RAC Attack - Oracle Cluster Database at Home/Prep for Oracle

From Wikibooks, open books for an open world
Jump to: navigation, search


  1. Edit /etc/sysctl.conf

    [root@collabn1 ~]# gedit /etc/sysctl.conf
    kernel.shmmni = 4096
    # semaphores: semmsl, semmns, semopm, semmni
    kernel.sem = 250 32000 100 128
    net.ipv4.ip_local_port_range = 1024 65000
    net.core.rmem_default=4194304
    net.core.rmem_max=4194304
    net.core.wmem_default=262144
    net.core.wmem_max=262144
    
    [root@collabn1 ~]# sysctl -p
    
  2. Edit /etc/security/limits.conf

    oracle               soft    nproc   2047
    oracle               hard    nproc   16384
    oracle               soft    nofile  1024
    oracle               hard    nofile  65536
    
  3. Edit /etc/pam.d/login and insert the following lines BEFORE the "selinux open" line.

    session    required     /lib/security/pam_limits.so
    session    required     pam_limits.so
    
  4. Create groups and users. Make the oracle password racattack

    [root@collabn1 ~]# groupadd oinstall
    [root@collabn1 ~]# groupadd dba
    [root@collabn1 ~]# groupadd oper
    [root@collabn1 ~]# groupadd asmdba
    [root@collabn1 ~]# groupadd asmoper
    [root@collabn1 ~]# groupadd asmadmin
    [root@collabn1 ~]#
    [root@collabn1 ~]# useradd -u 500 -g oinstall -G dba,oper,asmdba,asmoper,asmadmin oracle
    [root@collabn1 ~]# passwd oracle
    Changing password for user oracle.
    New UNIX password: racattack
    BAD PASSWORD: it is based on a dictionary word
    Retype new UNIX password: racattack
    passwd: all authentication tokens updated successfully.
    
  5. Create directories.

    [root@collabn1 ~]# mkdir -p /u01/grid/oracle/product/11.2.0/grid_1
    [root@collabn1 ~]# mkdir -p /u01/app/oracle/product/11.2.0/db_1
    [root@collabn1 ~]# chown -R oracle:oinstall /u01
    
  6. Logout of your session and login as the oracle user.

    RA-oel-login-oracle.png
  7. Disable GNOME CD automount for the oracle user. Go to the menu System >> Preferences >> Removable Drives and Media.

    RA-gnome-menu-volmgr.png
  8. Uncheck all of the options under Removable Storage and click Close.

    RA-gnome-volmgr-unchecked.png
  9. Open a terminal window.

    RA-oel-menu-terminal.png
  10. From the menus, open Edit >> Current Profile.

    RA-gnome-terminal-menu-profile.png
  11. In the Title and Command tab, check the box for Run command as a login shell, then close the dialog.

    RA-gnome-terminal-profile.png
  12. If you are using gedit, then open Edit > Preferences to disable text wrapping and enable line numbers.

    RA-gedit-prefs.png
  13. Setup ssh equivalence for oracle user.

    [oracle@collabn1 ~]$ ssh localhost
    The authenticity of host 'localhost (127.0.0.1)' can't be established.
    RSA key fingerprint is 3f:65:e6:77:af:11:84:56:a4:b9:0f:8b:41:b4:2f:8a.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
    oracle@localhost's password: ^C
    
    [oracle@collabn1 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/oracle/.ssh/id_rsa): ^M  [default]
    Enter passphrase (empty for no passphrase): ^M  [no password]
    Enter same passphrase again: ^M  [no password]
    Your identification has been saved in /home/oracle/.ssh/id_rsa.
    Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
    The key fingerprint is:
    0a:33:74:d4:7a:c0:c6:d0:56:33:10:4e:71:63:4c:e8 oracle@collabn1.vm.ardentperf.com
    
    [oracle@collabn1 ~]$ cat /home/oracle/.ssh/id_rsa.pub >> /home/oracle/.ssh/authorized_keys
    
  14. Setup oracle and root users' profiles.

    [oracle@collabn1 ~]$ su - root
    [root@collabn1 ~]# gedit /etc/oratab
    grid:/u01/grid/oracle/product/11.2.0/grid_1:N
    [root@collabn1 ~]# chown oracle:dba /etc/oratab
    
    [root@collabn1 ~]# gedit /root/.bashrc
    ORAENV_ASK=NO
    ORACLE_SID=grid
    . oraenv >/dev/null
    unset ORAENV_ASK 
    
    
    [root@collabn1 ~]# su - oracle
    [oracle@collabn1 ~]$ cd /mnt
    [oracle@collabn1 ~]$ cat */oracle-profile >>/home/oracle/.bash_profile
    
  15. Close and re-open your terminal sessions so that the new profiles take effect.

  16. Install fix_cssd script.

    [oracle@collabn1 ~]$ su - root
    [root@collabn1 ~]# cd /
    [root@collabn1 ~]# tar xvf mnt/*/fix_cssd.tar
    root/fix_cssd/fix_cssd.sh
    
    [root@collabn1 ~]# chmod 774 /root/fix_cssd/fix_cssd.sh
    [root@collabn1 ~]# gedit /etc/rc.d/rc.local
    cd /root/fix_cssd
    nohup nice -n -20 ./fix_cssd.sh 2>&1 &
    
    [root@collabn1 ~]# /etc/rc.d/rc.local
    nohup: appending output to `nohup.out'