Tag Archives: Trivadis Content

Blog posts also posted on the Trivadis Blog (TriBlog)

Update: Oracle released CPU / PSU January 2012

As I mentioned in a previous post Oracle CPU / PSU Pre-Release Announcement Januar 2012 the CPU / PSU patches are available for 10g and 11g. Whereby the download of 10g patches is again possible without a corresponding Extended Support contract. I assume this is related to the SCN flaw. This Critical Patch Update contains 78 new security vulnerability fixes for several Oracle products. 2 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 5.5, which seams to be not critical. On the other hand it look like one of this bug fix is related to the Oracle SCN flaw. I’ll post a few comments on this later this week.

Core RDBMS (related to the SCN flaw)
Listener

The Database Server Patch’s are available for Oracle Database 11g Release 2 (11.2.0.2,11.2.0.3), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). It looks like that the first CPU in 2012 is as well the first one for 11.2.0.3.

Oracle Database 11.2.0.3 => normal CPU/PSU
Oracle Database 11.2.0.2 => normal CPU/PSU
Oracle Database 11.1.0.7 => normal CPU/PSU
Oracle Database 10.2.0.x => normal CPU/PSU

A bunch of useful links around the current CPU / PSU:

Oracle Critical Patch Update Advisory – January 2012
Oracle Critical Patch Update January 2012 Documentation Map [1368685.1]
Patch Set Update and Critical Patch Update January 2012 Availability Document [1374524.1]

As well as a few generic links about CPU / PSU:

Critical Patch Updates and Security Alerts
Release Schedule of Current Database Releases [ID 742060.1]
Risk Matrix Glossary – terms and definitions for Critical Patch Update risk matrices [ID 394486.1]
Use of Common Vulnerability Scoring System (CVSS) by Oracle [ID 394487.1]
DB, FMW, EM Grid Control, and OCS Software Error Correction Support Policy [ID 209768.1]

New release of Oracle Audit Vault

Somewhen beginning of 2012 Oracle has secretly released an update of Oracle Audit Vault. So far just for Linux x86-64bit but I guess other OS will follow. The new release is available trough OTN or Oracle eDelivery. You’ll have to download around 2.3GB for the Audit Vault Server and an other 620MB for the Audit Vault Collection Agent. According the Oracle Audit Vault documentation this release has the following new features.

Starting with this release Oracle use a 11.2.0.3 Database as Audit Vault repository
change of console URL respectively port from old http://host:5700/av to new https://host:1158/av
Updated MS SQL Server JDBC Driver. MS SQL Server JDBC Driver version 3.0 has to be used to configure Microsoft SQL Server source databases
Support for Sybase Adaptive Server Enterprise 15.5 and IBM DB2 9.7 for Linux, UNIX and MS Windows
SSL and HTTPS is automatically configured. Due to this a two avca command have been removed (secure_agent,secure_av)

OK the update to 11gR2 was somehow foreseeable. I wonder more why it took that long. Any way, I’ll setup a VM to do a short test installation and check how to new Audit Vault does look like. I’ll post my experience on the installation a bit later.

More details on these new features as well on all changes for 10.2.3.2 and 10.2.3.1 can be found in Oracle® Audit Vault Administrator’s Guide and Oracle Audit Vault Auditor’s Guide on OTN.

Oracle CPU / PSU Pre-Release Announcement Januar 2012

Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 78 new security vulnerability fixes for several Oracle products. 2 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 5.5, which seams to be not critical. But on the other hand Oracle mention that 1 of this 2 fixes can may be remotely exploitable without authentication. If this is true, I would expect a higher CVSS rating. We will see it next week in detailed. Nevertheless the following Database Server Products are affected.

Core RDBMS
Listener

So far the Database Server Patch’s are planned for Oracle Database 11g Release 2 (11.2.0.2,11.2.0.3), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). It looks like that the first CPU in 2012 is as well the first one for 11.2.0.3.

