Scribd
Upload
29 views34 pages

DLP 14.6 Oracle12c Enterprise

Uploaded by

popykacz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views34 pages

DLP 14.6 Oracle12c Enterprise

Uploaded by

popykacz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Symantec™ Data Loss

Prevention Oracle 12c


Enterprise Edition
Implementation Guide

Version 14.6
Symantec Data Loss Prevention Oracle 12c
Enterprise Edition Implementation Guide
Documentation version: 14.6

Legal Notice
Copyright © 2016 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED


CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

http://www.symantec.com
Contents

Chapter 1 Configuring Oracle 12c Enterprise for use with


Symantec Data Loss Prevention .................................. 6
Using Oracle 12c Enterprise with Symantec Data Loss
Prevention .............................................................................. 6
Configuring your Oracle 12c Enterprise database manually .................... 7
Recommended database parameters ........................................... 7
Minimum database requirements ................................................. 8
Tablespace information ............................................................. 8
Required user privileges ............................................................ 8
Upgrading from Oracle 11g and Symantec Data Loss Prevention
14.x ....................................................................................... 9

Chapter 2 Installing Oracle 12c Enterprise on Windows ............... 11


About installing Oracle 12c Enterprise on Windows ............................. 11
Installing Oracle 12c Enterprise on Windows ...................................... 12
Creating the Symantec Data Loss Prevention database on
Windows .............................................................................. 14
Creating the TNS Listener on Windows ............................................. 15
Configuring the local net service name .............................................. 17
Creating the Oracle user account for Symantec Data Loss
Prevention ............................................................................ 18
Verifying the Symantec Data Loss Prevention database ....................... 19

Chapter 3 Installing Oracle 12c Enterprise on Linux ..................... 21


About installing Oracle 12c Enterprise on Linux .................................. 21
Performing the preinstallation steps .................................................. 22
Preparing the Linux environment ............................................... 22
Installing Oracle 12c Enterprise on Linux ........................................... 24
Creating the Symantec Data Loss Prevention database on Linux ........... 27
Creating the TNS Listener on Linux .................................................. 28
Configuring the local net service name .............................................. 30
Verifying tnsnames.ora contents ...................................................... 31
Verifying the Symantec Data Loss Prevention database ....................... 32
Contents 5

Creating the Oracle user account for Symantec Data Loss


Prevention ............................................................................ 32
Configuring automatic startup and shutdown of the database ................ 34
Chapter 1
Configuring Oracle 12c
Enterprise for use with
Symantec Data Loss
Prevention
This chapter includes the following topics:

■ Using Oracle 12c Enterprise with Symantec Data Loss Prevention

■ Configuring your Oracle 12c Enterprise database manually

■ Upgrading from Oracle 11g and Symantec Data Loss Prevention 14.x

Using Oracle 12c Enterprise with Symantec Data Loss


Prevention
You can use Oracle 12c Enterprise with Symantec Data Loss Prevention 14.6 for
new installations as well as upgrades from Symantec Data Loss Prevention 14.x.
Symantec does not provide the Oracle 12c database software. You must license
and acquire the software directly from Oracle.
Symantec provides an Oracle 12c database template, a database user SQL script,
and response (.rsp) files that you can use during the installation and configuration
of Oracle 12c Enterprise on either the Windows or the Red Hat Enterprise Linux
platforms.
See “About installing Oracle 12c Enterprise on Windows” on page 11.
See “About installing Oracle 12c Enterprise on Linux” on page 21.
Configuring Oracle 12c Enterprise for use with Symantec Data Loss Prevention 7
Configuring your Oracle 12c Enterprise database manually

You can also install and configure the Oracle 12c database manually for use with
Symantec Data Loss Prevention 14.6.
See “Configuring your Oracle 12c Enterprise database manually” on page 7.
You can also upgrade manually from Symantec Data Loss Prevention 14.x and
Oracle 11g to Symantec Data Loss Prevention 14.6 and Oracle 12c.
See “Upgrading from Oracle 11g and Symantec Data Loss Prevention 14.x”
on page 9.

Configuring your Oracle 12c Enterprise database


manually
The following sections list the recommended and required Oracle 12c Enterprise
system parameters, tablespace information, and required user permissions you
use to optimize the database for use with Symantec Data Loss Prevention.

Recommended database parameters


Symantec recommends that you use the following system parameters when creating
the Oracle database:
■ db_block_size: 8192
■ db_cache_size: 0
■ db_file_multiblock_read_count: 68
■ nls_length_semantics: Byte
■ open_cursors: 1000
■ optimizer_index_caching: 0
■ optimizer_index_cost_adj: 100
■ pga_aggregate_target: 0
■ sga_max_size: 0
■ sga_target: 0
■ shared_pool_size: 0
■ sort_area_size: 0
■ java_pool_size: 0
■ large_pool_size: 0
Configuring Oracle 12c Enterprise for use with Symantec Data Loss Prevention 8
Configuring your Oracle 12c Enterprise database manually

Minimum database requirements


The Oracle database must meet the following minimum requirements:
■ memory_max_size: 3072
■ memory_target: 3072
■ Processes: 1000

Tablespace information
The default tablespace for the DLP user (protect) is USERS. Refer to the Symantec
Data Loss Prevention System Requirements and Compatibility Guide version 14.6
(http://www.symantec.com/docs/DOC8236) for the database sizing information.
Typically, the USERS tablespace size should be 15% of the database size.
The lob_tablespace tablespace: the name is not configurable. Refer to the
Symantec Data Loss Prevention System Requirements and Compatibility Guide
version 14.6 for database sizing information. Typically, the lob_tablespace size
should be 80% of the database size.

