این راهنما نحوه نصب اوراکل دیتابیس 10g بر روی سکوی hp
TRANSCRIPT
-
8/7/2019 HP g 10
1/13
10g HP-UX .
1. root
2.
y 1024 MB
y Swap :
Swap SpaceRAM
1.5 times the size of RAMBetween 512 MB and 2048 MB
Equal to the size of RAMBetween 2049 MB and 8192 MB0.75 times the size of RAMMore than 8192 MB
* .
y500 MB /tmp
y3 GB
y30 GB
:
y :# grep "Physical:" /var/adm/syslog/syslog.log
y Swap :
# /usr/sbin/swapinfo -a
y /tmp :
# df k /tmp# df -k
y 64 bit .
:
-
8/7/2019 HP g 10
2/13
# /bin/getconf KERNEL_BITS
64 32.
3.
y
HP-UX 11i V1 (11.11) PA-RISC
HP-UX 11i V2 (11.23)
.
y hp-ux :
# uname -a
y Bundle fileset :
# /usr/sbin/swlist -l level | more
Product hp-ux .
Product
:y Oracle Messaging Gateway
o IBM WebSphere MQ V5.3, client and server:MQSERIES.MQM-CL-HPUX
MQSERIES.MQM-SERVER
o TIBCORendezvous7.2y PL/SQLnativecompilation
o HP CCompiler (B.11.11.12)o GCCcompiler gcc 3.4.0 (64-Bit) for 11i V1 and 11i V2
y Pro*C/C++, Oracle Call Interface, Oracle C++ Call Interface, andOracleXML Developer's Kit (XDK)
o HP CCompiler (B.11.11.12)o HPaC++ Compiler (aCC A.03.60)
y OracleJDBC/OCI DriversJava SDK Oracle JDBC/OCI
Drivers .
-
8/7/2019 HP g 10
3/13
o JavaSDK 1.3.1.16 with the JNDI extensiono JavaSDK 1.2.2.09o JavaSDK 1.4.2.08o JavaSDK 5.0
y
HP-UXPatch .
y QualityPack bundle:o HP-UX 11i Quality Pack (GOLDQPK11i), Dec 2004 or later:
GOLDQPK11i
y Patches for HP-UX 11i V1 (11.11):o PHNE_31097: ONC/NFS general release/performance patcho PHSS_31221: HP aC++ -AA runtime libraries (aCC A.03.60)
y
Patchesfor HP-UX 11i V2 (11.23):o PHSS_31849: linker + fdp cumulative patcho PHSS_31852: aC++ Runtime (PA A.03.61)
None currently required
y Patchesfor JDK on HP-UX 11i (11.11):o PHSS_30970: ld(1) and linker tools cumulative patch
y ForPL/SQL native compilation and installation of Pro*C/C++, OracleCall Interface, Oracle C++ Call Interface, or Oracle XML Developer'sKit (XDK) , the following patches are required:
o Patchesfor HP-UX 11i V1 (11.11):PHSS_32508: HP aC++ Compiler (A.03.63)
PHSS_32509: ANSI C compiler B.11.11.12 cumulative patch
PHSS_32510: +O4/PBO Compiler B.11.11.12 cumulative patch
o Patchesfor HP-UX 11i v2 (11.23):PHSS_32511: HP aC++ Compiler (A.03.63)
PHSS_32512: ANSI C compiler B.11.11.12 cumulative patch
PHSS_32513: +O4/PBO Compiler B.11.11.12 cumulative patch
y ForOracle Messaging Gateway installation, the following correctiveservicediskettes (CSDs) for WebSphere MQ are required:
o CSD05 or later for WebSphere MQ V5.3
4. :
-
8/7/2019 HP g 10
4/13
# /usr/sbin/groupadd g 120 oinstall
# /usr/sbin/groupadd g 121 dba
group iduser id . 1user id100
user id 100.
:
# /usr/sbin/useradd -g oinstall -G dba u 100 oracle
passwd .
5. :
y Oracle Base
Oracle Base 30 GB
. :
# mkdir -p /oracle
# chown -R oracle:oinstall /oracle
# chmod -R 775 /oracle
6.
yumask (default file mode creation mask)022
yDisplay . . profile
bash.login C . :
umask 022DISPLAY=local_host:0.0 ; export DISPLAYTMP=/directoryTMPDIR=/directoryexport TMP TMPDIR
ORACLE_BASE=/oracleORACLE_SID=oracle_sid
ORACLE_HOME=$ORACLE_BASE/product/10.2.0/db_1
export ORACLE_BASE ORACLE_SID ORACLE_HOMEexport LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib
7.
