Search

OakieTags

Who's online

There are currently 0 users and 43 guests online.

Recent comments

Affiliations

Oakies Blog Aggregator

An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3

I have given some internal and customer presentations lately that you might find useful or like, so hereby a direct share to the presentation about Oracle’s Enterprise Manager Cloud Control (V3) An introduction into Oracle Enterprise Manager Cloud Control 12c Release 3 from Marco Gralike

WordPress 3.8.3 – Auto Update

WordPress 3.8.3 came out yesterday. It’s a small maintenance release, with the downloads and changelog in the usual places. For many people, this update will happen automatically and they’ll just receive and email to say it has been applied.

I’m still not sure what to make of the auto-update feature of WordPress. Part of me likes it and part of me is a bit irritated by it. For the lazy folks out there, I think it is a really good idea, but for those who are on their blog admin screens regularly it might seem like a source of confusion. I currently self-host 5 WordPress blogs and the auto-update feature seems a little erratic. One blog always auto-updates as soon as the new a new release comes out. A couple sometimes do. I don’t think this blog has ever auto-updated…

I’d be interested to hear if other self-hosting WordPress bloggers have had a similar experience…

Cheers

Tim…


WordPress 3.8.3 – Auto Update was first posted on April 15, 2014 at 8:53 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

OAUTH_UTL first draft done

So this months project is an implementation of Oauth. I have now created a package that can create a request for temporary credentials in Oauth version 1.0, and have almost implemented authorize, access and resource calls as well.

Parallel Execution Skew – Demonstrating Skew

This is just a short notice that the next part of the mini-series "Parallel Execution Skew" is published at AllThingsOracle.com

Performance live discussion on twitter, 12pm PST Tue April 15

Confio software is hosting a live discussion on twitter tomorrow Tuesday April 15 at 12pm PST on the subject of Oracle performance.

I’ll be online answering performance questions and have invited many other friends to participate. Some friends who’ve said they’ll be there are

Participation and tracking of the discussion can accomplished by either posting with and  following along with the #datachat  hashtag.

Get on TweetDeck or your favorite Twitter tool, search #datachat, add a column and you’ll see our chat appear. Always include #datachat in your tweet so you’ll be part of the conversation.

For an example of a previous #datachat check out Confio’s hosting of  Pete Finnigan on  the subject of security.

 

8109445607_150e8a5310_z

photo by elod beregszaszi

EM12c Auditing

Lately I’ve been having more discussions on securing the EM12c environment.  All of IT has a tendency to treat the Enterprise Manager as a afterthought in both hardware allocation, as well as security best practices.  No one is sure of exactly why this is-  they all have their theories, but we do know it happens often.

Today we are going to go over some of the auditing options within EM12c.  Basic auditing is turned on by default in the environment, but only covers basics processes.  There are over 150 auditing options and extensive information can be collected, retained within the repository, as well as turned into an externalized service to reside as log files on the OS file system.  These options include login/logout information, updates, OMS password changes and EM key copy and removals from the repository.

Basic auditing information can be gained through the console via the Setup, Security, Auditing Data menu option, but the auditing configuration, additional features, updates and externalized service setup, must be performed through the Enterprise Manager command line interface, (EM CLI).

If you haven’t used the EM CLI before, please refer to my blog post on Beginning with the Command Line Interface, otherwise log in a user with appropriate rights to run the EM CLI and connect to the repository.

First, let’s inspect the current operations list and what will impact the infrastructure if executed:

audit_blog_1

Note that the last option, APPLY_UPDATE, is to update the repository and yes, it will impact the infrastructure by doing so.

Next, let’s look at the current settings. As I stated earlier, auditing is turned on by default, but the next options are disabled for the externalized service, so it is marked as disabled.

audit_blog_2

The defaults for the externalized service, outside of the directory, (configured in the DBA_DIRECTORIES and read/write privileges granted to SYSMAN) are pre-configured with default information.

  • File prefix is the prefix used for all audit log files so that they are easily identified in the directory.
  • File size is default to 50M
  • Retention is default to 365 days.  Keep this in mind before enabling, as this could be impacting to disk space if you OS directory has limited space.

Notice that there is also a note informing you that Infrastructure Audit is always on, (go inspect the access.log and you will see information that can be sync’d up with the emctl.log and others to create a solid picture that this feature can create for you.)