Required user privileges


The following section lists privileges required by the Oracle database. The Oracle
administrator must grant the privileges to the Oracle user intended to be used for
Symantec Data Loss Prevention.
The Oracle administrator uses the “grant” command for the Oracle Symantec Data
Loss Prevention database user for the following privileges:
■ Create session
■ Alter session
■ Create synonym
■ Create view
■ Create table
■ Create cluster
■ Create sequence
■ Create trigger
■ Create procedure
■ Create type
■ Create indextype
Configuring Oracle 12c Enterprise for use with Symantec Data Loss Prevention 9
Upgrading from Oracle 11g and Symantec Data Loss Prevention 14.x

■ Create operator
■ Create materialized view
■ Unlimited tablespace
■ Select on dba_tablespaces
■ Select on dba_data_files
■ Select on dba_temp_files
■ Select on dba_extents
■ Select on v_$session
■ Select on v_$database
■ Select on v_$instance all on dbms_monitor
■ Select on v_$parameter
■ Select on dba_segments
■ Select on v_$sqlarea
■ Select on v_$session_longops
■ SELECT ON v_$sql
■ SELECT ON v_$sql_plan
■ SELECT ON v_$sql_plan_statistics_all
■ EXECUTE ON dbms_session
■ Execute on dbms_lock

Upgrading from Oracle 11g and Symantec Data Loss


Prevention 14.x
You can upgrade from a Symantec Data Loss Prevention 14.x system using Oracle
11g Standard or Standard One to Symantec Data Loss Prevention 14.6 using Oracle
12c Enterprise using the following procedure.

Note: The procedure described here provides high-level details. Before you begin
the upgrade process, ensure that you have available the Oracle upgrade
documentation and the Symantec Data Loss Prevention 14.6 Upgrade Guide
appropriate for your operating system. The Symantec Data Loss Prevention 14.5
Upgrade Guide is available at http://www.symantec.com/docs/DOC9258.
Configuring Oracle 12c Enterprise for use with Symantec Data Loss Prevention 10
Upgrading from Oracle 11g and Symantec Data Loss Prevention 14.x

Upgrading to Oracle 12c and Symantec Data Loss Prevention 14.6


1 On your Symantec Data Loss Prevention 14.x Enforce Server, stop all Symantec
Data Loss Prevention services except the Vontu Update Service. For information
on stopping Symantec Data Loss Prevention services, see chapter 5 in the
Symantec Data Loss Prevention 14.6 Upgrade Guide.
2 Follow the procedures in your documentation from Oracle to upgrade Oracle
from 11g Standard or Standard One to 12c Enterprise.
3 Configure Oracle 12c with the system parameters, tablespace guidelines, and
user privileges specified previously in this guide.
4 On your Symantec Data Loss Prevention 14.x system, confirm that the Vontu
Update Service is running.
5 Following the procedures in the Symantec Data Loss Prevention 14.6 Upgrade
Guide, upgrade your Symantec Data Loss Prevention 14.x system to Symantec
Data Loss Prevention 14.6.
■ Begin with the procedure titled "Manually uploading the JAR file to the
Enforce Server" in chapter 6 of the Symantec Data Loss Prevention 14.6
Upgrade Guide.
■ Next, follow the procedure titled "Manually starting the Upgrade Wizard" in
chapter 6 of the Symantec Data Loss Prevention 14.6 Upgrade Guide.
■ After you have manually started the Upgrade Wizard, follow the upgrade
procedure "Performing an upgrade with the Upgrade Wizard" in chapter 2
of the Symantec Data Loss Prevention 14.6 Upgrade Guide.

6 Start your Enforce Server.


7 Perform any necessary post-upgrade tasks. See chapter 4 of the Symantec
Data Loss Prevention 14.6 Upgrade Guide.
Chapter 2
Installing Oracle 12c
Enterprise on Windows
This chapter includes the following topics:

■ About installing Oracle 12c Enterprise on Windows

■ Installing Oracle 12c Enterprise on Windows

■ Creating the Symantec Data Loss Prevention database on Windows

■ Creating the TNS Listener on Windows

■ Configuring the local net service name

■ Creating the Oracle user account for Symantec Data Loss Prevention

■ Verifying the Symantec Data Loss Prevention database

About installing Oracle 12c Enterprise on Windows


Symantec provides an Oracle 12c database template, a database user SQL script,
and response (.rsp) files that you can use during the installation and configuration
of Oracle 12c Enterprise. These items are located in a ZIP archive within the
Symantec_DLP_14.6_Platform_Win-IN.zip file:
\DLP\14.6\New_Installs\Oracle_Configuration\12.1.0.2_64_bit_Installation_Tools.zip.

Table 2-1 Oracle 12c Enterprise installation overview

1 Install Oracle 12c. See “Installing Oracle 12c Enterprise on Windows”


on page 12.
Installing Oracle 12c Enterprise on Windows 12
Installing Oracle 12c Enterprise on Windows

Table 2-1 Oracle 12c Enterprise installation overview (continued)

2 Create the Symantec Data See “Creating the Symantec Data Loss Prevention
Loss Prevention database. database on Windows” on page 14.

3 Create the database See “Creating the TNS Listener on Windows”


listener. on page 15.