The official release for the CPU / PSU is planned for next week 17 Januar 2012. More details about the patch will follow soon on the Oracle Security Pages:

Critical Patch Updates and Security Alerts
Oracle Critical Patch Update Pre-Release Announcement – January 2012
Or posted here 🙂

Oracle Released EM 12c Cloud Control for Solaris

As Oracle announce in there MOS Note 793512.1 EM 12c Cloud Control will be release in Q4. I would have bet it comes on 31 December, but Oracle just released EM12c for SPARC Solaris as well as for Solaris x86_64. I’ve just stated to download the software. Like for Linux there also two ZIP archive for each solaris release. Total size for each OS is almost 6GB. In addition to EM12c you have to download Oracle database 11g if you haven’t done it yet.

Ok, here are the links and information related to EM12c for Solaris:

OTN Enterprise Manager downloads
Enterprise Manager Cloud Control 12c Release 1 (12.1.0.1) Linux x86 (32-bit)
Enterprise Manager Cloud Control 12c Release 1 (12.1.0.1) Linux x86-64 (64-bit)
Enterprise Manager Cloud Control 12c Release 1 (12.1.0.1) Solaris Operating System (SPARC)
Enterprise Manager Cloud Control 12c Release 1 (12.1.0.1) Solaris Operating System (x86-64)
Oracle Enterprise Manager Cloud Control Documentation
Release Schedule of Current Enterprise Manager Releases and Patch Sets [793512.1]

Beside the EM12c downloads, there are also EM12c agents as separate download for Linux x86 (32-bit), Linux x86-64 (64-bit), Solaris Operating System (SPARC) and Solaris Operating System (x86-64) available. Download URL’s and documentation is available at the OTN page Enterprise Manager Agent Downloads. Each agent is about 250MB but these files can not be used to install a fresh 12.1 agent. This file will be used by 12.1 Self Update feature in offline mode. For information on using the Self Update feature, refer to the Oracle Enterprise Manager Cloud Control Administrator’s Guide.

Mmh, now I just need a solaris test box to start with EM12c…

Howto change SYSMAN password in 12C Cloud Control

I was on leave for the past few weeks. After digging through tons of e-mails I finally found time to look into EM 12 Cloud Control. Unfortunately, I’ve forgotten my SYSMAN password and the EM 12c test installation is no longer running. As you say: “Holidays where one forgets everything, must be good holidays.”

So far so good, but what about my problems. Lets start with EM 12c which is not running. I started the VM from scratch. After login in over ssh I’ve realized that the EM 12c infrastructure is running. To my surprise the installer configured the start / stop script gcstartup in /etc/init.d and the corresponding rc directories. The script exists already since EM 10g but I’ve never used it. Unfortunately nobody created the start / stop script for the database and the listener. As soon as starting them manually I’ve just have to bounce the EM 12c to be up and ready again. It is not enough to just start the database. Restarting or starting the OMS is also necessary due to the fact that the OMS is not started when the database is not available during the startup of EM 12c. Oracle described this in a MOS Note EM Cloud Control 12c OMS not able to start after server reboot [1367876.1]

My second problem is quite a common issue. You’ll find some notes on how to change the SYSMAN password for EM 10/11g, DB Console and new as well for EM 12c. Basically it is done in a similar way as in EM 11g. It is just a little easier because it is not necessary to do the change in two steps. You may use use emctl to change the SYSMAN password for the OMS infrastructure and well the database account. That’s also what you can specify the SYS password when using emctl.

Stop all OMS: emctl stop oms
Change the password: emctl config oms -change_repos_pwd -use_sys_pwd -sys_pwd sys user password -new_pwd new sysman password
Stop the Admin server and restart all OMS: emctl stop oms -all; emctl start oms

An example output:

emctl config oms -change_repos_pwd -use_sys_pwd -sys_pwd manager -new_pwd tiger 
Oracle Enterprise Manager Cloud Control 12c Release 12.1.0.1.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
Changing passwords in backend ...
Passwords changed in backend successfully.
Updating repository password in Credential Store...
Successfully updated Repository password in Credential Store. 
Restart all the OMSs using 'emctl stop oms -all' and 'emctl start oms'. 
Successfully changed repository password.

