Professional Documents
Culture Documents
10
® ®
Service Pack 1
Notice
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Contents 9
© 2006 BindView Corporation. All rights reserved.
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Installing bv-Control for Unix agent using install.sh on UNIX target machine . . . . . . . . . . . . . 38
Installing bv-Control for Unix agent manually on different Operating Systems . . . . . . . . . . . . . . . 41
AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Red Hat Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
SUSE Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Installing bv-Control for Unix agent using bv-Config UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Product Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Uninstalling bv-Control for Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
9 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Using the Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Contents 11
© 2006 BindView Corporation. All rights reserved.
12 bv-Control for Oracle Getting Started Guide
© 2006 BindView Corporation. All rights reserved.
Information Resources
In This Section
Information Resources 13
© 2006 BindView Corporation. All rights reserved.
BindView Product Documentation
About BindView BindView Corporation is a leading provider of proactive business policy, IT security
Corporation and directory management software worldwide. BindView solutions and services
enable customers to centralize and automate policy compliance, vulnerability
management, and directory administration across the entire organization. With
BindView insight at work™, customers benefit from reduced risk and improved
operational efficiencies with a verifiable return on investment. More than 20 million
licenses have shipped to 5,000 companies worldwide, spanning all major business
segments and the public sector.
Getting Started Guide The Docs directory on the BindView product CD contains a copy of the Getting
Started guide and other documentation in the PDF format.
Release Notes If the autorun function is enabled, a Readme HTML file for your BindView product is
accessible under the Documentation menu of the BindView setup menu when you
insert your CD. You also can select to view this file after the installation is
completed, or by browsing to the Release Notes directory in the root directory for
your program:
C:\Program Files\BindView\RMS\Release Notes
Online Help Comprehensive help is available from the Help menu on the BindView RMS Console
and the BindView RMS Web Console. Additionally, you can access help by clicking
the Help button in any dialog, by right-clicking an item and selecting Help from the
action menu, or by pressing F1 in any dialog.
Alert Statements The alerting statements are Notes, Cautions, and Warnings. These statements are
formatted in the following style:
• • • • • •
Note: Information that is incidental to the main text flow, or to an important
point or tip provided in addition to the previous statement or instruction.
• • • • • •
Caution: Advises of machine or data error that could occur should the user fail
to take or avoid a specified action.
• • • • • •
Warning: Requires immediate action by the user to prevent actual loss of data
or where an action is irreversible, or when physical damage to the
machine or devices is possible.
Information Resources 15
© 2006 BindView Corporation. All rights reserved.
Contacting BindView
Contacting BindView
Technical Support BindView has sales and support offices around the world. For information on
contacting BindView, please refer to the information below or to the BindView
Web site: www.bindview.com
For Technical Support: www.bindview.com/support
Technical Support is available Monday through Friday from 7:00 a.m. to 7:00 p.m.
Central Time. Normal working hours for all other departments are 9:00 a.m.
to 6:00 p.m.
Phone
Sales and Customer U.S. and Canada 800-813-5869
Service
Outside N. America 713-561-4000
Technical Support U.S. and Canada 800-813-5867
Outside N. America 713-561-4000
Training/Professional U.S. and Canada 800-749-8439
Service
Outside N. America 713-561-4000
Email
Sales sales@bindview.com
Training edu@bindview.com
Documentation docs@bindview.com
Other
FTP Site ftp://ftp.bindview.com
Internet www.bindview.com
Postal Mail BindView
5151 San Felipe, Suite 2500
Houston, TX 77056
In This Chapter
Product Overview BindView's bv-Control® for Oracle® application provides tools to analyze and
secure the Oracle enterprise. bv-Control for Oracle provides vulnerability
management and reporting for Oracle databases. This also helps in meeting the
compliance demands of the new regulatory requirements that make it mandatory for
organizations to demonstrate adequate internal controls over their IT systems.
A useful set of pre-defined reports has been designed to help the administrator in
managing the Oracle enterprise better.
bv-Control for bv-Control for Oracle supports vulnerability management and audit reporting for
Oracle Features Oracle Databases. bv-Control for Oracle provides out-of-the box reporting for the
enterprise Oracle infrastructure. It supports several pre-defined reports (BVDs) that
cover the essential best practices for Oracle databases. The product integrates with
the BindView RMS as an integrated solution.
Some of the key features of bv-Control for Oracle include:
• Configuration Information
Using the information obtained from the reports generated by bv-Control Oracle,
administrators can accurately view the status of the configuration information.
The reports can be obtained at the operating system level, network, and
databases.
• Access Control and Auditing
You can generate reports to analyze who has access to information on databases
by using the access control reports in bv-Control for Oracle. Action can be taken if
unauthorized users have access to databases.
The auditing feature involving the monitoring and recording of database actions is
available in the form of reports using bv-Control for Oracle.
• Query-based Analysis
This application provides administrators with advanced query-based capabilities
that allow report information to be graphed, compared to an established baseline,
and exported into a variety of data formats, such as Microsoft Excel, Microsoft
Word, HTML, and to e-mail addresses. Further, bv-Control for Oracle allows query-
based analysis on many useful data sources and fields.
• Pre-packaged Query Reports
Pre-configured reports that identify key issues such as database integrity, security,
and permissions tracking, are included with bv-Control for Oracle.
BindView RMS The BindView RMS® Console and Information Server installs as a snap-in to the
Console Microsoft Management Console (MMC). The MMC is a host application that provides
a common user interface enabling you to navigate the BindView RMS Console
application. The BindView RMS Console, along with bv-Control for Oracle, is a
powerful tool designed to help you manage your Oracle environment. The BindView
RMS Console is the primary user interface for bv-Control products. The BindView
RMS Console provides query, baseline, task list, chart, report, and export features.
As you install the RMS Console, you are requested to add the product you want to
install with the RMS Console. Though any of the products can be installed, only the
products for which you have licenses will be operable.
For more information about the BindView RMS Console, refer to the BindView RMS
Console and Information Server Online Help.
In This Chapter
Overview .....................................................................................................22
System Requirements ...................................................................................22
Minimum Rights Required .............................................................................23
Overview Before you deploy bv-Control for Oracle, you must evaluate your environment to
ensure that your workstations meet the minimum system requirements for running
the product. The recommended system requirements are described in the “System
Requirements” section.
To successfully validate credentials in bv-Control for Oracle, you must have
appropriate permissions on the Information Server, the databases and the operating
systems. The required permissions are described in the “Minimum Rights” section.
If you are upgrading to bv-Control for Oracle 8.10 SP1, read the “Upgrading from a
Previous Version” section.
