Linux: Creating a File System.

Oracle Linux: Creating a File System.
Nov 13, 2018.

TUTORIAL GOAL:
We are adding new disk partitions to an existing Linux install. RHEL6 and above.
Steps include, create new partition, format, mount it at a mount point, and update /etc/fstb file to make the
partitions and mount points persistent.

STEPS:
1: First some information gathering as to what we already have on the system.
This lists out the SCSI attached.

[TEST ~]# cat /proc/scsi/scsi
Attached devices:
Host: scsi2 Channel: 00 Id: 00 Lun: 00
Vendor: VMware Model: Virtual disk Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi2 Channel: 00 Id: 01 Lun: 00
Vendor: VMware Model: Virtual disk Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi2 Channel: 00 Id: 02 Lun: 00
Vendor: VMware Model: Virtual disk Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi2 Channel: 00 Id: 03 Lun: 00
Vendor: VMware Model: Virtual disk Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi2 Channel: 00 Id: 04 Lun: 00
Vendor: VMware Model: Virtual disk Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 02

Existing Partitions:
[TEST ~]# fdisk -l

Disk /dev/sda: 64.4 GB, 64424509440 bytes, 125829120 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0009bd19

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 2099199 1048576 83 Linux
/dev/sda2 2099200 125829119 61864960 8e Linux LVM

We have 2 active partitions sda1 and sda2

The above command also shows us unpartitioned disks:
Example:
Disk /dev/sde: 536.9 GB, 536870912000 bytes, 1048576000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

2: We will create a partition on /dev/sde
#fdisk /dev/sde

[TEST ~]# fdisk /dev/sde
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xa81191d5.

Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
g create a new empty GPT partition table
G create an IRIX (SGI) partition table
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition’s system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)

Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-1048575999, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-1048575999, default 1048575999):
Using default value 1048575999
Partition 1 of type Linux and of size 500 GiB is set

Command (m for help): w
The partition table has been altered! fdisk

Calling ioctl() to re-read partition table.
Syncing disks.

The partition has been created.

[TEST ~]# fdisk -l

Disk /dev/sde: 536.9 GB, 536870912000 bytes, 1048576000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xa81191d5

Device Boot Start End Blocks Id System
/dev/sde1 2048 1048575999 524286976 83 Linux

3: Partition Probe.
If You don’t want to reboot your linux system for making update for the changes you have made in the partition table above just use partprobe command.

[TEST ~]#partprobe

4: Making a File System on the new partition we just created.

Mkfs or mke2fs command is used to create file system in linux.
So Create an ext4 file system.(Make File System so that it get recognized by OS)

[TEST ~]#mkfs -t ext4 /dev/sde1
—This will format the /dev/sde1 partition  and create journal file system ext4 which can be recognized by our Linux operation System.
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
32768000 inodes, 131071744 blocks
6553587 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2279604224
4000 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

Step 5: Mount point.
Now make a new directory and mount /dev/sde1 the newly created partition on it.
Mountpoint are  directories where file systems are mapped.

[TEST ~]# mkdir /u02
Now we map the partition to the above /u02 dir.

[TEST ~]# mount /dev/sde1 /u02

So now whatever you write in new directory /u02 will be saved in newly created partition /dev/sde1

Step6:To verify whether the filesystem has been mounted or not.

[TEST ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 32G 0 32G 0% /dev
tmpfs 32G 0 32G 0% /dev/shm
tmpfs 32G 8.9M 32G 1% /run
tmpfs 32G 0 32G 0% /sys/fs/cgroup
/dev/mapper/ol-root 36G 2.5G 34G 7% /
/dev/sdd1 493G 73M 467G 1% /u04
/dev/sda1 1014M 187M 828M 19% /boot
/dev/mapper/ol-home 18G 33M 18G 1% /home
tmpfs 6.3G 0 6.3G 0% /run/user/0
/dev/sde1 493G 73M 467G 1% /u02
This will show you clearly that your /dev/sde1 is mounted on /u02 directory.

Step7: Make File system permanent/persistent after reboot.
To make this change exist after reboot or to make it permanent we have to make a entry in /etc/fstab file.

[TEST ~]# vi /etc/fstab
/dev/sde1     /u02     ext4    defaults  0 0
Save and exit the file.

