transaction Coordinatorare down, start them using Windows Services: Start > Control Panel > AdministrativeTools > Computer Management > Services and Applications > Services.

Creating the TNS Listener on WindowsPerform the following procedure to create a TNS listener for the Symantec Data Loss Preventiondatabase.

To create the TNS Listener

1 (Optional) If you logged on as a domain user, you must set the sqlnet.ora fileSQLNET.AUTHENTICATION_SERVICES=() value to none. Otherwise, proceed to step 2.

To set the sqlnet.ora file SQLNET.AUTHENTICATION_SERVICES=() value, perform thefollowing steps in this order:

■ Open sqlnet.ora, located in the %Oracle_Home%\network\admin folder (for example,go to c:\oracle\product\12.2.0.1\db_1\NETWORK\ADMIN on an Oracle 12.2.0.1instance), using a text editor.

14Installing Oracle 12c on WindowsCreating the TNS Listener on Windows

■ Change the SQLNET.AUTHENTICATION_SERVICES=(NTS)value to none:

SQLNET.AUTHENTICATION_SERVICES=(none)

■ Save and close the sqlnet.ora file.

2 Start the Oracle Net Configuration Assistant by running the following command:

%ORACLE_HOME%/BIN/NETCA


3 On theWelcome panel, select Listener configuration and click Next.

4 On the Listener Configuration, Listener panel, select Add and click Next.

5 On the Listener Configuration, Listener Name panel, enter a listener name and thepassword for your Oracle Home User, then click Next.

Note: Use the default listener name, LISTENER, unless you must use a different name.

6 On the Listener Configuration, Select Protocols panel, select the TCP protocol andclick Next.

7 On the Listener Configuration, TCP/IP Protocol panel, select Use the standard portnumber of 1521 and click Next.

8 On the Listener Configuration, More Listeners? panel, select No and click Next.

9 On the Listener Configuration Done panel, click Next.

10 Configure the Local Net Service Name in the Oracle Net Configuration Assistant.

See “Configuring the local net service name” on page 17.

Note: You must click Finish to exit the Oracle Net Configuration Assistant beforecontinuing with this procedure.

11 On the computer that runs your Oracle database, open a command prompt. The commandwindow must run as Administrator. (See your Microsoft Windows documentation.)

12 Run the following command:

lsnrctl stop

13 Open the following file in a text editor:

%ORACLE_HOME%\network\admin\listener.ora


14 Locate the following line:

(ADDRESS = (PROTOCOL = IPC)(KEY = <key_value>))

15 Change key_value to PROTECT.

16 Add the following line to the end of the file:

SECURE_REGISTER_LISTENER = (IPC)

17 Save the file and exit the text editor.


lsnrctl start

19 Run the following commands to connect to the database using SQL Plus:

sqlplus /nolog

conn sys/<password> as sysdba


ALTER SYSTEM SET local_listener =

'(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=PROTECT)))' SCOPE=both;

21 Run the following command to register the listener:

ALTER SYSTEM REGISTER;

22 Exit SQL Plus by running the following command:

exit

23 Run the following command to verify the change:

lsnrctl services

The command output should display a message similar to the following:

Services Summary...

Service "protect" has 1 instance(s).

Instance "protect", status READY, has 1 handler(s) for this service...

Handler(s):

"DEDICATED" established:0 refused:0 state:ready

LOCAL SERVER

The command completed successfully


Configuring the local net service namePerform the following procedure to configure the Local Net Service Name for the SymantecData Loss Prevention database.

To configure the local net service name

1 If the Oracle Net Configuration Assistant is not already running, start it by running thefollowing command:

%ORACLE_HOME%/BIN/NETCA

2 On theWelcome panel, select Local Net Service Name configuration and click Next.

3 On the Net Service Name Configuration panel, select Add and click Next.

4 On the Net Service Name Configuration, Service Name panel, enter "protect" in theService Name field and click Next.

5 On the Net Service Name Configuration, Select Protocols panel, select TCP and clickNext.

6 On the Net Service Name Configuration, TCP/IP Protocol panel:

■ Enter the IP address of the Oracle server computer in the Host name field.

■ Select Use the standard port number of 1521 (the default value).

■ Click Next.

7 On the Net Service Name Configuration, Test panel, select No, do not test and clickNext.

Do not test the service configuration, because the listener has not yet started.

8 On the Net Service Name Configuration, Net Service Name panel, select accept thedefault name of "protect" and click Next.

9 On the Net Service Name Configuration, Another Net Service Name? panel, selectNo and click Next.

10 On the Net Service Name Configuration Done panel, select Next.

11 Click Finish to exit the Oracle Net Configuration Assistant.

Creating the Oracle user account for Symantec DataLoss Prevention

Perform the following procedure to create an Oracle user account and name it “protect.”

