Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
kernel.shmall = 2097152
kernel.shmmax = 2147483648 (half the size of physical memory)
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=262144
net.core.rmem_max=262144
net.core.wmem_default=262144
net.core.wmem_max=262144
# stops the routing table from being modified by packets non-sourc routed
net.ipv4.conf.all.accept_redirects = 0
# same as above but stops your system doing the same to others
net.ipv4.conf.all.send_redirects = 0
sbin/sysctl -p
Add the following line to the /etc/pam.d/login file, if it does not already
exist:
Disable secure linux by editing the /etc/selinux/config file, making sure the
SELINUX flag is set as follows:
SELINUX=disabled
Alternatively, this alteration can be done using the GUI tool (System >
Administration > Security Level and Firewall). Click on the SELinux tab and
disable the feature.
Setup
htop
ntop
pdksh
rdist of rsync
netcat
wget
mc
lsof
groupadd oinstall
groupadd dba
groupadd oper
mkdir -p /u01/app/oracle/product/10.2.0/db_1
chown -R oracle.oinstall /u01
xhost +<machine-name>
redhat-4
Login as the oracle user and add the following lines at the end of the
.bash_profile file:
# Oracle Settings
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR
Installation
Log into the oracle user. If you are using X emulation then set the DISPLAY
environmental variable:
Start the Oracle Universal Installer (OUI) by issuing the following command
in the database directory:
./runInstaller
Post Installation
Edit the /etc/oratab file setting the restart flag for each instance to 'Y':
TSH1:/u01/app/oracle/product/10.2.0/db_1:Y
edit /etc/inittab and change the line you see above to an initdefault of 3,
reboot, and check it again. Runlevel 3 should be most servers' default
runlevel if a run-time GUI is not desired
To help secure your TCP/IP stack on a standard Linux mahcine, you will want
to add the following lines to your /etc/sysctl.conf file:
##TWW: 2004-02-22
# stop syn-flood attacks
net.ipv4.tcp_syncookies = 1
# same as above but stops your system doing the same to others
net.ipv4.conf.all.send_redirects = 0
You can add this to your script by storing these settings on a local FTP
server (that the kickstart will have access to), and in the %post config pull
them down from your ftp.example.com FTP server (for example) and append it on
the end of the existing /etc/sysctl.conf:
So with this in your %post config script, you will append the contents of
your standard sysctl-append file to the end of your new install's /etc/
sysctl.conf file, thus enabling these settings every time one of these
systems is booted-a very nice way to ensure all of your systems are just that
much more secure.Additional System Lock DownsHere are some common security
measures that some system administrators like to see in place on their
servers. These are basically a collection of shell-based commands that will
help lock down and secure various aspects of the system.
# restricts those not in the root group from being able to su to root
chmod 4750 /bin/su
Optioneel
gunzip rlwrap*.gz
tar -xvf rlwrap*.tar
cd rlwrap*
./configure
make
make check
make install
Run the following commands, or better still append then to the
".bash_profile" of the oracle software owner.
You can now start SQL*Plus or RMAN using "rlsqlplus" and "rlrman"
respectively, and you will have a basic command history and the current line
will be editable using the arrow and delete keys.
Thanks to Laurent Schneider for pointing out the potential dangers of using
alias names of "sqlplus" and "rman", which include:
• rlwrap may affect the behaviour of CTRL+C during interactive sessions.
I've done a few tests on this and I can't see a difference in behavior
of CTRL+C with or without rlwrap. Perhaps this was a problem with
earlier versions.
• rlwrap only supports interactive sessions, so scripts like the
following may not work as expected.
From what I can see the alias doesn't seem to work from within a shell
script (bash, ksh or csh), so it doesn't really present a danger.
Thanks Maxim for putting me on to this.
• rlwrap is not an Oracle tool! I guess it's best to leave the sqlplus
and rman commands clean and alias using a different name, just in case.