Thats it. The new partion /dev/sde1 exists, its mounted on /u02 and the changes are persistent.
If this system is non production you can actually reboot and do df -h and see if the partion is properly mounted.

HOW TO DELETE AN EXISTING PARTITION:

Step1:
First unmount the partition and remove the entry from /etc/fstab.

[TEST ~]# umount /dev/sde1

Step2:
Then use fdisk command to delete the partition

[TEST~]# fdisk /dev/sde
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
g create a new empty GPT partition table
G create an IRIX (SGI) partition table
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition’s system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)

Command (m for help): d
Selected partition 1
Partition 1 is deleted

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Step3: update change without a reboot.
[TEST ~]# partprobe

Step4:Now check the partition table whether it is updated or not.

[TEST ~]#fdisk -l

You will find /dev/sde1 has been deleted.
NOTE: If entries have been added to /etc/fstab file pointing to this partition you need to delete the line in /etc/fstab.

ISSUES:
Sometimes when we try to make a file system on a new partition we may get this error.

[TEST ~]# mkfs.ext4 -t ext4 /dev/sde2
mke2fs 1.42.9 (28-Dec-2013)
mkfs.ext4: inode_size (128) * inodes_count (0) too big for a
filesystem with 0 blocks, specify higher inode_ratio (-i)
or lower inode count (-N).

FDISK has issues with the partition table.
In this case:
Reboot the host.
Make the file system:
#mkfs.ext4 -t ext4 /dev/sde2
#mkdir /u03
#mount /dev/sde2 /u03
#vi /etc/fstab
Add the above partion mountpoint to fstab file.
Save.
Close

Should be good to go.

Linux: Changing IP Address and Other Network Configurations in Linux.

Changing Network IP and Other Network Configurations:
Chadap: Nov6, 2018.

1: Open Terminal.

2: Open network configuration file. In this example, it’ll configure on interface ens160 in our example. Type
vi /etc/sysconfig/network-scripts/ifcfg-ens160

Opens NIC’s configuration file

3: The current configuration.
TYPE=”Ethernet”
PROXY_METHOD=”none”
BROWSER_ONLY=”no”
BOOTPROTO=”none”
DEFROUTE=”yes”
IPV4_FAILURE_FATAL=”no”
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
IPV6_DEFROUTE=”yes”
IPV6_FAILURE_FATAL=”no”
IPV6_ADDR_GEN_MODE=”stable-privacy”
NAME=”ens160″
UUID=”2441c82d-bdd0-425c-bff7-71ddda1f2af2″
DEVICE=”ens160″
ONBOOT=”yes”
IPADDR=”XXX.XX.XXX.XX”
PREFIX=”26″
GATEWAY=”—.–.—.-”
DNS1=”—.–.—.-”
DNS2=”—.–.—.-”
DOMAIN=”—————”
IPV6_PRIVACY=”no”

4: Modify the file by press ‘i’ to enter insert mode. Change BOOTPROTO to static and add IP Address and Net mask as new lines if they’re not existed yet..
BOOTPROTO=static
IPADDR=172.17.254.20
NETMASK=255.255.255.0

Save the configuration file.
Exit the vi editor

5: Restart the network interface card. Type
service network restart.

Please note you will be disconnected from your session.
Give it a few min and reopen the terminal session.

7: See if the changes went into effect. Type
ifconfig

The new changes should be in effect for the NIC in question.

Oracle Security: Setting the AUDIT_SYSLOG_LEVEL Parameter. Oracle 11g.

Nov 11, 2018.
Setting the AUDIT_SYSLOG_LEVEL Parameter. Oracle 11g. REHL6 (Onwards).

APPLIES TO:
Oracle Database – Enterprise Edition – Version 10.2.0.1 to 11.2.0.4 [Release 10.2 to 11.2]
ALL platforms.

ISSUE:
Because of Infosec dictate we are required to port/export our DB logs to OS rsyslog.
Example: If the ‘Connect’ audit trail is enabled in the DB, the requirement would be to write these connect logs to OS rsyslogs.