4 Configure the local net See “Configuring the local net service name”
service name. on page 17.

5 Create the Symantec Data See “Creating the Oracle user account for
Loss Prevention database Symantec Data Loss Prevention” on page 18.
user.

Installing Oracle 12c Enterprise on Windows


The Enforce Server uses the Oracle thin driver and the Oracle Client (for three-tier
deployments). Symantec Data Loss Prevention packages the JAR files for the
Oracle thin driver with the Symantec Data Loss Prevention software. But, you must
also install the Oracle Client. The Symantec Data Loss Prevention installer needs
SQL*Plus to create tables and views on the Enforce Server. Therefore, the Windows
user account that is used to install Symantec Data Loss Prevention must be able
to access SQL*Plus.
For Symantec Data Loss Prevention installations on Windows Server 2008 R1 or
Windows Server 2012, follow this procedure to install Oracle 12c Enterprise version
12.1.0.2.
To install Oracle 12.1.0.2 on Windows
1 Shut down the following services if they are running in Windows Services:
■ All Oracle services
■ Distributed Transaction Coordinator service
To view the services go to Start > Control Panel > Administrative Tools >
Computer Management, and then expand Services and Applications and
click Services.
2 Extract your Oracle 12c software into a temporary directory, such as
C:\temp\Oracle. The contents of the extracted database directory should be
in a temporary directory such as C:\temp\Oracle\database.
Installing Oracle 12c Enterprise on Windows 13
Installing Oracle 12c Enterprise on Windows

3 Extract the 12.1.0.2_64_bit_Installation_Tools.zip file from


DownloadHome\DLP\14.6\New_Installs\Oracle_Configuration into a
temporary directory, such as C:\temp\Oracle\tools.
4 To install the Oracle software, use the command prompt to navigate to the
temporary directory where you extracted the Oracle 12c files and run the
following command, which includes the paths to the temporary directories
where you extracted the ZIP files in steps 2 and 3 (line break added for
legibility):

C:\temp\Oracle\database\setup.exe -noconfig -responsefile


C:\temp\Oracle\tools\responsefiles\Oracle_12.1.0.2_Installation_WIN.rsp

The installation wizard appears with pre-selected values drawn from the
installation response file. You can confirm these values and click through the
panels without needing to enter information where noted.
5 On the Configure Security Updates panel, I wish to receive security updates
via My Oracle Support is selected. Click Next.
6 On the Select Installation Options panel, Install database software only is
selected. Click Next.
7 On the Grid Installation Options panel, Single instance database installation
is selected. Click Next.
8 On the Select Product Languages panel, click Next to accept English as the
default language.
9 On the Select Database Edition panel, Enterprise Edition is selected. Click
Next.
10 On the Oracle Home User panel, enter a user name and password for the
Oracle Home User. The default name for the Oracle Home User is protect.

Note: The Oracle Home User is the Windows user account that runs Windows
services for %ORACLE_HOME. It is not the Symantec Data Loss Prevention Oracle
user account.

Confirm the password, then click Next.


11 On the Specify Installation Location panel, the Oracle Base and Software
Location paths fields are populated. Click Next.
Oracle Base: c:\oracle
Software Location: c:\oracle\product\12.1.0.2\db_1
Installing Oracle 12c Enterprise on Windows 14
Creating the Symantec Data Loss Prevention database on Windows

12 On the Summary panel, click Install to begin the installation.


The installer application installs the Oracle 12c software to your computer.
13 On the Finish panel, click Close to exit the installer application. You can safely
ignore the configuration note displayed on this panel.

Creating the Symantec Data Loss Prevention database


on Windows
Follow this procedure to create the Symantec Data Loss Prevention database on
Windows systems.
To create the Symantec Data Loss Prevention database on Windows
1 Set the ORACLE_HOME environment variable for your new installation. Open
a command prompt, and enter:

set ORACLE_HOME=c:\oracle\product\12.1.0.2\db_1

If you installed Oracle 12c into a different location, substitute the correct
directory in this command.
2 Navigate to the C:\temp\Oracle\tools folder where you extracted the
12.1.0.2_64_bit_Installation_Tools.zip file.

3 Copy the database template file


(Oracle_12.1.0.2_Template_for_DLP_v14.6_64_bit_WIN.dbt) from the
C:\temp\Oracle\tools folder to the
c:\oracle\product\12.1.0.2\db_1\assistants\dbca\templates folder.

4 (Optional) Rename the OraDb12c_home1 section of the Windows Start menu


item to Oracle_12.1.0.2.
5 Open a command prompt, and execute the following command (line breaks
added for legibility):

%ORACLE_HOME%\bin\dbca
-progressOnly
-responseFile C:\temp\Oracle\tools\responsefiles\Oracle_12.1.0.2_DBCA_WIN.rsp

6 Enter the SYS user password at the prompt.


7 Enter the SYSTEM user password at the prompt.
Follow these guidelines to create acceptable passwords:
■ Passwords cannot contain more than 30 characters.
Installing Oracle 12c Enterprise on Windows 15
Creating the TNS Listener on Windows

■ Passwords cannot contain double quotation marks, commas, or


backslashes.
■ Avoid using the & character.
■ Passwords are case-sensitive by default. You can change the case
sensitivity through an Oracle configuration setting.
■ If your password uses special characters other than _, #, or $, or if your
password begins with a number, you must enclose the password in double
quotes when you configure it.

8 The Database Configuration Assistant window appears.


The database creation process can take up to 20 minutes to complete. If the
process fails or stops running, check the
%ORACLE_HOME%\cfgtoollogs\dbca\SID folder. For example:
C:\oracle\product\12.1.0.2\db_1\cfgtoollogs\dbca\protect.