More information on these topic’s can be found in the following MOS notes:

12C Cloud Control: Steps to Modify the SYSMAN Password at OMS and Repository [1365930.1]
How to Change the Password of SYSMAN User in 10g and 11g Grid Control? [270516.1]
EM Cloud Control 12c OMS not able to start after server reboot [1367876.1]

Update: Oracle released CPU / PSU October 2011

Oracle has just officially released the CPU / PSU Patches for october 2011. In contrast to the previously announced 56 bug fixes, there are now 57 bug fix. It looks like another bug fix for databases has been added to the CPU / PSU bundle. Never the less none of them is remote exploitable without authentication. None of these fixes are applicable to client-only installations. The maximum CVSS rating for the database vulnerabilities is still 6.5.

The following Database Server Products are affected.

Application Express
Core RDBMS
Database Vault
Oracle Text

As I mentioned in a previous post Oracle CPU / PSU Pre-Release Announcement October 2011 the CPU / PSU patches are available for 10g and 11g. Whereby the download of 10g patches is only possible with a corresponding Extended Support contract. Brief overview of the available versions

Oracle Database 11.2.0.3 => no CPU/PSU bug fix are included in patchset
Oracle Database 11.2.0.2 => normal CPU/PSU
Oracle Database 11.1.0.7 => normal CPU/PSU
Oracle Database 10.2.0.x => Extended support contract required

A bunch of useful links around the current CPU / PSU:

Oracle Critical Patch Update Advisory – October 2011
Oracle Critical Patch Update October 2011 Documentation Map [ID 1339643.1]
Patch Set Update and Critical Patch Update October 2011 Availability Document [ID 1346104.1]
US-CERT Oracle Releases Critical Patch Update for October 2011

As well as a few generic links about CPU / PSU:

Critical Patch Updates and Security Alerts
Release Schedule of Current Database Releases [ID 742060.1]
Risk Matrix Glossary – terms and definitions for Critical Patch Update risk matrices [ID 394486.1]
Use of Common Vulnerability Scoring System (CVSS) by Oracle [ID 394487.1]
DB, FMW, EM Grid Control, and OCS Software Error Correction Support Policy [ID 209768.1]

Oracle CPU / PSU Pre-Release Announcement October 2011

Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 56 new security vulnerability fixes for several Oracle products. 4 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 6.5, which is high but not critical. The following Database Server Products are affected.

Application Express
Core RDBMS
Database Vault
Oracle Text

So far the Database Server Patch’s are planned for Oracle Database 11g Release 2 (11.2.0.2), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). There seems to be no CPU patch for 11.2.0.3.

The official release for the CPU / PSU is planned for next week 18 October 2011. More details about the patch will follow soon on the Oracle Security Pages:

Critical Patch Updates and Security Alerts
Oracle Critical Patch Update Pre-Release Announcement – October 2011
Or posted here 🙂

Howto install Oracle Enterprise Manager Cloud Control 12c Release 1

Requirements

First of all lets start with the requirements. Which OS and database is supported for the OMS, Agent and repository database? The documentation is a bit thin on this topic (Oracle® Enterprise Manager Cloud Control Release Notes Prerequisites) and refers to the Metalink Certification Matrix.

Supported OS for the OMS and Agent are currently only the following Linux x86-64:

Oracle Linux 5 Update 2+
Asianux 3
Red Hat Enterprise Linux 5 Update Level 2+
SLES 11

Details about the required package is available in the Oracle® Enterprise Manager Cloud Control Basic Installation Guide Package Requirements for Oracle Management Service.

