Submit Search
Upload
12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
•
3 likes
•
640 views
P
pasalapudi
Follow
Oracle Apps 12.2 Secure Configuration Console & ADOP changes
Read less
Read more
Software
Report
Share
Report
Share
1 of 47
Recommended
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
pasalapudi
Aioug2017 deploying-ebs-on-prem-and-on-oracle-cloud v2
Aioug2017 deploying-ebs-on-prem-and-on-oracle-cloud v2
pasalapudi
Oracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle Cloud
pasalapudi
Online patching ebs122_aioug_appsdba_nov2017
Online patching ebs122_aioug_appsdba_nov2017
pasalapudi
veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)
aioughydchapter
Dmz aa aioug
Dmz aa aioug
pasalapudi123
Aman sharma hyd_12crac High Availability Day 2015
Aman sharma hyd_12crac High Availability Day 2015
aioughydchapter
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
vasuballa
Recommended
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
pasalapudi
Aioug2017 deploying-ebs-on-prem-and-on-oracle-cloud v2
Aioug2017 deploying-ebs-on-prem-and-on-oracle-cloud v2
pasalapudi
Oracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle Cloud
pasalapudi
Online patching ebs122_aioug_appsdba_nov2017
Online patching ebs122_aioug_appsdba_nov2017
pasalapudi
veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)
aioughydchapter
Dmz aa aioug
Dmz aa aioug
pasalapudi123
Aman sharma hyd_12crac High Availability Day 2015
Aman sharma hyd_12crac High Availability Day 2015
aioughydchapter
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
Securing oracle e-business suite 12.1 and 12.2 technology infrastructure
vasuballa
Oracle E-Business Suite on Kubernetes Cluster
Oracle E-Business Suite on Kubernetes Cluster
vasuballa
Using oracle cloud to speed up e business suite 12.2 upgrade
Using oracle cloud to speed up e business suite 12.2 upgrade
vasuballa
Adop and maintenance task presentation 151015
Adop and maintenance task presentation 151015
andreas kuncoro
Oracle IaaS Overview - AIOUG Hyderabad Chapter
Oracle IaaS Overview - AIOUG Hyderabad Chapter
aioughydchapter
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
pasalapudi123
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Andrejs Karpovs
EBS on Oracle Cloud
EBS on Oracle Cloud
vasuballa
Oracle E-Business Suite R12.2.6 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.6 on Database 12c: Install, Patch and Administer
Andrejs Karpovs
Ebs12.2 online patching(aioug_aug2015)
Ebs12.2 online patching(aioug_aug2015)
pasalapudi123
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
Getting optimal performance from oracle e business suite(aioug aug2015)
Getting optimal performance from oracle e business suite(aioug aug2015)
pasalapudi123
Aioug ha day oct2015 goldengate- High Availability Day 2015
Aioug ha day oct2015 goldengate- High Availability Day 2015
aioughydchapter
Editioning use in ebs
Editioning use in ebs
pasalapudi123
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons Learned
Andrejs Karpovs
Fn project quick installation guide
Fn project quick installation guide
Johan Louwers
Running Oracle EBS in the cloud (UKOUG APPS16 edition)
Running Oracle EBS in the cloud (UKOUG APPS16 edition)
Andrejs Prokopjevs
Em13c New Features- One of Two
Em13c New Features- One of Two
Kellyn Pot'Vin-Gorman
Dg broker & client connectivity - High Availability Day 2015
Dg broker & client connectivity - High Availability Day 2015
aioughydchapter
AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2
Sean Braymen
Oracle WebLogic Server 12c: Seamless Oracle Database Integration (with NEC, O...