SOLUTION:
AUDIT_SYSLOG_LEVEL parameter. When the AUDIT_TRAIL parameter is set to OS, writes DB audit records to the system audit log using the rsyslog utility.

To enable syslog auditing for all the users (privileged or not privileged), you assign a value of OS to the AUDIT_TRAIL initialization parameter, as described in “Setting the AUDIT_TRAIL Initialization Parameter”.  You assign to the AUDIT_SYSLOG_LEVEL parameter a facility and priority in the format AUDIT_SYSLOG_LEVEL=facility.priority. The facility argument describes the part of the operating system that is logging the message while the priority argument defines the severity of the message. The syslog daemon compares the value assigned to the facility argument of the AUDIT_SYSLOG_LEVEL parameter with the rsyslog.conf file in order to determine where to log information. For example, the following statement identifies the facility as local1 with a priority level of warning:

AUDIT_SYSLOG_LEVEL=local1.warning

Setting the AUDIT_SYSLOG_LEVEL initialization parameter to the default value
(NONE) will result in DBAs gaining access to the OS audit records.

To enable syslog auditing, follow these steps:

Assign a value of OS to the AUDIT_TRAIL initialization parameter:

For example:

SQL> ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;
Options available for us:
Values:< BR>NONE

Disables standard auditing. This value is the default if the AUDIT_TRAIL parameter was not set in the initialization parameter file or if you created the database using a method other than Database Configuration Assistant. If you created the database using Database Configuration Assistant, then the default is db.

OS
Directs all audit records to an operating system file. Oracle recommends that you use the os setting, particularly if you are using an ultra-secure database configuration.

DB
Directs audit records to the database audit trail (the SYS.AUD$ table), except for records that are always written to the operating system audit trail. Use this setting for a general database for manageability.
If the database was started in read-only mode with AUDIT_TRAIL set to db, then Oracle Database internally sets AUDIT_TRAIL to os. Check the alert log for details.

DB, EXTENDED
Performs all actions of AUDIT_TRAIL=db, and also populates the SQL bind and SQL text CLOB-type columns of the SYS.AUD$ table, when available. These two columns are populated only when this parameter is specified.
If the database was started in read-only mode with AUDIT_TRAIL set to db, extended, then Oracle Database internally sets AUDIT_TRAIL to os. Check the alert log for details.

XML
Writes to the operating system audit record file in XML format. Records all elements of the AuditRecord node except Sql_Text and Sql_Bind to the operating system XML audit file.

XML, EXTENDED
Performs all actions of AUDIT_TRAIL=xml, and includes SQL text and SQL bind information in the audit trail.

Also set the AUDIT_SYSLOG_LEVELparameter.

SQL> ALTER SYSTEM SET AUDIT_SYSLOG_LEVEL=”local1.warning” SCOPE=SPFILE;
Set the AUDIT_SYSLOG_LEVEL parameter to specify a facility and priority in the format AUDIT_SYSLOG_LEVEL=facility.priority.
facility: Describes the part of the operating system that is logging the message. Accepted values are user, local0–local7, syslog, daemon, kern, mail, auth, lpr, news,uucp, andcron.

The local0–local7 values are predefined tags that enable you to sort the syslog message into categories. These categories can be log files or other destinations that the syslog utility can access.

priority: Defines the severity of the message. Accepted values are notice, info, debug, warning, err, crit, alert, and emerg.

The syslog daemon compares the value assigned to the facility argument of the AUDIT_SYSLOG_LEVEL parameter with the syslog.conf file to determine where to log the information.  The decision where to write the syslog entries does not belong to the Oracle services, but to the syslog daemon.

For example, the following statement identifies the facility as local1 with a priority level of warning:

AUDIT_SYSLOG_LEVEL=local1.warning

Add the audit file destination to the rsyslog configuration file /etc/rsyslog.conf.

For example, assuming you had set the AUDIT_SYSLOG_LEVEL to local1.warning, enter the following:

local1.warning    /var/log/audit.log

This setting logs all warning messages to the /var/log/audit.log file.

Comment: separate the entries in syslogd.conf by using TAB rather than spaces, otherwise it may not work for all syslogd versions, so the above would really be:

local1.warning<tab><tab>/var/log/audit.log

Also pre-create the file as follows (as root):

# touch /var/log/audit.log

The facility line for your messages in the file rsyslog.conf should appear before the “catch all” setting and you should include appropriate .none entry to “catch all” also.