System Before you install the BindView RMS Console, make sure that your workstation and
Requirements network environment meet the following minimum requirements:
• Pentium® II 450 MHz
• 256 MB RAM
• 300 MB of free disk space
• SVGA monitor that supports 256 colors with the display set to 800 x 600 pixels or
greater
• Microsoft® Windows® 2000 SP3 (server or workstation), Windows XP®
Professional SP1, or Windows Server™ 2003 or later
• Microsoft Internet Explorer v5.5 SP1 or later
• Microsoft® Outlook® 2000, Novell® GroupWise® v5.5, Lotus Notes® v5.0 or
Lotus Domino® (only required for e-mailing export files)
• Microsoft® Excel (required for Excel (using OLE) export files)
• Client for Microsoft® Networks
Before you install the BindView RMS Information Server, make sure that your
workstation and network environment meet the following minimum requirements:
• Pentium III 800 MHz
• 512 MB RAM
• 500 MB of free disk space
• Microsoft Windows 2000 SP3 (server or workstation), Windows XP Professional
SP1, or Windows Server 2003 or later
• Microsoft SQL Server v7.0 or 2000, or Microsoft SQL Server Desktop Engine
(MSDE) v1.0 or 2000
• Microsoft Internet Explorer v5.5 SP1 or later
• Microsoft Outlook 2000, Novell GroupWise v5.5, Lotus Notes v5.0 or Lotus
Domino (only required for e-mailing export files)
• Microsoft Excel (required for Excel (using OLE) export files)
• Client for Microsoft Networks
If you install a Console and Information Server on the same machine, the machine
must meet all of the listed system requirements.
• • • • • •
Note:
bv-Control for Oracle v8.10 Service Pack 1 requires BindView RMS Console v8.00 SP
2.
Before launching the RMS Console, you must install BindView RMS Console
Hotfix 015-CRJ214821 or later. This hotfix is available for download on the
BindView Customer Portal website.
Apply the RMS Hotfix HF_CRJ208436 on the installed product.
Apply RMS Hotfix HF_CRJ208437 to prevent data of large files (greater than 2MB)
from getting truncated while exporting them from the result grid to the CSV format.
Software Requirements • Sun Solaris Operating Environment version 5.6, 5.7, 5.8, 5.9, and 10
for installing bv-Control
for Unix agents • Red Hat Linux version 6.2, 7.0, 7.1, 7.2, 7.3, 8.0, and 9.0
• Red Hat Enterprise Linux AS version 2.1, and Red Hat Enterprise Linux AS/ES
version 3.0, and 4.0
• Hewlett-Packard® HP-UX® version 10.20, 11.00, 11.11(v1), 11.11i(v1),
11.23(v2)
• IBM® AIX® version 4.3.3, 5.1, 5.2, and 5.3
• SUSE Linux version 7.3, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, and 9.3
• SUSE Linux Enterprise Server version 8.0, 8.1, and 9.0
• BindView RMS® Console and Information Server v8.00
• openSSH installed on each UNIX target machine
Your BindView RMS Console and Information Server CD includes a Microsoft installer
MSDE Installation for the Microsoft SQL Server 2000 Desktop Engine (MSDE 2000). If the BindView
RMS Console and Information Server setup program determines that you need to
install MSDE, a warning message will appear. Click the 3rd Party Applications
button in the Install panel and then the MSDE 2000 button to start the MSDE
installer.
Minimum Rights This section describes the miminum rights required on the BindView Information
Required Server, the databases, and the operating system on which the queries report.
Windows Trust The domain of the Windows credentials supplied for connecting with the Oracle
Requirement server must have a one-way trust with the domain of the BindView Information
Server. Otherwise, the server will be displayed as “Unknown” while configuring the
product.
Privileges Required for The credential user needs certain privileges to run queries on database-related
Database-related datasources.
Queries
For information on specific SELECT privileges to query database-related
datasources, Refer to Appendix B: SELECT Privileges Required to Query Database-
related Datasources.
Alternatively, you can provide the following privileges:
For Oracle Database Version 9i and later:
SELECT ANY DICTIONARY - Granting this privilege allows access to the required
data dictionary objects.
SELECT ON SYSTEM.PRODUCT_USER_PROFILE - Granting this privilege allows
access to the SYSTEM.PRODUCT_USER_PROFILE synonym, which will be used for
reporting in the SQL*Plus Security datasource.
For Oracle Database Version 8i:
• • • • • •
Note: Oracle 8i does not have SELECT ANY DICTIONARY privilege and SELECT
ANY TABLE PRIVILEGE is not useful if O7_DICTIONARY_ACCESSIBILITY is
set to false.
Privileges Required for To obtain Windows platform-specific information, the credentials user must have
Platform-specific administrator privileges on the Windows machine.
Queries
You must have root access privileges for the machine on which you want to install
bv-Control for Unix agent. bv-Control for Unix agent is installed only under root
account credentials. Communication between the BindView Information Server and
the UNIX targets uses TCP port 1236.
Requirements for bv-Control for Oracle normally does not require the Oracle Client to be installed on
Encryption the BindView Information Server. Oracle client needs to be installed with Oracle
Advanced Security enabled only in case network data encryption is required.
Please refer to the bv-Control for Oracle online help for detailed information on how
to configure Network Data Encryption.
Upgrading from a bv-Control for Oracle v8.10 Service Pack 1 supports upgrade from bv-Control for
Previous Version Oracle v8.10. Upgrading from the previous version is a silent upgrade and requires
no additional steps other than the procedure described in the “Installing bv-Control
for Oracle” chapter.
• • • • • •
Note:
You must launch the BindView RMS Console to get the credentials upgraded.
Information about the operating system of the server in the configuration is used to
establish the type of credentials for a server in the credentials database. You can
view the credentials after upgrade.
If the server type is Unknown, then these credentials will be removed from the
credentials database since the credential type cannot be determined. Credentials will
not be usable since platform queries cannot be run on an unknown server.
The support for generic resource credentials in bv-Control for Oracle will not be
available after upgrade. You can enter the native UNIX/Linux credentials as generic
UNIX/Linux OS credentials after upgrade. Any queries that run with Resource
credentials as the generic UNIX/Linux credentials will fail.
We recommend that you upgrade both bv-Control for Oracle and bv-Control for Unix
to versions 8.10 SP 1 and 8.10 respectively so that both snap-ins work smoothly.
In This Chapter
Installing BindView Before installing bv-Control for Oracle, you will need to install the BindView RMS
RMS Console and Console and Information Server.
Information
Once the system hardware and software requirements are met, the procedure to
Server.
install the RMS Console is as follows:
1. Autorun the CD.
If Autorun is not enabled, run Setup.exe at the root of the CD-ROM disk.
2. From the BindView RMS Demo Shield dialog, click Install.
3. Select 'RMS Console and Information Server' from the menu.
For more information on installing the BindView RMS Console, see the BindView
RMS Console and Information Server Help.
The bv-Control for Oracle application is shipped on a CD that must be available from
either a local or remotely mounted CD-ROM drive. If you do not have access to a
CD-ROM drive, contact BindView Technical Support for assistance.
Installing the You can install the bv-Control for Oracle snap-in by performing the following steps:
Snap-in
1. After installing the BindView RMS Console and Information Server, insert the
bv-Control for Oracle CD into your CD-ROM drive or double-click Setup.exe
from the installation directory.
The Install panel appears.