Oracle WebLogic Server 12c: Seamless Oracle Database Integration (with NEC, O...
jeckels
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Alfredo Krieg
More Related Content
What's hot
Oracle E-Business Suite on Kubernetes Cluster
Oracle E-Business Suite on Kubernetes Cluster
vasuballa
Using oracle cloud to speed up e business suite 12.2 upgrade
Using oracle cloud to speed up e business suite 12.2 upgrade
vasuballa
Adop and maintenance task presentation 151015
Adop and maintenance task presentation 151015
andreas kuncoro
Oracle IaaS Overview - AIOUG Hyderabad Chapter
Oracle IaaS Overview - AIOUG Hyderabad Chapter
aioughydchapter
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
pasalapudi123
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Andrejs Karpovs
EBS on Oracle Cloud
EBS on Oracle Cloud
vasuballa
Oracle E-Business Suite R12.2.6 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.6 on Database 12c: Install, Patch and Administer
Andrejs Karpovs
Ebs12.2 online patching(aioug_aug2015)
Ebs12.2 online patching(aioug_aug2015)
pasalapudi123
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Andrejs Prokopjevs
Getting optimal performance from oracle e business suite(aioug aug2015)
Getting optimal performance from oracle e business suite(aioug aug2015)
pasalapudi123
Aioug ha day oct2015 goldengate- High Availability Day 2015
Aioug ha day oct2015 goldengate- High Availability Day 2015
aioughydchapter
Editioning use in ebs
Editioning use in ebs
pasalapudi123
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons Learned
Andrejs Karpovs
Fn project quick installation guide
Fn project quick installation guide
Johan Louwers
Running Oracle EBS in the cloud (UKOUG APPS16 edition)
Running Oracle EBS in the cloud (UKOUG APPS16 edition)
Andrejs Prokopjevs
Em13c New Features- One of Two
Em13c New Features- One of Two
Kellyn Pot'Vin-Gorman
Dg broker & client connectivity - High Availability Day 2015
Dg broker & client connectivity - High Availability Day 2015
aioughydchapter
AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2
Sean Braymen
Oracle WebLogic Server 12c: Seamless Oracle Database Integration (with NEC, O...
Oracle WebLogic Server 12c: Seamless Oracle Database Integration (with NEC, O...
jeckels
What's hot
(20)
Oracle E-Business Suite on Kubernetes Cluster
Oracle E-Business Suite on Kubernetes Cluster
Using oracle cloud to speed up e business suite 12.2 upgrade
Using oracle cloud to speed up e business suite 12.2 upgrade
Adop and maintenance task presentation 151015
Adop and maintenance task presentation 151015
Oracle IaaS Overview - AIOUG Hyderabad Chapter
Oracle IaaS Overview - AIOUG Hyderabad Chapter
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
EBS on Oracle Cloud
EBS on Oracle Cloud
Oracle E-Business Suite R12.2.6 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.6 on Database 12c: Install, Patch and Administer
Ebs12.2 online patching(aioug_aug2015)
Ebs12.2 online patching(aioug_aug2015)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Getting optimal performance from oracle e business suite(aioug aug2015)
Getting optimal performance from oracle e business suite(aioug aug2015)
Aioug ha day oct2015 goldengate- High Availability Day 2015
Aioug ha day oct2015 goldengate- High Availability Day 2015
Editioning use in ebs
Editioning use in ebs
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fn project quick installation guide
Fn project quick installation guide
Running Oracle EBS in the cloud (UKOUG APPS16 edition)
Running Oracle EBS in the cloud (UKOUG APPS16 edition)
Em13c New Features- One of Two
Em13c New Features- One of Two
Dg broker & client connectivity - High Availability Day 2015
Dg broker & client connectivity - High Availability Day 2015
AOUG_11Nov2016_Challenges_with_EBS12_2
AOUG_11Nov2016_Challenges_with_EBS12_2
Oracle WebLogic Server 12c: Seamless Oracle Database Integration (with NEC, O...
Oracle WebLogic Server 12c: Seamless Oracle Database Integration (with NEC, O...
