• Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  • Edinburgh: +44 (0)131 541 0118 
  • New York: +1 646-781-7580 
  • Minneapolis: +1 612-324-7410 
  • Bucharest: +40 316 301 707 

Updating OpenDLP to support Oracle Databases for PCI DSS

You are here

29

May

Updating OpenDLP to support Oracle Databases for PCI DSS

Updating OpenDLP can support Oracle Databases for the PCI DSS process when looking for credit card numbers and passwords searching Windows or Unix file systems.

OpenDLP is an excellent tool for looking for credit card numbers as part of a PCI DSS scoping process, or looking for passwords and other sensitive data during a penetration test. It can search Windows and Unix file systems and databases. At the time of writing this blog entry, OpenDLP does not have support for Oracle, only MySQL and Microsoft SQL Server. If you want Oracle support in OpenDLP, please check the OpenDLP website first to see if it has been added (https://code.google.com/p/opendlp/), otherwise, read on!

I needed a tool to search Oracle databases for credit card numbers, which was part of helping a client with PCI DSS scoping. Additionally, providing the client with a good discovery tool would help them to comply with the annual requirement to verify the accuracy of the PCI DSS scope. OpenDLP is free and open source, and, while there are commercial tools out there, the client was looking at all options. OpenDLP is easy to get up and running if you download the VirtualBox VM, and it has a web interface.

Adding Oracle support required installing the Oracle Instant Client, installing DBD Oracle for Perl, and updating some of the OpenDLP Perl scripts. The updated OpenDLP files are available for download as a zip file (opendlp_0_4_4_oracle_update.zip).

This is a step by step guide to getting and updating OpenDLP.

Get the OpenDLP Virtual Machine

Download VirtualBox VM from OpenDLP (version 0.4.4)
https://code.google.com/p/opendlp/

Get the VM running and then check that the website is working at https://localhost/OpenDLP/index.html. To make it easier, I disabled the SSL certificate requirement in /etc/apache2/sites-available/default-ssl.

Install Oracle Instant Client

From root (“sudo su -") update the existing packages and install three required packages:

apt-get update
apt-get upgrade
apt-get install libaio1 alien zip

Download the Oracle Instant Client RPMs for Linux x86 from Oracle. These need to be the basic and SDK (devel). SQL*Plus is for testing that the client works.
http://www.oracle.com/technetwork/topics/linuxsoft-082809.html

Then run alien with “–i” to generate and install debian packages from the RPMs:

alien –i oracle-instantclient11.2-basic-11.2.0.3.0-1.i386.rpm
alien –i oracle-instantclient11.2-devel-11.2.0.3.0-1.i386.rpm
alien –i oracle-instantclient11.2-sqlplus-11.2.0.3.0-1.i386.rpm

Create the file “/etc/profiles.d/oracle.sh” with the Oracle environment variables:

export ORACLE_HOME=/usr/lib/oracle/11.2/client
export PATH=$PATH:$ORACLE_HOME/bin
export LD_LIBRARY_PATH=$ORACLE_HOME/lib

Open a new shell to set the environment variables, and test the Oracle Instant Client with SQL*Plus:

sqlplus username/password@host/instance

Install DBD Oracle for Perl

Run these commands to get the DBD Oracle source package:

perl -MCPAN -e shell
get DBD::Oracle
quit

Find the folder where DBD Oracle source is downloaded (e.g. /home/opendlp/.cpan/build/DBD-Oracle-1.44-BPFWro/), and run these commands to build it. The first command seems to create a shell that you have to exit.

perl Makefile.PL
make
make install

Test DBD Oracle with this script, if nothing shows then it has connected fine.

#!/usr/bin/perl
use DBI;
my $dbh = DBI->connect("dbi:Oracle://host/instance",'username','password');
$dbh->disconnect;

Update OpenDLP to Support Oracle

You need to download the updated Perl script files: opendlp_0_4_4_oracle_update.zip. Then extract them, make them executable, and move them to the correct directories:

chmod +x db.pl
chmod +x *.html
mv db.pl /var/www/OpenDLP/bin/
mv *.html /var/www/OpenDLP/web/bin/

You should now be able to search Oracle databases for credit cards and passwords. The target format for the scan is "///", for example "//192.168.1.123/orcl".

Posted by Bil

1 Comments - Updating OpenDLP to support Oracle Databases for PCI DSS

David Tran (not verified) May 26, 2015

Reply
Dear Bil Your post is very interesting. But now i cant download opendlp_0_4_4_oracle_update.zip. Can u send me this file by email ? My email: shiva36212@gmail.com Thanks u very much.

Leave a comment