SUMMARY: Hardening Solaris 8 with Oracle
From: Colin Haffenden (Chaffend_at_msxi-euro.com)
Date: 09/13/04
- Previous message: Peter Stokes: "vold automatically starts AFTER system is running!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 13 Sep 2004 09:09:43 +0100 To: <sunmanagers@sunmanagers.org>
Thanks to John Christian, Tony Schloss and Luc I. Suryo
There replies below, in the order they came to me !
John gave me some info on whether the DBA's would need to use any GUI
tools, his message is below....
Hi Colin,
Oh yea, Oracle *not* offering a CLI install is a new trend. However,
you might consider un-installing (or disabling) all X-related services
after the installation is complete. Check with the DBA to see if there
are any GUI tools they plan to use long term. Depending on local network
security/performance, they could X back to their desktops. This would
reduce the need to have X servers running and listening on the server
itself.
My reason for asking about Oracle Reports Server was a recent issue I
encountered on a database server. The ORS *requires* an X-display be
available to connect to in order to run reports. Even if the reports are
batch jobs not viewed live by anyone, ORS still needs an X server to
function. A nice solution is available by setting up a virtual frame
buffer using Xvfb and twm. This config allows ORS to run on headless
hosts without the display having to be sent back to the developer's
workstation. (We were just thrilled the day we found out the giant,
redundant, report server hinged on a tenuous X session connected to some
developer's Windows PC.) Lemme know if you're interested in the Xvfb and
twm config we used.
-John Christian
Tony Schloss sent me a link to a document he wrote for his SANS
configuration that hit the nail right on the head and is exactly what I
was looking for, so and big thanks to Tony...
I did this as my project for my SANS certification way back; the paper
is
a bit old now, but if you're still using Solaris 8, it should still be
good. Note that it was written for a specific client, and written in
the
way that client liked procedures/instructions written, so it may not
look
very good from your perspective. The steps, however elementary, are
still
valid.
Anyway, hope this help; if you can't get the link for some reason, let
me
know and I'll email it to you (I think it's in PDF). The title is
"Instructions For Installing and Configuring a Hardened Version of the
Solaris 8 Operating System for Use as an Oracle Database Server" --
which
sounds a bit like what you're looking for <g>.
http://www.giac.org/practical/Tony_Schloss_GCUX.zip
Good luck.
Tony
Luc I Suryo said that he uses JASS to install servers with Solaris 8
and Oracle and kindly sent me the profile....
yup we have... we indeed use JASS
>
> I have a requirement for a webserver and Oracle 9i. All our current
> webservers are hardened via Jass and this website
> http://www.spitzner.net/
>
> What I want to know is, has anyone hardened a Solaris 8 box running
> Oracle 9i (or even earlier versions ?).
>
> If so what are the minimum packages required to run Oracle ?
