Control Compliance Suite (CCS)

You would like to scan Oracle PDB databases using CCS.

CCS 12.6.X

CCS 12.7

NOTE: Data Collection on Oracle PDB assets can only be collected by agentless method

Prerequisites:

1. Network ports for agentless data collection:

• Windows scanning: 135 / 137 / 138 / 139 / 445 / 389, Ephemeral port range
• Unix\Linux server scanning: 22
• CCS Oracle agentless target (default) : 1521
  • If Oracle listens on other ports other than the default port, those are needed to be open as well

2. Required Permissions for agentless Oracle and OS scanning:

• Required Oracle permissions (see attached CCS DB Privileges Guide for required Oracle permissions)
• Requires root access on the Unix\Linux servers
  • If you don’t want to give root access, see the KB on how to configure SUDO on your manager(s) and Unix\Linux servers. See KB Configuration for CCS agentless data collection on UNIX targets

3. Install the Oracle Database 19c Client (32-bit) on each CCS manager in the ‘Data Collector’ role.

Starting with Security Content Update (SCU) 2022-3, the Oracle Database 19c Client (32-bit) is required if you want to perform data collection on the Oracle Database assets.

The Oracle Database 19c Client must be installed on the CCS Manager with the data collection role. 

NOTE: If you are already running an Oracle 12c Client on your CCS Manager, make sure to uninstall it, restart the CCS Manager Service, and then install the Oracle Database 19c Client.

To install Oracle Database 19c Client to perform data collection on the Oracle Database assets

1. Download specifically the Oracle Database 19c Client (19.3) for Microsoft Windows (32-bit) with the file name NT_193000_client.zip from the Oracle product support website.
   
   
2. Extract the contents of the package to a directory at a known location.
   
   
3. Run the setup.exe (as Administrator) to begin installation.
   1. Select 'Custom' installation bullet point.
   2. Select 'Use Windows Built-in Account' option.
   3. Specify the installation location or just use the default locations.
   4. Check the Oracle Data Provider for .NET option.
   5. Click Install to install the Oracle client
      
      
4. After the installation of the ODP.NET client is complete, copy the file Oracle.DataAccess.dll from the Oracle client folder to the specific folder on the CCS Manager:
   1. Copy the file Oracle.DataAccess.dll to the CCS Manager’s install directory at "…\Symantec\CCS\Reporting and Analytics\DPS".
      Note: The typical path for "Oracle.DataAccess.dll" is "...\client\administrator\product\19.0.0\client_1\odp.net\bin\4"
      
      
5. Stop and restart the Symantec CCS Manager Service and the Symantec Data Processing Service.

Documentation: Installing Oracle Database 19c Client (32-bit) for the data collection on Oracle assets (2022-3)

Data Collection for Oracle PDB assets

Data Collection on Oracle PDB assets can only be collected by agentless method.   Also you cannot import PDB Oracle assets by running the Asset Import Job in the CCS console.  You have to add the PDB manually by adding each PDB asset individually, or by using the CSV or the ODBC asset import functionality to add multiple assets.

NOTE: While importing the PDB Oracle assets, assets attributes such as Database Name Type, Database Version, Operating System, and OS Type must be updated for successful data collection.
The Database Name Type asset property must be updated to Service Name, and not as a System ID (SID).

How to add an Oracle PDB asset

Additional information how to use Add Asset functionality in CCS: Add Assets: Specify asset details

Add the Oracle PDB asset using 'Add Asset'

1. The Asset Type would be 'Oracle Configured Databases' and
   • For single assets use the 'Add Assets Classification' and fill out the required information for a single asset (you will need to have the required information listed in the Note section above to create the PDB asset).
   • If you have multiple assets to create, you can use the second option to use a csv (**in the required format, see bullet point below to generate the csv file with headers) file or ODBC to give the information.
     • **To get the headers for the csv file, go to Asset System -> Assets -> Asset Tasks dropdown -> Export CSV Headers and choose 'Oracle Configured Databases'.  (Information on the required headers are in the top of the csv file once created).
2. Configure a Common Credential or Asset Credentials for CCS to use for the Oracle data collection.
   • CCS Common credentials - Documentation on CCS Common Credentials
   • CCS Asset credentials - Documentation on CCS Asset credentials
3. Run an Oracle data collection or CER job on the newly created Oracle Asset(s).