Oracle DBSAT first experience

dbsat_chart

Last year in October Oracle released the Oracle Database Security Assessment Tool (DBSAT) to analyzes database configurations and security policies to improve the security in your environment.

Real benefits

  • quickly identify security configuration errors in the database environment
  • lauch Security best practices
  • increase the security level of your Oracle Databases
  • reduce the attack and exposure risk

What does DBSAT check

  • User Accounts, Privileges and Roles
  • Authorization Control
  • Data Encryption
  • Fine-grained Access Control
  • Auditing Policies
  • Database Configuration
  • Listener Configuration
  • Operating System*

Installation and Requirements

DBSAT runs on
Solaris x64 and Solaris SPARC
Linux x86-64
Windows x64
HP-UX IA (64-bit)
IBM AIX & zSeries Based Linux

Supported Database Versions
on Oracle Database 10.2.0.5 and later releases.

Download DBSAT
Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1)

Installation and Setup

create directory on the target System
mkdir -p /home/oracle/dbsat

unzip dbsat.zip
unzip dbsat.zip -d /home/oracle/dbsat

cd /home/oracle/dbsat

Run the Collector

Set your Oracle environment

./dbsat collect „sys/manager as sysdba“ orcl

DBSAT Collector completed successfully.

Calling /u01/app/oracle/product/12.1.0/dbhome_1/bin/zip to encrypt orcl.json…

Enter password:

Verify password:

  adding: orcl.json (deflated 87%)

zip completed successfully

The .json file was created and is the base of the report

Create the report

./dbsat report orcl

Archive: orcl.zip
[orcl.zip] orcl.json password:
inflating: orcl.json
Database Security Assessment Tool version 1.0.2 (October 2016)
DBSAT Reporter ran successfully.

Calling /usr/bin/zip to encrypt the generated reports…

Enter password:
Verify password:
adding: orcl.txt (deflated 76%)
adding: orcl.html (deflated 82%)
adding: orcl.xlsx (deflated 3%)
zip completed successfully.

-rw——-. 1 oracle oracle 63075 Feb 1 22:22 orcl_report.zip

Transfer the files to your local PC

Here an example  I converted the XLS File as PDF

orcl

Start reviewing the security report and fix the critical findings

Summary

  • easy and fast setup
  • really good reports in  different layout (html, csv, etc.)
  • fix real security issues
  • no extra costs if you have a support contract
  • findings are highlighted (green, red, yellow, blue)

Note

While running dbsat in a 12c Multitenant environment you must create the report on every PDB, otherwise you will get only a report from the CDB

Try it and have fun :-)

 

 

 

Veröffentlicht unter General | Verschlagwortet mit | Kommentar hinterlassen

What new?

Oracle_DB1

Interesting news about the coming Oracle 12 Release.

Release Schedule of Current Database Releases (Doc ID 742060.1)

Take a look :-)

Veröffentlicht unter Exadata, General, Oracle 12.2, Oracle Database | Kommentar hinterlassen

CFP für Exaday 2017 gestartet

exaday_2017-banner_468x180

Es geht los bis zum 13.2.2017 können Vorträge für den Exaday 2017 rund um das Thema Oracle Engineered Systems eingereicht werden

Ich freue mich auf viele spannende Vorträge …

http://exaday.doag.org/de/home/

Der Exaday 2017 findet dieses Jahr am 20. Juni 2017 in Frankfurt – Mörfelden statt

 

The Call for Paper is opened until 13.2.2017

Please submit for the Exaday 2017 all around the topic Oracle Engineered Systems

http://exaday.doag.org/de/home/

The Exaday 2017 will be this year on the 20 June 2017 in Frankfurt – Mörfelden (near by the airport)

 

 

 

 

Veröffentlicht unter Engineered Systems, Exadata | Verschlagwortet mit , , | Kommentar hinterlassen

Oracle Exadata Statement of Direction

There is a very interesting paper about the way of direction of the Exadata Database Machine.

http://www.oracle.com/technetwork/database/exadata/exadata-statementofdirection-2417679.pdf

 

Thanks a lot Günther Stürner.