Enabling/Disabling Features

To enable or disable audit features, the following syntax is used:

>emcli update_audit_settings -audit_switch="ENABLE/DISABLE" -
operations_to_enable="" -
operations_to_disable="" 

To demonstrate this, we’ll enable auditing for logins and logouts:

audit_blog_3

The response letting us know if the change was successful in the auditing configuration completes the task and we can move on to other tasks.

Next, we’ll configure the externalized service for auditing.  This is an excellent choice and should be considered for all EM12c environments.  Even with high availability options, the idea of keeping a minimum of 7-31 days of auditing information regarding the EM12c environment, especially considering the access and power of the EM12c, is a good idea.

The syntax for the configuration for the externalized auditing service is:

>emcli update_audit_settings -file_prefix= -
directory_name= -file_size =  -data_retention_period= 

And in our example, we will update the service to file sizes of 25M each, with a prefix of “em12c_audit” and retain 31 days of audit files that our OS file system can easily handle.

>emcli update_audit_settings -externalization_switch=ENABLE -file_prefix=em12c_audit -directory=AUD_DMP -file_size=25000000 -data_retention_period=31

After executing this statement, the audit files will automatically start generating to the directory, (make sure you HAVE created a DBA Directory to hold this data first!) and we can then view logs as needed to inspect what activity is occurring in the EM12c environment.

This is a solid best practice to ensure you are offering one more line of protection to the database and software that is essential to you, your business and your environment.

 



Tags:  


Del.icio.us



Facebook

TweetThis

Digg

StumbleUpon




Copyright © DBA Kevlar [EM12c Auditing], All Right Reserved. 2014.

An accusatory error message

I found this hilarious

SQL> startup
ORACLE instance started.

Total System Global Area 1469792256 bytes
Fixed Size                  2402776 bytes
Variable Size             536872488 bytes
Database Buffers          922746880 bytes
Redo Buffers                7770112 bytes
Database mounted.
ORA-19821: an intentionally corrupt log file was found

Really ? I intentionally corrupted my log file ?  I dont think so !

:-)

SQL injection

Another big public username and password leak…

http://o.canada.com/technology/bell-canada-security-breach-391451/

Some good reading on how it was done, and thus ensuring your code isn’t prone to SQL injection here:

http://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html

Pluggable database and restricted sessions

Once you get into pluggable database territory, you might need to check your usage of "alter system enable restricted session", because unless you’ve patched, there’s a little bug which lets you enable restricted session, but wont let you get out of it ! :-)

For example:

SQL> alter session set container = pdb12;
 
Session altered.
 
SQL> alter system enable restricted session;
 
System altered.
 
SQL> select logins from v$instance;
 
LOGINS
----------
RESTRICTED
 
SQL> alter system disable restricted session;
alter system disable restricted session
*
ERROR at line 1:
ORA-65144: ALTER SYSTEM DISABLE RESTRICTED SESSION is not permitted
 

You can get out of the predicament, by force opening the pluggable database as shown below, but probably best to look at the latest 12c PSU, which contains a fix (unverified)

 
SQL> conn / as sysdba
Connected.
 
SQL> alter pluggable database pdb12 open force;
 
Pluggable database altered.
 
SQL> alter session set container = pdb12;
 
Session altered.
 
SQL> select logins from v$instance;
 
LOGINS
----------
ALLOWED
 

OUGN 2014

I had the pleasure of being a guest of the Norwegian User Group for the second year in a row on their famous cruise conference at the start of April. For a relatively ‘small’ conference (around 300-400 people), the array of quality speakers the group manage to get is always astounding.  Martin Nash, Cary Millsap, Tim Hall, Bryn Llewellyn, Martin Bach, Jeff Smith, Doug Burns to name just a few.  I gave a few talks which (seemed :-)) to be well received by the audience.

The conference runs like clockwork, and Oslo is a beautiful city to spend a day wandering around sampling the cuisine.  The only real challenge is the 45min timeslot for papers, whereas as most places I’ve spoken at allow 50-60 mins, so you’re presented with the tough choice of cramming your existing content into 45 mins, or deciding what must be pared out.

We rounded up the conference with a lovely meal in Oslo with several of the speakers.  It was great to meet new people, and catch up with colleagues of old.