WMS 11492- SQL Firewall new Livelabs (#157)

* Revert "[WMSID 11492] SQL Firewall new Livelabs (#153)"

This reverts commit b00fe40.

* Revert "Revert "[WMSID 11492] SQL Firewall new Livelabs (#153)""

This reverts commit 575187b.

database/baseline/workshops/desktop-sqlfw/manifest.json

@@ -17,7 +17,7 @@
       "title": "Lab 1: Initialize Environment",
       "description": "How to initialize and start all the workshop components",
       "publisheddate": "10/14/2020",
-      "filename": "../../../common/init-start-env/init-start-env.md"
+      "filename": "../../../common/init-start-env/init-start-env-sqlfw.md"
     },
     {
       "title": "Lab 2: SQL Firewall",

database/baseline/workshops/desktop/manifest.json

@@ -50,13 +50,7 @@
       "filename": "../../tsdp/tsdp.md"
     },
     {
-      "title": "Lab 7: SQL Firewall",
-      "description": "In this lab you can see how to leverage Oracle SQL Firewall",
-      "publisheddate": "08/18/2023",
-      "filename": "../../sqlfw/sqlfw.md"
-    },
-    {
-      "title": "Lab 8: Data Safe for on-premises database",
+      "title": "Lab 7: Data Safe for on-premises database",
       "description": "In this lab you can see how to leverage Oracle Data Safe",
       "publisheddate": "10/11/2021",
       "filename": "../../data-safe/data-safe.md"

database/baseline/workshops/freetier-sqlfw/manifest.json

@@ -30,7 +30,7 @@
       "title": "Lab 3: Initialize Environment",
       "description": "How to initialize and start all the workshop components",
       "publisheddate": "10/14/2020",
-      "filename": "../../../common/init-start-env/init-start-env.md"
+      "filename": "../../../common/init-start-env/init-start-env-sqlfw.md"
     },
     {
       "title": "Lab 4: SQL Firewall",

database/baseline/workshops/freetier/manifest.json

@@ -63,13 +63,7 @@
       "filename": "../../tsdp/tsdp.md"
     },
     {
-      "title": "Lab 9: SQL Firewall",
-      "description": "In this lab you can see how to leverage Oracle SQL Firewall",
-      "publisheddate": "08/18/2023",
-      "filename": "../../sqlfw/sqlfw.md"
-    },
-    {
-      "title": "Lab 10: Data Safe for on-premises database",
+      "title": "Lab 9: Data Safe for on-premises database",
       "description": "In this lab you can see how to leverage Oracle Data Safe",
       "publisheddate": "10/11/2021",
       "filename": "../../data-safe/data-safe.md"

database/baseline/workshops/livelabs-sqlfw/manifest.json

@@ -17,7 +17,7 @@
       "title": "Lab 2: Initialize Environment",
       "description": "How to initialize and start all the workshop components",
       "publisheddate": "10/14/2020",
-      "filename": "../../../common/init-start-env/init-start-env.md"
+      "filename": "../../../common/init-start-env/init-start-env-sqlfw.md"
     },
     {
       "title": "Lab 3: SQL Firewall",

database/baseline/workshops/livelabs/manifest.json

@@ -50,13 +50,7 @@
       "filename": "../../tsdp/tsdp.md"
     },
     {
-      "title": "Lab 8: SQL Firewall",
-      "description": "In this lab you can see how to leverage Oracle SQL Firewall",
-      "publisheddate": "08/18/2023",
-      "filename": "../../sqlfw/sqlfw.md"
-    },
-    {
-      "title": "Lab 9: Data Safe for on-premises database",
+      "title": "Lab 8: Data Safe for on-premises database",
       "description": "In this lab you can see how to leverage Oracle Data Safe",
       "publisheddate": "10/11/2021",
       "filename": "../../data-safe/data-safe.md"