17Installing Oracle 12c on WindowsConfiguring the local net service name

To create the new Oracle user account named "protect"

1 Navigate to the C:\temp\Oracle\tools folder.

2 Start SQL*Plus:

sqlplus /nolog

3 Run the oracle_create_user.sql script:

SQL> @oracle_create_user.sql

4 At the Please enter the password for sys user prompt, enter the password for the SYSuser.

5 At the Please enter SID prompt, enter protect.

6 At the Please enter required username to be created prompt, enter protect for theuser name.

7 At the Please enter a password for the new username prompt, enter a new password.







Store the password in a secure location for future use. You must use this password toinstall Symantec Data Loss Prevention. If you need to change the password after youinstall Symantec Data Loss Prevention, see the Symantec Data Loss PreventionAdministration Guide for instructions.

Verifying the Symantec Data Loss Preventiondatabase

After you create the Symantec Data Loss Prevention database, verify that it was createdcorrectly.

18Installing Oracle 12c on WindowsVerifying the Symantec Data Loss Prevention database

To verify that the database was created correctly

1 Open a new command prompt and start SQL*Plus:

sqlplus /nolog

2 Log on as the SYS user:

SQL> connect sys/password@protect as sysdba

Where password represents the SYS password.

3 Run the following query:

SQL> SELECT * FROM v$version;

4 Confirm that the output from the query contains information that correctly identifies thesoftware components for the installed version of Oracle 12c Enterprise.

For example, if you are using Oracle 12c Enterprise Release 2, the output informationshould read:

BANNER

--------------------------------------------------------------------------------

Oracle Database 12c Release 12.2.0.1.0 - 64-bit Production

PL/SQL Release 12.2.0.1.0 - Production

CORE 12.2.0.1.0 Production

TNS for 64-bit Windows: Version 12.2.0.1.0 - Production

NLSRTL Version 12.2.0.1.0 - Production

5 Exit SQL*Plus:

SQL> exit

19Installing Oracle 12c on WindowsVerifying the Symantec Data Loss Prevention database

Installing Oracle 12c onLinux


■ About installing Oracle 12c Enterprise on Linux

■ Performing the preinstallation steps

■ Installing Oracle 12c Enterprise on Linux

■ Creating the Symantec Data Loss Prevention database on Linux

■ Creating the TNS Listener on Linux

■ Configuring the local net service name

■ Verifying tnsnames.ora contents

■ Verifying the Symantec Data Loss Prevention database

■ Creating the Oracle user account for Symantec Data Loss Prevention

■ Configuring automatic startup and shutdown of the database

About installing Oracle 12c Enterprise on LinuxSymantec provides anOracle 12c database template, a database user SQL script, and response(.rsp) files that you can use during the installation and configuration of Oracle 12c Enterprise.These items are located in a ZIP archive within the12.2.0.1_64_bit_Installation_Tools.tar.gz file, which you can download from SymantecSoftware Downloads. The installation tools file is named/DLP/15.5/New_Installs/Oracle_Configuration/12.2.0.1_64_bit_Installation_Tools.tar.gz.

4Chapter

Note: If you are running Symantec Data Loss Prevention version 14.6 through 15.0, you obtainthe 12.2.0.1_64_bit_Installation_Tools.tar.gz file from theSymantec_DLP_15.5_Platform_Lin-IN.zip file. You download this file from SymantecSoftware Downloads.

Table 4-1 provides a high-level view of the Oracle 12c installation process. You can findadditional detail for each step of the process as indicated in the table.

Table 4-1 Oracle 12c Enterprise installation overview

DescriptionActionStep

See “Performing the preinstallation steps” on page 21.Perform the preinstallationsteps.

1

See “Installing Oracle 12c Enterprise on Linux”on page 23.

Install Oracle 12c.2

See “Creating the Symantec Data Loss Preventiondatabase on Linux” on page 26.

Create the Symantec Data LossPrevention database.

3

See “Creating the TNS Listener on Linux” on page 27.Create the database listener.4

See “Configuring the local net service name” on page 29.Configure the local net servicename.

5

See “Creating the Oracle user account for SymantecData Loss Prevention” on page 32.

Create the Symantec Data LossPrevention database user.

6

See “Configuring automatic startup and shutdown of thedatabase” on page 33.

Configure your system to startOracle when the servercomputer boots.

7

Performing the preinstallation stepsPerform the following procedure to prepare your Linux environment for installation. Thepreinstallation requires Python. You can use any Python version from 2.4.6 through 3.6.3.

Preparing the Linux environmentFollow this procedure to prepare the Linux environment.

21Installing Oracle 12c on LinuxPerforming the preinstallation steps

To prepare the Linux environment

1 Log on as the root user. Navigate toDownloadHome/DLP/15.5/New_Installs/Oracle_Configuration where the file12.2.0.1_64_bit_Installation_Tools.tar.gz is located.