Similar to 12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Alfredo Krieg
OOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and security
vasuballa
Em13c New Features- Two of Two
Em13c New Features- Two of Two
Kellyn Pot'Vin-Gorman
Con7091 sql tuning for expert db as-oow17_oct2_1507314871265001m0x4
Con7091 sql tuning for expert db as-oow17_oct2_1507314871265001m0x4
asifanw
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
OracleMySQL
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
Georgi Kodinov
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
Michael Noel
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Michael Noel
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
vasuballa
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
Michael Noel
security-checklist-database
security-checklist-database
Mohsen B
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
Georgi Kodinov
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
Michael Noel
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners Guide
Courtney Llamas
Oracle ORAchk & EXAchk overview
Oracle ORAchk & EXAchk overview
Gareth Chapman
SQL Server 2017 CLR
SQL Server 2017 CLR
Eduardo Piairo
Exachk Customer Presentation
Exachk Customer Presentation
Sandesh Rao
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
Em13c features- HotSos 2016
Em13c features- HotSos 2016
Kellyn Pot'Vin-Gorman
Similar to 12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
(20)
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
OOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and security
Em13c New Features- Two of Two
Em13c New Features- Two of Two
Con7091 sql tuning for expert db as-oow17_oct2_1507314871265001m0x4
Con7091 sql tuning for expert db as-oow17_oct2_1507314871265001m0x4
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
SPTechCon SFO 2012 - Understanding the Five Layers of SharePoint Security
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
OOW16 - Ready or Not: Applying Secure Configuration to Oracle E-Business Suit...
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...
security-checklist-database
security-checklist-database
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
AUSPC 2013 - Understanding the Five Layers of SharePoint Security
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle Enterprise Manager Security: A Practitioners Guide
Oracle ORAchk & EXAchk overview
Oracle ORAchk & EXAchk overview
SQL Server 2017 CLR
SQL Server 2017 CLR
Exachk Customer Presentation
Exachk Customer Presentation
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
Em13c features- HotSos 2016
Em13c features- HotSos 2016
Recently uploaded
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
preethippts
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
Bert Jan Schrijver
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
Lionel Briand
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
Safe Software
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
Andreas Kunz
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
Jean Silva
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
confluent
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
kalichargn70th171
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
rahul_net
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
Shane Coughlan
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Cizo Technology Services
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
manoharjgpsolutions
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Rob Geurden
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
vyaparkranti
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
Hironori Washizaki
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
ssuser9e7c64
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
RTS corp
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
team-WIBU
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
andrehoraa
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
BradBedford3
Recently uploaded
(20)
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
12.2 secure configureconsole_adop_changes_aioug_appsdba_nov17
1.
2.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Oracle E-Business Suite R12.2: Secure Configuration Console and ADOP changes Shyam Sundar Rao (Senior Principal Developer, EBS Release Engineering) Chowdari Mathukumilli (Principal Developer, EBS Release Engineering) November 04, 2017
3.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
4.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | 1 2 3 4 Secure Configure Console
5.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Agenda for Secure Configuration Console Secure Configuration Console overview Checks of Secure Configuration Console in 12.2 Additional new checks introduced in 12.2.7 Deep dive into few checks Command line utility Where to find more information Q/A 1 2 3 4 5 6 7
6.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console EBS Users cannot login to the system 1 2 3 4 New
7.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Automatic Assessment of your Environment by Sysadmin 1 2 3 4 New