When the database creation process is complete, a new Database


Configuration Assistant window appears. It displays the database details.
9 Click OK.
10 If the database services OracleServicePROTECT and Distributed Transaction
Coordinator are down, start them using Windows Services: Start > Control
Panel > Administrative Tools > Computer Management > Services and
Applications > Services.

Creating the TNS Listener on Windows


Perform the following procedure to create a TNS listener for the Symantec Data
Loss Prevention database.
To create the TNS Listener
1 (Optional) If you logged on as a domain user, you must set the sqlnet.ora
file SQLNET.AUTHENTICATION_SERVICES=() value to none. Otherwise, proceed
to step 2.
To set the sqlnet.ora file SQLNET.AUTHENTICATION_SERVICES=() value,
perform the following steps in this order:
■ Open sqlnet.ora, located in the %Oracle_Home%\network\admin folder
(for example, c:\oracle\product\12.1.0.2\db_1\NETWORK\ADMIN), using
a text editor.
■ Change the SQLNET.AUTHENTICATION_SERVICES=(NTS)value to none:

SQLNET.AUTHENTICATION_SERVICES=(none)
Installing Oracle 12c Enterprise on Windows 16
Creating the TNS Listener on Windows

■ Save and close the sqlnet.ora file.

2 Start the Oracle Net Configuration Assistant by selecting Start > All Programs
> Oracle 12.1.0.2 > Configuration and Migration Tools > Net Configuration
Assistant.
3 On the Welcome panel, select Listener configuration and click Next.
4 On the Listener Configuration, Listener panel, select Add and click Next.
5 On the Listener Configuration, Listener Name panel, enter a listener name
and the password for your Oracle Home User, then click Next.

Note: Use the default listener name, LISTENER, unless you must use a different
name.

6 On the Listener Configuration, Select Protocols panel, select the TCP


protocol and click Next.
7 On the Listener Configuration, TCP/IP Protocol panel, select Use the
standard port number of 1521 and click Next.
8 On the Listener Configuration, More Listeners? panel, select No and click
Next.
9 On the Listener Configuration Done panel, click Next.
10 Leave the Oracle Net Configuration Assistant open to configure the Local Net
Service Name.
See “Configuring the local net service name” on page 17.
11 On the computer that runs your Oracle database, open a command prompt.
The command window must run as Administrator. (See your Microsoft Windows
documentation.)
12 Run the following command:
lsnrctl stop

13 Open the following file in a text editor:


%ORACLE_HOME%\network\admin\listener.ora

14 Locate the following line:


(ADDRESS = (PROTOCOL = IPC)(KEY = <key_value>))

15 Change key_value to PROTECT.

16 Add the following line to the end of the file:


SECURE_REGISTER_LISTENER = (IPC)
Installing Oracle 12c Enterprise on Windows 17
Configuring the local net service name

17 Save the file and exit the text editor.


18 Run the following command:
lsnrctl start

19 Run the following commands to connect to the database using SQL Plus:
sqlplus /nolog

conn sys/<password> as sysdba

20 Run the following command:


ALTER SYSTEM SET local_listener =
'(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=PROTECT)))' SCOPE=both;

21 Run the following command to register the listener:


ALTER SYSTEM REGISTER;

22 Exit SQL Plus by running the following command:


exit

23 Run the following command to verify the change:


lsnrctl services

The command output should display a message similar to the following:

Services Summary...
Service "protect" has 1 instance(s).
Instance "protect", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
The command completed successfully

Configuring the local net service name


Perform the following procedure to configure the Local Net Service Name for the
Symantec Data Loss Prevention database.
Installing Oracle 12c Enterprise on Windows 18
Creating the Oracle user account for Symantec Data Loss Prevention

To configure the local net service name


1 If the Oracle Net Configuration Assistant is not already running, start it by
selecting Start > All Programs > Oracle 12.1.0.2 > Configuration and
Migration Tools > Net Configuration Assistant.
2 On the Welcome panel, select Local Net Service Name configuration and
click Next.
3 On the Net Service Name Configuration panel, select Add and click Next.
4 On the Net Service Name Configuration, Service Name panel, enter "protect"
in the Service Name field and click Next.
5 On the Net Service Name Configuration, Select Protocols panel, select
TCP and click Next.
6 On the Net Service Name Configuration, TCP/IP Protocol panel:
■ Enter the IP address of the Oracle server computer in the Host name field.
■ Select Use the standard port number of 1521 (the default value).
■ Click Next.

7 On the Net Service Name Configuration, Test panel, select No, do not test
and click Next.
Do not test the service configuration, because the listener has not yet started.
8 On the Net Service Name Configuration, Net Service Name panel, select
accept the default name of "protect" and click Next.
9 On the Net Service Name Configuration, Another Net Service Name? panel,
select No and click Next.
10 On the Net Service Name Configuration Done panel, select Next.
11 Click Finish to exit the Oracle Net Configuration Assistant.

Creating the Oracle user account for Symantec Data


Loss Prevention
Perform the following procedure to create an Oracle user account and name it
“protect.”
Installing Oracle 12c Enterprise on Windows 19
Verifying the Symantec Data Loss Prevention database

To create the new Oracle user account named "protect"


1 Navigate to the C:\temp\Oracle\tools folder.
2 Start SQL*Plus:

sqlplus /nolog

3 Run the oracle_create_user.sql script:

SQL> @oracle_create_user.sql

4 At the Please enter the password for sys user prompt, enter the password
for the SYS user.
5 At the Please enter sid prompt, enter protect.