The OMS repository is currently certified with the following database release:

Oracle 11.2.0.3.0 (somehow not yet or not anymore in the MOS certification matrix)
Oracle 11.2.0.2.0
Oracle 11.2.0.1.0
Oracle 11.1.0.7.0
Oracle 10.2.0.5.0

The Prerequisites of chapter 6 Installing Enterprise Manager System in Oracle® Enterprise Manager Cloud Control Basic Installation Guide lists a few one-off Patch when using a 11.2.0.1.0 database. In general I would any way recommend to use the latest release as well the latest PSU.

The minimal hardware requirements for the OMS is a bit more than earlier releases. The table is just copy from Oracle® Enterprise Manager Cloud Control Basic Installation Guide Meeting Hardware Requirements.

	Small	Medium	Large
	1 OMS, < =1000 targets, <100 agents	2 OMSes for < =10,000 targets and <1000 agents	>2 OMSes, >=10,000 targets, >=1000 agents
CPU Cores/Host	2	4	8
RAM	4 GB	6 DB	8 GB
RAM with ADP, JVMD	6 GB	10 DB	14 GB
Oracle WebLogic Server JVM Heap Size	512 MB	1 DB	2 GB
Hard Disk Space	7 GB	7 DB	7 GB
Hard Disk Space with ADP, JVMD	10 GB	12 DB	14 GB

Test Environment

To test Enterprise Manager Cloud Control I decide to use as usual a VM on my notebook. This means that the repository DB, OMS and Agent to run in a single VM. Based on the requirements above I end up with the following setup.

Hardware/VM Configuration:

VMWare Fusion 4.0.2
2 Core’s
4 GB Ram
4 VM Disk not pre-allocated (20GB root, 4GB swap, 2*20GB data and software
1 Network Interface

OS Configuration:

Oracle Enterprise Linux x86-64bit 5 update 6
OS has been setup through kickstart with these additional packages. Full KS file is attached to the blog post

oracle-validated, kernel-headers, sysstat, setarch, rng-utils

Kernel parameter should be set by oracle-validated

Repository Database:

Oracle Enterprise Edition 11.2.0.3.0
Database Components JVM, XDB, Multimedia (could probably be stripped down)
Init.ora parameter dedicated to EM12C:
- SGA_TARGET=2G
- SHARED_POOL_SIZE=600M
- PGA_AGGREGATE_TARGET=1G
- PROCESSES=300
- JOB_QUEUE_PROCESSES=20
- SESSION_CACHED_CURSORS=300
- MEMORY_TARGET => should not be used

Software

next to the operating system and database software you need only the two zip files (em12_linux64_disk1of2.zip, em12_linux64_disk2of2.zip) from OTN to install EM12C. It is no longer necessary to search for Patch’s, WLS or JDK’s and download them. The software package for EM12C include everything you need to install the OMS and Agents.

Oracle Linux Release 5 Update 6 for x86_64 (64 Bit) from Oracle eDelivery Part V24479-01
Oracle Enterprise Edition 11.2.0.3.0 Patchset 10404530 from MOS
Oracle Technology Netowrk Enterprise Manager Cloud Control 12c Release 1 (12.1.0.1) for Linux x86-64

Installation

Now that the test environment and repository database is ready lets start the installation. According to the presentation Oracle Enterprise Manager 12.1 – Cloud Control Upgrade it should be much easier. However the setup will start as usual with the RunInstaller.

./runInstaller

The installer starts as usual with the welcome screen and the optional question of the an e-Mail account to get informed about updates and security issues. The color layout of the dialog boxes has changed slightly. Otherwise, business as usual

On the second screen you may specify your MOS credentials to instantly download the latest updates. Just hope that there are not yet any 😉

In the third step the installer check’s the system prerequisites. Failed step’s can be fixed and be retested or just ignored. Because I’ve installed the RPM oracle_validated all dependent packages are installed some kernel parameters are adjusted.