8.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Automatic Assessment of your Environment by Sysadmin 1 2 3 4 Configure or Acknowledge and Accept Warnings: Your system will be locked down until the system administrator configures or acknowledges the recommended security configurations. New
9.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Automatic Assessment of Your Environment 1 2 3 4 •Review and implement secure configuration recommendations from a single dashboard. •Access via the “Functional Administrator” responsibility, “Configuration Manager” tab •Check your configuration •Automatically configure items that are out of compliance •Checks are assigned a severity level •Suppress checks that are not relevant to your system
10.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Manual/Autofixable and Failed/Passed Checks 1 2 3 Details: Manual and Autofixable checks Details: Failed Configuration
11.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Security Guideline Details for a Check 1 2 3 4
12.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console 1 2 3 4 1. Default application users passwords have been changed to non-default values. 2. Attachment upload profiles are available and set correctly. 3. Critical profile values are set correctly. 4. Default database users default passwords have been changed to non-default values. 5. Forms blocking of bad characters on the web server is active. 6. Site level security profiles are available in the system. 7. ModSecurity on the web server is active. 8. Serversecurity (Secure Flag in DBC file) is enabled. 9. Allowed Redirects feature is enabled 10. APPLSYSPUB privileges are properly restricted. 11. Auditing profiles are set. 12. Cookie Domain scoping is configured. 13. Application user passwords have been migrated to hashed passwords. 14. HTTPS is enabled Confidential. Oracle E-Business Suite Security Guide Release 12.2
13.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Checks introduced in 12.2.7 1 2 3 4 1. Clickjacking protection is configured. 2. Diagnostic web page protection is configured. 3. PUBLIC role privileges are restricted. 4. Oracle Workflow generated emails that reference URLs in EBS require additional user authentication. 5. Allowed Resources feature is enabled. 6. Required whitelist configuration for the allowed resources feature is correct and up-to-date. 7. Recommended Database initialization parameters have been set. 8. Database profiles have been created in the EBS database for password management. 9. iRecruitment file upload security profile value is set. 10. Oracle Workflow Admin access is restricted. 10 Additional Checks for a Total of 24 Checks Oracle E-Business Suite Security Guide Release 12.2
14.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Attachment upload profiles are available and set correctly 1 2 3 4 • The Attachments feature are configured to restrict the file types that may be uploaded (actually, it restricts using a blacklist of the file extensions that Windows considers as executables such as .COM,.EXE and so on). • Profile Option Name: FND_SECURITY_FILETYPE_RESTRICT _DFLT • Recommended Value: N • Define maximum allowed size of an uploaded attachment • Profile Option Name: UPLOAD_FILE_SIZE_LIMIT • Recommended Value: As needed in (kb) • Enable Antisamy HTML Filter • This allows upload of a sanitized version of HTML documents such as resumes for iRecruitment. • Profile Option Name: FND_DISABLE_ANTISAMY_FILTER • Recommended Value: N Oracle E-Business Suite Security Guide Release 12.2
15.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Default application users passwords have been changed to non-default values 1 2 3 4 • Oracle ships seeded user accounts with default passwords that are recommended to be changed. • Depending on product usage, some seeded accounts can or can not be disabled. • Disable an application user account by setting the END_DATE for the account. • Do not disable the GUEST user account. • If the GUEST password is changed, set the AutoConfig variable s_guest_pass to the new value in the context file before running AutoConfig. AutoConfig must be run to propagate the new password to config files. • The GUEST password must always be in UPPERCASE. • Script “fnddefpw.sql” can be executed as “apps” user to list the seeded accounts that still have the default password. Oracle E-Business Suite Security Guide Release 12.2
16.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Default database users default passwords have been changed to non-default values 1 2 3 4 • The application database instance contains default, open schemas with default passwords. • These accounts and corresponding passwords are well-known, and they should be changed, especially for a database to be used in a production environment. • For Default database administration schemas we can make use of "alter user <SCHEMA> identified by <NEW_PASSWORD>;“ • For Schemas common to all Oracle E-Business Suite products and associated with specific Oracle E- Business Suite products we can make use of utility "FNDCPASS" Oracle E-Business Suite Security Guide Release 12.2