database/common/init-start-env/init-start-env-sqlfw.md

@@ -0,0 +1,258 @@
+# Initialize Environment
+
+## Introduction
+
+In this lab we will review and startup all components required to successfully run this workshop.
+
+Estimated Time: 10 Minutes.
+
+### Objectives
+- Initialize the workshop environment.
+
+### Prerequisites
+This lab assumes you have:
+- An Oracle Cloud account
+- You have completed:
+    - Lab: Prepare Setup 
+    - Lab: Environment Setup
+
+## Task 1: Validate That Required Processes are Up and Running.
+
+**Note:** All screenshots for SSH terminal type tasks featured throughout this workshop were captured using the *MobaXterm* SSH Client as described in this step. As a result when executing such tasks from within the graphical remote desktop session, skip steps requiring you to login as user *oracle* using *sudo su - oracle*, the reason being that the remote desktop session is under user *oracle*.
+
+1. Now with access to your remote desktop session, proceed as indicated below to validate your environment before you start executing the subsequent labs. The following Processes should be up and running:
+
+    - Database Listener
+    - Database Servers (emcdb and cdb1)
+    - Enterprise Manager - Management server (OMS)
+    - Enterprise Manager - Management Agent (emagent)
+    - My HR Applications on Glassfish
+
+2. On the web browser window on the right is a tab preloaded with *Enterprise Manager*, login with the credentials below to validate that it's operational. If the login page is not displayed on first login to the remote desktop, refresh to reload. It takes ~15 minutes for all processes to fully start.
+
+    ```
+    Username: <copy>sysman</copy>
+    ```
+
+    ```
+    Password: <copy>Oracle123</copy>
+    ```
+
+    ![Enterprise Manager Login](images/em-login.png "Enterprise Manager Login")
+
+3. Open new browser tabs and confirm successful rendering of *My HR Applications* listed below.
+
+    - PDB1
+
+    ```
+    Prod: <copy>http://dbsec-lab:8080/hr_prod_pdb1</copy>
+    ```
+
+    ```
+    Dev: <copy>http://dbsec-lab:8080/hr_dev_pdb1</copy>
+    ```
+
+    - PDB2
+
+    ```
+    Prod: <copy>http://dbsec-lab:8080/hr_prod_pdb2</copy>
+    ```
+
+    ```
+    Dev: <copy>http://dbsec-lab:8080/hr_dev_pdb2</copy>
+    ```
+
+    If all are successful, then your environment is ready.  
+
+4. If you are still unable to get all *Enterprise Manager* and all links above to render successfully, open a terminal session and proceed as indicated below to validate the services.
+
+    - Database services (All databases and Standard Listener)
+
+        ```
+        <copy>
+        sudo systemctl status oracle-database
+        </copy>
+        ```
+
+        ![DB Service Status](images/db-service-status.png "DB Service Status")
+
+    - DBSec-lab Service (Enterprise Manager 13c and My HR Applications on Glassfish)
+
+        ```
+        <copy>
+        sudo systemctl status oracle-dbsec-lab
+        </copy>
+        ```
+
+        ![DBSecLab Service Status](images/dbsec-lab-service-status.png "DBSecLab Service Status")
+
+5. If you see questionable output(s), failure or down component(s), restart the corresponding service(s) accordingly
+
+    - Database and Listener
+
+        ```
+        <copy>
+        sudo systemctl restart oracle-database
+        </copy>
+        ```
+
+    - DBSec-lab Service
+
+        ```
+        <copy>
+        sudo systemctl restart oracle-dbsec-lab
+        </copy>
+        ```
+
+## Task 2 - Set Glassfish to use freepdb1 database in the DB23c VM
+
+Here, we will modify the default Glassfish connection to target an Oracle Database 23c, so we can monitor, and block, SQL commands
+
+1. Open a Terminal session on your **DBSec-Lab** VM as OS user *oracle*
+
+    ```
+    <copy>sudo su - oracle</copy>
+    ```
+
+    **Note**: If you are using a remote desktop session, double-click on the *Terminal* icon on the desktop to launch a session
+
+2. Go to the scripts directory
+
+    ```
+    <copy>cd $DBSEC_LABS/sqlfw</copy>
+    ```
+
+3. Migrate the Glassfish Application connection string in order to target the 23c database
+
+    ```
+    <copy>./sqlfw_glassfish_start_db23c.sh</copy>
+    ```
+
+    ![SQLFW](./images/init-start-env-sqlfw-001.png "Set HR App with DB23c")
+
+    **Note**: Here, we connect Glassfish to the database **`FREEPDB1`** (DB 23c) on the **`db23c`** VM
+
+4. Next, verify the application functions as expected
+
+    - Open a Web Browser at the URL *`http://dbsec-lab:8080/hr_prod_pdb1`* to access to **your Glassfish App**
+
+        **Notes:** If you are not using the remote desktop you can also access this page by going to *`http://<YOUR_DBSEC-LAB_VM_PUBLIC_IP>:8080/hr_prod_pdb1`*
+    
+    - Login to the application as *`hradmin`* with the password "*`Oracle123`*"
+
+        ```
+        <copy>hradmin</copy>
+        ```
+
+        ```
+        <copy>Oracle123</copy>
+        ```
+
+        ![SQLFW](./images/init-start-env-sqlfw-002.png "HR App - Login")
+
+        ![SQLFW](./images/init-start-env-sqlfw-003.png "HR App - Login")
+
+    - In the top right hand corner of the App, click on the **Welcome HR Administrator** link and you will be sent to a page with session data
+
+        ![SQLFW](./images/init-start-env-sqlfw-004.png "HR App - Settings")
+
+    - On the **Session Details** screen, you will see how the application is connected to the database. This information is taken from the **userenv** namespace by executing the `SYS_CONTEXT` function.
+
+        ![SQLFW](./images/init-start-env-sqlfw-005.png "HR App - Session details")
+
+    - Now, you should see **FREEPDB1** as the **`DB_NAME`** and **db23c** as the **HOST**
+
+        ![SQLFW](./images/init-start-env-sqlfw-006.png "HR App - Check the targetted database")
+
+You may now **proceed to the next lab**.
+
+## Appendix 1: Managing Startup Services
+
+1. Database services (All databases and Standard Listener)
+
+    - Start
+
+    ```
+    <copy>sudo systemctl start oracle-database</copy>
+    ```
+    - Stop
+
+    ```
+    <copy>sudo systemctl stop oracle-database</copy>
+    ```
+
+    - Status
+
+    ```
+    <copy>sudo systemctl status oracle-database</copy>
+    ```
+
+    - Restart
+
+    ```
+    <copy>sudo systemctl restart oracle-database</copy>
+    ```
+
+2. DBSec-lab Service (Enterprise Manager 13c and My HR Applications on Glassfish)
+
+    - Start
+
+    ```
+    <copy>sudo systemctl start oracle-dbsec-lab</copy>
+    ```
+
+    - Stop
+
+    ```
+    <copy>sudo systemctl stop oracle-dbsec-lab</copy>
+    ```
+
+    - Status
+
+    ```
+    <copy>sudo systemctl status oracle-dbsec-lab</copy>
+    ```
+
+    - Restart
+
+    ```
+    <copy>sudo systemctl restart oracle-dbsec-lab</copy>
+    ```
+
+## Appendix 2: External Web Access
+
+If for any reason you want to login from a location that is external to your remote desktop session such as your workstation/laptop, then refer to the details below.
+
+1.  Enterprise Manager 13c Console
+
+    ```
+    Username: <copy>sysman</copy>
+    ```
+
+    ```
+    Password: <copy>Oracle123</copy>
+    ```
+
+    ```
+    URL: <copy>http://<Your Instance public_ip>:7803/em</copy>
+    ```
+
+    - *Note:* You may see an error on the browser while accessing the Web Console - “*Your connection is not private*” as shown below. Ignore and add the exception to proceed.
+
+    ![Enterprise Manager External Login](images/login-em-external-1.png "Enterprise Manager External Login")
+    ![Enterprise Manager External Login](images/login-em-external-2.png "Enterprise Manager External Login")
+
+2. My HR Applications on Glassfish
+
+    - PDB1
+      - Prod        : `http://<YOUR_DBSECLAB-VM_PUBLIC-IP>:8080/hr_prod_pdb1`
+      - Dev         : `http://<YOUR_DBSECLAB-VM_PUBLIC-IP>:8080/hr_dev_pdb1`   (bg: red)
+    - PDB2
+      - Prod        : `http://<YOUR_DBSECLAB-VM_PUBLIC-IP>:8080/hr_prod_pdb2`  (menu: red)
+      - Dev         : `http://<YOUR_DBSECLAB-VM_PUBLIC-IP>:8080/hr_dev_pdb2`   (bg: red & menu: red)
+
+
+## Acknowledgements
+- **Author** - Rene Fontcha, LiveLabs Platform Lead, NA Technology
+- **Contributors** - Hakim Loumi
+- **Last Updated By/Date** - Marion Smith, Technical Program Manager, April 2022

