Resources |
Links of Interest |
Audit
Vault Technology Center
Audit
Vault Documentation
Auditor's
Guide
Audit
Vault Downloads
Download
Licenses and CDs
|
|
Operating System |
Oracle Unbreakable Linux
4.0 |
|
Operating System Installation and Configuration |
Option instructions to verify O/S installation |
# Verify the
Linux version
$ cat /etc/issue
# Verify kernel version is 2.4.21-138 (or later)
$ uname -r
# Verify packages are appropriate
# gcc-3.2.2-38 or later
# make-3.79 or later
# binutils-2.12
# openmotif-2.2.2-124
$ rpm -q gcc make binutils openmotif
-- If the following packages are not
installed get them from Disk 3
rpm -Uvh libaio-0.3.105-2.i386.rpm
rpm -Uvh libaio-devel-0.3.105-2.i386.rpm
-- If the following rpms are not installed get them from Disk 4
rpm -Uvh elfutils-libelf-devel-0.97.1-3.i386.rpm
rpm -Uvh elfutils-devel-0.97.1-3.i386.rpm
# Verify the amount of RAM (min. 512MB)
$ grep MemTotal /proc/meminfo
# Verify the amount of swap space (min. 2X RAM)
$ grep SwapTotal /proc/meminfo
# Verify the amount of free disk space (min. 1.4 GB) for software
$ df -h
# Verify the amount of free disk space (min.
700 MB) for database files.
# The actual amount of space required depends on transactions
and
# transaction volume.
$ df -h
# Verify the amount of free disk space in /tmp
$ df -h /tmp
# There must be at least 400MB |
As root: Create DBA Group and Oracle User |
/usr/sbin/groupadd
oinstall
/usr/sbin/groupadd dba
/usr/sbin/groupadd oper
/usr/sbin/useradd -m -g oinstall -G dba,oper oracle
id oracle
passwd oracle
-- set the password to oracle1
id nobody/
-- if nobody does not exist then
/usr/sbin/useradd nobody |
As root: Create Installation Directories |
mkdir -p /app/oracle
chown -R oracle:dba /app/oracle
chmod -R 775 /app/oracle
mkdir /stage
chown -R oracle:dba /stage |
As root: Alter Kernel Parameters in sysctl.conf by appending the
highlighted text. |
--
modify kernel parameters in sysctl.conf
cat >> /etc/sysctl.conf
<<EOF
fs.file-max = 65536
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
net.core.rmem_default = 1048576
net.core.rmem_max = 1048576
net.core.wmem_default = 262144
net.core.wmem_max = 262144
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_local_port_range = 1024 65000
EOF
|
-- activate changes
/sbin/sysctl -p
|
As root: Set Shell Limits |
-- modify limits.conf
cat >> /etc/security/limits.conf <<EOF
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
EOF |
-- Modify /etc/pam.d/ login
-- read the file and place above the last lines as indicated
session required /lib/security/pam_limits.so
session required pam_limits.so |
|
As root: Change Default Profile |
cd /etc
-- if Bourne, Korn or Bash shell
cat >> /etc/profile <<EOF
if [ \$USER = "oracle" ]; then
if [ \$SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
EOF
|
-- if C shell
cat >> /etc/csh.login <<EOF
if ( \$USER == "oracle" ) then
limit maxproc 16384
limit descriptors 65536
end if
EOF
|
|
As root: Append servers to hosts file |
cd /etc
Note: the line:
127.0.0.1 omega#.psoug.org
omega# localhost.localadmin localhost
must remain. If you delete it ... nothing will work properly.
vi hosts
192.168.1.211 |
alpha1 |
alpha1.psoug.org |
192.168.1.212 |
alpha2 |
alpha2.psoug.org |
192.168.1.221 |
beta1 |
beta1.psoug.org |
192.168.1.222 |
beta2 |
beta2.psoug.org |
192.168.1.231 |
gamma1 |
gamma1.psoug.org |
192.168.1.232 |
gamma2 |
gamma2.psoug.org |
192.168.1.241 |
delta1 |
delta1.psoug.org |
192.168.1.242 |
delta2 |
delta2.psoug.org |
Note:
names must be resolve only through /etc/hosts. Verify this:
cat /etc/nsswitch.conf | grep hosts
-- ping all hosts (substitute actual node names for the
"omega")
ping 192.168.1.1
ping www.oracle.com
ping omega1
ping omega2
ping omega1.psoug.org
ping omega2.psoug.org
|
As root: Edit /home/oracle .bashrc |
# cd
/home/oracle
vi .bashrc
-- append the following:
umask 022
ORACLE_BASE=/app/oracle/product
ORACLE_HOME=/app/oracle/product/10.2.2/av_1
ORACLE_SID=avomega
# on the secondary use prodomega
LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
TMP=/tmp
TEMP=/tmp
TMPDIR=/tmp
PATH=$ORACLE_HOME/bin:$PATH
export PATH ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH
export TMP TEMP TMPDIR
alias oh='cd $ORACLE_HOME'
alias sql='sqlplus "/ as sysdba"' |
|
|
Audit Vault Installation |
As root: Assuming files are located at /vol/stage |
IF outside
the PSOUG lab THEN
http://otn.oracle.com
... click on downloads
ELSE ...