17.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Application user passwords have been migrated to hashed passwords 1 2 3 4 • Traditionally, Oracle E-Business Suite has stored the password of the application users in encrypted form. • Starting with release 12.0.4, it is possible to switch the Oracle E-Business Suite system to store hashed versions of the passwords instead. • Hence its recommended as part of secure configuration console check to change the passwords. • Use AFPASSWD/FNDCPASS utility to hash the password. • IMPORTANT: This process is irreversible. Oracle E-Business Suite Security Guide Release 12.2
18.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Database profiles have been created in the EBS database for password management 1 2 3 4 • Implement Two Profiles for Password Management • The database provides parameters to enforce password management policies. • However, some of the database password policy parameters could lock-out the Oracle E-Business Suite. • Because of this, we make specific recommendations for or against using certain management features depending upon schema type. • Create two database profiles: • One for middle tier application schemas (“managed schemas”) • One for all accounts used by individual database administrators to the second profile. Password Parameters Application Profile Administrator Profile FAILED_LOGIN_ATTEMPTS UNLIMITED 5 PASSWORD_LIFE_TIME UNLIMITED 90 PASSWORD_REUSE_TIME 180 180 PASSWORD_REUSE_MAX UNLIMITED UNLIMITED PASSWORD_LOCK_TIME UNLIMITED 7 PASSWORD_GRACE_TIME UNLIMITED 14 PASSWORD_VERIFY_FUNCTION Recommended Recommended Recommended Values Oracle E-Business Suite Security Guide Release 12.2
19.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: PUBLIC role privileges are restricted 1 2 3 4 Check whether the PUBLIC role privileges are restricted. • This checks whether unnecessary privileges to Oracle E-Business Suite object have been granted to the Oracle Database PUBLIC role. • Revoke unnecessary privileges from the PUBLIC role. Oracle E-Business Suite database objects should not have privileges granted to the PUBLIC role. • 'Create Index' should not be granted to PUBLIC Oracle E-Business Suite Security Guide Release 12.2
20.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Check: Allowed Resources feature is enabled 1 2 3 4 • Allowed JSPs introduced in E-Business Suite 12.2.4 • Enabled by default in E-Business Suite ATG 12.2.7 • Rebranded to Allowed Resources in 12.2.6 with the following patches: • ATG 12.2.6 (21900895:R12.ATG_PF.C.DELTA.6) • TKX Delta 9 (25180736:R12.TXK.C.DELTA.9) • ENABLE ALLOWED RESOURCES (24737426:R12.FND.C) - This patch will turn the Allowed Resources feature ON. Oracle E-Business Suite Security Guide Release 12.2
21.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Feature overview of Allowed Resources 1 2 3 4 • Defines whitelist of web allowed resources • A whitelist is an explicit list of items that are allowed for access • Enhancements to Allowed JSPs feature • Whitelist resources including servlets and JSPs • Prevents access to resources which are not used. • Allows custom resources to ne defined in the list of allowed resources. • Additional Features in 12.2.7 • Metadata now stored in the database (not in configuration files) • New user interface • With configuration metadata stored in the database, allowed resources configuration will be preserved when upgrading and patching • Whitelist configuration recommendations are provided based upon products used and underlying resource usage • Utilities to identify custom resources and populate usage data Oracle E-Business Suite Security Guide Release 12.2
22.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Configuration overview of Allowed Resources 1 2 3 4 • Applying Patch 24737426:R12.FND.C delivers new profile • "Security: Allowed Resources" (FND_SEC_ALLOWED_RESOURCES) • The default value is CONFIG (Configured). • This provides restricted access to the allowed resources as per the whitelisted resources listed in the configuration files. • The feature can be turned of by setting the profile option to “All” • New profile overrides profile: Allow Unrestricted JSP Access (FND_SEC_ALLOW_JSP_UNRESTRICED_ACCESS) • The profile is refreshed at the UPDATE_CHECK_INTERVAL rate. Its generally 60sec. Oracle E-Business Suite Security Guide Release 12.2
23.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Feature overview of Allowed Resources 1 2 3 4 3 Levels of Granularity for Configuring Access through the UI • If you are not using any products in a particular product family, ensure that the Enabled check box is not selected in the Details section of the Product Family Configuration page. • To restrict access at the product level, deny access to the appropriate product-level resources on the Product Details tab in the Product and Common Resources section. • To restrict access at the individual resource level, deny access to the resources in question by drilling down to the Resource Details or denying access in Common Resources tab. Oracle E-Business Suite Security Guide Release 12.2
