The Oracle Database Security Assessment Tool (DBSAT) is a command-line tool provided by Oracle to help assess the security configuration of Oracle Database installations. It scans the database environment and generates a report detailing potential security risks, vulnerabilities, and best practices violations.

Oracle DBSAT consists of the following components:

Collector: The Collector executes SQL queries, dictionary views, and runs operating system commands to collect data from the system to be assessed. The collected data is written to a JSON file that is used by the DBSAT Reporter in the analysis phase.

Reporter: The Reporter analyzes the collected data and generates the Database Security Assessment Report in HTML, Excel, JSON, and Text formats.

Discoverer: The Discoverer executes SQL queries, dictionary views, and collects metadata from the database to be assessed, based on the settings specified in the configuration files. The collected data is then used to generate the Database Sensitive Data Assessment Report in HTML and CSV formats.

Oracle DBSAT runs on the following Operating Systems:

• Solaris x64 and Solaris SPARC64
• Linux x86-64 and Linux 64-bit Arm
• Windows x64
• HP-UX IA (64-bit)
• IBM AIX (64-bit) and Linux on zSeries (64-bit)

Oracle DBSAT runs on Oracle Database versions and editions:

• Oracle Database 11.2.0.4 and higeher releases
• Oracle Database Standard Edition 2 and Oracle Database Enterprise Edition

Oracle DBSAT (Reporter,Discoverer,Collector ) is a Java program and requires the Java Runtime Environment (JRE) 1.8 (jdk8-u172) or later to run.

Download the DBSAT binaries from Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1).

After installations which you can follow MOS note, simply run below command

./dbsat report -s -d -o

DBSAT will start scanning the database environment for security vulnerabilities and configuration issues. Monitor the progress of the scan in the terminal or command prompt.

Once the DBSAT scan is complete, it will generate a report in HTML format summarizing the findings of the security assessment. Open the report in a web browser to review the detailed analysis, including identified security risks, recommendations, and best practices violations.