Set Kernel Parameters

Add the following lines to the /etc/sysctl.conf file:

kernel.shmall = 2097152
kernel.shmmax = 2147483648 (half the size of physical memory)
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=262144
net.core.rmem_max=262144
net.core.wmem_default=262144
net.core.wmem_max=262144

# uit pro RAC boek patrick

net.ipv4.tcp_rmem = 4096 262144 524288
net.ipv4.tcp_wmem = 4096 262144 524288
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_retries2 = 3
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1

# Uit linux troubleshooting bible

# stop syn-flood attacks

net.ipv4.tcp_syncookies = 1

# Throws off people trying to fingerprint your OS by its TTL (def=64)

net.ipv4.ip_default_ttl = 61

# stops the routing table from being modified by packets non-sourc routed
net.ipv4.conf.all.accept_redirects = 0

# same as above but stops your system doing the same to others
net.ipv4.conf.all.send_redirects = 0

Run the following command to change the current kernel parameters:

sbin/sysctl -p

Add the following lines to the /etc/security/limits.conf file:

* soft nproc 2047

* hard nproc 16384
 * soft nofile 1024
* hard nofile 65536

Add the following line to the /etc/pam.d/login file, if it does not already
exist:

session required /lib/security/pam_limits.so

Disable secure linux by editing the /etc/selinux/config file, making sure the
SELINUX flag is set as follows:

SELINUX=disabled

Alternatively, this alteration can be done using the GUI tool (System >
Administration > Security Level and Firewall). Click on the SELinux tab and
disable the feature.

Setup

Install the following packages:

# From RedHat AS5 Disk 1

cd /media/cdrom/Server
rpm -Uvh setarch-2*
rpm -Uvh make-3*
rpm -Uvh glibc-2*
rpm -Uvh libaio-0*
cd /
eject

# From RedHat AS5 Disk 2

cd /media/cdrom/Server
rpm -Uvh compat-libstdc++-33-3*
rpm -Uvh compat-gcc-34-3*
rpm -Uvh compat-gcc-34-c++-3*
rpm -Uvh gcc-4*
rpm -Uvh libXp-1*
cd /
eject

# From RedHat AS5 Disk 3

cd /media/cdrom/Server
rpm -Uvh openmotif-2*
rpm -Uvh compat-db-4*
cd /
eject
 # Overige packages :

htop
ntop
pdksh
rdist of rsync
netcat
wget
mc
lsof

Create the new groups and users:

groupadd oinstall
groupadd dba
groupadd oper

useradd -g oinstall -G dba oracle

passwd oracle

Create the directories in which the Oracle software will be installed:

mkdir -p /u01/app/oracle/product/10.2.0/db_1
chown -R oracle.oinstall /u01

Login as root and issue the following command:

xhost +<machine-name>

Edit the /etc/redhat-release file replacing the current release information

(Red Hat Enterprise Linux Server release 5 (Tikanga)) with the following:

redhat-4

Login as the oracle user and add the following lines at the end of the
.bash_profile file:

# Oracle Settings
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE

ORACLE_HOME=$ORACLE_BASE/product/10.2.0/db_1; export ORACLE_HOME
ORACLE_SID=TSH1; export ORACLE_SID
ORACLE_TERM=xterm; export ORACLE_TERM
PATH=/usr/sbin:$PATH; export PATH
 PATH=$ORACLE_HOME/bin:$PATH; export PATH

LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH

CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPAT

if [ $USER = "oracle" ]; then

if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi

Installation

Log into the oracle user. If you are using X emulation then set the DISPLAY
environmental variable:

DISPLAY=<machine-name>:0.0; export DISPLAY

Start the Oracle Universal Installer (OUI) by issuing the following command
in the database directory:

./runInstaller

Post Installation

Edit the /etc/redhat-release file restoring the original release information:

Red Hat Enterprise Linux Server release 5 (Tikanga)

Edit the /etc/oratab file setting the restart flag for each instance to 'Y':

TSH1:/u01/app/oracle/product/10.2.0/db_1:Y

Automating Database Startup and Shutdown on

Linux
When using RAC or ASM under Oracle 10g Release 2 or above, the Oracle
Clusterware automatically starts and stops the Oracle database instances.
 • /etc/hosts file up to date houden met de primary, virtual en
interconnect adressen over alle nodes.
Eventueel distribueren met rdisk.
• Wijzig de default hostname van 127.0.0.1 naar het fysieke adres om
problemen met srvctl te voorkomen. Alleen de localhost mag op dit adres
geconfigureerd worden.
• configure hangcheck timer to start in /etc/rc.d/boot.local as modprobe
hangcheck-timer en test met modprobe hangcheck-delay
• Adjust UDP send / receive buffer size to 256K