24.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | UI is accessible via the Functional Administrator responsibility Functional Administrator page Allowed Resources tab Easily allow or deny access to products and underlying resources A family name may be selected from the left menu to view the Product Family Configuration User Interface for Allowed Resources
25.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Details section Enabled check box indicates whether or not the product family resources are used and allowed. Product and Common Resources Details Section Use this section of the page to configure products. User Interface for Allowed Resources 12.2.7
26.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product and Common Resource Details Product Details tab
27.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product and Common Resource Details Common Resources Tab 12.2.7
28.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product and Common Resource Details Product Details tab Click on Product Name 12.2.7
29.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | User Interface for Allowed Resources Product Details tab Click on Product Name Used Tab 12.2.7
30.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Evaluating Usage with Access Logs Step 1. Generate Web Usage File - generate a summary of resources used in your instance. • Download webusage.awk – My Oracle Support Knowledge Document 2069190.1, Security Configuration and Auditing Scripts for Oracle E- Business Suite, for the latest zip file containing the script – Generates a summary of resources used from any available Apache access logs. – This can then be leveraged using the WLDataMigration utility to identify custom resources as well as populate web usage data. – Execute the webusage.awk script againstyour Apache access logs: $ cat access_log | tr '?' ' ' | awk -f webusage.awk > webusage.out 12.2.7 Oracle E-Business Suite Security Guide Release 12.2
31.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Populate Web usage data Step 2. Populate Web Usage and Custom Configurations •Populate web usage data or custom configuration with WLDataMigration •The WLDataMigration utility provides the ability to identify and populate custom resources and web usage data from your Apache access logs. It also allows you to populate that information, or migrate existing customization configuration files, into the allowed resources repository. •Execute Loader utility to populate web usage data for already seeded resources and generate CUSTOM.out for unknown resources $ java oracle.apps.fnd.security.resource.WLDataMigration MODE=seed INPUT_FILE=webusage.out DBC=$FND_SECURE/<SID>.dbc This mode allows you to leverage your existing Apache access logs to identify custom resources as well as populate web usage data. It takes the webusage.out file as input which is generated via the webusage.awk script described in the previous section. This mode also produces a CUSTOM.out file of potential custom resources. Oracle E-Business Suite Security Guide Release 12.2
32.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Load Custom Configuration for Allowed Resources Step 3 – Review CUSTOM.out and Load • Option 1: Use the CUSTOM.out file generated from WLDataMigration Review the CUSTOM.out file before uploading to ensure that entries are legitimate $ java oracle.apps.fnd.security.resource.WLDataMigration MODE=custom INPUT_FILE=CUSTOM.out DBC=$FND_SECURE/<SID>.dbc • Option 2: Use the custom.conf file from prior configuration of Allowed JSPs or Allowed Resources feature. $ java oracle.apps.fnd.security.resource.WLDataMigration MODE=custom INPUT_FILE=CUSTOM.conf DBC=$FND_SECURE/<SID>.dbc Oracle E-Business Suite Security Guide Release 12.2
33.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Secure Configuration Console Command line utility 1 2 3 4 If a user with local system administrator privileges is not available, you can access the Secure Configuration Console by using the following command line utility: java oracle.apps.fnd.security.AdminSecurityCfg <APPS Username/APPS password[@<DB Host>] [-check|-fix|-status|-lock|-unlock] [DBC=<DBC File Path>] [CODES=<code1>,<code2>,<code3>...] This utility is provided for the following tasks: • To take the system out of locked down mode. • To compute the status of a certain configuration or all configurations. • To configure a certain configuration or all configurations of type 'Autofixable'. • To view the status of a certain configuration or all configurations. Oracle E-Business Suite Security Guide Release 12.2
34.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Where to find more information ? 1 2 3 4 EBS Documentation and Training – EBS 12.2 Information Center MOS Note 1581299.1 Includes link to the EBS Documentation Web Library FAQ: Oracle E-Business Suite Security (MOS Note 2063486.1) Oracle E-Business Suite Security Guide, Release 12.2 – Part# E22952 Security Configuration and Auditing Scripts for Oracle E-Business Suite (MOS Note 2069190.1)