2 Copy the file 12.2.0.1_64_bit_Installation_Tools.tar.gz to the Linux server andextract its contents into the temporary directory (/tmp). For example:

tar xvfz 12.2.0.1_64_bit_Installation_Tools.tar.gz -C /tmp

Extracting creates a subdirectory named oracle_install in the /tmp directory andextracts the files into that subdirectory.

3 In the oracle_install directory, run the Oracle preparation script:

cd /tmp/oracle_install

./scripts/oracle_prepare.sh

4 After the preparation script has run to completion, switch to thetmp/oracle_install/scripts directory and run the verification script:

cd /tmp/oracle_install/scripts

./oracle_verify.py

The verification script displays settings (such as RAM, swap space, shared memory, /tmpdisc space) that do not meet the requirements for Oracle. Adjust any settings to therequired values.

If you have mismatched values between kernel parameters and resource limits, run theoracle_config_kernel_parameters.py script in the /tmp/oracle_install/scripts

directory. This script will set the kernel parameters to the required settings.

5 Restart the server so that the updated kernel parameters take effect.

6 Verify that there is enough space under /var. For a small to medium enterprise, /varshould have at least 15 GB. For a large enterprise, /var should have at least 30 GB. Fora very large enterprise, /var should have at least 45 GB of free space. As yourorganization’s traffic expands, these figures should increase, and you must allocate morefree space.

7 Verify that the /opt and /boot file systems have the required free space for your SymantecData Loss Prevention installation. See the Symantec Data Loss Prevention SystemRequirements and Compatibility Guide for more information.

22Installing Oracle 12c on LinuxPerforming the preinstallation steps

Installing Oracle 12c Enterprise on LinuxThe Enforce Server uses the Oracle thin driver and the Oracle Client. Symantec Data LossPrevention packages the JAR files for the Oracle thin driver with the Symantec Data LossPrevention software. You must also install the Oracle Client. The Symantec Data LossPrevention installer needs SQL*Plus to create tables and views on the Enforce Server.Therefore, the Linux user account that is used to install Symantec Data Loss Prevention mustbe able to access to SQL*Plus.

The instructions in this section assume that you are logged on locally to the Linux server andrunning the X Window System. It also assumes that you have the xorg-x11-apps.x86_64

package installed. If you connect to the server remotely, you need a terminal emulator. Youalso need to set the location where the GUI tools can display their output; you use the exportdisplay command to do that. For example:

export DISPLAY=ip_address:display_number

Note: Refer to the configuration information in the X server management program for the IPaddress and display number. Typically, the display number is 0.

As you run the GUI tools later, you might get a response similar to the following:

X connection to localhost:10.0 broken (explicit kill or server shutdown)

Run the export display command again.

For Symantec Data Loss Prevention installation on Linux systems, follow this procedure toinstall Oracle 12c.

To install Oracle 12c on Linux systems

1 Log on to the terminal as the root user, then execute the following command:

su -l root

xhost +SI:localuser:oracle

2 Switch to the Oracle user terminal.

3 Copy the required software installation file or files to /home/oracle.

4 From /home/oracle, unzip the ZIP files you copied. You must run the unzip commandas the Oracle user. If you run it as the root user, then the Oracle user is not able to viewthe extracted files unless you change the permissions. However, changing the permissionsis not advisable from a security standpoint.

23Installing Oracle 12c on LinuxInstalling Oracle 12c Enterprise on Linux

5 Put the contents of the database directory from the ZIP file you extracted to /home/oracleinto a directory titled database. You should now have a directory named/home/oracle/database.

6 Change directory to:

cd /home/oracle/database/stage/cvu/cv/admin

7 Back up the cvu_config file using this command:

cp cvu_config backup_cvu_config

8 Edit the original cvu_config file as follows:

Set CV_ASSUME_DISTID=OEL6 if you are using Red Hat Enterprise Linux 6.x

Set CV_ASSUME_DISTID=OEL7 if you are using Red Hat Enterprise Linux 7.x

Save the edited cvu_config file.

9 Navigate to the /tmp/oracle_install directory where you extracted the12.2.0.1_64_bit_Installation_Tools.tar.gz file.

Copy the response files Oracle_12.2.0.1_DBCA_Linux.rsp andOracle_12.2.0.1_Enterprise_Edition_Installation_Linux.rsp from/tmp/oracle_install/responsefiles to a temporary folder such as/home/oracle/oracle_install/responsefiles.

10 Provide read and write access to the /opt directory for the Oracle user.

11 In the Oracle user terminal execute this command (line breaks added for legibility):

/home/oracle/database/runInstaller -noconfig

-responseFile /home/oracle/oracle_install/responsefiles/

Oracle_12.2.0.1_Enterprise_Edition_Installation_Linux.rsp

12 On the Configure Security Updates panel, I wish to receive security updates via MyOracle Support is selected. Click Next.

