Oracle database – OL9.1

Download 21.3 C from

https://www.oracle.com/database/technologies/oracle21c-linux-downloads.html#license-lightbox

set corect hostname –

hostnamectl hostname dbs

add record in /etc/hosts – local ip to dns name.

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.56.3 dbs

disable selinux -> restart

kernel parameters sysctl and apply .

fs.file-max = 6815744
kernel.sem = 250 32000 100 128
kernel.shmmni = 4096
kernel.shmall = 1073741824
kernel.shmmax = 4398046511104
kernel.panic_on_oops = 1
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
fs.aio-max-nr = 1048576
net.ipv4.ip_local_port_range = 9000 65500

set limits in /etc/security/limits.d/oracle.conf

oracle   soft   nofile    1024
oracle   hard   nofile    65536
oracle   soft   nproc    16384
oracle   hard   nproc    16384
oracle   soft   stack    10240
oracle   hard   stack    32868
oracle   hard   memlock    134217728
oracle   soft   memlock    134217728
oracle   soft   data    unlimited
oracle   hard   data    unlimited

Install and remove packages

yum remove firewalld *firmware*

yum install bc bind-utils elfutils-libelf glibc glibc-devel ksh libaio libXrender libX11 libXau libXi libXtst libgcc libnsl libstdc++ libxcb libibverbs make policycoreutils policycoreutils-python-utils smartmontools sysstat unixODBC  libnsl2  libnsl2.i686 libxcrypt-compat xauth unzip wget telnet vim

wget ftp://ftp.pbone.net/mirror/archive.fedoraproject.org/fedora/linux/releases/35/Everything/x86_64/os/Packages/c/compat-libpthread-nonshared-2.34-7.fc35.x86_64.rpm

wget ftp://ftp.pbone.net/mirror/ftp.centos.org/8-stream/AppStream/x86_64/os/Packages/compat-openssl10-1.0.2o-4.el8.x86_64.rpm

yum local install compat-openssl10-1.0.2o-4.el8.x86_64.rpm compat-libpthread-nonshared-2.34-7.fc35.x86_64.rpm

Create groups; set pass

groupadd -g 54321 oinstall
groupadd -g 54322 dba
groupadd -g 54323 oper

useradd -u 54321 -g oinstall -G dba,oper oracle

passwd oracle

Create oracle dir sctructure

mkdir -p /opt/u01/app/oracle/product/21.0.0/dbhome_1 

chown -R oracle:oinstall /u01 

chmod -R 775 /u01

mkdir -p /home/oracle/scripts


cat > /home/oracle/scripts/setEnv.sh <<EOF
# Oracle Settings
export TMP=/tmp
export TMPDIR=\$TMP

export ORACLE_HOSTNAME=dbs
export ORACLE_UNQNAME=cdb1
export ORACLE_BASE=/opt/u01/app/oracle
export ORACLE_HOME=\$ORACLE_BASE/product/21.0.0/dbhome_1
export ORA_INVENTORY=/opt/u01/app/oraInvenotry
export ORACLE_SID=cdb1
export PDB_NAME=pdb1

#HELP - oracle_hostname = machine hostname  
#HELP - oracle_sid = oracle_uniqname !!
export CV_ASSUME_DISTID=OEL7.8
export PATH=/usr/sbin:/usr/local/bin:\$PATH
export PATH=\$ORACLE_HOME/bin:\$PATH

export LD_LIBRARY_PATH=\$ORACLE_HOME/lib:/lib:/usr/lib
export CLASSPATH=\$ORACLE_HOME/jlib:\$ORACLE_HOME/rdbms/jlib
EOF

echo “. /home/oracle/scripts/setEnv.sh” >> /home/oracle/.bash_profile

add

 alias ohome="cd $ORACLE_HOME"  

in

 /home/oracle/.bash_profile 

sudo su – oracle

unzip LINUX.X64_213000_db_home.zip -d /opt/u01/app/oracle/product/21.0.0/dbhome_1/

cd ohome

cd /lib/stubs

mv libc.so libc.so.hide
mv libc.so.6 libc.so.6.hide
rm /opt/u01/app/oracle/product/21.0.0/dbhome_1/lib/libjavavm.a

cp /opt/u01/app/oracle/product/21.0.0/dbhome_1/javavm/jdk/jdk8/lib/libjavavm.a /opt/u01/app/oracle/product/21.0.0/dbhome_1/lib/