Veröffentlicht unter Exadata, General | Kommentar hinterlassen

Exadata GI Upgrade 11.2.0.4 to 12.1.0.2 + PSU Jul2016

giupg

Recently I did a upgrade to Grid Infrastructure 12.1.0.2 on a few Exadata Clusters

Here my summary of the installation

Before you start please read the following MOS note 1681467.1. This note is very helpful and describes the whole procedure in a Exadata environment

It’s not only the Upgrade to 12.1.0.2. In the same „session“ I also install the GI PSU Jul 2016 and the Oneoff Patch 23273686 because there is a known BUG in the SCAN Listener area (see below)

At the end of the article some „real news“ from GI 12.1.0.2 (see below „real“ news)

So let’s start

First of all keep in mind that the clusterware must be „up and running”

Step 1 Oracle environment

 

 export SRVM_USE_RACTRANS=true 

 unset ORACLE_HOME ORACLE_BASE ORACLE_SID 

./runInstaller 

Step 2 GI Software Installation

The next slides show the GI Installation Procedure

gi_upg_1

gi_upg_2

gi_upg_3

gi_upg_4

gi_upg_5

gi_upg_6

gi_upg_7

gi_upg_8

gi_upg_9

gi_upg_10

gi_upg_12

gi_upg_13

If the Setup is at that point you need to do the following but

please don’t close the Installer window

Step 3 Install latest opatch tool

Download opatch tool  Patch 6880880 (better you did it before)

On a Exadata the Installation can be done in one step via dcli


dcli -l oracle -g dbs_group unzip -oq -d /u01/app/12.1.0.2/grid p6880880_121010_LINUX.zip -d /u01/patchdepot

Step 3 Install GI PSU JUL 2016 23273686


Node 1 srvdb01

[root@srvdb01]# /u01/app/12.1.0.2/grid/OPatch/opatch napply -oh /u01/app/12.1.0.2/grid -local /u01/patchdepot/23273686

Node 2 srvdb02

[root@srvdb02]# /u01/app/12.1.0.2/grid/OPatch/opatch napply -oh /u01/app/12.1.0.2/grid -local /u01/patchdepot/23273686

While there is a known BUG you should directly install the following Oneoff Patch 20734332 here the Doc ID 2166451.1 with the details

(SCAN Listener or local listener fails to start after applying Patch 23273629 – Oracle Grid Infrastructure Patch Set Update 12.1.0.2.160719 (Jul2016))

Step 4 rootupgrade.sh 

After you finish the PSU Jul 2016 & Oneoff Patch installation the rootupgrade.sh must be started


Node 1 srvdb01

[root@srvdb01 grid]# /u01/app/12.1.0.2/grid/rootupgrade.sh

Node 2 srvdb02

[root@srvdb02 grid]# /u01/app/12.1.0.2/grid/rootupgrade.sh

The rootupgrade.sh script works around 15 minutes so stay calm

It finished with the following messages here as example from the last Node 2 srvdb02

….

Successfully accumulated necessary OCR keys.

Creating OCR keys for user ‚root‘, privgrp ‚root‘..

Operation successful. 14:53:13 CLSRSC-474: Initiating upgrade of resource types

14:54:33 CLSRSC-482: Running command: ‚upgrade model  -s 11.2.0.4.0 -d 12.1.0.2.0 -p first‘

14:54:33 CLSRSC-475: Upgrade of resource types successfully initiated.