13 Click Yes to confirm that you have not provided an email address.

14 On the Select Installation Option panel, Install database software only is selected.Click Next.

15 On the Grid Installation Options panel, Single instance database installation isselected. Click Next.

16 On the Select Product Languages panel, click Next to accept English as the defaultlanguage.

17 On the Select Database Edition panel, Enterprise Edition is selected. Click Next.


18 On the Specify Installation Location panel, enter the following paths are specified. ClickNext:

■ Oracle Base: /opt/oracle

■ Software Location: /opt/oracle/product/ [Oracle12c-version] /db_1


19 If this is the first Oracle installation on the server computer, the installer application displaystheCreate Inventory panel. The inventory path is entered as /opt/oracle/oraInventoryand the group name is entered as oinstall. Click Next.

The installer may display a warning message that you placed the central inventory locationinside of the Oracle base directory. You can safely ignore this message for SymantecData Loss Prevention database installations.

20 On the Privileged Operating System Groups panel, click Next to grant the DatabaseAdministrator and Database Operator privileges to the default DBA group.

The installer application performs a prerequisite check and displays the results.

21 On the Summary panel, click Install to begin the installation.

The installer application installs the Oracle 12c software on your computer.

22 The installer displays the Execute Configuration scripts window, which instructs you toexecute two scripts as the root user. From the root xterm window, run the following twoscripts:

/opt/oracle/oraInventory/orainstRoot.sh

/opt/oracle/product/[Oracle12c-version]/db_1/root.sh


After you run the root.sh script, you are prompted to enter the full pathname to the localbinary directory. Accept the default /usr/local/bin directory and press Enter. Enter Yif the script asks for confirmation to overwrite the following files: dbhome, oraenv andcoraenv.

The script displays Finished product-specific root actions when it is finished.

23 Return to the Execute Configuration scripts screen and click OK.

24 On the Finish panel, click Close to exit the installer application. You can safely ignorethe configuration note that displays on this panel.


Creating theSymantecDataLossPreventiondatabaseon Linux

Follow this procedure to create the Symantec Data Loss Prevention database on a Linuxsystem.

To create the Symantec Data Loss Prevention database on Linux systems

1 Set the ORACLE_HOME and ORACLE_SERVICE_NAME environment variables for yournew installation. Open a command prompt as the Oracle user and enter:

export ORACLE_HOME=/opt/oracle/product/ [Oracle12c-version]/db_1

export ORACLE_SERVICE_NAME=protect


If you installed Oracle 12c into a different location, substitute the correct directory in thiscommand.

You may want to add these commands to your user profile configuration so that theORACLE_HOME and ORACLE_SERVICE_NAME environment variables are definedeach time you log on. See your Linux documentation for details about setting environmentvariables.

2 Navigate to /tmp/oracle_install where you extracted the12.2.0.1_64_bit_Installation_Tools.tar.gz file.

3 Copy the database template file(Oracle_12.2.0.1_Template_for_DLP_64_bit_Linux.dbt) to the$ORACLE_HOME/assistants/dbca/templates directory.

4 At the command prompt, execute the following command (line break added for legibility):

$ORACLE_HOME/bin/dbca

-createDatabase

-progressOnly

-responseFile /home/oracle/oracle_install/responsefiles/Oracle_12.2.0.1_DBCA_Linux.rsp

5 You are prompted to enter the SYS password.

6 You are prompted to enter the SYSTEM password.





26Installing Oracle 12c on LinuxCreating the Symantec Data Loss Prevention database on Linux



The progress of the Symantec Data Loss Prevention database creation displays on theterminal window.

Creating the TNS Listener on LinuxPerform the following procedure to create a TNS listener for the Symantec Data Loss Preventiondatabase.

Note: To use the commands that are referenced in this procedure, ensure that your workingdirectory is $ORACLE_HOME/bin. If SQL*Plus does not work while following this procedure, setyour $PATH variable to point to $ORACLE_HOME/bin.

Before you create the TNS listener, confirm that the local host name can be resolved usingthe DNS server name or a hosts file. If no DNS server resolution exists, the Net ConfigurationAssistant (NETCA) does not start. If you use a host file (at /etc/hosts), it must containIP-address-to-host-name mappings that point to the DNS server name. Add two entries tothe/etc/hosts file, one that resolves the static IP and one that resolves the local host IP. Forexample, use the following:

[IP address or DNS] myhost.mydomain.com myhost

127.0.0.1 myhost.mydomain.com myhost

Replace myhost with the actual host name.

To create the TNS Listener

1 As the Oracle user, confirm that the following environment variables are set:

Run the following command to set the ORACLE_HOME variable:

export ORACLE_HOME= /opt/oracle/product/12.2.0.1/db_1

Run the following command to set the PATH variable:

PATH=$ORACLE_HOME\bin:$PATH$

2 Start the Oracle Net Configuration Assistant:

$ORACLE_HOME/bin/netca

3 On theWelcome panel, select Listener configuration and click Next.

27Installing Oracle 12c on LinuxCreating the TNS Listener on Linux

4 On the Listener Configuration, Listener panel, select Add and click Next.

5 On the Listener Configuration, Listener Name panel, enter a listener name and clickNext.

Note: Use the default listener name, LISTENER, unless you must use a different name.