database/common/prepare-setup/prepare-setup.md

@@ -53,7 +53,7 @@ This lab assumes you have:
     - [dbseclabs-v54_init-vm-pa.zip](https://objectstorage.us-ashburn-1.oraclecloud.com/p/AUKfPIGuTde04z4OnuaZN2EP0LxNl4hJWI2jZiTw23aWzSoa2_Byvs8OGPw20-dt/n/c4u04/b/livelabsfiles/o/security-library/dbseclabs-v54_init-vm-pa.zip)
 </if>
 <if type="sqlfw">
-    - [dbseclabs-v54_sqlfw.zip](https://objectstorage.us-ashburn-1.oraclecloud.com/p/AUKfPIGuTde04z4OnuaZN2EP0LxNl4hJWI2jZiTw23aWzSoa2_Byvs8OGPw20-dt/n/c4u04/b/livelabsfiles/o/security-library/dbseclabs-v54_sqlfw.zip)
+    - [dbseclabs-v55_sqlfw.zip](https://objectstorage.us-ashburn-1.oraclecloud.com/p/AUKfPIGuTde04z4OnuaZN2EP0LxNl4hJWI2jZiTw23aWzSoa2_Byvs8OGPw20-dt/n/c4u04/b/livelabsfiles/o/security-library/dbseclabs-v55_sqlfw.zip)
 </if>
 <if type="story-hack">
     - [dbseclabs-v45_storyhack.zip](https://objectstorage.us-ashburn-1.oraclecloud.com/p/AUKfPIGuTde04z4OnuaZN2EP0LxNl4hJWI2jZiTw23aWzSoa2_Byvs8OGPw20-dt/n/c4u04/b/livelabsfiles/o/security-library/dbseclabs-v45_storyhack.zip)