The following Linux OS monitoring tools will inevitably prove useful:

• Overall tools
• CPU
• Memory
• Disk I/O
• Network
• Kernel Version and Release
• Types of I/O Cards
• Kernel Modules Loaded
• List all PCI devices (HW)
• Startup changes
• Kernel messages
• OS error codes
• OS calls
sar, vmstat
/proc/cpuinfo, mpstat, top
/proc/meminfo, /proc/slabinfo, free
iostat
/proc/net/dev, netstat, mii-tool
cat /proc/version
lspci -vv
lsmod, cat /proc/modules
lspci –v
/etc/sysctl.conf, /etc/rc.local
/var/log/messages, /var/log/dmesg
/usr/src/linux/include/asm/errno.h
/usr/sbin/strace-p

edit /etc/inittab and change the line you see above to an initdefault of 3,
reboot, and check it again. Runlevel 3 should be most servers' default
runlevel if a run-time GUI is not desired

To help secure your TCP/IP stack on a standard Linux mahcine, you will want
to add the following lines to your /etc/sysctl.conf file:

##TWW: 2004-02-22
# stop syn-flood attacks
net.ipv4.tcp_syncookies = 1

# Throws off people trying to fingerprint your OS by its TTL (def=64)

net.ipv4.ip_default_ttl = 61
# stops the routing table from being modified by packets non-sourc routed
net.ipv4.conf.all.accept_redirects = 0

# same as above but stops your system doing the same to others
net.ipv4.conf.all.send_redirects = 0

You can add this to your script by storing these settings on a local FTP
server (that the kickstart will have access to), and in the %post config pull
them down from your ftp.example.com FTP server (for example) and append it on
the end of the existing /etc/sysctl.conf:

# Get all of our sysctl/networking adjustments

 wget ftp://ftp.example.com/pub/installs/sysctl - append
cat sysctl-append >> /etc/sysctl.conf

So with this in your %post config script, you will append the contents of
your standard sysctl-append file to the end of your new install's /etc/
sysctl.conf file, thus enabling these settings every time one of these
systems is booted-a very nice way to ensure all of your systems are just that
much more secure.Additional System Lock DownsHere are some common security
measures that some system administrators like to see in place on their
servers. These are basically a collection of shell-based commands that will
help lock down and secure various aspects of the system.

# restricts those not in the root group from being able to su to root
chmod 4750 /bin/su

# restricts the mount/umount commands to root group only users

chmod 4750 /bin/mount
chmod 4750 /bin/umount

#Install "scponly" scp replacement for bash and add to /etc/shells

rpm -ivh ftp://ftp.example.com/pub/installs/scponly-3.8-1.i586.rpm
echo /usr/bin/scponly >>/etc/shells

#make scponly the default user shell

wget ftp://ftp.example.com/pub/installs/useradd
mv -f useradd /etc/default/useradd

Optioneel

rlwrap for Command Line History and Editing in

SQL*Plus and RMAN on Linux
The rlwrap (readline wrapper) utility provides a command history and editing
of keyboard input for any other command. This is a really handy addition to
SQL*Plus and RMAN on Linux. This article explains how to install rlwrap and
set it up for SQL*Plus and RMAN. Thanks for Lutz Hartmann for reminding me of
this utility.

Download the latest rlwrap software from the following URL.

• http://utopia.knoware.nl/~hlub/uck/rlwrap/
Unzip and install the software using the following commands.

gunzip rlwrap*.gz
tar -xvf rlwrap*.tar
cd rlwrap*
./configure
make
make check
make install
Run the following commands, or better still append then to the
".bash_profile" of the oracle software owner.

alias rlsqlplus='rlwrap sqlplus'

alias rlrman='rlwrap rman'

You can now start SQL*Plus or RMAN using "rlsqlplus" and "rlrman"
respectively, and you will have a basic command history and the current line
will be editable using the arrow and delete keys.

Thanks to Laurent Schneider for pointing out the potential dangers of using
alias names of "sqlplus" and "rman", which include:
• rlwrap may affect the behaviour of CTRL+C during interactive sessions.
I've done a few tests on this and I can't see a difference in behavior
of CTRL+C with or without rlwrap. Perhaps this was a problem with
earlier versions.
• rlwrap only supports interactive sessions, so scripts like the
following may not work as expected.

sqlplus <<EOF ... select ... EOF

From what I can see the alias doesn't seem to work from within a shell
script (bash, ksh or csh), so it doesn't really present a danger.
Thanks Maxim for putting me on to this.
• rlwrap is not an Oracle tool! I guess it's best to leave the sqlplus
and rman commands clean and alias using a different name, just in case.