6 On the Listener Configuration, Select Protocols panel, select the TCP protocol andclick Next.

7 On the Listener Configuration, TCP/IP Protocol panel, select Use the standard portnumber of 1521 and click Next.

8 On the Listener Configuration, More Listeners? panel, select No and click Next.

9 On the Listener Configuration Done panel, click Next.

10 Configure the Local Net Service Name in the Oracle Net Configuration Assistant.


Note: You must click Finish to exit the Oracle Net Configuration Assistant beforecontinuing with this procedure.

11 Log into the Oracle host computer as the Oracle user.

su - oracle


lsnrctl stop

13 Confirm that the ORACLE_SID is set to the following:

export ORACLE_SID=protect

14 Open the following file in a text editor:

$ORACLE_HOME/network/admin/listener.ora

15 Locate the following line:

(ADDRESS = (PROTOCOL = IPC)(KEY = <key_value>))

16 Change key_value to PROTECT.

17 Add the following line to the end of the file:

SECURE_REGISTER_LISTENER = (IPC)

18 Save the file and exit the text editor.

28Installing Oracle 12c on LinuxCreating the TNS Listener on Linux


lsnrctl start

20 Run the following commands to connect to the database using SQL*Plus:

sqlplus /nolog

conn sys/<password> as sysdba


ALTER SYSTEM SET local_listener =

'(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=PROTECT)))' SCOPE=both;

22 Run the following command to register the listener:

ALTER SYSTEM REGISTER;

23 Exit SQL Plus by running the following command:

exit

24 Run the following command to verify the change:

lsnrctl services

The command output should display a message similar to the following:

Services Summary...

Service "protect" has 1 instance(s).

Instance "protect", status READY, has 1 handler(s) for this service...

Handler(s):

"DEDICATED" established:0 refused:0 state:ready

LOCAL SERVER

The command completed successfully

Configuring the local net service namePerform the following procedure to configure the Local Net Service Name for the SymantecData Loss Prevention database.

To configure the local net service name

1 If the Oracle Net Configuration Assistant is not already running, log on as the Oracle userand start it:

$ORACLE_HOME/bin/netca

2 On theWelcome panel, select Local Net Service Name configuration and click Next.

29Installing Oracle 12c on LinuxConfiguring the local net service name

3 On the Net Service Name Configuration panel, select Add and click Next.

4 On the Net Service Name Configuration, Service Name panel, enter "protect" in theService Name field and click Next.

5 On the Net Service Name Configuration, Select Protocols panel, select TCP and clickNext.

6 On the Net Service Name Configuration, TCP/IP Protocol panel:

■ Enter the IP address of the Oracle server computer in the Host name field.

■ Select Use the standard port number of 1521 (the default value).

■ Click Next.

7 On the Net Service Name Configuration, Test panel, select No, do not test and clickNext.

Do not test the service configuration, because the listener has not yet started.

8 On the Net Service Name Configuration, Net Service Name panel, select accept thedefault name of "protect" and click Next.

9 On the Net Service Name Configuration, Another Net Service Name? panel, selectNo and click Next.

10 On the Net Service Name Configuration Done panel, select Next.

11 Click Finish to exit the Oracle Net Configuration Assistant.

Verifying tnsnames.ora contentsBefore you create the required Oracle user accounts, verify that the tnsnames.ora file containsentries for the protect database that you created.

30Installing Oracle 12c on LinuxVerifying tnsnames.ora contents

To verify or update tnsnames.ora file contents

1 Using a text editor, open the tnsnames.ora file, located in the$ORACLE_HOME/network/admin directory.

2 Verify that the following lines are present in the file:

PROTECT =

(DESCRIPTION =

(ADDRESS_LIST =

(ADDRESS = (PROTOCOL = TCP)(HOST = ip_address)(PORT = port_number))

)

(CONNECT_DATA =

(SERVICE_NAME = protect)

)

)

If these lines do not exist, add them to the file, replacing ip_address and port_numberwith the correct values for your system.

Note: Do not copy and paste information to the tnsnames.ora file, as it can introducehidden characters that cannot be parsed.

3 Save the tnsnames.ora file and exit the text editor.

Verifying the Symantec Data Loss Preventiondatabase

After you create the Symantec Data Loss Prevention database, verify that it was createdcorrectly.

To verify that the database was created correctly

1 Open a command prompt as the Oracle user and start SQL*Plus:

$ORACLE_HOME/bin/sqlplus /nolog

2 Log on as the SYS user:

SQL> connect sys/password@protect as sysdba

Where password represents the SYS password.

31Installing Oracle 12c on LinuxVerifying the Symantec Data Loss Prevention database

3 Run the following query:

SQL> SELECT * FROM v$version;

4 Confirm that the output from the query contains information that correctly identifies thesoftware components for the installed version of Oracle 12c Enterprise.