2. Click Install.
3. Click Next.
The License Agreement panel appears.
4. Read the license agreement and click Yes to accept the terms.
The Start Copying Files panel appears.
The options to launch BindView RMS Console and to view the Release Notes
are selected by default.
6. Accept the default selections or make necessary changes and click Finish to
complete the installation.
Configuring RMS The first time a user opens the Console after it is installed or upgraded, or after a
Console bv-Control product is installed on the Console machine, the BindView RMS
Console Configuration Wizard appears. This wizard allows you to perform the
minimum configuration required by the Console and Information Server.
Adding bv-Control All bv-Control products installed on both the Console and the Information
for Oracle Server machines appear in the Installed product list.
1 Click Next on the Welcome panel of the BindView RMS Console
Configuration Wizard.
The Add/Remove Products panel appears.
In order to use this product, licenses must be assigned to the object you want
to query. When you add the necessary licenses, the license contains a limited
number of unassigned object licenses. These object licenses are automatically
assigned when you run a query.
4 There are different ways to add licenses.
- Enter the license code in the Add text frame and click Add.
- Click Browse and select a license file.
- Drag a license file to the License Type list.
5 Repeat the process until you have entered all of your BindView product license
codes.
6 Click Next.
The License Summary panel appears.
• • • • • •
Note: If the panel contains a caution message for missing licenses, click Back to
return to the Add Licenses panel and add the missing licenses.
Adding Users Add users and define properties for each user. You can select multiple users.
10 Add users of the Information Server by typing their fully qualified path in the
Users frame, or by using the browse (...) button to open a dialog for selecting
the desired user.
The added users have access rights to the Information Server.
11 Assign the desired user properties for each added user and click Next.
The Add Users Summary panel appears.
12 Review the summary information for the added users and click Next.
The BindView RMS Console Configuration Wizard completion panel appears.
13 Click Finish.
The Console and Information Server are configured with the items
you selected in the BindView RMS Console Configuration
Wizard.
In This Chapter
Introduction ...........................................................................................38
Overview ...............................................................................................38
Installing bv-Control for Unix agent using install.sh on UNIX target machine38
Installing bv-Control for Unix agent manually on different Operating Systems41
AIX........................................................................................................41
HP-UX ...................................................................................................43
Solaris ...................................................................................................45
Red Hat Linux ........................................................................................48
SUSE Linux ............................................................................................49
Installing bv-Control for Unix agent using bv-Config UNIX .........................51
Introduction
Overview You must install the bv-Control for Unix agent on the UNIX target machines and
register them with the BindView Information Server for effective query execution.
You can perform the installation of bv-Control for Unix agent either manually by
using the command line options of the different UNIX operating systems or by using
the install.sh script. You can also use the remote installation utility bv-Config
UNIX, to transfer, register, and install the agent software on multiple UNIX target
machines.
In the CD, the bv-Control for Unix agent package is located in the respective
Operating System’s folder. This package information is used for installing the agent
using the install.sh script, bv-Config UNIX utility or by manual installation.
Once you install the UNIX agent on the target machines, you must ensure that the
UNIX targets are registered with the BindView Information Server. For more details
on UNIX target registration refer to Chapter 5.
• • • • • •
Note: You must have root access privileges for the machine on which you want
to install bv-Control for Unix agent. Communication between the NT
machine and the UNIX targets uses TCP port 1236. Review output from
the command: netstat -a to verify that this port is not in use. Also, check
the /etc/services files or the services.byname NIS map, if NIS is being
used, to see if this port is currently assigned to another program.
Installing bv- You can install the bv-Control for Unix agent on the UNIX target machines by
Control for Unix executing the install.sh script located in the InstallSet/bv-Control for Unix/
agent using directory of the mounted CD-ROM drive. This section details on the procedure to
install.sh on UNIX install bv-Control for Unix agent on different operating systems using the install.sh
target machine script.
You can install the bv-Control for Unix agent on any desired location other than the
default location (/BindView/bvcontrol/) in the UNIX target machine.
38 bv-Control for Oracle Getting Started Guide
© 2006 BindView Corporation. All rights reserved.
Introduction
• • • • • •
Note: You must ensure that you remove any previous version of the bv-Control
for Unix agent (e.g., v8.00) installed on any location of the UNIX target
machine, before installing the latest version (e.g., v8.10) of the product.
-u <User Name>: User account in whose context the bv-Control for Unix agent is
to be installed. You must ensure that the user specified already exists in the
machine.This argument is mandatory for product installation.
-g <Group Name>: Group in whose context the bv-Control for Unix agent is to be
installed. You must ensure that the group specified already exists in the
machine.This argument is mandatory for product installation.
• • • • • •
Note: You must specify the user (-u) and the group (-g) together during
installation of the bv-Control for Unix agent.
-m <location of the package>: Specify a location for the package other than the
default location (i.e./usr/local). This argument is not mandatory for product
installation.
• • • • • •
Note: Note: The -m option can be used only when you want to install the bv-
Control for Unix agent on any location (custom directory) other than the
default location (i.e. /usr/local or /opt/). For such installations, you must
ensure that you provide the appropriate permission (not less than 755) for
the specified directory. After installation, the created directory is as /
<custom_directory>/BindView/bvcontrol/.
-l <custom logs directory>: Specify the directory path where the installation and
functional logs are to be created while executing the product. For example, if you
specify a directory /tmp/bvinstall/logs, then you must ensure that tmp/bvinstall
(parent directory) exists under which the directory logs is created. This argument is
not mandatory for product installation.
<package name>: Specify the name of the package to be installed for the OS.
The package name comprises the product name followed by the build number and is
located in the specific OS folder (i.e., InstallSet/bv-Control for Unix/<OS> directory).
For example, bv-Control.8.10.<build number> for AIX.
An appropriate message is displayed after the successful installation of the the
bv-Control for Unix agent package on the respective OS target machine.
the bv-Control for Unix agent is installed in the following directories for the
different operating systems:
For AIX and RedHat : /usr/local/BindView/bvcontrol/
For HP-UX, SunOS, and SUSE : /opt/BindView/bvcontrol/
AIX Complete the following steps to install the UNIX package on your IBM AIX target
machine.
• • • • • •
Caution: If you install bv-Control for Unix agent using the manual commands on
AIX, then you cannot install the agent for any non-root user. The bv-
Control for Unix agent can be installed only for the root user and hence
the queries will also execute in the root context.
! To install the UNIX package on the IBM AIX target machine from a
local drive
1 Create a directory on the AIX UNIX machine
Example: /tmp/bvinstall.
2 Copy /bv-Control for Unix/AIX/bv-Control.8.10.<build number> from
the CD into the newly created directory on the AIX machine.
• • • • • •
Note: The build number consists of the last three digits of the file name.
• • • • • •
Note: You have installed the UNIX package on your UNIX target machine. You
must now run the setup shell to register the UNIX target with the
BindView Information Server. Refer to Running the setup.sh Script
section in Chapter 5 for more details.
