Latest Posts

Symantec DLP Operation Notes


Here are some notes I recorded when I was working on Symantec DLP project.


Restart DLP Enforce services in the correct order

The following order is important when stopping and starting DLP services in Windows or Linux.

Stopping services in DLP 15.1 and later

            1. Symantec DLP Detection Server Controller
            2. Symantec DLP Incident Persister
            3. Symantec DLP Manager
            4. Symantec DLP Notifier

Starting services in DLP 15.1 and later

            1. Symantec DLP Notifier
            2. Symantec DLP Manager
            3. Symantec DLP Incident Persister
            4. Symantec DLP Detection Server Controller

Cold Backup Symantec DLP Oracle DB

Here is an example, assuming, Oracle DB has been installed to D:\Oracle folder. The Symantec DLP Backup folder is at the same machine under following folder: C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\

There are two folders under this DLP backup folder:
  • Database 
  • Recovery_Aid

There are six steps to follow to do a cold backup of Oracle in Windows:

1. Create recovery aid files.
1.1 At the command prompt, enter sqlplus /nolog
1.2 At the SQL> command prompt, to connect as the sysdba user, enter
connect sys/[email protected] as sysdba 

where password is the SYS password.
1.3 After receiving the Connected message, at the SQL> command prompt, enter:
alter database backup controlfile to trace as 'C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\ Recovery_Aid\controlfile.trc'; 

Success is indicated by the message "Database altered."
1.4 Issue the following command to backup the init.ora file.
create pfile='C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\ Recovery_Aid\init.ora' from spfile;

1.5 Navigate to the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Recovery_Aid directory. You should see the controlfile.trc and init.ora files in this directory.
1.6 Rename the file controlfile.trc so that it can be easily identified, for example:
controlfilebackupMMDDYY.trc

2. Collecting a list of files to be backed up
2.1 Enter the following SQL commands to create lists of files that must be backed up: (One command)
SELECT file_name FROM dba_data_files 
UNION 
SELECT file_name FROM dba_temp_files 
UNION 
SELECT name FROM v$controlfile 
UNION 
SELECT member FROM v$logfile; 
2.2  Save the list of files returned by the query to use in the following procedures: C:\Program Files\Symantec\DataLossPrevention\ SymantecDLP_Backup_Files\Recovery_Aid\ oracle_datafile_directories.txt.


C:\Users\admin>sqlplus /nolog
SQL*Plus: Release 12.2.0.1.0 Production on Sun Dec 15 21:29:32 2019
Copyright (c) 1982, 2016, Oracle.  All rights reserved.

SQL> connect sys/[email protected] as sysdba
Connected.

SQL>
SQL> SELECT file_name FROM dba_data_files
  2  UNION
  3  SELECT file_name FROM dba_temp_files
  4  UNION
  5  SELECT name FROM v$controlfile
  6  UNION
  7  SELECT member FROM v$logfile;


FILE_NAME
-------------------------------------------------------

D:\ORACLE\ORADATA\PROTECT\CONTROL01.CTL
D:\ORACLE\ORADATA\PROTECT\CONTROL02.CTL
D:\ORACLE\ORADATA\PROTECT\CONTROL03.CTL
D:\ORACLE\ORADATA\PROTECT\DRSYS01.DBF
D:\ORACLE\ORADATA\PROTECT\LOB01.DBF
D:\ORACLE\ORADATA\PROTECT\REDO01.LOG
D:\ORACLE\ORADATA\PROTECT\REDO02.LOG
D:\ORACLE\ORADATA\PROTECT\REDO03.LOG
D:\ORACLE\ORADATA\PROTECT\SYSAUX01.DBF
D:\ORACLE\ORADATA\PROTECT\SYSTEM01.DBF
D:\ORACLE\ORADATA\PROTECT\TEMP01.DBF

FILE_NAME
-------------------------------------------------------

D:\ORACLE\ORADATA\PROTECT\UNDOTBS01.DBF
D:\ORACLE\ORADATA\PROTECT\USERS01.DBF

13 rows selected.
SQL>




3. Creating a copy of the spfile on Windows
To create a copy of the spfile
3.1 In Oracle SQL*Plus, at the SQL> command prompt, enter:
create pfile='C:\Temp\inittemp.ora' from spfile; 
3.2 To exit Oracle SQL*Plus, enter: exit 
3.3 Navigate to the C:\Temp directory and verify that the inittemp.ora file was created.
3.4 In Windows, copy the inittemp.ora file from the C:\Temp directory to the \Recovery_Aid subdirectory that you created earlier on the backup computer.

4. Shutting down the Symantec Data Loss Prevention system on Windows
4.1 Stopping following four services in DLP Enforcement Server version 15.1 and later
            4.1.1. Symantec DLP Detection Server Controller
            4.1.2. Symantec DLP Incident Persister
            4.1.3. Symantec DLP Manager
            4.1.4. Symantec DLP Notifier
4.2 On the computer that hosts the database, stop the OracleService databasename, where databasename is the Global Database Name and SERVICE_NAME selected during installation.




5. Copying the database files to the backup location on Windows

5.1 Make sure that the Oracle services are stopped.
5.2 On the computer that hosts the database, copy the files from the list that you collected in the procedure Collecting a list of files to be backed up to the computer that hosts the backup files. Copy the Protect directory into the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Database directory of the computer that hosts the backup files.
5.3 On the computer that hosts the database, select the %ORACLE_HOME%\database\PWDprotect.ora file and copy it into the C:\Program Files\Symantec\DataLossPrevention\SymantecDLP_Backup_Files\Database directory of the computer that hosts the backup files.

%ORACLE_HOME% = D:\oracle\product\12.2.0.1\db_1\

note: if you do not know your %ORACLE_Home% name, you can just search PWDprotect.ora file from your hard drive.

6. Restarting the system on Windows
To restart the system
6.1 On the computer that hosts the database, navigate to Start > All Programs > Administrative Tools > Services to open the Windows Services menu.
6.2 From the Services menu, start all of the Oracle services:
■ OracleServiceDATABASENAME
6.3 On the computer that hosts the Enforce Server, start the SymantecDLPNotifierService service before starting other Symantec Data Loss Prevention services.
6.4 Starting services in DLP 15.1 and later
            6.4.1. Symantec DLP Notifier
            6.4.2. Symantec DLP Manager
            6.4.3. Symantec DLP Incident Persister
            6.4.4. Symantec DLP Detection Server Controller


References

















No comments