For example, if you are using Oracle 12c Enterprise Release 2, the output informationshould read:

BANNER

--------------------------------------------------------------------------------

Oracle Database 12c Release 12.2.0.1.0 - 64bit Production

PL/SQL Release 12.2.0.1.0 - Production

CORE 12.2.0.1.0 Production

TNS for Linux: Version 12.2.0.1.0 - Production

NLSRTL Version 12.2.0.1.0 - Production

5 Exit SQL*Plus:

SQL> exit

Creating the Oracle user account for Symantec DataLoss Prevention

Perform the following procedure to create an Oracle user account and name it “protect.”

To create the new Oracle user account named "protect"

1 Copy the oracle_create_user.sql file from /tmp/oracle_install to a local directory.

2 Open a command prompt as the Oracle user and go to the directory where you copiedthe oracle_create_user.sql file.

3 Start SQL*Plus:

sqlplus /nolog

4 Run the oracle_create_user.sql script:

SQL> @oracle_create_user.sql

5 At the Please enter the password for sys user prompt, enter the password for the SYSuser.

32Installing Oracle 12c on LinuxCreating the Oracle user account for Symantec Data Loss Prevention

6 At the Please enter SID prompt, enter protect.

7 At the Please enter required username to be created prompt, enter protect.

8 At the Please enter a password for the new username prompt, enter a new password.







Store the password in a secure location for future use. You use this password to installSymantec Data Loss Prevention. If you need to change the password after you installSymantec Data Loss Prevention, see the Symantec Data Loss Prevention AdministrationGuide for instructions.

Configuring automatic startup and shutdown of thedatabase

To configure automatic startup and shutdown of the database, follow this procedure:

To configure the automatic startup and shutdown of the database

1 Switch to the root xterm window.

2 Go to the oracle_install directory.

cd /tmp/oracle_install

33Installing Oracle 12c on LinuxConfiguring automatic startup and shutdown of the database

3 Run the oracle_post.sh script from the oracle_install directory.

./scripts/oracle_post.sh

4 Verify that the script completed successfully by checking if the very last line of the outputis:

dbora 0:off 1:off 2:off 3:on 4:on 5:on 6:off

You may see errors before the last line (for example, cannot access /var/log/dbora).You can ignore these errors.

34Installing Oracle 12c on LinuxConfiguring automatic startup and shutdown of the database

Upgrading to Oracle 12cEnterprise Release 2


■ Set privileges for the Oracle user

■ Preparing the upgrade software

■ Upgrading to Oracle 12c Enterprise Release 2

Set privileges for the Oracle userYou must set privileges for the Oracle user if you are currently running Symantec Data LossPrevention 14.6 MP2 through 15.5. Set privileges before you upgrade Symantec Data LossPrevention.

Complete the following to set privileges for theOracle user on Symantec Data Loss Prevention:

1 Stop all Symantec Data Loss Prevention services.

2 Grant select on v_$version to protect; (or to your schema user) as sysdba user:

sqlplus sys/[sysdba password] as sysdba

Grant select on v_$version to protect;

Preparing the upgrade softwareThe steps to prepare the Symantec Data Loss Prevention upgrade software if differencedepending on the Symantec Data Loss Prevention version.

If you are updating to 15.0 or 15.0 MP1, copy the upgrade file to the\SymantecDLP\Protect\updates directory.

5Chapter

The Symantec Data Loss Prevention version 15.0 file is 15.0_Upgrader_Windows.jar. TheSymantec Data Loss Prevention version 15.0 MP1 file is 15.0.01_Upgrader_Windows.jar.

If you are updating to 15.1 or later, install the new version where the existing version is running.See the Symantec Data Loss Prevention Upgrade Guide available at the Symantec SupportCenter:

https://www.symantec.com/docs/DOC10602.

Upgrading to Oracle 12c Enterprise Release 2You use the following steps to upgrade your Oracle 12c Enterprise Release 2 database. Thefollowing steps include details for bothWindows and Linux. These steps assume that you havealready obtained the Oracle 12c Enterprise Release 2 database software.

Note: Before you upgrade the database software, you must set privileges for the Oracle user.

See “Set privileges for the Oracle user” on page 35.

Complete the following steps to upgrade your version to Oracle 12c Enterprise Release 2(12.2.0.1):

1 Install Oracle 12.2.0.1 under the same folder as Oracle 12.1.0.1. For example:

c:\oracle\product\12.2.0.1\db1 for Windows

/opt/oracle/product/12.2.0.1/db1 for Linux

Refer to the install steps for your particular database server OS to install the Oracle12.2.0.1 database:

See “Installing Oracle 12c Enterprise on Windows” on page 11.

See “Installing Oracle 12c Enterprise on Linux” on page 23.