Once the changes are made to the rsyslog.conf, restart the rsyslog service.

#systemctl restart rsyslog.servic

If you get a message like so:
Redirecting to /bin/systemctl restart syslog.service
Failed to restart syslog.service: Unit not found.

Then you are actually running rsyslog.
Make sure the changes are made to /etc/rsyslog.conf
#service rsyslog restart

 

 

 

 

 

 

Linux: Changing Hostname on a Linux Server.

10/22/2018
Changing Hostname On a Linux Server.

The manual method
This method will work on nearly any Linux distribution.

Before we get into this method, do note it will require you to reboot the server. Otherwise,
the new hostname will not go into effect and you could wind up with some random issues—depending
upon what your server is used for.

Open up a terminal window. We can find out what our current  hostname is by issuing the command hostname.

To modify the hostname, we need to modify two files.

vi /etc/hostname.
In this file you will see a single line that contains your system hostname. Edit that line to reflect the new hostname.
Once you’ve done that, save and close the file.

Now We modify  /etc/hosts file.
vi /etc/hosts
In this file, you’ll want to change any instance of the old hostname to reflect the new hostname.
There should only be one entry/line to change.

Save the file.
Exit.
Reboot.

Once it is up the new hostname should take effect. Open a terminal window. Issue hostname command.
You will see the new name within the prompt.

Notes on VM Linux node existing within a windows infrastructure.
When we change the hosts file and the hostname above the DNS entries local to the Linux VM node will change to the new name, BUT, if we are
connecting to this from a Windows system, say, a remote putty session or any other remote session connect, then the DNS entries withing the
Windows domain need to be changed to point at at the new hostname.

10/22/2018

Oracle PSU and CPU Security Patching.

Oracle: PSU and CPU Patching for Oracle Databases.
September 27, 2018

Oracle provides Critical Patch Updates every qtr.
The dates for these updates, in 2018/2019, are:

October 16, 2018
January 15, 2019
April 16, 2019
July 16, 2019

We are going to look at PSU (Patch Set Update) and CPU (Critical Patch Update) released on July 17, 2018
for Linux x86-64 system and Oracle Version 11.2.0.4.0.

1: PSU Patch:
Patch 27734982: DATABASE PATCH SET UPDATE 11.2.0.4.180717
You will need oracle Support.
https://support.oracle.com/epmos/faces/PatchHome

Download the complete ‘Read Me’ document for expanded instructions when you are downloading the patch. Below are shown some important steps for Installation.

A: Environment checks:
Ensure that the $PATH definition has the following executables: make, ar, ld, and nm.
The location of these executables depends on your operating system. On many operating systems, they are located in /usr/ccs/bin, in which case you can set your PATH definition as follows:
export PATH=$PATH:/usr/ccs/bin

B: One-off Patch Conflict Detection and resolution:
Determine whether any currently installed one-off patches conflict with the PSU patch as follows:
unzip p27734982_112040_<platform>.zip
cd 27734982
opatch prereq CheckConflictAgainstOHWithDetail -ph ./

The report will indicate the patches that conflict with PSU 27734982 and the patches for which PSU 27734982 is a superset.
Note that Oracle proactively provides PSU one-off patches for common conflicts with this patch.

C: Patch Installation:
*** Ensure that you shut down all the services running from the Oracle home (listner, DB, whatever)
1. If you are using a Data Guard Physical Standby database, you must install this patch on both the primary database and the physical standby database, as described by My Oracle Support Document 278641.1.
2. If this is an Oracle RAC environment, install the PSU patch using the OPatch rolling (no downtime) installation method as the PSU patch is rolling Oracle RAC installable. Refer to My Oracle Support Document 244241.1 Rolling Patch – OPatch Support for RAC.
3. If this is not a Oracle RAC environment, shut down all instances and listeners associated with the Oracle home that you are updating. For more information, see Oracle Database Administrator’s Guide.
4. Rollback any patches found during the One-off Patch Conflict Detection.
5. Set your current directory to the directory where the patch is located and then run the OPatch utility by entering the following commands:
6. unzip p27734982_112040_<platform>.zip
7. cd 27734982
8. opatch apply
9. Install all resolutions to conflicts found during the One-off Patch Conflict Detection.

