Set Up Oracle Authentication

Create a separate Oracle authentication record for each Oracle instance you want to scan. During scanning we'll authenticate to all Oracle instances defined in all Oracle records in your account.

System created authentication records

Did you know? You can allow the system to create Oracle authentication records for auto discovered instances and scan them. This is supported for Unix installations only. To enable this feature, you must first create Oracle System Record Templates.

Learn how to set this up >>

 

VM scans: Oracle authentication is supported for Oracle Database Versions 8, 9, 10, 11 and 12.

PC scans: Refer to the supported technologies list, which is continuously updated. Go to PC > Policies > Controls, and click Search.

It is strongly recommended that you create one or more dedicated user accounts to be used solely by our service to authenticate to Oracle databases. See our Scanning Tips docs under Quick Links (also available under Help > Resources).

Be sure to choose the "Is CDB" option on the Target Configuration tab in the Oracle record. When “Is CDB” is selected, the compliance scan will auto discover and assess all accessible Pluggable Databases (PDBs) within the container database (CDB). Learn more about Oracle authentication for CDB/PDBs

 

- Go to Scans > Authentication.

- Check that you already have a record defined for each host running database instances.

- Create a Oracle record for the database instance. Go to New > Databases > Oracle.

Port <number>
Enter the port number you want to scan. We'll use the credentials in this record to attempt authentication to the SID on the port you enter here.

All Ports
Select this option and we'll use the credentials in the record to attempt authentication to the SID on all ports the SID is detected on. You may only create one Oracle record with the "All Ports" option per host.

We'll attempt to find a port-specific record firstWe'll attempt to find a port-specific record first

When we detect an Oracle instance on a host at scan time:

First we'll look for a port-specific record for the host and attempt authentication using its credentials.

If a port-specific record is not found or if authentication fails...

Then we'll look for an "All Ports" record for the host and attempt authentication using its credentials.

We support integration with multiple third party password vaults. Just go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault.

Select this option on the Windows and/or Unix tab to allow the scanning engine to gather Oracle compliance data at the operating system level.

For Windows, you must also have a Windows record with the same IP addresses as the Oracle record. For Unix, you must have a Unix record with the same IP addresses as the Oracle record.

Your Oracle InstallationYour Oracle Installation

Enter details about your Oracle installation in the fields provided. All fields are required and have a limit of 255 characters.

For Windows, these special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ /

For Unix, these special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ \

Select this option on the Unix tab to allow the scanning engine to get a list of all installed patches for the Oracle instance. Unix authentication and Oracle Authentication are both required to perform OPatch checks. Learn more

Note - The Oracle installation details you provide on the Unix tab will apply to both types of checks: OS-dependent checks and OPatch checks.

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.

 

Quick Links

Why use host authentication

Oracle System Record Templates

Oracle CDB/PDBs

Perform OPatch Checks

Oracle Use Cases

Oracle Database QIDs - Confirmed vs. Potential

Oracle Auth (VM) Zip File Icon

Oracle Auth (PC) Zip File Icon