2 Set ORACLE_HOME depending on your database server OS:

set ORACLE_HOME=c:\oracle\product\12.2.0.1\db_1 for Windows

export ORACLE_HOME=/opt/oracle/product/12.2.0.1/db_1 for Linux

Note: Clear any errors before starting the Database Upgrade Assistant.

3 Set the ORACLE_SID variable:

set ORACLE_SID=protect for Windows

export ORACLE_SID=protect for Linux

36Upgrading to Oracle 12c Enterprise Release 2Upgrading to Oracle 12c Enterprise Release 2

4 Set the display variable if you upgrade on Linux by running the following command:

export DISPLAY=ip_address:display_number

Where ip_address is the local host.

5 Start the Database Upgrade Assistant by running the following command:

%ORACLE_HOME%/bin/dbua for Windows

$ORACLE_HOME/bin/dbua for Linux

If the Database Upgrade Assistant does not launch and an error message displays,complete the following items in order:

■ Open the command prompt window.

■ Set ORACLE_HOME depending on your database server OS:set ORACLE_HOME=c:\oracle\product\12.2.0.1\db_1 for Windowsexport ORACLE_HOME= /opt/oracle/product/12.2.0.1/db1 for Linux

■ Set the path:set PATH=%PATH%:%ORACLE_HOME%\bin for Windowsexport PATH=$PATH:$ORACLE_HOME\bin for Linux

■ Restart the Database Upgrade Assistant:%ORACLE_HOME%/bin/dbua for Windows$ORACLE_HOME/bin/dbua for Linux

6 Confirm that the OracleServicePROTECT service is running.

If the service is not running, an error message displays and the upgrade process cannotfinish.


7 Refer to the following table for information on what to enter on each screen of the DatabaseUpgrade Assistant.

DescriptionScreen

Do not enter the sysdba user name and password. You connectto the existing database at a later part of the upgrade.

Select Database

Resolve any warnings or errors that display. In some cases,you must drop packages from previous Symantec Data LossPrevention versions to clear errors. For example, to dropSymantec Data Loss Prevention 14.0 packages, you run thefollowing SQL command:

SQL> drop packageUPGRADESCEHEME_PRELOAD_V14_0_0

Prerequisite Checks

Leave the settings as default.Select Upgrade Options

Select I have my own backup and restore strategy.Select Recover Options

Clear the selected listener that displays on the ListenerSelection tab. You re-create the listener in a later step. Leavethe remaining settings default.

Configure Network

Clear the Configure Enterprise Manager (EM) databaseexpress selection.

Configure Management

The Summary screen lists the settings that are used duringthe database upgrade. Click Finish.

Summary

The Progress screen displays the details about the upgrade.The upgrade can take around 30 minutes to complete.

Progress

The Results screen displays when the upgrade completes.Results

8 Re-create the TNS listener.

See “Creating the TNS Listener on Windows” on page 14.

See “Creating the TNS Listener on Linux” on page 27.

9 Re-create the local net services.




10 Restart Symantec Data Loss Prevention services.

11 Log on to the Enforce Server administration platform.

If the Enforce Server logon page does not load and instead displays a 'GLOBALNOT_FOUND' message, restart all Symantec Data Loss Prevention services again.


Configuring an existingOracle 12c Enterprisedatabase


■ Configuring your Oracle 12c Enterprise database manually

■ Recommended database parameters

■ Minimum database requirements

■ Tablespace information

■ Required user privileges

Configuring your Oracle 12c Enterprise databasemanually

The following sections list the recommended and required Oracle 12c Enterprise systemparameters, tablespace information, and required user permissions you use to optimize theyour existing Oracle 12c database for use with Symantec Data Loss Prevention. You do notneed to implement any of these settings if you installed Oracle 12c Enterprise using the toolsprovided by Symantec described in previous chapters.

Recommended database parametersSymantec recommends that you use the following system parameters when creating the Oracledatabase:

6Chapter

■ db_block_size: 8192

■ db_cache_size: 0

■ db_file_multiblock_read_count: 68

■ nls_length_semantics: Byte

■ open_cursors: 1000

■ optimizer_index_caching: 0

■ optimizer_index_cost_adj: 100

■ pga_aggregate_target: 0

■ sga_max_size: 0

■ sga_target: 0

■ shared_pool_size: 0

■ sort_area_size: 0

■ java_pool_size: 0

■ large_pool_size: 0

Minimum database requirementsThe Oracle database must meet the following minimum requirements:

■ memory_max_size: 3072

■ memory_target: 3072

■ Processes: 1000

Tablespace informationThe default tablespace for the DLP user (protect) is USERS. Refer to the Symantec Data LossPrevention System Requirements and Compatibility Guide for database sizing information:


Typically, the USERS tablespace size should be 15% of the database size.

The lob_tablespace tablespace: the name is not configurable. Typically, the lob_tablespacesize should be 80% of the database size.

Your LOB tables should be in SecureFiles format. If you have any LOB tables in BasicFilesformat, you can convert them using the following procedure.