HP-UX BindView recommends that you install bv-Control for Unix agent using install.sh.
You can also install the UNIX package manually on the HP-UX machine either from
the CD-ROM or from the local drive by performing the following steps.
• • • • • •
Note: The build number consists of the last three digits of the file name.
! To install the UNIX package on an HP-UX target machine from the CD-
ROM
1 Type the following commands to mount the CD-ROM drive:
pfs_mountd & and press Enter.
pfsd & and press Enter.
pfs_mount [cd-rom device] /mnt and press Enter.
2 Type the following command to install the package:
swinstall -s /mnt/bv-Control for Unix/HP-UX bvControl
and press Enter.
3 Type the following command to unmount the CD-ROM drive:
pfs_unmount /mnt and press Enter.
Once you install the package, the following prompt will appear:
# swinstall -s /mnt/bv-Control for Unix/HP-UX bvControl
======= 04/03/04 17:12:06 GMT BEGIN swinstall SESSION
(non-interactive) (jobid=hp-pune-0665)
* Session started for user "root@hp-pune".
* Beginning Selection
* Target connection succeeded for "hp-pune:/".
* "hp-pune:/mnt/bv-Control for Unix/HP-UX": Cannot open
the
logfile on this target or source. Possibly the media is
read-only or there is a permission problem. Check the
daemon
logfile and "/var/tmp/swagent.log" on this host for more
information.
* Source:/mnt/bv-Control for Unix/HP-UX
* Targets: hp-pune:/
* Software selections:
bvControl.bvControl,r=8.10,a=S700/S800_HPUX_10/
11,v=BindView
* Selection succeeded.
* Beginning Analysis and Execution
• • • • • •
Note: You have installed the UNIX package on your UNIX target machine. You
must now run the setup shell to register the UNIX target with the
BindView Information Server. Refer to Running the setup.sh Script
section for more details.
Solaris BindView recommends that you install bv-Control for Unix agent using install.sh.
You can also install the UNIX package manually on the Solaris machine either from
the CD-ROM or from the local drive by performing the following steps.
• • • • • •
Note: The build number consists of the last three digits of the file name.
To install the UNIX package on a Sun Solaris target machine in a directory other
than the /opt directory, refer to section To install UNIX agent at a different location
on the Sun Solaris.
! To install the UNIX package on a Sun Solaris target machine from the
local drive
1 Create a directory on the SunOS machine (for example: /tmp/bvinstall).
2 Copy /bv-Control for Unix/SunOS/bv-Control.8.00.<build number>
from the CD-ROM onto a SunOS machine.
3 Change to the newly created directory.
4 Type the following command to install the package:
pkgadd -d bv-Control.8.10.<build number>
and press Enter.
5 At the command line, type 1 and press Enter.
The following prompts appear:
! To install the UNIX package on a Sun Solaris target machine from the
CD-ROM drive
1 Type the following command to install the software package:
pkgadd -d /cdrom/cdrom0/bv-Control for Unix /SunOS/bv-
Control.8.10.<build number>
and press Enter.
The following prompts appear:
The following packages are available:
1 bv-Control for Unix
(sparc) 8.10
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
2 At the command line, type 1 and press Enter.
The following prompts appear:
• • • • • •
Note: You have installed the UNIX package on your UNIX target machine. You
must now run the setup shell to register the UNIX target with the
BindView Information Server. Refer to Running the setup.sh Script
section for more details
3 Specify the directory name (where you install the UNIX agent) in the text file.
You need to specify the directory in the following format:
basedir= “/<Directory Name>”
4 Run the following command to install the package:
pkgadd -a <Text file name> -d <Path of the executable>
5 Use the following command to create a symbolic link in the /opt directory:
ln. -s. <Directory Name>/BindView BindView
Red Hat Linux BindView recommends that you install bv-Control for Unix agent using install.sh.
You can also install the UNIX package manually on the Red Hat Linux machine
either from the CD-ROM or from the local drive by performing the following steps.
• • • • • •
Note: The build number consists of the last three digits of the file name.
! To install on a Red Hat Linux target machine from the local drive
1 Create a temporary directory on the Red Hat Linux machine.
Example: /tmp/bvinstall
2 Copy /bv-Control for Unix/Linux/RedHat/bvControl-8.00-<build
number>.i386.rpm on a Red Hat Linux machine.
3 Change to the newly created directory.
4 Type the following command to install the package:
rpm -i bvControl-8.10-<build number>-i386.rpm
and press Enter.
Once you have installed the package, the following prompt will appear:
Setting up bv-Control for Unix to run daemon
##################################################
You have successfully installed bv-Control for Unix agent.
To complete the installation you must run.
/usr/local/BindView/bvcontrol/setup.sh
##################################################
! To install on a Red Hat Linux target machine from the CD-ROM drive
1 Type the following command to mount the CD-ROM drive:
mount /dev/cdrom
and press Enter.
2 Type the following command to install the package:
rpm -i /mnt/cdrom/bv-Control for Unix/Linux/RedHat/
bvControl-8.10-<build number>-i386.rpm
• • • • • •
Note: You have installed the UNIX package on your UNIX target machine. You
must now run the setup shell to register the UNIX target with the
BindView Information Server. Refer to Running the setup.sh Script
section for more details.
SUSE Linux BindView recommends that you install bv-Control for Unix agent using install.sh.
You can also install the UNIX package manually on the SUSE Linux machine either
from the CD-ROM or from the local drive by performing the following steps.
• • • • • •
Note: You have installed the UNIX package on your UNIX target machine. You
must now run the setup shell to register the UNIX target with the
BindView Information Server. Refer to Running the setup.sh Script
section for more details.
• • • • • •
Note: The build number consists of the last three digits of the file name.
2 Double-click bvConfig UNIX on the Details pane. The bv-Config UNIX panel
appears
On the left-hand side pane is a tree-view. On the right-hand side pane is a columnar
list-view displaying the Configuration and the Project Files under the Name and
Description coulmns.
3 Click the Agent Install Set Configuration node. A Summary of the agent’s
install set such as the release major number, build number, SSH port number,
time-out period and so on are displayed in the lower pane.
4 Double-click the Agent Install Set Configuration node.The Agent Install
Set Configuration dialog appears.
The Agent Install Set Configuration dialog appears.
Agent Version: The version of the agent to be installed must be specified for
the respective fields.
• Major Number: Specify the major number of the package to be installed on
the UNIX target machine. For example, if bvControl-8.10-201.i386.rpm is
the .rpm package for Red Hat UNIX target, then the major number is 8.
• Minor Number: Specify the minor number of the package to be installed on
the UNIX target machine. For example, if bvControl-8.10-201.i386.rpm is
the .rpm package for Red Hat UNIX target, then the minor number is 10.
• Build Number: Specify the version or build number of the installing
package on the UNIX target machine. For example, if bvControl-8.10-
201.i386.rpm is the .rpm package for Red Hat UNIX target, then the build
number is 201.
Project Execution Options
The connection details of the bv-Config UNIX must be specified for the
respective fields.