Use mobaXterm to start graphical installation as user oracle

cd ohome

./runInstaller

date : 15.12.22

[LPIC-2] Measure and Troubleshoot Resource Usage (200.1)

Този урок покрива нужния матерал за изпит 1 от LPI-2 сертификацията, това включва следните нужни команди, файлове и термини:
1.iostat
2.iotop
3.vmstat
4.netstat
5.ss
6.iptraf
7.ps
8.pstree
9.w
10.lsof
11.free
12.top
13.htop
14.uptime
15.sar

Следните термини са нужни и се срещат в няколко от командите:
-processes blocked on I/O
-blocks out
-swap
-blocks in
Повече информация относно точка 200.1 може да намерите в официалния сайт на LPI
Continue reading ‘[LPIC-2] Measure and Troubleshoot Resource Usage (200.1)’ »

Защита на сървър чрез Geoip – Блокиране на SSH връзки извън България

Инсталирайте geoip

sudo apt-get install geoip-bin geoip-database

Подсигурете се, че работи:

boyanweb@boyanweb:/Files150G$ geoiplookup boyan.website
GeoIP Country Edition: BG, Bulgaria

Този скрипт забранява ssh от небългарски ip адреси, сложете го в /usr/local/bin/.

#!/bin/bash
ALLOW_COUNTRIES=”BG

if [ $# -ne 1 ]; then
echo “Usage: `basename $0` ” 1>&2
exit 0 # return true in case of config issue
fi

COUNTRY=`/usr/bin/geoiplookup $1 | awk -F “: ” ‘{ print $2 }’ | awk -F “,” ‘{ print $1 }’ | head -n 1`

[[ $COUNTRY = “IP Address not found” || $ALLOW_COUNTRIES =~ $COUNTRY ]] && RESPONSE=”ALLOW” || RESPONSE=”DENY”

if [ $RESPONSE = “ALLOW” ]
then
exit 0
else
logger “$RESPONSE sshd connection from $1 ($COUNTRY)”
echo “$RESPONSE sshd connection frem $1($COUNTRY)” >> /home/ПОТРЕБИТЕЛ/sshLOG

exit 1
fi

Във файла /etc/hosts.deny добавете реда:

sshd: ALL

Във файла /etc/hosts.allow добавете реда:

sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a

Не е нужно да рестарирате sshd процеса, директно може да направите тест:

boyanweb@boyanweb:~$ /usr/local/bin/sshfilter.sh 8.4.8.4
boyanweb@boyanweb:~$ cat sshLOG
DENY sshd connection from 8.4.8.4(US)
boyanweb@boyanweb:~$ /usr/local/bin/sshfilter.sh 8.4.8.8
boyanweb@boyanweb:~$ cat sshLOG
DENY sshd connection from 8.4.8.4(US)
DENY sshd connection from 8.4.8.8(US)

За ъпдейт на geoip може да използвате следния скрипт. Дори и току що да сте го изтеглили е добре да се подсигурите, че сте на най-новата възможна версия.

!/bin/bash
cd /tmp
wget -q https://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
if [ -f GeoIP.dat.gz ]
then
gzip -d GeoIP.dat.gz
rm -f /usr/share/GeoIP/GeoIP.dat
mv -f GeoIP.dat /usr/share/GeoIP/GeoIP.dat
else
echo “The GeoIP library could not be downloaded and updated”
fi