RAC Attack - Oracle Cluster Database at Home/Prep for Oracle

From Wikibooks, open books for an open world
Jump to navigation Jump to search


  1. Edit /etc/sysctl.conf [root@collabn1 ~]# gedit /etc/sysctl.conf kernel.shmmni = 4096 # semaphores: semmsl, semmns, semopm, semmni kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 1024 65000 net.core.rmem_default=4194304 net.core.rmem_max=4194304 net.core.wmem_default=262144 net.core.wmem_max=262144 [root@collabn1 ~]# sysctl -p
  2. Edit /etc/security/limits.conf oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536
  3. Edit /etc/pam.d/login and insert the following lines BEFORE the "selinux open" line. session required /lib/security/pam_limits.so session required pam_limits.so
  4. Create groups and users. Make the oracle password racattack [root@collabn1 ~]# groupadd oinstall [root@collabn1 ~]# groupadd dba [root@collabn1 ~]# groupadd oper [root@collabn1 ~]# groupadd asmdba [root@collabn1 ~]# groupadd asmoper [root@collabn1 ~]# groupadd asmadmin [root@collabn1 ~]# [root@collabn1 ~]# useradd -u 500 -g oinstall -G dba,oper,asmdba,asmoper,asmadmin oracle [root@collabn1 ~]# passwd oracle Changing password for user oracle. New UNIX password: racattack BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: racattack passwd: all authentication tokens updated successfully.
  5. Create directories. [root@collabn1 ~]# mkdir -p /u01/grid/oracle/product/11.2.0/grid_1 [root@collabn1 ~]# mkdir -p /u01/app/oracle/product/11.2.0/db_1 [root@collabn1 ~]# chown -R oracle:oinstall /u01
  6. Logout of your session and login as the oracle user.
    RA-oel-login-oracle.png
  7. Disable GNOME CD automount for the oracle user. Go to the menu System >> Preferences >> Removable Drives and Media.
    RA-gnome-menu-volmgr.png
  8. Uncheck all of the options under Removable Storage and click Close.
    RA-gnome-volmgr-unchecked.png
  9. Open a terminal window.
    RA-oel-menu-terminal.png
  10. From the menus, open Edit >> Current Profile.
    RA-gnome-terminal-menu-profile.png
  11. In the Title and Command tab, check the box for Run command as a login shell, then close the dialog.
    RA-gnome-terminal-profile.png
  12. If you are using gedit, then open Edit > Preferences to disable text wrapping and enable line numbers.
    RA-gedit-prefs.png
  13. Setup ssh equivalence for oracle user. [oracle@collabn1 ~]$ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is 3f:65:e6:77:af:11:84:56:a4:b9:0f:8b:41:b4:2f:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. oracle@localhost's password: ^C [oracle@collabn1 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_rsa): ^M [default] Enter passphrase (empty for no passphrase): ^M [no password] Enter same passphrase again: ^M [no password] Your identification has been saved in /home/oracle/.ssh/id_rsa. Your public key has been saved in /home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 0a:33:74:d4:7a:c0:c6:d0:56:33:10:4e:71:63:4c:e8 oracle@collabn1.vm.ardentperf.com [oracle@collabn1 ~]$ cat /home/oracle/.ssh/id_rsa.pub >> /home/oracle/.ssh/authorized_keys
  14. Setup oracle and root users' profiles. [oracle@collabn1 ~]$ su - root [root@collabn1 ~]# gedit /etc/oratab grid:/u01/grid/oracle/product/11.2.0/grid_1:N [root@collabn1 ~]# chown oracle:dba /etc/oratab [root@collabn1 ~]# gedit /root/.bashrc ORAENV_ASK=NO ORACLE_SID=grid . oraenv >/dev/null unset ORAENV_ASK [root@collabn1 ~]# su - oracle [oracle@collabn1 ~]$ cd /mnt [oracle@collabn1 ~]$ cat */oracle-profile >>/home/oracle/.bash_profile
  15. Close and re-open your terminal sessions so that the new profiles take effect.
  16. Install fix_cssd script.
    [oracle@collabn1 ~]$ su - root
    [root@collabn1 ~]# cd /
    [root@collabn1 ~]# tar xvf mnt/*/fix_cssd.tar
    root/fix_cssd/fix_cssd.sh
    
    [root@collabn1 ~]# chmod 774 /root/fix_cssd/fix_cssd.sh
    [root@collabn1 ~]# gedit /etc/rc.d/rc.local
    cd /root/fix_cssd
    nohup nice -n -20 ./fix_cssd.sh 2>&1 &
    
    [root@collabn1 ~]# /etc/rc.d/rc.local
    nohup: appending output to `nohup.out'