| FCBGuard or USB security token login AS SYSDBA [message #687355] |
Tue, 28 February 2023 19:54  |
 |
Olexandr Siroklyn
Messages: 44
Registered: September 2018
Location: USA
|
Member |
|
|
Purpose
FCBGuard software http://oracleongpu.com/fcbguard/ provides the ability to prevent unauthorised AS SYSDBA login attempt to a database. This is implemented via mandatory USB security key/token/card (call it any way you like it) presence. In order to successfully perform an AS SYSDBA login, database administrator must have a properly configured and database-registered USB security key. Without such a key, any attempt to log in will result in a process kill. The main purpose of the above is to prohibit the root user from being oracle and connecting to the database.
License
FCBGuard is a free, partially closed software. You can use it in any way you like preserving copyright notice.
How it works
There are a web page and an attached intro.txt file for more details. See below for a brief description.
[oracle@databasehost ~]$ sqlplus / as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Feb 10 17:22:57 2023
...
Broadcast message from oracle@databasehost (Wed Feb 15 11:17:05 2023):
Unauthorized SYSDBA login attempt detected to dbname@databasehost
Killed
[oracle@databasehost]$ [oracle@databasehost sql]$ sqlplus sysproxy/sysproxy @${DATA_PUMP_DIR}/fcbguard.sql << file is auto generated on logon
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Feb 10 18:03:29 2023
...
dba@host-where-USB-security-token-is-present's password: << here a SSH connection is established to
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00 << USB security token is detected
PKCS#15 Card [Oracle login as SYSDBA]:
Version : 0
Serial number : 534xdsdfsdc9asdfasdf
Manufacturer ID: piv_II
Flags :
Logging in to "Oracle login as SYSDBA"
Please enter User PIN: << a correct PIN code is expected
Using decrypt algorithm RSA-PKCS
Sdf34rsdfee23423
Connection to host-where-USB-security-token-is-present closed
847
FCBGuard v.21.12.701
(c) 2023 Olexandr Siroklyn. All rights reserved.
Connected.
USER is "SYS"
SQL>
-
Attachment: intro.txt
(Size: 5.20KB, Downloaded 2917 times)
[Updated on: Tue, 28 February 2023 20:20] Report message to a moderator |
|
|
|
| Re: FCBGuard or USB security token login AS SYSDBA [message #690204 is a reply to message #687355] |
Sun, 01 December 2024 20:01  |
|
Olexandr Siroklyn
Messages: 44
Registered: September 2018
Location: USA
|
Member |
|
|
|
What's new. The current non-free version of the software is successfully tested on an Oracle 23ai multi-tenant database. The current downloadable free version of the software can be installed and successfully run on Oracle 23ai and lower database versions. The current downloadable free version of the software has limited capabilities when installed on a multi-tenant database.
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