41Configuring an existing Oracle 12c Enterprise databaseMinimum database requirements


To manually convert LOB tables from BasicFiles to SecureFiles format

1 Back up the Oracle database before making any changes.

2 Shut down all DLP services on your Enforce Server. The following links are to the SymantecData Loss Prevention 15.5 help, your service names may be slightly different. You canalso refer to the topics "Starting and stopping services on Linux" and "About starting andstopping services on Windows" in the Symantec Data Loss Prevention AdministrationGuide appropriate to your version.

■ For Linux, see Stopping an Enforce Server on Linux

■ For Windows, see Stopping an Enforce Server on Windows

3 Export the MESSAGELOB, MESSAGECOMPONENTLOB, and CONDITIONVIOLATIONLOB databasetables to the data pump directory (line breaks added for legibility):

expdp protect/<protect password>

dumpfile=protect_messagelob.dmp

logfile=protect_messagelob.log

directory=DATA_PUMP_DIR

tables='MESSAGELOB'


dumpfile=protect_messagecom.dmp

logfile=protect_messagecom.log


tables='MESSAGECOMPONENTLOB'


dumpfile=protect_cvlob.dmp

logfile=protect_cvlob.log


tables='CONDITIONVIOLATIONLOB'

4 Verify that the tables appear in the data pump directory (line break added for legibility):

select DIRECTORY_NAME, DIRECTORY_PATH from dba_directories where

DIRECTORY_NAME = 'DATA_PUMP_DIR';

42Configuring an existing Oracle 12c Enterprise databaseTablespace information

https://help.symantec.com/cs/DLP15.5/DLP/v130776412_v128674454/Stopping-an-Enforce-Server-on-Linux?locale=EN_US

https://help.symantec.com/cs/DLP15.5/DLP/v130776304_v128674454/Stopping-an-Enforce-Server-on-Windows?locale=EN_US

5 Import the tables from the data pump directory as follows (line breaks added for legibility):

impdp protect/<protect password>

dumpfile=protect_messagelob.dmp

logfile=protect_import_message.log


table_exists_action=REPLACE

transform=LOB_STORAGE:SECUREFILE


dumpfile=protect_messagecom.dmp

logfile=protect_import_messagecom.log





dumpfile=protect_cvlob.dmp

logfile=protect_import_cv.log




6 Verify that the tables are now in SecureFiles LOB storage format. When you run thefollowing query, the value for securefile should be yes.

select table_name, securefile from user_lobs where table_name like '%LOB%';

7 Restart all DLP services on your Enforce Server. The following links are to the SymantecData Loss Prevention 15.5 help, your service names may be slightly different. You canalso refer to the topics "Starting and stopping services on Linux" and "About starting andstopping services on Windows" in the Symantec Data Loss Prevention AdministrationGuide appropriate to your version.

■ For Linux, see Starting an Enforce Server on Linux

■ For Windows, see Starting an Enforce Server on Windows

Required user privilegesThe following section lists privileges required by the Oracle database. The Oracle administratormust grant the privileges to the Oracle user intended to be used for Symantec Data LossPrevention.

43Configuring an existing Oracle 12c Enterprise databaseRequired user privileges

https://help.symantec.com/cs/DLP15.5/DLP/v130776396_v128674454/Starting-an-Enforce-Server-on-Linux?locale=EN_US

https://help.symantec.com/cs/DLP15.5/DLP/id-SF990350373_v128674454/Starting-an-Enforce-Server-on-Windows?locale=EN_US

The Oracle administrator uses the “grant” command for the Oracle Symantec Data LossPrevention database user for the following privileges:

■ Create session

■ Alter session

■ Create synonym

■ Create view

■ Create table

■ Create cluster

■ Create sequence

■ Create trigger

■ Create procedure

■ Create type

■ Create indextype

■ Create operator

■ Create materialized view

■ Unlimited tablespace

■ Select on dba_tablespaces

■ Select on dba_data_files

■ Select on dba_temp_files

■ Select on dba_extents

■ Select on v_$session

■ Select on v_$database

■ Select on v_$instance all on dbms_monitor

■ Select on v_$parameter

■ Select on dba_segments

■ Select on v_$sqlarea

■ Select on v_$session_longops

■ SELECT ON v_$sql

■ SELECT ON v_$sql_plan

■ SELECT ON v_$sql_plan_statistics_all


■ EXECUTE ON dbms_session

■ Execute on dbms_lock

■ READ, WRITE ON directory data_pump_dir

■ SELECT ON dba_registry_history

■ SELECT ON dba_temp_free_space

■ EXECUTE ON dbms_lob

■ SELECT ON v_$version


Symantec Data Loss Prevention Oracle 12c …...Configuring Oracle 12c for use with Symantec Data...

Documents

Transcript of Symantec Data Loss Prevention Oracle 12c …...Configuring Oracle 12c for use with Symantec Data...