• Timeout (seconds): bv-Config UNIX terminates the operation if the target
machine does not respond in this specified time interval. Timeout is specified
in seconds.
• Thread Count: Number of threads that are active simultaneously. Value of
this parameter should be between one and five.
• SSH Port: Port used for Secure Shell communication during any operation.
6 When all values have been entered, click OK.
All values entered through the Agent Install Set Configuration dialog are
stored in a file.
3 Click Next.
The Specify the Target Name or IP Address panel appears.
4 Specify the Target Name or IP Address in the text box, as per the format
specified below:
<Machine Name>
Or
For IP Address - For example: <125.235.123.234>
• • • • • •
Note: You can also enter the multiple Target Name or IP Address in the text box,
as per the format specified below: For example: <Computer Name 1>,
<Computer Name 2>, <Computer Name 3> or <IP Address 1>, <IP
Address 2>, <IP Address 3> or <IP Address 1>, <Computer Name 2>
5 Click Next.
The Specify the Remote Operation panel appears.
SSH Protocol Version - Select the type of SSH Protocol version for which the
private key was generated. You can select SSH1 or SSH2 protocol version,
which are the two type of keys provided by SSH
• SSH1 - The SSH1 protocol only supports RSA keys.
• SSH2 - The SSH2 protocol supports more than one key type. The two types
supported by PuTTY are RSA and DSA.
Private Key - If you select the type of authentication as SSH RSA/DSA Key
Authentication, then you can use the field Private Key to specify the file
containing private key information.
• Login Name - Login name to be used on the target machine. It should have
the root level privileges.
• Pass-phrase - Enter the password for the user specified in Login Name on
the target host. This will be used to establish a login session.
• Confirm Pass-phrase - Confirmation of the password to authenticate the
target machine.
8 Click Next.
The Installation Parameters panel appears.
Agent Installation Context -The user and group contexts for which bv-
Control for Unix agent is installed.
• User Owner - Specify the user in whose context bv-Control for Unix agent
is to be installed on the target machine.
• Group Owner - Specify the group to which the specified user for installing
bv-Control for Unix agent on the target machine.
Installation Directory - Specify the directory where bv-Control for Unix
agent is installed. You can type the desired directory or choose the default
location (e.g., /opt or usr/local) from the list box.
Logs directory - Specify the directory for storing the logs of bv-Control for
Unix agent. For example, if you specify /tmp/bvinstall/logs as the directory then
you must ensure that /tmp/bvinstall (parent directory) exists under which the
directory logs is created.
9 Click Next. The Configuration Parameters panel appears only if you have
checked the Configure Agent check box in the Specify Remote Operation
panel of the wizard in Step 5. Else the Registration/Unregistration Parameters
panel appears.
The Configuration Parameters panel appears.
Agent Execution User Context - The user in whose context the agent is to
be executed.
Agent Run Mode - The mode in which the agent is to be executed. You can
choose any one of the following mode of execution for the agent:
• xinetd: It is used to set the mode of the agent as xinetd service.
• inetd: It is used to set the mode of the agent as inetd service.
• standalone: It is used to set the mode of the agent as stand-alone daemon
Debug Level on target - The debug level can be set on the UNIX target by
specifying the value in the corresponding field. The agent's debug level value
must be within 0 and 255. The default debug level value is 7.
Logs directory - The path of the logs directory can be set for this field. The
default directory path for Red Hat and operating system UNIX target machine is
/usr/local/ while that for HP-UX, Suse Linux, and Sun Solaris operating system
UNIX target machines are /opt/.
Agent Context: Here, you can specify the user and the group for which you
want bv-Control for Unix agent to be permission stamped. Queries execute in
the context of the user/group which is permission stamped.
• User Owner: Specify the user name, which is to be stamped with bv-
Control for Unix agent permission.
• Group Owner: Specify the group name, which is to be stamped with bv-
Control for Unix agent permission.
10 Click Next.
The Task Creation Summary panel appears. This panel displays all the
configuration details specified for creating the task.
13 Click Next.
The Completing Tasks Wizard appears.
14 Click Finish.
15 From the Tools menu, click Set Pass-phrase.
The Set Pass-phrase dialog appears.
The CSV file contains important machine information along with the user and
resource passwords. Set Pass-phrase is used as a key to encrypt the username and
resource passwords stored in the CSV file.
Once you enter a pass-phrase it remains valid throughout the entire session. bv-
Config UNIX associates this pass-phrase with all the CSV files created during this
session.
16 Use one of these methods to save the information in a CSV file:
• Click File>Save, then enter a file name and location where you wish to save
the file.
• Click the Save button, then enter a file name and location where you wish
to save the file.
Task button.
4 Enter the required information, then click OK.
5 To save the changed file, select File>Save. The Save As dialog opens.
6 Enter a new name or select the file name from the list, then click Save.
! To delete a task
1 Launch bv-Config UNIX.
2 On the right-hand side pane, select the record you wish to delete. Use one of
these methods to delete the record:
• Right-click on the record and select Delete.
In This Chapter
Overview All UNIX target machines need to be registered with the BindView Information
Server before being queried. The registration process of the UNIX target machine
includes setting the authentication mode of the UNIX target, which is later used to
add credentials of the UNIX target machine to the credential database. The UNIX
target machine credential is added using the bv-Control for Oracle Configuration
Wizard.
The UNIX target machine can be registered in any of the following manner:
• using Resource name/Password
• without using Resource name/Password
Registering with The following steps are to be performed for registering a UNIX target with a
BindView BindView Information Server:
Information Server
1 Navigate to the directory where the bv-Control for Unix agent is installed on the
using Resource
UNIX target machine. For example, in AIX the bv-Control for Unix agent
Name/Password
installation directory is /usr/local/BindView/bvcontrol/.
2 Execute the following command to register the UNIX target machine with the
BindView Information Server:
./setup.sh -a [BindView Information Server Name]
[Description] [Resource Name] [Resource Password][-s
<Snap-in Name>]
• • • • • •
Note: If -s option is not specified then:
• for one snap-in installed on the BindView Information Server, the UNIX agent is
registered with the BindView Information Server.
• for more than one snap-ins installed on the BindView Information Server, the
registration process displays a list of snap-ins to be registered with the BindView
Information Server from which you can select a snap-in and register.
If you have registered using the Resource Name/Password, then you must ensure
that you use the same Resource Name/Password (Resource Credentials) or use
the Native Credentials for configuring the UNIX target machine. On configuring
the UNIX target machine using the Resource Credentials, queries are executed in
the agent context on the machine and on configuring the target machine using the
Native Credentials, queries are executed in the context of the native operating
system user on the machine.
Registering with The following steps are to be performed for registering a UNIX target with a
BindView BindView Information Server:
Information Server
1 Navigate to the directory where the bv-Control for Unix agent is installed on the
without using
UNIX target machine. For example, in AIX the bv-Control for Unix agent
Resource Name/
installation directory is /usr/local/BindView/bvcontrol/.