14:54:35 CLSRSC-325: Configure Oracle Grid Infrastructure for a Cluster … succeeded

gi_upg_14

Step 5 final tasks

finally some configuration tool runs and finished the GI Upgrade including PSU Jul 2016 and Oneoff Patch

And now the „real news“ in 12.1.0.2 

The most notable change belongs to the GIMR  (Grid Infrastructure Management Repository) 

Beginning with 12.1.0.1 it was an option installing the GIMR Database – MGMTDB

Starting with 12.1.0.2 it is mandatory and the MGMTDB database is automatically created as part of the upgrade installation process of 12.10.2 Grid Infrastructure. If you start a installation from scratch the GIMR Database is directly configured

Some interesting GI & MGMTDB commands

[oracle@srvdb01 ~]$ crsctl query crs activeversion

Oracle Clusterware active version on the cluster is [12.1.0.2.0]

[oracle@srvdb01 ~]$ crsctl query crs releaseversion

Oracle High Availability Services release version on the local node is [12.1.0.2.0]

[oracle@srvdb01 ~]$ crsctl query crs activeversion -f

Oracle Clusterware active version on the cluster is [12.1.0.2.0]. The cluster upgrade state is [NORMAL]. The cluster active patch level is [3351897854].

MGMTDB Checks


[oracle@srvdb01 ~]$ srvctl status mgmtdb -verbose
Database is enabled
Instance -MGMTDB is running on node srvdb01. Instance status: Open.

[oracle@srvdb01 ~]$ srvctl config mgmtdb
Database unique name: _mgmtdb
Database name:
Oracle home: <CRS home>
Oracle user: oracle
Spfile: +DBFS_DG/_MGMTDB/PARAMETERFILE/spfile.268.926345767
Password file:
Domain:
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Type: Management
PDB name: srv_cl12
PDB service: srv_cl12
Cluster name: srv-cl12
Database instance: -MGMTDB

Veröffentlicht unter Exadata, General, Grid Infrastructure, Oracle 12.1 | Verschlagwortet mit , , | Kommentar hinterlassen

DOAG Konferenz 2016

bildschirmfoto-2016-11-05-um-15-16-56

Noch eine Woche und ein paar Tage dann startet die DOAG Konferenz 2016.

Es warten viele Interessante Themen rund um das Thema Oracle.

Einfach mal über den Link ins Vortragsprogramm schauen.

http://2016.doag.org/de/home/

 

 

Veröffentlicht unter DOAG, Engineered Systems, Exadata | Kommentar hinterlassen

reinstall tfactl after GI Upgrade 12.1.0.2

tfactl

Recently I finished a Grid Upgrade from 11.2.0.4 to 12.1.0.2 + PSU JUL 2016. So far so good during a check I saw that the old tfactl tool under Software Release 11.2.0.4 where up and running.

That could not be okay.  So I start an Uninstall and Setup for Release 12.1.0.2.

What steps has to be done?

Check the actual tfactl installation


 /u01/app/grid/tfa/bin/tfactl print config

Start the unistall on both nodes


[root@db03 bin]# ./tfactl uninstall
TFA will be Uninstalled on Node db03: 

Removing TFA from db03 only
Please remove TFA locally on any other configured nodes

Notifying Other Nodes about TFA Uninstall...
Sleeping for 10 seconds...

Stopping TFA Support Tools...
Stopping TFA in db03...
Shutting down TFA
oracle-tfa stop/waiting
. . . . . 
Killing TFA running with pid 159597
. . . 
Successfully shutdown TFA..

Deleting TFA support files on db03:
Removing /u01/app/oracle/tfa/db03/database...
Removing /u01/app/oracle/tfa/db03/log...
Removing /u01/app/oracle/tfa/db03/output...
Removing /u01/app/oracle/tfa/db03...
Removing /u01/app/oracle/tfa...
Removing /etc/rc.d/rc0.d/K17init.tfa
Removing /etc/rc.d/rc1.d/K17init.tfa
Removing /etc/rc.d/rc2.d/K17init.tfa
Removing /etc/rc.d/rc4.d/K17init.tfa
Removing /etc/rc.d/rc6.d/K17init.tfa
Removing /etc/init.d/init.tfa...
Removing /u01/app/11.2.0.4/grid/bin/tfactl...
Removing /u01/app/11.2.0.4/grid/tfa/bin...
Removing /u01/app/11.2.0.4/grid/tfa/db03...

