Customer Uploads
The Database Protection Subscription Service supports the maintenance of predefined assessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.
Uploads are used to keep information current and within industry best practices to protect against newly discovered vulnerabilities. Updates are distributed quarterly.
Use Customer Uploads to upload the following types of files: DPS update files; Oracle JDBC drivers; MS SQL Server JDBC drivers; and, DB2 for z/OS license jar files.
- Open Customer Uploads by clicking .
- For DPS Upload, click Browse to locate and select
the file to be uploaded.
- Navigate to .
- In the DPS Upload section, click Browse and choose the latest DPS update file, then click Upload.
- In the Import DPS section, click to import the DPS update.
Note: The DPS file can take a long time to install. If you restart the browser, the install stops. Either keep the Customer Upload window open until you see a status message, or use the CLI commandshow dps
to check install status. Reference the Import DPS pane to see what files have been uploaded. - For Upload DB2 z/OS License jar, click Browse to locate and select the file.
- Use Upload Oracle JDBC driver or Upload MS SQL Server JDBC
driver to upload open source drivers. After the upload finishes, you will see the
databases that are added to the Select datasource
window. Upload one driver at a time. Note: There are two instances where open source drivers are recommended over Oracle Data Direct drivers or MS SQL Data Direct drivers.
- To support Windows Authentication for MS SQL Server. In all other uses, the Data Direct driver pre-loaded in the Guardium appliance is sufficient.
- When you use the Value Change Tracking application for Oracle version 10 or higher, the open-source driver is recommended in order to support the use of streams instead of triggers.
Use keywords to search and download open source JDBC drivers (for example: open source JDBC driver for MS SQL).
- Use the Central Manager to distribute the .jar file to managed units. After the file is successfully uploaded, the GUI needs to be restarted on the Central Manager and the managed units.
When uploading DB2® z/OS® license jar files, the license will take effect after restart of the GUI.
- Enable ASO on the Oracle server using latest Oracle DataDirect driver
-
Refer to the following information when you enable ASO on the Oracle server that uses the latest Oracle DataDirect driver.
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.ENCRYPTION_SERVER = required
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256, AES192, AES128)
#SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA256)
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)
The Oracle JDBC driver will work and does not require specifying a connection property. Download the latest Oracle JDBC driver that is compatible with your database version, then upload that driver to the system using the Guardium Customer Uploads function.
If you continue to use Oracle DataDirect driver, then you need to specify a connection property to the datasource.
Use the following when defining the Oracle DataDirect driver connection property:
DataIntegrityLevel=required;EncryptionLevel=required;DataIntegrityTypes=(MD5,SHA1)
Note: The current Oracle DataDirect driver does not support SHA-256. So SHA-1 has to be used. That is why sqlnet.ora reference (#SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA256)) had to be commented out. However, if a Guardium customer must connect using SHA-256, they need to use the Oracle JDBC driver instead.Data Direct references:
https://www.progress.com/documentation/datadirect-connectors
Download the Oracle database JDBC User' Guide PDF for a list of command references.
- Use a tab-delimited file (.TXT) when creating and saving a Datasource Upload file from the Customer Upload functionality
-
If you choose to use a comma-delimited file structure (.CSV), it will not behave as intended if any column value contains a comma.
Follow these steps:- If using EXCEL, save file as a tab-delimited (.TXT) file.
- If using OpenOffice or Libre Office then save a (.CSV) file with TAB Delimiters.
- Log in as admin and open Customer Uploads by clicking .
- For Upload CSV to Create/Update Datasources, click Browse..., and select the tab-delimited file.
Upload CSV file to create or update datasources
Follow the proceeding steps to create a tab-delimited .TXT formatted file containing datasource information. This tab-delimited .TXT file can then be used with the Customer Upload function in the Guardium application to many datasource types.
Use the function to import datasources was not always compatible with each Guardium Software Release. This procedure will enable the uploading of any datasource.
The following is a list of Header Columns that should be added to an Excel spreadsheet when creating the .TXT tab-delimited datasource upload file:
Column Values (accepted for .CSV datasource upload file)
Parameter | Description |
---|---|
application |
Required. Identifies the application for which the datasource is being defined. It must be one of the following: ChangeAuditSystem Access_policy MonitorValues DatabaseAnalyzer AuditDatabase CustomDomain Classifier AuditTask SecurityAssessment Replay Stap_Verification |
compatibilityMode |
Compatibility Mode: Choices are Default or MSSQL 2000. The processor is told what compatibility mode to use when monitoring a table. |
conProperty |
Optional. Use only if additional connection properties must be included on the JDBC URL to establish a JDBC connection with this datasource. The required format is property=value, where each property and value pair is separated from the next by a comma. For a Sybase database with a default character set of Roman8, enter the following property: charSet=utf8 |
customURL |
Optional. Connection string to the datasource; otherwise connection is made using host, port, instance, properties, etc. of the previously entered fields. As an example this is useful for creating Oracle Internet Directory (OID) connections. |
dbInstanceAccount |
Optional. Database Account Login Name (software owner) that will be used by CAS |
dbInstanceDirectory |
Optional. Directory where database software was installed that will be used by CAS |
dbName |
Optional. For a DB2 or Oracle datasource, enter the schema name. For others, enter the database name. |
description |
Optional. Longer description of the datasource. |
host |
Required. Can be the host name or the IP address. |
name |
Required. Provides a unique name for the datasource on the system. |
owner |
Required. Identifies the Guardium user account that owns the datasource. |
password |
Optional. Password for owner. If used, user must also be used. |
port |
Optional (integer). Port number. |
serviceName |
Required for Oracle, Informix®, DB2, and IBM® ISeries. For a DB2 datasource, enter the database name. For others, enter the service name. |
severity |
Optional. Severity Classification (or impact level) for the datasource. |
shared |
Optional (boolean). Set to true to share with other applications. To share the datasource with other users, you will have to assign roles from the GUI. |
type |
Required. Identifies the datasource type. For a list of supported datasource types, use the
list_db_drivers API command:
For
more information, see list_db_drivers. |
user |
Optional. User for the datasource. If used, password must also be used. |
role | Optional. One or more user roles that can access the datasource. Separate roles by using a semicolon. |
environmentTitle | Required for cloud database service protection. Account name. |
region | Required for cloud database service protection. The AWS region. |
objectLimit | Required for cloud database service protection with native audit. The maximum number of objects found in the classification process that are added automatically to the list of audited objects. See Cloud database service protection. |
primaryCollector | Relevant for cloud database service protection. The collector that extracts the audit data from the cloud database. |
- Each of the column names must be included in the Excel spreadsheet SAVED as a tab-delimited (.TXT) file.
- The Created Datasource name (what is shown when looking for the datasource) is made up of both the name column and the type column.
- Upload file MUST be saved as a Column Tab Delimited file type.
Steps to create and upload txt file in a Text CSV format file and add Datasource Data
- Create the Excel spreadsheet file save as a tab-delimited .TXT file with the following headers and datasource data to support the datasource import capability.
- Create and save your .txt file to your PC or UNIX/Linux device for uploading into the Guardium application.
- Log in as admin and open Customer Uploads by clicking
- From Upload CSV to Create/Update Datasources, click Browse and select the .txt file containing the tab-delimited datasource information.
- Click Upload.
A message displays showing which values from the .txt file were uploaded:
- New: Per file upload (if save file and added New Datasource member(s), these members returns the status of NEW.
- Update: Uploading the same datasource on which you made changes returns an Update status.
- Fail: Displayed failed datasource or errors