Password
2 Execute the following command to register the UNIX target machine with the
BindView Information Server:
./setup.sh -c [BindView Information Server Name]
[Description][-s <Snap-in Name>]
• • • • • •
Note: Note: If -s option is not specified then:
• for one snap-in installed on the BindView Information Server, the UNIX agent is
registered with the BindView Information Server.
• for more than one snap-ins installed on the BindView Information Server, the
registration process displays a list of snap-ins to be registered with the BindView
Information Server from which you can select a snap-in and register.
If you have registered the UNIX target machine without using Resource Name/
Password, then you can use the Native Credentials for configuring. Queries are
executed in the context of the native operating system user, on the UNIX target
machine.
Running the The setup shell (setup.sh) script can be used to register the UNIX agent with the
setup.sh Script BindView Information Server. The UNIX agent can be configured to communicate
with the BindView Information Server using a default interface or a specific IP
address.
UNIX target machines can have multiple Network Interface Cards (NICs) and
depending upon the need you can run the daemon on any one of them. By default,
the UNIX daemons listen to all installed NICs and hence there can be situation
where the BindView Information Server get the wrong IP address from a UNIX
target for communication.This can result in the loss of communication between the
UNIX target machine and the BindView Information Server.
• • • • • •
Note: You must ensure that your firewall does not block the UNIX target
registration process. If it blocks then, you can add the port 1236 as
Exception in the Wndows Firewall dialog of the Windows machine to
allow registration of UNIX targets.
To start the UNIX agent If a UNIX target machine has multiple network interfaces installed and is configured
on a specified IP for different sub-networks, then the UNIX agent can be configured to communicate
Address using the IP address of a particular network interface.
To notify all BindView Any modification in the entry of the IP address of the UNIX target machine in the
Information Servers bv.conf file is notified to the BindView Information Servers. Therefore, irrespective of
about UNIX target IP the routing configuration, the correct IP address is always communicated to the
address information BindView Information Server. This enhances the stability of communication between
the UNIX target machine and the BindView Information Server.
To retrieve Snap-ins To retrieve the list of snap-ins installed on the specific BindView Information Server
installed on the
BindView Information 1 Navigate to the directory where the bv-Control for Unix agent is installed on the
Server UNIX target machine. For example, in AIX the bv-Control for Unix agent
installation directory is /usr/local/BindView/bvcontrol/.
2 Execute the following command to retrieve the list of snap-ins installed on the
BindView Information Server:
./setup.sh -s [BindView Information Server Name]
For example, if the snap-ins installed on a BindView Information Server are bv-
Control for Unix and bv-Control for Oracle, then on executing the command the
result displayed is as follows:
To configure BindView The BindView Information Server is registered with the UNIX target machine using
Information Server to the setup.sh script. In the UNIX target machine execute the setup.sh script located
accept information in the <installation directory>/BindView/bvcontrol/ directory.
from a specified IP
Address 1 At the command line type one of the following commands:
• For HP-UX, Solaris and SUSE
/opt/BindView/bvcontrol/setup.sh
and press Enter.
• For AIX and Red Hat Linux
/usr/local/BindView/bvcontrol/setup.sh
and press Enter.
Select <-A,-C>Add <-D>elete or <N>otify configuration data
or <Q>uit to exit.
- A : Register agent to use resource name and password for
querying.
- C : Register agent to use native Unix credentials for
querying.
Enter your choice:
2 Type -A or -C to add a UNIX target to the BindView Information Server
configuration and press Enter. You can specify -A if you want to add
ResourceName/Password during registration and specify -C if you do not want
to specify Resource Name /Password during registration.
bv-Control for Unix agent needs to exchange keys and
configuration data with the bv-IS.
IP address or system name can't be empty.
Enter the system name (or IP Address) of the BindView
Information Server:
3 Type the system name or IP address of the BindView Information Server and
press Enter. The following prompt appears:
Please enter a message to help identify this machine:
4 Enter a description to identify the machine and press Enter. The following
prompts appear:
bv-Control for Unix agent needs to setup authentication via
passwords. You will need to add the Resource Name and
password for this machine. After you enter this
information, you will need to configure a credential
database in the BindView RMS Console with this information.
• • • • • •
Note: If -s option is not specified then:
• for one snap-in installed on the BindView Information Server, the UNIX agent is
unregistered, automatically.
• if more than one snap-in is installed on the BindView Information Server, the un-
registration process displays the list of snap-ins registered with the BindView
Information Server from which you can select a snap-in for un-registering.
In This Chapter
Configuring the Before you begin to use bv-Control for Oracle, you must configure the product. The
Product bv-Control for Oracle configuration wizard helps you to configure the servers and
databases.
When you select the BindView RMS>bv-Control for Oracle node, the Configuration
Wizard and the bv-Config UNIX icons appear.
The Configuration Wizard can be used to configure the Oracle servers and databases
in your organization.
Requirements for If you have Oracle databases on a UNIX/Linux environment, you need to install the
UNIX/Linux UNIX agent on the targets. For this, you can use the bv-Config UNIX utility for which
Environment you need SSH (version 1 or 2) running on the UNIX/Linux machine. If you do not
have SSH you must install the UNIX agent manually. For more information, refer to
the section Installing bv-Control for UNIX agent manually on different Operating
Systems in the chapter Installing bv-Control for UNIX Agent.
bv-Config™ UNIX® is a Windows® based utility that automates the tasks involved
in deploying UNIX agents on the target machines that support various flavors of
UNIX operating systems such as IBM®AIX®, Sun™ Solaris™, Red Hat® Linux®,
SUSE® Linux and HP-UX®. This utility makes use of a multi-threaded architecture
capable of performing multiple operations simultaneously. Please refer to the bv-
Config UNIX Help for more details.
• • • • • •
Warning: You must run the bv-Config Unix utility and register the UNIX target
servers if you require reports on your UNIX/Linux environment. You
can then proceed to configure the Unix servers using the bv-Control
for Oracle Configuration wizard. If you configure Unix servers directly
before running bv-Config Unix, the UNIX servers will displayed as
Unknown.
Configuring bv- Use the bv-Control for Oracle Configuration wizard to configure the servers and
Control for Oracle databases.
2 Click Next.
The Configure Oracle Servers panel appears.
3 Use the Configure Oracle Servers panel to configure the databases hosted
on the Oracle servers. The servers are displayed in a tree view in the left-hand
pane below All Servers.
4 To view the databases configured for the servers, select the server below All
Servers. The database details are displayed in the right-hand pane.
! To register databases
5 Click Register Database to add a database to a server.
The bv-Control for Oracle Register Database dialog appears.
• • • • • •
Note: Only database authentication is supported. Operating System
authentication is not supported.
2 Click Next on the Welcome panel to proceed. If you do not want to see the
Welcome panel when the wizard is launched the next time, select the Do not
show this panel again check box.
The Add Credentials Wizard appears.
5 Type a password and verify it for this database. You can repeat this process to
add more credential databases.