# mount -rt nfs 192.168.10.100:/vol/stage /mnt
# cd /mnt/avserver
# ls -al
# cp *server* /stage
# exit and log off |
As oracle: Unzip the installation files and start the installer |
# cd /stage
# ls -al
# unzip a*
# cd server
# ls -al
# ./runInstaller |
|
Source
Database |
Source Database Configuration |
set pagesize
35
set linesize 121
col NAME format a30
col VALUE format a20
col DESCRIPTION format a60
-- visible parameters
SELECT x.ksppinm NAME, y.ksppstvl VALUE, ksppdesc DESCRIPTION
FROM x$ksppi x, x$ksppcv y
WHERE x.inst_id = userenv('Instance')
AND y.inst_id = userenv('Instance')
AND x.indx = y.indx
AND SUBSTR(x.ksppinm,1,1) ^= '_'
ORDER BY 1;
-- hidden parameters
SELECT x.ksppinm NAME, y.ksppstvl VALUE, ksppdesc DESCRIPTION
FROM x$ksppi x, x$ksppcv y
WHERE x.inst_id = userenv('Instance')
AND y.inst_id = userenv('Instance')
AND x.indx = y.indx
AND SUBSTR(x.ksppinm,1,1) = '_'
ORDER BY 1;
-- scope=BOTH
ALTER SYSTEM SET global_names = TRUE SCOPE=BOTH;
ALTER SYSTEM SET undo_retention = 3600 SCOPE=BOTH;
ALTER SYSTEM SET "_spin_count" = 5000 SCOPE=BOTH;
-- scope=SPFILE
ALTER SYSTEM SET audit_trail =
DB_EXTENDED SCOPE=SPFILE;
ALTER SYSTEM SET audit_sys_operations = TRUE SCOPE = SPFILE;
ALTER SYSTEM SET "_job_queue_interval" = 1 SCOPE=SPFILE;
shutdown immediate;
startup mount exclusive;
ALTER DATABASE archivelog;
ALTER DATABASE force logging;
ALTER DATABASE add supplemental log data;
alter database open;
SELECT log_mode
FROM v$database;
col dest_name format a20
col destination format a50
SELECT dest_id, dest_name, destination, valid_now
FROM gv$archive_dest; |
|
Agent Installation |
As root: Assuming files are located at /vol/stage |
IF outside
the PSOUG lab THEN
http://otn.oracle.com
... click on downloads
ELSE ...
# cd /etc
# vi hosts
-- add an entry for the audit vault server
192.168.1.2##
omega1.psoug.org psoug.org
# mount -t nfs 192.168.10.100:/vol/stage /mnt
# cd /mnt/avagent
# ls -al
# cp a* /stage
# cd /stage
# ls -al
# unzip a*
# cd avagent/linux_x32
# ls -al
# ./runInstaller |
|
Shell Scripts |
Sample Startup |
$ORACLE_HOME/bin/lsnrctl start
sleep 15
$ORACLE_HOME/bin/sqlplus /nolog <<EOF1
connect / as sysdba
startup
EOF1
sleep 15
$OMA_HOME/bin/emctl start agent
$OMS_HOME/bin/emctl start oms
$OMS_HOME/opmn/bin/opmnctl startall |
Sample Shutdown |
$OMS_HOME/opmn/bin/opmnctl stopall
$OMA_HOME/bin/emctl stop agent
$OMS_HOME/bin/emctl stop oms
$ORACLE_HOME/bin/sqlplus /nolog <<EOF1
connect / as sysdba
shutdown immediate
EOF1
$ORACLE_HOME/bin/lsnrctl stop |
|
AV Server Installation
Screenshots |
Step 1
Begin Installation Process
|
|
Step 2
Installation Type |
|
Step 3
Advanced Installation Details |
|
Step 4
Database Vault User Credentials |
|
Step 5
Specify Inventory Directory and
Credentials |
|
Step 6
Product-Specific Prerequisite
Checks |
|
Step 7
Specify Database Storage Option |
|
Step 8
Backup and Recovery Options |
|
Step 9
Specify Database Schema Passwords |
|
Step 10
Summary Screen |
|
Step 11
Installation In Progress |
|
Step 12
Configuration Assistants |
|
Step 13
Password Management |
|
Step 14
Configuration Shell Scripts |
|
Step 15
End of Installation |
|
Step 16
Avadmin Screen |
|
Step 17
SQL*Plus: SYSDBA |
|
Step 18
SQL*Plus: Schemas |
|
Step 19:
SQL*Plus: Objects by Schema |
|
Step 20
AVSYS Objects |
|
Step 21
Separation of Duties |
|
|
AV Server Installation
Screenshots |
Step 1 |
|
Step 2 |
|
Step 3 |
|
Step 4 |
|