6 At the Please enter required username to be created prompt, enter protect


for the user name.
7 At the Please enter a password for the new username prompt, enter a new
password.
Follow these guidelines to create acceptable passwords:
■ Passwords cannot contain more than 30 characters.
■ Passwords cannot contain double quotation marks, commas, or
backslashes.
■ Avoid using the & character.
■ Passwords are case-sensitive by default. You can change the case
sensitivity through an Oracle configuration setting.
■ If your password uses special characters other than _, #, or $, or if your
password begins with a number, you must enclose the password in double
quotes when you configure it.
Store the password in a secure location for future use. You must use this
password to install Symantec Data Loss Prevention. If you need to change the
password after you install Symantec Data Loss Prevention, see the Symantec
Data Loss Prevention Administration Guide for instructions.

Verifying the Symantec Data Loss Prevention


database
After you create the Symantec Data Loss Prevention database, verify that it was
created correctly.
Installing Oracle 12c Enterprise on Windows 20
Verifying the Symantec Data Loss Prevention database

To verify that the database was created correctly


1 Open a new command prompt and start SQL*Plus:

sqlplus /nolog

2 Log on as the SYS user:

SQL> connect sys/password@protect as sysdba

Where password represents the SYS password.


3 Run the following query:

SQL> SELECT * FROM v$version;

4 Make sure that the output from the query contains the following information,
which identifies the software components as version 12.1.0.2.

BANNER
--------------------------------------------------------------------------

Oracle Database 12c Release 12.1.0.2.0 - 64-bit Production


PL/SQL Release 12.1.0.2.0 - Production
CORE 12.1.0.2.0 Production
TNS for 64-bit Windows: Version 12.1.0.2.0 - Production
NLSRTL Version 12.1.0.2.0 - Production

5 Exit SQL*Plus:

SQL> exit
Chapter 3
Installing Oracle 12c
Enterprise on Linux
This chapter includes the following topics:

■ About installing Oracle 12c Enterprise on Linux

■ Performing the preinstallation steps

■ Installing Oracle 12c Enterprise on Linux

■ Creating the Symantec Data Loss Prevention database on Linux

■ Creating the TNS Listener on Linux

■ Configuring the local net service name

■ Verifying tnsnames.ora contents

■ Verifying the Symantec Data Loss Prevention database

■ Creating the Oracle user account for Symantec Data Loss Prevention

■ Configuring automatic startup and shutdown of the database

About installing Oracle 12c Enterprise on Linux


Symantec provides an Oracle 12c database template, a database user SQL script,
and response (.rsp) files that you can use during the installation and configuration
of Oracle 12c Enterprise. These items are located in a ZIP archive within the
Symantec_DLP_14.6_Platform_Lin-IN.zip file:
/DLP/14.6/New_Installs/Oracle_Configuration/12.1.0.2_64_bit_Installation_Tools.tar.gz.
Installing Oracle 12c Enterprise on Linux 22
Performing the preinstallation steps

Table 3-1 Oracle 12c Enterprise installation overview

1 Perform the preinstallation See “Performing the preinstallation steps”


steps. on page 22.

2 Install Oracle 12c. See “Installing Oracle 12c Enterprise on Linux”


on page 24.

3 Create the Symantec Data See “Creating the Symantec Data Loss Prevention
Loss Prevention database. database on Linux” on page 27.

4 Create the database See “Creating the TNS Listener on Linux”


listener. on page 28.

5 Configure the local net See “Configuring the local net service name”
service name. on page 30.

6 Create the Symantec Data See “Creating the Oracle user account for
Loss Prevention database Symantec Data Loss Prevention” on page 32.
user.

7 Configure your system to See “Configuring automatic startup and shutdown


start Oracle when the server of the database” on page 34.
computer boots.

Performing the preinstallation steps


Perform the following procedure to prepare your Linux environment for installation.
The preinstallation requires Python. Any Python version between 2.4.6 and 2.7.6
will work.

Preparing the Linux environment


Follow this procedure to prepare the Linux environment.
Installing Oracle 12c Enterprise on Linux 23
Performing the preinstallation steps

To prepare the Linux environment


1 Log on as the root user. Navigate to
DownloadHome/DLP/14.6/New_Installs/Oracle_Configuration where the
file 12.1.0.2_64_bit_Installation_Tools.tar.gz is located.
2 Copy the file 12.1.0.2_64_bit_Installation_Tools.tar.gz to the Linux
server and extract its contents into the temporary directory (/tmp). For example:

tar xvfz 12.1.0.2_64_bit_Installation_Tools.tar.gz -C /tmp

Extracting creates a subdirectory named oracle_install in the /tmp directory


and extracts the files into that subdirectory.
3 In the oracle_install directory, run the Oracle preparation script:

cd /tmp/oracle_install
./scripts/oracle_prepare.sh

4 After the preparation script has run to completion, switch to the


tmp/oracle_install/scripts directory and run the verification script:

cd /tmp/oracle_install/scripts
./oracle_verify.py

The verification script displays settings (such as RAM, swap space, shared
memory, /tmp disc space) that do not meet the requirements for Oracle. Adjust
any settings to the required values.
If you have mismatched values between kernel parameters and resource limits,
run the oracle_config_kernel_parameters.py script in the
/tmp/oracle_install/scripts directory. This script will set the kernel
parameters to the required settings.
5 Restart the server so that the updated kernel parameters take effect.
6 Verify that there is enough space under /var. For a small to medium enterprise,
/var should have at least 15 GB. For a large enterprise, /var should have at
least 30 GB. For a very large enterprise, /var should have at least 45 GB of
free space. As your organization’s traffic expands, these figures should increase,
and you must allocate more free space.
7 Verify that the /opt and /boot file systems have the required free space for
your Symantec Data Loss Prevention installation. See the Symantec Data Loss
Prevention System Requirements and Compatibility Guide for more information.
Installing Oracle 12c Enterprise on Linux 24
Installing Oracle 12c Enterprise on Linux