35.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | 35 Program Agenda: ADOP and Rapid Install Changes Service Name Change for Patch Edition FS File System Synchronization Improved Log Directory Structure Rapid Install: Patching Stage Area References Q/A 1 2 3 4 5 6
36.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | 36 New and Changed Features in ADOP
37.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Service Name change for Patch Edition FS • The Oracle Grid Infrastructure is required by Oracle Automatic Storage Management (ASM), which can be used by Oracle Real Application Clusters. • The Grid Listener requires all registered service names to be unique. • AD-TXK Delta 9 introduces full support for the Oracle Grid Listener used by ASM. • AD-TXK Delta 8 and earlier, the service name for connections to the patch edition of the database was always 'ebs_patch'. • In AD-TXK Delta.9, the service name to connect to the patch edition has been changed to '<instance_name>_ebs_patch'. 37
38.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Mandatory Steps for Migrating Service Name change • Migrate changes from Application Tier to Database tier nodes (after AD-TXK Delta patching cycle). • On Run Edition File System – Execute the admkappsutil.pl utility to create the appsutil.zip file in <INST_TOP>/admin/out. • $ perl <AD_TOP>/bin/admkappsutil.pl • On Database tier nodes: – Source the environment for RDBMS ORACLE_HOME • Copy or FTP the appsutil.zip file to <RDBMS ORACLE_HOME> • Uncompress appsutil.zip, under <RDBMS ORACLE_HOME> – $ unzip -o appsutil.zip • Run Autoconfig on Database Tier nodes • Run Autoconfig on Run Edition File System Confidential – Oracle Internal 38
39.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Patch Service Rename: What to Know? • Starting AD-TXK Delta.9, the service name to connect to the patch edition has been changed to '<instance_name>_ebs_patch'. • Mandatory to Update database tier with the latest patches post AD-TXK Delta application. • Avoid bouncing of Database during adop cycle for applying AD-TXK Delta. • fs_clone to be run post AD-TXK Delta. If not, next prepare will automatically run fs_clone. 39
40.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | • New prepare phase parameter (sync_mode) to control synchronization behavior. • adop phase=prepare sync_mode=(delta|patch) [default: patch] – adop phase=prepare sync_mode=patch (default) – adop phase=prepare sync_mode=delta (new file based) • sync_mode=patch – Default behavior. – adop will synchronize the file systems by applying patches applied in the previous patching cycle to the patch file system. Confidential – Oracle Internal 40 File System Synchronization
41.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | • sync_mode=delta – As a faster alternative, you can specify the parameter/value pair sync_mode=delta to synchronize the file systems by running a user-specified third-party file synchronization (copy) utility. – Delta style synchronization uses the file system synchronization command specified in: $AD_TOP/patch/115/etc/delta_sync_drv.txt – Only files changed in the previous patching cycle are synchronized – The delta_sync_drv.txt file includes examples for setting up synchronization using rsync on UNIX or RoboCopy on Windows – Automatic support for customizations Confidential – Oracle Internal 41 File System Synchronization
42.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Improved Log Directory Structure • Improved structure of log directories – Log directories organized in a logical hierarchical structure • $ADOP_LOG_HOME/<session_id>/<execution_id>/<phase>/<node>/ – Consistent naming of top level log file • adop.log – Validation logs in a named directory 42 • $ADOP_LOG_HOME – 120 ‒20171020_152612 ‒prepare ‒rws1401232 • $ADOP_LOG_HOME – <session_id> ‒<execution_id> –<phase> ‒<node>
43.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | 43 Rapid Install: Patching Stage Area
44.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | Rapid Install: Patching Stage Area • Patch 25525148 (Rapid install consolidated one-off bundle on top of Startcd 51) • To patch the stage area created using startCD 12.2.0.51 (Patch#22066363) • Prerequisite: Create the stage area using startCD 12.2.0.51 and latest Oracle E-Business Suite Release 12.2 Media Pack. • Download and Unzip patch 25525148 • Execute patchRIStage.sh (patchRIStage.cmd in case of Windows); Provide Rapid Install stage area as input parameter. Confidential – Oracle Internal 44
45.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | • Oracle E-Business Suite Maintenance Guide Release 12.2 – (Part#E22954) • Applying the Latest AD and TXK Release Update Packs to Oracle E-Business Suite Release 12.2 (Doc ID 1617461.1) • Oracle E-Business Suite Applications DBA and Technology Stack Release Notes for R12.AD.C.Delta.10 and R12.TXK.C.Delta.10 (Doc ID 2295390.1) • Oracle E-Business Suite Setup Guide, Release 12.2 – (Part#E22953) • Oracle E-Business Suite Installation Using Rapid Install Guide – (Part#E22950) Confidential – Oracle Internal 45 Where to find more information ?
46.
Copyright © 2017,
Oracle and/or its affiliates. All rights reserved. | 1 2 3 4