Database security: personalized accounts at O.S.-level

Attended a workshop about “Oracle database security” (by Frits Hoogland), though the subject  could also be named  like “O.S.-security of an Oracle Database”.  Most of the times the database will be installed by an ‘oracle’ account, and all the DBA’s are using this account for administrative purpose.
Nothing wrong with that, but logging/auditing of this oracle account is modifyable (=useless) and who did what on this machine?
So it’s quite understandable that an organization will choose for personalized, controlled accounts for DBA’s. Quite scary for a DBA by the way, his kingdom and freedom is vanishing…

What follows is a template to setup such personalized account.
Root – create users and groups
# groupadd -g 54321 oracle
# groupadd -g 54322 oinstall
# groupadd -g 54323 dba
# groupadd -g 54324 oper
# groupadd -g 54325 asm
# useradd -d /home/oracle -m -g oracle -G dba,asm,users,oinstall -s /bin/bash \
-u 54321 -c “Oracle software owner” oracle

For X-windows:
grep the X-cookie, from server console:
# env |grep XAUT
—> XAUTHORITY=/tmp/.gdmXXXXXX
Make this cookie accessable for other users:
# chmod 644 $XAUTHORITY

Become ‘oracle’
# su – oracle
Set XAUTHORITY again:
$ export XAUTHORITY=/tmp/.gdmXXXXXX

(more…)

By |July 12th, 2009|Database|0 Comments
Read More

Creating / deleting a reports server in OAS 10.1.2, integrated with EM/AS-console

Creating a reports server and integrate it with Enterprise Manager / iasconsole

Why:
- Under control of opmn (wil be automatically restarted)
- Visible and manageable under Enterprise Manager.

1. Create/start a new reports server : “$ORACLE_HOME/bin/rwserver.sh repproject
2. A small window will pop-up, showing that the reports server is starting up.
3. After it’s status is ready, stop this server.
4. Register this new reports server (you can do this also by hand, in the section of deleting this, you can also see what files you will have to update to insert or delete a reports server).

$ORACLE_HOME/bin/addNewServerTarget.sh repproject

The command addNewServerTarget.sh registers the reports server to OPMN and Enterprise Manager.

The following entry is added to $ORACLE_HOME/opmn/conf/opmn.xml (sorry for the layout) :

<ias-component id=”repproject” status=”enabled” id-matching=”false”>
<process-type id=”ReportsServer” module-id=”ReportsServices”>
<process-set id=”repproject” restart-on-death=”true” numprocs=”1″>
<environment>
<variable id=”PATH” value=”/home/ias10g/OraHome1/bin:/usr/bin:/usr/ccs/bin:/bin:/usr/kerberos/bin:/opt/IBMJava2-131/bin:/opt/IBMJava2-131/jre/bin:/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:/usr/X11R6/bin”/>
</environment>
< module-data>
<category id=”general-parameters”>
<data id=”batch” value=”yes”/>
</category>
<category id=”restart-parameters”>
<data id=”reverseping-timeout” value=”120″/>
</category>
</module-data>
<dependencies>
<OID infrastructure=”true”/>
<database infrastructure-key=”portal”/>
<managed-process ias-component=”OC4J” process-type=”OC4J_BI_Forms” process-set=”default_island” autostart=”true”/>
<managed-process ias-component=”HTTP_Server” process-type=”HTTP_Server” process-set=”HTTP_Server” autostart=”true”/>
</dependencies>
<start timeout=”120″ retry=”3″/>
<stop timeout=”120″/>
<restart timeout=”120″/>
<ping timeout=”30″ interval=”30″/>
</process-set>
</process-type>
</ias-component>

(more…)

By |July 10th, 2009|App. Server|1 Comment
Read More

The curious case of the left-handed mouse in webforms

In OAS (10.1.2.0.2), webforms, when using a left-handed mouse to expand a menu, the tree node is not expanding. No error is given.
For example, in ‘Material Workbench’ select the ‘+’ to expand ‘Organizations’ in the menu.
Left and right button does not do anything.
Also, the left handed users are having difficulties in moving screens with the mouse.

Oracle states that this is a bug (note 196844.1, bug 2200274), in Jinitiator (we are using 1.3.1.22)
Just to be sure, I installed Jinitator 1.3.1.30:  same behaviour.

Solutions
1 Install  Sun Java (5.0.6)  instead of  Jinitiator. This definitely works. Wrote another post on this matter to use Sun instead of Jinitiator.
2 Update of the (Microsoft Intellipoint) mouse-driver. Did not work for us. Problems with the mouse-driver in our environment
3 Oracle work-around in the note: use a right-handed mouse… => no comment.
4 Use the keyboard for that part of the functionality. We got unexpected results from this. At first it seems to be working, but the results didn’t match the results when we use the (right-handed) mouse. Also you have to program the ‘focus’ of the mouse or cursor in that case.

As there is no support for Jinitiator anymore, and the Intellipoint didn’t do what we expected, we’ve chosen for nr 1.

Sources:

Note: 274100.1 – Left Hand Mouse Does Not Expand Tree Node In Oracle Forms

Note: 760250.1Diagnosing Forms Mouse Focus Problems Using JRE in Release 11i

Note: 290807.1 - Deploying Sun JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite 11i

By |July 6th, 2009|App. Server|0 Comments
Read More