The same on the other node

The new tfactl Setup


[root@db03 install]# ./tfa_setup -silent -crshome /u01/app/12.1.0.2/grid
TFA Installation Log will be written to File : /tmp/tfa_install_63022_2016_10_18-14_30_43.log
Starting TFA installation

Using JAVA_HOME : /u01/app/12.1.0.2/grid/jdk/jre
Running Auto Setup for TFA as user root...
Installing TFA now...

TFA Will be Installed on db03...
TFA will scan the following Directories
++++++++++++++++++++++++++++++++++++++++++++
.-------------------------------------------------------.
| db03 |
+--------------------------------------------+----------+
| Trace Directory | Resource |
+--------------------------------------------+----------+
| /u01/app/12.1.0.2/grid/OPatch/crs/log | CRS |
| /u01/app/12.1.0.2/grid/cfgtoollogs | CFGTOOLS |
| /u01/app/12.1.0.2/grid/crf/db/db03 | CRS |
| /u01/app/12.1.0.2/grid/crs/log | CRS |
| /u01/app/12.1.0.2/grid/cv/log | CRS |
| /u01/app/12.1.0.2/grid/evm/admin/log | CRS |
| /u01/app/12.1.0.2/grid/evm/admin/logger | CRS |
| /u01/app/12.1.0.2/grid/evm/log | CRS |
| /u01/app/12.1.0.2/grid/install | INSTALL |
| /u01/app/12.1.0.2/grid/log | CRS |
| /u01/app/12.1.0.2/grid/network/log | CRS |
| /u01/app/12.1.0.2/grid/oc4j/j2ee/home/log | DBWLM |
| /u01/app/12.1.0.2/grid/opmn/logs | CRS |
| /u01/app/12.1.0.2/grid/racg/log | CRS |
| /u01/app/12.1.0.2/grid/rdbms/log | ASM |
| /u01/app/12.1.0.2/grid/scheduler/log | CRS |
| /u01/app/12.1.0.2/grid/srvm/log | CRS |
| /u01/app/oraInventory/ContentsXML | INSTALL |
| /u01/app/oraInventory/logs | INSTALL |
| /u01/app/oracle/crsdata/db03/acfs | ACFS |
| /u01/app/oracle/crsdata/db03/core | CRS |
| /u01/app/oracle/crsdata/db03/crsconfig | CRS |
| /u01/app/oracle/crsdata/db03/crsdiag | CRS |
| /u01/app/oracle/crsdata/db03/cvu | CRS |
| /u01/app/oracle/crsdata/db03/evm | CRS |
| /u01/app/oracle/crsdata/db03/output | CRS |
| /u01/app/oracle/crsdata/db03/trace | CRS |
'--------------------------------------------+----------'

Installing TFA on db03:
HOST: db03 TFA_HOME: /u01/app/12.1.0.2/grid/tfa/db03/tfa_home
.-----------------------------------------------------------------------------.
| Host | Status of TFA | PID | Port | Version | Build ID |
+----------+---------------+-------+------+------------+----------------------+
| db03 | RUNNING | 63460 | 5000 | 12.1.2.7.0 | 12127020160304140533 |
'----------+---------------+-------+------+------------+----------------------'

Running Inventory in All Nodes...
Enabling Access for Non-root Users on db03...

Adding default users to TFA Access list...
Summary of TFA Installation:
.--------------------------------------------------------------------.
| db03 |
+---------------------+----------------------------------------------+
| Parameter | Value |
+---------------------+----------------------------------------------+
| Install location | /u01/app/12.1.0.2/grid/tfa/db03/tfa_home |
| Repository location | /u01/app/oracle/tfa/repository |
| Repository usage | 0 MB out of 10240 MB |
'---------------------+----------------------------------------------'


Installing oratop extension..
TFA is successfully installed...
And also the same on the other node.

