Scribd
Upload
201 views

Tripwire Enterprise 9.1 User Guide

Uploaded by

Bishwanath Das
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
201 views

Tripwire Enterprise 9.1 User Guide

Uploaded by

Bishwanath Das
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Creating a Database Node

For an introduction to database nodes, see What are Node Types? on page 52.

For a current list of databases monitored by Tripwire Enterprise, see:

https://www.tripwire.com/customers/support-policy/tripwire-enterprise-platform-support

Notes To monitor a database node you must specify a delegated Agent, a system with
Tripwire Enterprise Agent or Axon Agent software installed that processes some
Tripwire Enterprise functions for the database node.

Before completing the process below, ensure that Agent software is


installed either on the database server that you want to monitor or on a
remote machine. Tripwire strongly recommends that you install the Agent
software on the database server, and use that Agent both to monitor the server's
file system, and as the delegated Agent used to monitor the database itself.

Nodes with Axon Agent installed cannot be used as a delegated Agent for DB2
database nodes.

VIDEO: Creating Database and Directory Server Nodes

To create a database node:


1. In the Manager bar, click NODES.
2. In the tree pane, click the node group in which the new node will be created.
3. Click Manage > New Node.
4. In the Create Node dialog, select a node type in the Database Server folder and click
OK.
5. Complete the New Node Wizard.

Tips For further details, click Help in any wizard page.

Select the Collect audit-event information check box to save audit events
(if available) in new element versions. For more information on the source
for audit events, see Table 106 on the next page.

Next In the New Node Wizard, you specify a user account that Tripwire Enterprise will
use to access the database server.

To successfully baseline and version check the database server, you must grant
appropriate permissions to the specified user account. For instructions, see
Configuring a Database User Account (or Login) on page 414.

Tripwire Enterprise 9.1 User Guide 412 Chapter 5. Node Procedures


Table 106. Audit event sources for monitored databases

Audit Event Source Audit Event Source


Database (with a TE Agent as (with an Axon Agent as
type the delegated Agent) the delegated Agent)
DB2 One of the following sources: Not applicable.
l the AUDIT.OBJMAINT table An Axon Agent cannot be used as the
delegated Agent for a DB2 database.
l the AUDIT.SECMAINT table

Microsoft One of the following sources: Database audit log


SQL Server (SQL Server Audit)
l a security event log (on Windows
systems)
l an audit log (on UNIX systems)
l a database audit log

Oracle One of the following sources: Database audit log


(Standard Auditing)
l a security event log (on Windows
systems) Note: If the fine-grained auditing
feature is enabled for a monitored
l an audit log (on UNIX systems) Oracle database, Tripwire Enterprise
l a database audit log will not collect events identified by fine-
grained auditing.
Note: If the fine-grained auditing feature is
enabled for a monitored Oracle database,
Tripwire Enterprise will not collect events
identified by fine-grained auditing.

PostgreSQL Tripwire Enterprise does not monitor audit Axon Agent does not monitor audit
events on PostgreSQL databases. events on PostgreSQL databases.

Note To use a database audit log as an event source, the audit log must be configured
and enabled on the corresponding database.

Tripwire Enterprise 9.1 User Guide 413 Chapter 5. Node Procedures


Configuring a Database User Account (or Login)

To successfully monitor a database, you must configure the database user account (or login) that
is assigned to the database’s node.

For a Microsoft SQL Server database server, complete the following steps in the login’s
properties dialog.

1. On the User Mapping page:


a. Select each database to be monitored by TE.
b. Select db_datareader from the list of database roles.

Note To support monitoring with database metadata rules, db_datareader should


also be granted to the MSDB and MASTER databases.

2. On the Securables page:


a. Click Search to add the database server.
b. To enable audit event collection on database nodes with a TE Agent delegated
Agent, the Login needs to have the alter trace permissions for the database server.
To enable audit event collection on database nodes with an Axon Agent delegated
Agent, the Login needs to have the control server permissions for the database
server in order to read SQL Server Audit views. It needs the view any definition
permission to view the server and database level audit views.

Note To read the SQL Server Audit log, an Axon Agent needs to use
Table function sys.fn_get_audit_file which requires control
server permission. Granting control server does not make a Login
part of the sysadmin role. Users can have granular control over the
Login permissions, for example, a Login with control server
permission, that has been denied view any definition permission,
won't be able to view any definition of the securable.

c. If you want to monitor all logins, add the View any definition permission.
d. To use the MS SQL Server policy rules from the Tripwire Customer Center, the user
account needs to have the View server state permission.

Tripwire Enterprise 9.1 User Guide 414 Chapter 5. Node Procedures


Notes For some database query rules, additional privileges may be required. For
example, if a SQL query rule calls for a stored procedure, then permissions
should be granted for each specific procedure from the Stored Procedure
Properties Permissions page in SQL Management Studio. For more information,
see:

https://docs.microsoft.com/en-us/sql/relational-databases/stored-
procedures/grant-permissions-on-a-stored-procedure?view=sql-server-2017

To use Windows Login to monitor the database, the Windows user must have
log on permission (SeInteractiveLogonRight) on the Windows machine where
Axon Agent is installed.

