####################################
# Using RepScan - Quickstart Guide #
####################################


Full handbook and additional rules-files are available at
    http://www.red-database-security.com/repscan


***************************************************************************

1. Customize the database.xml
  Add your Oracle database (host, protocol, port, sid, user and password)
  to the file database.xml


2. Customize the exec.xml
   Add the databases RepScan should check


3. Generate a baseline (if not available)
  c:\>generate.cmd


4. Compare a baseline
  c:\>check.cmd


5. Check the result scanreport.xml with a browser (e.g. Firefox or Internet 
   Explorer) 

***************************************************************************


Description of the files:

 databases.xml                 - Definition of the Oracle database connections
 exec.xml                      - Targets for RepScan
 scanreport.xml                - Scanreport
 scanreport.xsl                - Stylesheet for the scanreport
 rules_default_users.xml       - Check for 565 Oracle default users (encrypted SQL commands)
 rules_db_check.xml            - Some Oracle Security Checks (unencrypted SQL commands)
 
 database.dtd                  - DTD (Document Type Definition) for databases.xml
 exec.dtd                      - DTD for exec.xml
 rules.dtd                     - DTD for rules*.xml
 
 generate.cmd                  - Batchfile to generate a baseline
 check.cmd                     - Batchfile to compare with a precomputed baseline
 
 repscan.exe                   - RepScan main program
 dbencrypt.exe                 - Encrypt database passwords in databases.xml
 
 
***************************************************************************

Requirements:

  * Microsoft .NET Framework 1.1
  * Oracle Net-Client
 
***************************************************************************


Hints:

You can encrypt the database passwords with the encryption algorithm RC4 by setting 
the encryption value to "Y" in the file database.xml and encrypting the passwords 
with the program dbencrypt.

	dbencrypt databases.cryptnone.xml databases.xml

You can also use a master password. The master password must be entered every time 
you start repscan, you must use the following command

	dbencrypt -usemasterpw databases.cryptnone.xml databases.xml