Last but not least check the new Setup on both Nodes


Check the status and configuration
tfactl print status 
tfactl print config


That's it. :-)
 
It is very easy and done in a few minutes.
tfactl is a helpful tool not only for Oracle Support 
take a few minutes and go through the following 
My Oracle Support Note: 1513912.1




 

Veröffentlicht unter Grid Infrastructure, Oracle 12.1 | Verschlagwortet mit , , | Kommentar hinterlassen

Neue Exadata-Maschine SL6 vorgestellt

oow_tag4

Exadata SL6

http://www.doag.org/home/aktuelle-news/article/neue-exadata-maschine-sl6-vorgestellt.html

Veröffentlicht unter General | Kommentar hinterlassen

OOW 2016 fünfter und letzter Tag

Die Zeit geht schneller vorbei als man denkt. Heute ist bereits der letzte Tag der OOW 2016.

Auf der Agenda stand ein Meeting mit Gurmeet Goindi vom Exadata Produktmanagement.

Wir haben die Topics für die DOAG Konferenz besprochen:

  • Treffen mit der Arbeitsgruppe Engineered Systems in Nürnberg am Vorabend der Konferenz
  • Präsentation von Gurmeet
  • Unconference Session

Gurneet legt besonderen Wert darauf, die offenen Fragen der Community in Deutschland zu beantworten. Ich freue mich sehr Ihn im Namen der DOAG in Nürnberg begrüßen zu dürfen. Alle Exadata Interessenten sollten sich diese Gelegenheit nicht entgehen lassen.

Ich hoffe, das es Spass gemacht die Neuigkeiten von der OOW 2016 zu verfolgen und freue mich auf ein Treffen während der DOAG Konferenz in Nürnberg

 

 

 

 

 

 

 

Veröffentlicht unter Engineered Systems, Exadata, General, Oracle 12.2 | Kommentar hinterlassen

OOW 2016 vierter Tag

oow_tag4

Erstaunlich wie schnell die Zeit rumgeht und schon läuft der vierte Tag der OOW 2016 in San Francisco.

Erster Vortag heute zum Thema MAA Best Practices. In 12.2 soll es endlich möglich sein mit einem Kommando per dbca und der Option -createstandby eine Standby Datenbank auf „Knopfdruck“ anzulegen. Daneben ist einiges im Umfeld Redo Apply getan worden. Das Stichwort lautet hier „Multi-Instance Redo Apply“. Daneben gibt es viele neue Verbesserungen im Multitenant Umfeld. Ein neues Whitepaper ist in Arbeit.

Weiter gehts zum Exadata Technical Deep Dive Architecture and Internals. Es wurden die neuen Möglichkeiten der Exadata SL6 und Software in Silicon vorgestellt. Die Details kann ich leider nicht beschreiben. Eines kann ich aber schon heute verraten der Exadata Produktmanager wird bei uns auf der DOAG Konferenz im November in Nürnberg sein. Also heute schon mal den Termin 15.11.2016 – 18.11.2016 vormerken.

Ein Feature muss ich doch kurz beschreiben und zwar wird es für die Exawatcher Daten zukünftig auch eine grafische Darstellung geben. Das sah auf den Folien wirklich gut aus.

Zum Abschluss ging es dann um das Thema Rapid Home Provisioning (RHP). Das Erstellen von Golden Images und das verteilen von Software wird zukünftig richtig spannend. Allerdings bedarf es da einer entsprechenden Option im Cloud Control. Hier muss man dann wirklich mal in die Dokumentation „einsteigen“, denn es handelt sich um ein interessantes, aber großes Themenfeld.

Tippfehler bitte ich zu entschuldigen, denn auch heute ist es spät geworden.

 

Veröffentlicht unter Engineered Systems, General, Oracle 12.2 | Kommentar hinterlassen