Home » Other » Marketplace » FCBGuard or USB security token login AS SYSDBA (Oracle 12c and higher. Unix like OS)
FCBGuard or USB security token login AS SYSDBA [message #687355] Tue, 28 February 2023 19:54
Olexandr Siroklyn
Messages: 36
Registered: September 2018
Location: USA
Member
Purpose

FCBGuard software http://oracleongpu.com/fcbguard/ provides the ability to prevent unauthorised AS SYSDBA login attempt to a database. This is implemented via mandatory USB security key/token/card (call it any way you like it) presence. In order to successfully perform an AS SYSDBA login, database administrator must have a properly configured and database-registered USB security key. Without such a key, any attempt to log in will result in a process kill. The main purpose of the above is to prohibit the root user from being oracle and connecting to the database.

License

FCBGuard is a free, partially closed software. You can use it in any way you like preserving copyright notice.

How it works

There are a web page and an attached intro.txt file for more details. See below for a brief description.

[oracle@databasehost ~]$ sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Fri Feb 10 17:22:57 2023
...
Broadcast message from oracle@databasehost (Wed Feb 15 11:17:05 2023):

Unauthorized SYSDBA login attempt detected to dbname@databasehost

Killed

[oracle@databasehost]$
[oracle@databasehost sql]$ sqlplus sysproxy/sysproxy @${DATA_PUMP_DIR}/fcbguard.sql   << file is auto generated on logon

SQL*Plus: Release 19.0.0.0.0 - Production on Fri Feb 10 18:03:29 2023 
...
dba@host-where-USB-security-token-is-present's password:       << here a SSH connection is established to

Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 00 00   << USB security token is detected
PKCS#15 Card [Oracle login as SYSDBA]:
        Version        : 0
        Serial number  : 534xdsdfsdc9asdfasdf
        Manufacturer ID: piv_II
        Flags          :

Logging in to "Oracle login as SYSDBA"
Please enter User PIN:                                          << a correct PIN code is expected
Using decrypt algorithm RSA-PKCS
Sdf34rsdfee23423
Connection to host-where-USB-security-token-is-present closed
847

FCBGuard v.21.12.701
(c) 2023 Olexandr Siroklyn. All rights reserved.

Connected.
USER is "SYS"

SQL>
  • Attachment: intro.txt
    (Size: 5.20KB, Downloaded 726 times)

[Updated on: Tue, 28 February 2023 20:20]

Report message to a moderator

Previous Topic: Major Update of dbForge Tools for MySQL Is Out
Next Topic: dbForge Tools for Oracle Come With a Great Big Update
Goto Forum:
  


Current Time: Thu Dec 07 11:08:52 CST 2023