On the third step you have to specify the installation type and location of the middleware. For my test case I just select simple installation and /u00/app/oracle/product/middleware as the middlware home

The WLS Administrator credentials and the repository connection details have to be specified on the fifth screen.

Just right after you press next the installer connect’s to the repository database and check’s if the database can be used as EM repository. First it checks if there is a default CBO stats gathering job. You may let the installer fix this by pressing yes.

Second it checks the database configuration parameter and space setting. The information provided here do not have to be fixed immediately. The adjustments can be done after the installation of EM. In my first installation I’ve had a few failing prerequisites more. Since I set the init.ora parameter according the section above only three are left. I’ll fix all three of them after the installation. OK, redo size of 300M on my test VM I will just ignore.

Screen six sum up all information provide so fare before the installation starts.

The installation it self is presented in a nice new way. For each installation step there is a direct link to its log file.

If something fail, you can immediately verify the issue by clicking the link to the log. As soon you fixed the issue, you can rerun the failed step. In my case the VM run out of memory (Physical and Swap) and the OMS could not be started.

I’ve extend the swap space up to 4G and restarted the step.

Done…. The last screen of the installation display the link information for the EM Cloud Control Console and the Administration URL. All information is also available in the file setupinfo.txt.

First impression

Connecting the first time with EM console allows you to select you preferred EM Home page based on you role. E.g there is one for EM Administrators which looks quite similar to the old home page. Other home pages a displaying immediately information important to a Database Administration, WLS Administrator, Support personnel or other.

As a first step I’ve added a DB Target to get more information displayed in my EM. I’ve just run a bit out of time, thats why I haven’t yet more screen shots to display. I’ll provide a few more later.

Round up

All together the installation of EM Cloud Control 12c is much easier than installing one of the earlier releases. Oracle finally packed all together in one software package and one installer. I do not have to care anymore about the right JDK or WLS version. They are just installed. The side effect on this is that also on the OS everything is installed on the same place. Where at 10g and 11g separate directories has been used for OMS and agent, they are now below the middleware directory. Which is not really an issue, you only need to adjust any scripts and environment variables.

Apart from the simple installation procedure, I also like the small improvements while checking the prerequisites. Things which have to be fixed can be fixed immediately. Others, which are required to run the OMS, but not to finish the installation, can be fixed afterwards.

The only drawback I see after my first short tests are the quite high CPU and memory needs. For a regular system, this is not really a problem. But for a road warrior where all testing is done on a notebook, a VM with a 4-6GB is quite an issue.

References

A collection of links to MOS Notes and Oracle documentation about Enterprise Manager Cloud Control 12c (12.1.0.1.0):

Oracle Technology Network Oracle Enterprise Manager 12c
Enterprise Manager Cloud Control Documentation 12c Release 1 (12.1)
MOS Note: How to Install Enterprise Manager Cloud Control 12.1.0.1 (12c) [1359176.1]
MOS Note: EM12c: How to install Enterprise Manager Cloud Control 12c Agent [1360183.1]
MOS Note: How to Install Enterprise Manager Cloud Control 12.1.0.1 (12c)
using Software-only Method [1364002.1]
MOS Note: How to Install Enterprise Manager Cloud Control 12.1.0.1 (12c)
using Software-only Silent Install Method with Response File [ID 1364025.1]
MOS Note: FAQ: Enterprise Manager Cloud Control 12c Install / Upgrade Frequently Asked Questions [1363863.1]
MOS Note: Enterprise Manager Cloud Control 12c Installation
List of the Log Files and Commands to Zip them into One Zip Archive [1363779.1]
MOS Note: Enterprise Manager Cloud Control 12c Agent Installation
List of the Log Files and Commands to Zip them into One Zip Archive [1367301.1]

OraDBA

Just another Site about Oracle, Database Security, Linux, Mac OS X and more