Tripwire Enterprise 9.1 User Guide 415 Chapter 5. Node Procedures


For an Oracle database server, enter the following SQL statement at a command prompt:

GRANT CREATE SESSION, SELECT ANY TABLE, SELECT ANY DICTIONARY TO <username>;
where <username> is the name of the Oracle user account.

Note For some database query rules, additional privileges may be required. For
example, if an Oracle query rule calls for a user-defined function, then the
EXECUTE ANY PROCEDURE privilege must be granted to the Oracle user account.

For a DB2 database server, complete the following steps in a command editor:

1. Enter the following command:


GRANT CONNECT ON DATABASE TO USER <user_account_name>;

2. With the following format, enter a command for each of the privileges listed below.
GRANT SELECT ON <privilege> TO USER <user_account_name>;

Privileges:

AUDIT.OBJMAINT SYSCAT.INDEXEXTENSIONMETHODS
AUDIT.SECMAINT SYSCAT.KEYCOLUSE
SYSCAT.ATTRIBUTES SYSCAT.LIBRARYAUTH
SYSCAT.AUDITPOLICIES SYSCAT.PACKAGEAUTH
SYSCAT.BUFFERPOOLS SYSCAT.PACKAGES
SYSCAT.CHECKS SYSCAT.PASSTHRUAUTH
SYSCAT.COLAUTH SYSCAT.PREDICATESPECS
SYSCAT.COLCHECKS SYSCAT.PROCEDURES
SYSCAT.COLIDENTATTRIBUTES SYSCAT.PROCPARMS
SYSCAT.COLUMNS SYSCAT.REFERENCES
SYSCAT.COLUSE SYSCAT.ROUTINEAUTH
SYSCAT.DATATYPES SYSCAT.ROUTINES
SYSCAT.DBAUTH SYSCAT.SCHEMAAUTH
SYSCAT.DBPARTITIONGROUPDEF SYSCAT.SCHEMATA
SYSCAT.DBPARTITIONGROUPS SYSCAT.SEQUENCEAUTH
SYSCAT.EVENTMONITORS SYSCAT.SEQUENCES
SYSCAT.EVENTS SYSCAT.TABAUTH
SYSCAT.EVENTTABLES SYSCAT.TABCONST
SYSCAT.FUNCPARMS SYSCAT.TABLES
SYSCAT.FUNCTIONS SYSCAT.TABLESPACES
SYSCAT.HIERARCHIES SYSCAT.TBSPACEAUTH
SYSCAT.INDEXAUTH SYSCAT.TRIGGERS
SYSCAT.INDEXCOLUSE SYSCAT.VIEWS
SYSCAT.INDEXES SYSIBM.SYSDUMMY1
SYSCAT.INDEXEXPLOITRULES

Tripwire Enterprise 9.1 User Guide 416 Chapter 5. Node Procedures


3. Enter a command for each of the following privileges using the format specified in step 2
on the previous page.

SYSCAT.DATAPARTITIONEXPRESSION SYSCAT.VARIABLEAUTH
SYSCAT.DATAPARTITIONS SYSCAT.VARIABLES
SYSCAT.HISTOGRAMTEMPLATEBINS SYSCAT.WORKACTIONS
SYSCAT.HISTOGRAMTEMPLATES SYSCAT.WORKACTIONSETS
SYSCAT.HISTOGRAMTEMPLATEUSE SYSCAT.WORKCLASSES
SYSCAT.INDEXXMLPATTERNS SYSCAT.WORKCLASSSETS
SYSCAT.NICKNAMES SYSCAT.WORKLOADAUTH
SYSCAT.ROLEAUTH SYSCAT.WORKLOADCONNATTR
SYSCAT.ROLES SYSCAT.WORKLOADS
SYSCAT.SECURITYLABELCOMPONENTELEMENTS SYSCAT.XSROBJECTAUTH
SYSCAT.SECURITYLABELCOMPONENTS SYSIBMADM.DBCFG
SYSCAT.SECURITYPOLICIES SYSIBMADM.DBMCFG
SYSCAT.SERVICECLASSES SYSIBMADM.SNAPCONTAINER
SYSCAT.THRESHOLDS SYSIBMADM.SNAPTBSP
SYSIBMADM.SNAPTBSP_PART

For a PostgreSQL database server, enter the following SQL statements at a command prompt:

CREATE USER <username> WITH LOGIN NOSUPERUSER NOINHERIT NOCREATEDB NOCREATEROLE


NOREPLICATION CONNECTION LIMIT 30;

GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO <username>;

GRANT EXECUTE ON FUNCTION pg_catalog.pg_get_functiondef(oid) TO <username>;

GRANT EXECUTE ON FUNCTION pg_catalog.pg_get_function_identity_arguments(oid) TO


<username>;

where <username> is the name of the PostgreSQL user account.

The permissions above will enable the specified user to monitor PostgreSQL database objects
with database metadata rules. To monitor specific objects with database query rules, the user
account must also have SELECT permission on the database objects that are to be monitored.

Tripwire Enterprise 9.1 User Guide 417 Chapter 5. Node Procedures

You might also like