I worked with the JASS ppl. couple years ago and here what works for
me
(solaris 8 tested with both Oracle 8 and Oracle 9)
Below is our profile.. you could delete the raid and freeware stuff
hope this may help abit:
-ls
#
# This for Base server
#
# install_type MUST be first
install_type initial_install
# install system as standalone
system_type standalone
# start with the minimal required number of packages
cluster SUNWCreq
# To Support X-Application need the LibC library
package SUNWlibC add
package SUNWlibCx add
# To support 64 bit
package SUNWcarx add
package SUNWcslx add
package SUNWcslx add
package SUNWcsxu add
package SUNWesxu add
package SUNWhmdx add
package SUNWkvmx add
package SUNWlmsx add
package SUNWlocx add
package SUNWpdx add
# Manual Pages
package SUNWman add
package SUNWesu add
package SUNWdoc add
# To Support NIS
package SUNWypr add
package SUNWypu add
package SUNWsprot add
package SUNWnisr add
package SUNWnisu add
# To support the Network Time Protocol
package SUNWntpr add
package SUNWntpu add
# To use SunOS tools
package SUNWscpu add
package SUNWbcp add
# To support Simple Mail Transport Protcol
package SUNWsndmu add
package SUNWsndmr add
# To support truss
package SUNWtoo add
package SUNWtoox add
# To support snoop
package SUNWfns add
package SUNWfnsx add
# To support Secure Shell X Tunneling
package SUNWxcu4 add
package SUNWxcu4x add
package SUNWxcu4t add
package SUNWxwplt add
package SUNWxwplx add
package SUNWxwrtl add
package SUNWxwrtx add
# To support Secure Shell
package SUNWxwice add
package SUNWxwicx add
# To Support DiskSuite
package SUNWctpls add
package SUNWmfrun add
# To support Semaphore control
package SUNWipc add
package SUNWipcx add
# To Support sar/sag/accounting
package SUNWaccu add
package SUNWaccr add
# To Support SNMP
package SUNWmibii add
package SUNWsasnm add
package SUNWsasnx add
package SUNWsadmi add
package SUNWsadmx add
package SUNWsacom add
# To Support Fibre Channel/Raid system
package SUNWses add
package SUNWsesx add
package SUNWssad add
package SUNWssadx add
package SUNWssaop add
package SUNWfctl add
package SUNWfctlx add
package SUNWfcip add
package SUNWfcipx add
package SUNWfcp add
package SUNWfcpx add
package SUNWluxd add
package SUNWluxdx add
package SUNWluxl add
package SUNWluxop add
package SUNWluxox add
package SUNWqlc add
package SUNWqlcx add
# To Support Java
package SUNWj2pi add
package SUNWjcom add
package SUNWjcomx add
package SUNWjmfp add
package SUNWjsnmp add
package SUNWjvdev add
package SUNWjvjit add
package SUNWjvman add
package SUNWjvrt add
package SUNWj2dev add
package SUNWj2man add
package SUNWj2rt add
package SUNWj3dev add
package SUNWj3man add
package SUNWj3rt add
# Several Freeware pkgs
package SUNWzip add
package SUNWzlib add
package SUNWzlibx add
package SUNWzsh add
package SUNWbash add
package SUNWbash add
package SUNWtcsh add
package SUNWless add
package SUNWbzipx add
package SUNWbtool add
package SUNWbtoox add
# To support Quad Fast Ethernet
package SUNWqfed add
package SUNWqfedu add
package SUNWqfedx add
# To have headers file in /usr/include
package SUNWaudh add
package SUNWhea add
package SUNWsrh add
package SUNWxwhl add
package SUNWlibm add
package SUNWlibms add
partitioning explicit
filesys c2t0d0s0 2048 /
filesys c2t0d0s1 2048 swap
# Add for DiskSuite
filesys c2t0d0s7 10
# rest of disk for export
filesys c2t0d0s3 free /export
# If Second disk is installed and DiskSuite
### filesys c0t1d0s0 free
### filesys c0t1d0s7 10
# If Third disk is installed and DiskSuite
### filesys c0t2d0s0 free
### filesys c0t2d0s7 10
locale en_US
Original message....
Hi All,
I have a requirement for a webserver and Oracle 9i. All our current
webservers are hardened via Jass and this website
http://www.spitzner.net/
What I want to know is, has anyone hardened a Solaris 8 box running
Oracle 9i (or even earlier versions ?).
If so what are the minimum packages required to run Oracle ?
I'm hoping to just install the core cluster and add a few packages (I
know Oracle requires X Windows, but am not sure of which packages).
It would be nice to be able to set this all up on my jumpstart server
so I have a "hardened oracle" image.
I've googled this with no luck...
Any help is greatly appreciated and I will summarise...
Thanks,
Colin.
This Message has been Checked at MSXI for all known Viruses.
You open this at your own risk. Please make sure all replies are
also virus free.
Also we do not accept or send Attachments of the type .exe, .vbs,
scr, or .bat due to the virus risk they can contain. These types of
attachments will be stripped from the message.
MSXI
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Peter Stokes: "vold automatically starts AFTER system is running!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