Installing Oracle 12c Enterprise on Linux


The Enforce Server uses the Oracle thin driver and the Oracle Client. Symantec
Data Loss Prevention packages the JAR files for the Oracle thin driver with the
Symantec Data Loss Prevention software. But, you must also install the Oracle
Client. The Symantec Data Loss Prevention installer needs SQL*Plus to create
tables and views on the Enforce Server. Therefore, the Linux user account that is
used to install Symantec Data Loss Prevention must be able to access to SQL*Plus.
The instructions in this section assume that you are logged on locally to the Linux
server and running the X Window System. It also assumes that you have the
xorg-x11-apps.x86_64 package installed. If you connect to the server remotely,
you need a terminal emulator. You also need to set the location where the GUI
tools can display their output; you use the export display command to do that. For
example:

export DISPLAY=ip_address:display_number

Note: Refer to the configuration information in the X server management program


for the IP address and display number. Typically, the display number is 0.

As you run the GUI tools later, you might get a response similar to the following:

X connection to localhost:10.0 broken (explicit kill or server shutdown)

Run the export display command again.


For Symantec Data Loss Prevention installation on Linux systems, follow this
procedure to install Oracle 12.1.0.2.
To install Oracle 12.1.0.2 on Linux systems
1 Log in to the terminal as the root user, then execute the following command:

su -l root
xhost +SI:localuser:oracle

2 Switch to the Oracle user terminal.


3 Copy the required software installation file or files to /home/oracle.
4 From /home/oracle, unzip the ZIP files you copied. You must run the unzip
command as the Oracle user. If you run it as the root user, then the Oracle
user is not able to view the extracted files unless you change the permissions.
However, changing the permissions is not advisable from a security standpoint.
Installing Oracle 12c Enterprise on Linux 25
Installing Oracle 12c Enterprise on Linux

5 Put the contents of the database directory from the ZIP file you extracted to
/home/oracle into a directory titled database. You should now have a directory
named /home/oracle/database.
6 Change directory to:

cd /home/oracle/database/stage/cvu/cv/admin

7 Back up the cvu_config file using this command:

cp cvu_config backup_cvu_config

8 Edit the original cvu_config file as follows:


Set CV_ASSUME_DISTID=OEL6
Save the edited cvu_config file.
9 Navigate to the /tmp/oracle_install directory where you extracted the
12.1.0.2_64_bit_Installation_Tools.tar.gz file.

Copy the response files Oracle_12.1.0.2_DBCA_Linux.rsp and


Oracle_12.1.0.2_Installation_Linux.rsp from
/tmp/oracle_install/responsefiles to a temporary folder such as
/home/oracle/oracle_install/responsefiles.

10 Provide read and write access to the /opt directory for the Oracle user.
11 In the Oracle user terminal execute this command (line break added for
legibility):

/home/oracle/database/runInstaller -noconfig
-responseFile /home/oracle/oracle_install/responsefiles/Oracle_12.1.0.2_Installation_Linux.rsp

12 On the Configure Security Updates panel, I wish to receive security updates


via My Oracle Support is selected. Click Next.
13 Click Yes to confirm that you have not provided an email address.
14 In the Download Software Updates panel, Skip software updates is selected.
Click Next.
15 On the Select Installation Option panel, Install database software only is
selected. Click Next.
16 On the Grid Installation Options panel, Single instance database installation
is selected. Click Next.
17 On the Select Product Languages panel, click Next to accept English as the
default language.
Installing Oracle 12c Enterprise on Linux 26
Installing Oracle 12c Enterprise on Linux

18 On the Select Database Edition panel, Enterprise Edition is selected. Click


Next.
19 On the Specify Installation Location panel, enter the following paths are
specified. Click Next:
■ Oracle Base: /opt/oracle
■ Software Location: /opt/oracle/product/12.1.0.2/db_1

20 If this is the first Oracle installation on the server computer, the installer
application displays the Create Inventory panel. The inventory path is entered
as /opt/oracle/oraInventory and the group name is entered as oinstall.
Click Next.
The installer may display a warning message recommending that you place
the central inventory location outside of the Oracle base directory. You can
safely ignore this message for Symantec Data Loss Prevention database
installations.
21 On the Privileged Operating System Groups panel, click Next to grant the
Database Administrator and Database Operator privileges to the default DBA
group.
The installer application performs a prerequisite check and displays the results.
22 On the Summary panel, click Install to begin the installation.
The installer application installs the Oracle 12c software on your computer.
23 The installer displays the Execute Configuration scripts window, which
instructs you to execute two scripts as the root user. From the root xterm
window, run the following two scripts:

/opt/oracle/oraInventory/orainstRoot.sh
/opt/oracle/product/12.1.0.2/db_1/root.sh

After you run the /opt/oracle/product/12.1.0.2/db_1/root.sh script, you


are prompted to enter the full pathname to the local binary directory. Accept
the default /usr/local/bin directory and press Enter. Enter Y if the scripts
asks for confirmation to overwrite the following files: dbhome, oraenv and
coraenv.