6 Click OK.
7 Click Next on the Add Credentials Wizard.
The Select Credentials panel appears. Use this panel to add credentials for
the resource objects to the credential databases.
12 Specify the User/Resource name and Password and select the correct
credential type.
UNIX and Linux Resource Credentials - Select this option to use resource
credentials for the selected UNIX target. The resource credentials are those
that are specified while registering the bv-Control for Unix agents on the UNIX
targets.
UNIX and Linux Native Credentials - Select this option only in case of bv-
Control for Unix v8.10 agents. The user specified here has to be a member of
the bvunix group on the UNIX target.
Windows Credentials - Select this option to use the credentials for all
Windows servers.
• • • • • •
Note:
If you select the incorrect Credential Type and when you try to run queries, the
error "Invalid Credential Type" is displayed and the correct credential type is
suggested.
• • • • • •
Note: If incorrect explicit credentials are specified for the UNIX target, then the
default query credentials are not used for query execution.
The Database Credentials dialog appears. Enter the User name and
Password. The added credentials will be used by the product when
connecting to and retrieving information from an Oracle server in the specified
domain.
If no explicit credentials have been specified for that server, then the domain
credentials are used.
15 Click Next.
The Assign a Credential Database to Each User panel appears.
In This Chapter
Overview Securing the information contained in the databases of any organization is one of
the most important tasks for an administrator. Since many client programs access
the databases, loss or misuse of this data may cause serious harm to the company.
bv-Control for Oracle helps secure the Oracle environment by providing detailed
reports on the configuration (database, network, operating system), access control,
and auditing aspects.
Database Access Administrators can obtain valuable information so that only authorized users have
Control - Users access to databases. The administrator can review all the non-standard user
with System accounts that have been granted system privileges. Ideally, system privileges must
Privileges be granted via roles.
1 Navigate to the Users with System Privileges pre-defined query from the
following path: BindView RMS>Risk Assessment and Control>Pre-
Defined>bv-Control for Oracle>Security Best Practices>Database
Access Control.
2 Right-click and select Run>And View As Grid from the short cut menu.
The Task Status window displays the status of the query while it is running.
The result is displayed as a report.
Password Administrators can identify passwords that are identical to the user names and take
Management - action accordingly. Oracle creates some default users with passwords during
Password Identical installation. Some of these have passwords the same as the user name. This may
to Username present a security threat.
1 Navigate to the Password Identical to Username pre-defined query from
the following path: BindView RMS>Risk Assessment and Control>Pre-
Defined>bv-Control for Oracle>Security Best
Practices>Configuration>Database Configuration>Password
Identical to Username.
2 Right-click and select Run>And View as Grid from the shortcut menu.
The Task Status window displays the status of the query while it is running.
The result is displayed as a report.
Database Role This data source can be used to provide a report on the assignment of Roles in the
Assignments database. Some of the roles can be granted to other users. This may be misused by
an individual. The administrator can review the report and revoke any role if
required.
2 Expand the bv-Control for Oracle folder and select Roles Assignment.
3 Click OK.
The Query Builder dialog appears.
Specify the Fields, Filters, Sorts, and the Scope for this query.
4 Click OK.
The Query Options window appears.
Database Users One of the uses of the report from the Database Users datasource is to get
information on the database users whose passwords have expired and account is
locked. The administrator can further review the report to see if all the default users
and passwords created during Oracle installation are either changed or locked to
reduce risk to the databases.
8 Select Specific Value. Under Account Status, select Equal To and Expired
and Locked.
9 Click OK.
The filter term appears in the Expression list.
10 Click OK on the Query Builder dialog.
The Query Options dialog appears.
You can save the results to be able to compare the results with a future
collection of data.
11 Click Save.
The Save Query dialog appears.
Using Custom SQL You can use SELECT statements to build a custom SQL query and get reports.
Query Datasource
1 Click the New Query icon on the product toolbar.
The Select Data Source dialog appears.
2 Expand the bv-Control for Oracle folder and select Custom SQL Query.
3 Click OK.
The Query Builder dialog appears.
4 Expand the All Fields folder and select SQL Query Text.
5 Click Add.
The SQL Query Text dialog appears.
Type the SQL query you want to execute. You can specify multiple columns or
aliases separated by commas using SELECT statement. For example, SELECT
object_name, object_type, owner as schema_owner from dba_objects.
• • • • • •
Note: Only SELECT statement is supported. DML (except SELECT) and DDL
statements are not supported.
7 Click OK.
8 Click OK again on the SQL Query Text dialog.
9 Go back to the Query Builder dialog and define the columns or aliases that
you want to display in the result. To do this, select Field:... in the Query
Builder dialog and click Add.
The Field dialog appears.
10 Enter the column name or the alias in the Enter text box. In this example,
object_name.
11 Click OK.
Repeat the process for all the other columns and aliases present in the SQL
Query Text.
12 The fields are displayed under Selected Fields in the Query Builder dialog.
13 Click OK.
14 The Query Options dialog appears.
15 Click Run to get the report. The results are displayed in a grid. The details
appear under the column name or alias that you have specified.
• • • • • •
Note: The values under SQL Query Text show [Refer to Messages]. Click the
Messages button at the lower right-hand corner to get information about
the SQL Query that you have specified.
• • • • • •
Note:
In This Chapter
Product Removal
Uninstalling bv- Follow these steps to completely remove the bv-Control for Oracle product from the
Control for Oracle test system:
1. Ensure that the BindView Information Server is currently not executing
queries by checking the RMS Task Status dialog.
2. Close the BindView RMS Console and any open grids or task status
windows.
3. Select Start>Settings>Control Panel>Add/Remove Programs.
The Add/Remove Programs dialog appears.
4. From the list of programs currently installed, select BindView bv-Control for
Oracle. Proceed with uninstallation, choosing to remove all files.
5. From the list of programs currently installed, select BindView Information
Server and Admin Console. Proceed with uninstallation, choosing to remove
all files.
6. Once the uninstallation is complete, restart the system.
7. To remove data files created by test execution, delete the BindView directory
where the application was initially installed. The default location is in Program
Files.
In This Chapter
9: Troubleshooting 97
© 2006 BindView Corporation. All rights reserved.
Symptoms and Solutions
Introduction This chapter provides information on resolving the problems you may encounter
while installing or using bv-Control for Oracle.
Privileges Required for You need certain specific privileges in the credentials database to run queries on
Database-related Data database-related data sources. Otherwise, you may encounter the following errors:
sources
Symptom
If the user does not have the required privileges, the following error message is
displayed:
Query to the database failed. Scope is database 'MASSDB' on server 'WKSERV'.
Additional Error Information: ORA-00942: table or view does not exist
If the user does not have the CREATE SESSION privilege but has
SELECT_CATALOG_ROLE, the following error message is displayed:
Unable to establish the connection with the database. Scope is database 'MESDB' on
server 'WKSERV'. Additional Error Information: ORA-01045: user TESTUSER lacks
CREATE SESSION privilege; logon denied
Solution
For information on specific SELECT privileges to query database-related data
sources, refer to Appendix B: SELECT Privileges Required to Query Database-related
Data sources in the bv-Control for Oracle Getting Started Guide.