-
8/7/2019 HP g 10
5/13
Tune.
Recommended Formula or ValueParameter(nproc*8)ksi_alloc_max0executable_stack
1024max_thread_proc1073741824 (1 GB)maxdsiz2147483648 (2 GB)maxdsiz_64bit134217728 (128 MB)maxssiz1073741824 (1 GB)maxssiz_64bit((nproc*9)/10)maxuprc(msgtql+2)Msgmap(nproc)msgmni32767msgseg(nproc)msgtql(ninode+1024)Ncsize(15*nproc+2048)Nfile(nproc)nflocks
(8*nproc+2048)ninode(((nproc*7)/4)+16)nkthread4096nproc(nproc)semmni(semmni*2)semmns(nproc-4)semmnu32767semvmxThe size of physical memory or 1073741824(0X40000000), whichever is greater. Note: Toavoid performance degradation, the value shouldbe greater than or equal to the size of theavailable memory.
shmmax
512shmmni
120shmseg64vps_ceiling
* .
RP System Administration Manager(Sam)
.
8.
-
8/7/2019 HP g 10
6/13
-
8/7/2019 HP g 10
7/13
1.
LockExpire. :
Username Account Status
ANONYMOUS EXPIRED &LOCKEDCTXSYS EXPIRED &LOCKEDDBSNMP EXPIRED &LOCKEDDIP EXPIRED &LOCKEDDMSYS EXPIRED &LOCKEDEXFSYS EXPIRED &LOCKEDHR EXPIRED &LOCKEDLBACSYS EXPIRED &LOCKED
MDDATA EXPIRED &LOCKEDMDSYS EXPIRED &LOCKEDMGMT_VIEW EXPIRED &LOCKEDODM EXPIRED & LOCKEDODM_MTR EXPIRED & LOCKEDOE EXPIRED & LOCKEDOLAPSYS EXPIRED & LOCKEDORDPLUGINS EXPIRED & LOCKEDORDSYS EXPIRED & LOCKEDOUTLN EXPIRED & LOCKED
PM EXPIRED & LOCKEDQS EXPIRED & LOCKEDQS_ADM EXPIRED & LOCKEDQS_CB EXPIRED & LOCKEDQS_CBADM EXPIRED & LOCKEDQS_CS EXPIRED & LOCKEDQS_ES EXPIRED & LOCKEDQS_OS EXPIRED & LOCKEDQS_WS EXPIRED & LOCKEDRMAN EXPIRED & LOCKED
SCOTT EXPIRED & LOCKEDSH EXPIRED & LOCKEDSI_INFORMTN_SCHEMA EXPIRED & LOCKEDSYS OPENSYSMAN EXPIRED & LOCKEDSYSTEM OPENTSMSYS New in 10g EXPIRED & LOCKED
-
8/7/2019 HP g 10
8/13
Release 2WK_TEST EXPIRED & LOCKEDWKPROXY EXPIRED & LOCKEDWKSYS EXPIRED & LOCKEDWMSYS EXPIRED & LOCKED
XDB EXPIRED & LOCKED
2. .3. DataDictionary
SYSDBA:O7_DICTIONARY_ACCESSIBILITYFALSE
4. PUBLIC.
PUBLIC :
DescriptionPackage or SubtypeThis package can be used to encrypt stored data. Generally,
most users should not have the privilege to encrypt data since
encrypted data may be non-recoverable if the keys are not
securely generated, stored,and managed.
DBMS_RANDOM
This subprogram is a subtype of the UriType that provides
support for the HTTP protocol. It uses the UTL_HTTPpackage
underneath to access the HTTP URLs. Proxy and secure
wallets are not supported in this release. Granting the
HTTPURITYPE subprogram to PUBLIC can permit a user who
does not have the EXECUTE privilege on the UTL_HTTPpackage to call the UTL_HTTP package indirectly. In other
words,HTTPURITYPE can be used to bypass the restrictions
set for UTL_HTTP.
HTTPURITYPE
This package allows the database server to request andretrieve data using HTTP.