The script displays Finished product-specific root actions when it is


finished.
24 Return to the Execute Configuration scripts screen and click OK.
25 On the Finish panel, click Close to exit the installer application. You can safely
ignore the configuration note displayed on this panel.
Installing Oracle 12c Enterprise on Linux 27
Creating the Symantec Data Loss Prevention database on Linux

Creating the Symantec Data Loss Prevention database


on Linux
Follow this procedure to create the Symantec Data Loss Prevention database on
a Linux system.
To create the Symantec Data Loss Prevention database on Linux systems
1 Set the ORACLE_HOME and ORACLE_SID environment variables for your
new installation. Open a command prompt as the Oracle user and enter:

export ORACLE_HOME=/opt/oracle/product/12.1.0.2/db_1
export ORACLE_SID=protect

If you installed Oracle 12c into a different location, substitute the correct
directory in this command.
You may want to add these commands to your user profile configuration so
that the ORACLE_HOME and ORACLE_SID environment variables are defined
each time you log on. See your Linux documentation for details about setting
environment variables.
2 Navigate to /tmp/oracle_install where you extracted the
12.1.0.2_64_bit_Installation_Tools.tar.gz file.

3 Copy the database template file


(Oracle_12.1.0.2_Template_for_DLP_v14.0_64_bit_Lnx.dbt) to the
$ORACLE_HOME/assistants/dbca/templates directory.

4 At the command prompt, execute the following command (line break added
for legibility):

$ORACLE_HOME/bin/dbca -progressOnly
-responseFile /home/oracle/oracle_install/responsefiles/Oracle_12.1.0.2_DBCA_Linux.rsp

5 You are prompted to enter the SYS password.


6 You are prompted to enter the SYSTEM password.
Follow these guidelines to create acceptable passwords:
■ Passwords cannot contain more than 30 characters.
■ Passwords cannot contain double quotation marks, commas, or
backslashes.
■ Avoid using the & character.
■ Passwords are case-sensitive by default. You can change the case
sensitivity through an Oracle configuration setting.
Installing Oracle 12c Enterprise on Linux 28
Creating the TNS Listener on Linux

■ If your password uses special characters other than _, #, or $, or if your


password begins with a number, you must enclose the password in double
quotes when you configure it.

7 The Database Configuration Assistant displays a Confirmation window with


a summary of the database configuration.
Click OK on the Confirmation window to create the database.
The database creation can take up to 20 minutes to complete. If the database
creation process fails or hangs, check the Oracle Database Configuration
Assistant logs (located in the $ORACLE_HOME/cfgtoollogs/dbca/SID directory)
for errors (for example,
/opt/oracle/product/12.1.0.2/db_1/cfgtoollogs/dbca/protect).

8 Click OK.

Creating the TNS Listener on Linux


Perform the following procedure to create a TNS listener for the Symantec Data
Loss Prevention database.

Note: To use the commands referenced in this procedure, ensure that your working
directory is $ORACLE_HOME/bin. If SQL*Plus does not work while following this
procedure, set your $PATH variable to point to $ORACLE_HOME/bin.

To create the TNS Listener


1 As the Oracle user, start the Oracle Net Configuration Assistant:

$ORACLE_HOME/bin/netca

2 On the Welcome panel, select Listener configuration and click Next.


3 On the Listener Configuration, Listener panel, select Add and click Next.
4 On the Listener Configuration, Listener Name panel, enter a listener name
and click Next.

Note: Use the default listener name, LISTENER, unless you must use a different
name.

5 On the Listener Configuration, Select Protocols panel, select the TCP


protocol and click Next.
Installing Oracle 12c Enterprise on Linux 29
Creating the TNS Listener on Linux

6 On the Listener Configuration, TCP/IP Protocol panel, select Use the


standard port number of 1521 and click Next.
7 On the Listener Configuration, More Listeners? panel, select No and click
Next.
8 On the Listener Configuration Done panel, click Next.
9 Leave the Oracle Net Configuration Assistant open to configure the Local Net
Service Name.
10 Log into the Oracle host computer as the Oracle user.
su - oracle

11 Run the following command:


lsnrctl stop

12 Open the following file in a text editor:


$ORACLE_HOME/network/admin/listener.ora

13 Locate the following line:


(ADDRESS = (PROTOCOL = IPC)(KEY = <key_value>))

14 Change key_value to PROTECT.

15 Add the following line to the end of the file:


SECURE_REGISTER_LISTENER = (IPC)

16 Save the file and exit the text editor.


17 Run the following command:
lsnrctl start

Note: If you see a message informing you that the listener has started but there
are no services, run the following sequence of commands: lsnrctl stop,
shutdown, startup, lsnrctl start.