The SQL script, INITBVCO.SQL creates a credential user and assigns privileges to it.
This is required to run queries on bv-Control for Oracle successfully. This script must
be run on all the databases on which you want bvControl for Oracle to report. Refer
to Appendix C: Script to Create Credentials User for more details.
Minimum Privileges To obtain Windows platform-specific Information, the credentials user must have
Required for Windows administrator privileges on the Windows machine.
Account to get
Windows Platform-
specific Information
9: Troubleshooting 99
© 2006 BindView Corporation. All rights reserved.
Symptoms and Solutions
File Not Found Error for The Oratab file must be present in /etc or /var/opt/oracle directory. This is required
Some Data sources to run queries based on the following data sources successfully.
while Reporting on
UNIX Targets • Listener
• Server Configuration
• UNIX Server File and Directory Permissions
• UNIX Database File and Directory Permissions
SQL*Plus Security Data PRODUCT_USER_PROFILE synonym should be present. If not, then SQL* Plus
source Returns Error Security data source returns "Table or view does not exist"
Symptom
"Query to the database failed. Scope is database 'test1db' on server
'test5.ad.simulatedcomp.com'. Additional Error Information: ORA-00942: table or
view does not exist".
Solution
Make sure the synonym PRODUCT_USER_PROFILE is accessible or that it exists in
the database. Otherwise the query based on the SQL*Plus Security data source will
display an error.
Platform-related Symptom
Queries Error in case of
UNIX Agent If a UNIX agent is unregistered but the server entry remains in the configuration,
this server will be available for scoping but an error is displayed on running platform-
related queries. The error is "System cannot find the specified file".
Solution
Register the BindView Information Server again and try to execute the queries.
Platform-related Symptom
Queries Error Due to
BindView Information If the BindView Information Server is no longer registered with the UNIX/Linux
Server Registration agent but the agent’s entry exists in the scoping database of the BindView
Information server, then the platform-specific queries for the corresponding Oracle
server will fail with a “Connection dropped” error.
Solution
Delete the UNIX/Linux server in the RMS Console and then register the BindView
Information server again.
Refer to bv-Control for Oracle online help for information on deleting servers.
Error in case of Oracle This occurs only for Oracle installation on Windows. By default sqlnet.ora file has
Server on Windows - AUTHENTION_SERVICE value set to (NTS). This means that whenever connection is
SQLNet.ora Containing attempted with the server, it tries to verify the Windows user that is trying to
NTS Entry connect.
Jobprocessor.exe, which connects to the database for querying, runs under the user
"bvpmuser". This is a local user on the BindView Information Server and cannot be
verified on the Oracle server to be a Windows user.
Hence, if the AUTHENTION_SERVICE value is set to NTS, the connection fails.
Symptom
Unable to establish the connection with the database. Scope is database 'MOSSDB'
on server 'W2KADSERV'. Additional Error Information: ORA-12638: Credential
retrieval failed
Solution
Open the Sqlnet.ora file present in the %ORACLE_HOME%/network/admin directory
and change SQLNET.AUTHENTICATION_SERVICES=(NTS) to
SQLNET.AUTHENTICATION_SERVICES=(NONE)
9: Troubleshooting 101
© 2006 BindView Corporation. All rights reserved.
Symptoms and Solutions
Performance Tuning of You can improve the performance of database queries, by changing the value of
Database Queries PrefetchDataElementCount in the bvOConfig.ini file according to the needs of your
environment.
Overview The following table lists the default Oracle user accounts and their passwords that
may be created during the installation process.
Username Password
ADAMS WOOD
ADLDEMO ADLDEMO
ADMIN JETSPEED
APPLSYS FND
APPLYSYSPUB PUB
APPS APPS
APPUSER APPPASSWORD
AQ AQ
AQDEMO AQDEMO
AQJAVA AQJAVA
AQUSER AQUSER
AUDIOUSER AUDIOUSER
AURORA$JIS$UTILITY$ INVALID
AURORA$ORB$UNAUTHENTIC INVALID
ATED
BC4J BC4J
BLAKE PAPER
CATALOG CATALOG
CDEMO82 CDEMO82
CDEMOCOR CDEMOCOR
CDEMORID CDEMORID
CDEMOUCB CDEMOUCB
CENTRA CENTRA
CIDS CIDS
CIS ZWERG
Overview SELECT privileges are required on the following views to query database-related
datasources.
Datasource View
Database Application Contexts DBA_CONTEXT
Database Audit Trail DBA_AUDIT_TRAIL
Database Configuration V$DATABASE, V$INSTANCE,
GLOBAL_NAME,
V$SYSTEM_PARAMETER2,V$VERSION
Database Fine Grained Access Control DBA_POLICIES
Policies
Database Fine Grained Auditing Audit DBA_FGA_AUDIT_TRAIL
Trail
Database Initialization Parameters V$SYSTEM_PARAMETER2
Database Links DBA_DB_LINKS
Database Object Auditing DBA_OBJ_AUDIT_OPTS
Database Object Privilege Assignments SYS.OBJAUTH$, SYS.OBJ$,
SYS.USERS$, TABLE_PRIVILEGE_MAP,
DBA_ROLES, DBA_OBJECTS,
SYS.COL$C
Database Objects DBA_OBJECTS
Database Policy Contexts DBA_POLICY_CONTEXTS
Database Policy Groups DBA_POLICY_GROUPS
Database Privilege Auditing DBA_PRIV_AUDIT_OPTS
Database Profiles DBA_PROFILES
Database Resource Consumer Groups DBA_RSRC_CONSUMER_GROUPS
Database Resource Limits V$RESOURCE_LIMIT
Database Role Assignments DBA_ROLE_PRIVS, DBA_ROLES
Database Roles DBA_ROLES
Database Sessions V$SESSION
Overview The SQL script, INITBVCO.SQL creates a credential user and assigns privileges to it.
This is required to run queries on bv-Control for Oracle successfully. This script must
be run on all the databases on which you want bvControl for Oracle to report.
This script is supported for Oracle database versions 8i and above.
Using the Script Follow these steps to use the script to create a credentials user and assign
privileges.
O
operating system credentials, 81
Oracle servers, 75
P
port number, 76
privileges, 24
database-related datasources, 24
platform-specific information, 25
SELECT, 109
UNIX, 25
product overview, 18
products, 31
R
Red Hat Linux, 48
register database, 76
Registering UNIX Targets with BindView Information
Server
Resource Name /Password, 66
report
view type, 89
requirements
software, 28
Running the Setup Shell Script, 63
Running the setup.sh Script, 67
S
shared server, 76
SID, 76
Solaris, 45
specify credentials
configured servers, 80
Operating system, 81
resource objects, 80
SuSE Linux, 49
system requirements for installation, 22
U
Un-registering UNIX Target from BindView Informa-
tion Server, 71
upgrading, 25
W
Windows trust requirement, 24