UTL_HTTP
This package allows arbitrary domain name resolution to be
performed from the database server. Granting this package to
PUBLIC maypermit unauthorized domain name resolution.
UTL_INADDR
This package permits arbitrary mail messages to be sent from
one arbitrary user to another arbitrary user. Granting this
package to PUBLIC may permit unauthorized exchange ofmail messages.
UTL_SMTP
This package permits outgoing network connections to be
established by the database server to any receiving (or
waiting) network service. Granting this package to PUBLIC
may permit arbitrary data may to be sent between the
database server and anywaiting network service.
UTL_TCP
-
8/7/2019 HP g 10
9/13
5.remote_os_authent FALSE .6. .7. OJVM
.
8. Oracle Home .
1. authentication
Profile .
2.Role .
.
resource_limitTRUE .
.
1. :Account Locking
:
FAILED_LOGIN_ATTEMPTS
Lock :
PASSWORD_LOCK_TIME
.
-
8/7/2019 HP g 10
10/13
Password Aging and Expiration
:
PASSWORD_LIFE_TIME
:
PASSWORD_GRACE_TIME
Password History
:
PASSWORD_REUSE_TIMEPASSWORD_REUSE_MAX
Password ComplexityVerification
UTLPWDMG.SQL
$ORACLE_HOME/rdbms/admin .
:
y 4
y
y
y 3
Auditing
y Auditing .Auditing
audit_trail .
Audit
Auditing .
-
8/7/2019 HP g 10
11/13
SQL Audit
:Select audit table ||owner||.||table_name||; from all_tables
where table_name like xxx;
Select audit table ||owner||.||table_name||; from all_tableswhere owner like xxx;
y view Audit
:
DescriptionViewContains information about auditing optiontype codes. Created by the SQL.BSQ scriptat CREATE DATABASE time.
STMT_AUDIT_OPTION_MAP
Contains descriptions for audit trail actiontype codes.
AUDIT_ACTIONS
Contains default object-auditing options thatwill be applied when objects are created.
ALL_DEF_AUDIT_OPTS
Describes current system auditing optionsacross the system and by user.
DBA_STMT_AUDIT_OPTS
Describes current system privileges beingaudited across the system and by user.
DBA_PRIV_AUDIT_OPTS
Describes auditing options on all objects.
TheUSER
view describes auditing options onall objects owned by the current user.
DBA_OBJ_AUDIT_OPTSUSER_OBJ_AUDIT_OPTS
Lists all audit trail entries. The USERview shows audit trail entries relating tocurrent user.
DBA_AUDIT_TRAILUSER_AUDIT_TRAIL
Contains audit trail records for all objects
in the system. The USER view lists audittrail records for statements concerningobjects that are accessible to the currentuser.
DBA_AUDIT_OBJECTUSER_AUDIT_OBJECT
Lists all audit trail records concerning
CONNECT and DISCONNECT. The USER viewlists all audit trail records concerning
connections and disconnections for thecurrent user.
DBA_AUDIT_SESSIONUSER_AUDIT_SESSION
Lists audit trail records concerning GRANT,
REVOKE, AUDIT, NOAUDIT, and ALTERSYSTEM statements throughout the database,
or for the USER view, issued by the user.
DBA_AUDIT_STATEMENTUSER_AUDIT_STATEMENT
Lists audit trail entries produced BYAUDITNOTEXISTS.
DBA_AUDIT_EXISTS
-
8/7/2019 HP g 10
12/13
Shows all the auditing policies on thesystem.
DBA_AUDIT_POLICIES
Lists audit trail records for value-basedauditing.
DBA_FGA_AUDIT_TRAIL
Combines standard and fine-grained audit log
records, and includes SYS and mandatory
audit records written in XML format.
DBA_COMMON_AUDIT_TRAIL
Security Patch .
:
http://www.oracle.com/technology/deploy/security/alerts.htm
-
8/7/2019 HP g 10
13/13
10.
y
y
y lockExpirey
y Admin
y
yBatch Job
y SYSDBASYSOPER
y
y
y Public
y )run-time(
yAuthentication
y
yListener
yExternal Procedure
y Listener ADMIN_RESTRICTIONS_LISTENER---------> on
y IP
tcp.validnote_checking = YES
tcp.excluded_nodes={list of IP addresses}tcp.invited_nodes = {list of IP addresses}
y
y
ySecurity Patch
y