18 Run the following commands to connect to the database using SQL*Plus:


sqlplus /nolog

conn sys/<password> as sysdba

19 Run the following command:


ALTER SYSTEM SET local_listener =
'(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=PROTECT)))' SCOPE=both;
Installing Oracle 12c Enterprise on Linux 30
Configuring the local net service name

20 Run the following command to register the listener:


ALTER SYSTEM REGISTER;

21 Exit SQL Plus by running the following command:


exit

22 Run the following command to verify the change:


lsnrctl services

The command output should display a message similar to the following:

Services Summary...
Service "protect" has 1 instance(s).
Instance "protect", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
The command completed successfully

Configuring the local net service name


Perform the following procedure to configure the Local Net Service Name for the
Symantec Data Loss Prevention database.
To configure the local net service name
1 If the Oracle Net Configuration Assistant is not already running, log in as the
Oracle user and start it:

$ORACLE_HOME/bin/netca

2 On the Welcome panel, select Local Net Service Name configuration and
click Next.
3 On the Net Service Name Configuration panel, select Add and click Next.
4 On the Net Service Name Configuration, Service Name panel, enter "protect"
in the Service Name field and click Next.
5 On the Net Service Name Configuration, Select Protocols panel, select
TCP and click Next.
6 On the Net Service Name Configuration, TCP/IP Protocol panel:
■ Enter the IP address of the Oracle server computer in the Host name field.
■ Select Use the standard port number of 1521 (the default value).
Installing Oracle 12c Enterprise on Linux 31
Verifying tnsnames.ora contents

■ Click Next.

7 On the Net Service Name Configuration, Test panel, select No, do not test
and click Next.
Do not test the service configuration, because the listener has not yet started.
8 On the Net Service Name Configuration, Net Service Name panel, select
accept the default name of "protect" and click Next.
9 On the Net Service Name Configuration, Another Net Service Name? panel,
select No and click Next.
10 On the Net Service Name Configuration Done panel, select Next.
11 Click Finish to exit the Oracle Net Configuration Assistant.

Verifying tnsnames.ora contents


Before you create the required Oracle user accounts, verify that the tnsnames.ora
file contains entries for the protect database that you created.
To verify or update tnsnames.ora file contents
1 Using a text editor, open the tnsnames.ora file, located in the
$ORACLE_HOME/network/admin directory.

2 Verify that the following lines are present in the file:

PROTECT =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ip_address)(PORT = port_number))
)
(CONNECT_DATA =
(SERVICE_NAME = protect)
)
)

If these lines do not exist, add them to the file, replacing ip_address and
port_number with the correct values for your system.

Note: Do not copy and paste information to the tnsnames.ora file, as it can
introduce hidden characters that cannot be parsed.

3 Save the tnsnames.ora file and exit the text editor.


Installing Oracle 12c Enterprise on Linux 32
Verifying the Symantec Data Loss Prevention database

Verifying the Symantec Data Loss Prevention


database
After you create the Symantec Data Loss Prevention database, verify that it was
created correctly.
To verify that the database was created correctly
1 Open a command prompt as the Oracle user and start SQL*Plus:

$ORACLE_HOME/bin/sqlplus /nolog

2 Log on as the SYS user:

SQL> connect sys/password@protect as sysdba

Where password represents the SYS password.


3 Run the following query:

SQL> SELECT * FROM v$version;

4 Make sure that the output from the query contains the following information,
which identifies the software components as version 12.1.0.2. The output
should read:

BANNER
--------------------------------------------------------------------------

Oracle Database 12c Release 12.1.0.2.0 - 64bit Production


PL/SQL Release 12.1.0.2.0 - Production
CORE 12.1.0.2.0 Production
TNS for Linux: Version 12.1.0.2.0 - Production
NLSRTL Version 12.1.0.2.0 - Production

5 Exit SQL*Plus:

SQL> exit

Creating the Oracle user account for Symantec Data


Loss Prevention
Perform the following procedure to create an Oracle user account and name it
“protect.”
Installing Oracle 12c Enterprise on Linux 33
Creating the Oracle user account for Symantec Data Loss Prevention

To create the new Oracle user account named "protect"


1 Copy the oracle_create_user.sql file from /tmp/oracle_install to a local
directory.
2 Open a command prompt as the Oracle user and go to the directory where
you copied the oracle_create_user.sql file.
3 Start SQL*Plus:

sqlplus /nolog

4 Run the oracle_create_user.sql script:

SQL> @oracle_create_user.sql

5 At the Please enter the password for sys user prompt, enter the password
for the SYS user.
6 At the Please enter sid prompt, enter protect.

7 At the Please enter required username to be created prompt, enter protect.

8 At the Please enter a password for the new username prompt, enter a new
password.
Follow these guidelines to create acceptable passwords:
■ Passwords cannot contain more than 30 characters.
■ Passwords cannot contain double quotation marks, commas, or
backslashes.
■ Avoid using the & character.
■ Passwords are case-sensitive by default. You can change the case
sensitivity through an Oracle configuration setting.
■ If your password uses special characters other than _, #, or $, or if your
password begins with a number, you must enclose the password in double
quotes when you configure it.
Store the password in a secure location for future use. You will need this
password to install Symantec Data Loss Prevention. If you need to change the
password after you install Symantec Data Loss Prevention, see the Symantec
Data Loss Prevention Administration Guide for instructions.
Installing Oracle 12c Enterprise on Linux 34
Configuring automatic startup and shutdown of the database

Configuring automatic startup and shutdown of the


database
To configure automatic startup and shutdown of the database, follow this procedure:
To configure the automatic startup and shutdown of the database
1 Switch to the root xterm window.
2 Go to the oracle_install directory.

cd /tmp/oracle_install

3 Run the oracle_post.sh script from the oracle_install directory.

./scripts/oracle_post.sh

4 Verify that the script completed successfully by checking if the very last line of
the output is:

dbora 0:off 1:off 2:off 3:on 4:on 5:on 6:off

You may see errors before the last line (for example, cannot access
/var/log/dbora). You can ignore these errors.

You might also like