D: Post Patch:
Loading Modified SQL Files into the Database
The following steps load modified SQL files into the database. For an Oracle RAC environment, perform these steps on only one node.
1. For each database instance running on the Oracle home being patched, connect to the database using SQL*Plus. Connect as SYSDBA and run the catbundle.sql script as follows:
2. cd $ORACLE_HOME/rdbms/admin
3. sqlplus /nolog
4. SQL> CONNECT / AS SYSDBA
5. SQL> STARTUP
6. SQL> @catbundle.sql psu apply
7. SQL> QUIT
Running the above may make some objects invalid. To correct that:
8. cd $ORACLE_HOME/rdbms/admin
9. sqlplus /nolog
10. SQL> CONNECT / AS SYSDBA
11. SQL> @utlrp.sql

2: CSU Patch:
Patch 27923163: DATABASE PATCH SET UPDATE 11.2.0.4.180717

Download the complete ‘Read Me’ document for expanded instructions. Below are shown some important steps for Installation.

A: Environment checks:
Ensure that the $PATH definition has the following executables: make, ar, ld, and nm.
The location of these executables depends on your operating system. On many operating systems, they are located in /usr/ccs/bin, in which case you can set your PATH definition as follows:
export PATH=$PATH:/usr/ccs/bin

B: One-off Patch Conflict Detection and resolution:
Determine whether any currently installed one-off patches conflict with the PSU patch as follows:
unzip p27923163_11204_<platform>.zip
cd 27923163
opatch prereq CheckConflictAgainstOHWithDetail -ph ./

The report will indicate the patches that conflict with CSU 27923163 and the patches for which CSU 27923163 is a superset.
Note that Oracle proactively provides CSU one-off patches for common conflicts with this patch.

C: Patch Installation:
*** Ensure that you shut down all the services running from the Oracle home (listner, DB, whatever)
1. If you are using a Data Guard Physical Standby database, you must install this patch on both the primary database and the physical standby database, as described by My Oracle Support Document 278641.1.
2. If this is an Oracle RAC environment, install the PSU patch using the OPatch rolling (no downtime) installation method as the PSU patch is rolling Oracle RAC installable. Refer to My Oracle Support Document 244241.1 Rolling Patch – OPatch Support for RAC.
3. If this is not a Oracle RAC environment, shut down all instances and listeners associated with the Oracle home that you are updating. For more information, see Oracle Database Administrator’s Guide.
4. Rollback any patches found during the One-off Patch Conflict Detection.
5. Set your current directory to the directory where the patch is located and then run the OPatch utility by entering the following commands:
6. unzip p27923163_11204_<platform>.zip
7. cd 27923163
8. $opatch apply
9. Verify whether the patch has been successfully installed by running the following command:
10. $ opatch lsinventory
11. Install all resolutions to conflicts found during the One-off Patch Conflict Detection.

D: Post Patch :
Loading Modified SQL Files into the Database
1. Install the SQL portion of the patch by running the following command for a single instance environment.
2. cd $ORACLE_HOME/sqlpatch/27923163
3. sqlplus /nolog
4. SQL> CONNECT / AS SYSDBA
5. SQL> startup upgrade
6. SQL> @postinstall.sql
7. SQL> shutdown
8. SQL> startup
For an Oracle RAC environment, reload the packages on one of the nodes using the following commands. Make sure no other instance of the database is up on the remote nodes.
cd $ORACLE_HOME/sqlpatch/27923163
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> STARTUP
SQL> alter system set cluster_database=false scope=spfile;
SQL> SHUTDOWN
SQL> STARTUP UPGRADE
SQL> @postinstall.sql
SQL> alter system set cluster_database=true scope=spfile;
SQL> SHUTDOWN
SQL> STARTUP
Running the above may make some objects invalid. To correct that:
8. cd $ORACLE_HOME/rdbms/admin
9. sqlplus /nolog
10. SQL> CONNECT / AS SYSDBA
11. SQL> @utlrp.sql