HPE Community
Operating System - HP-UX
1751859 Members
5581 Online
108782 Solutions
New Discussion юеВ

Re: Security hardening hpux 11.23 itanium

 
SOLVED
Go to solution
Donald Thaler
Super Advisor

тАО05-24-2009 06:45 PM

тАО05-24-2009 06:45 PM

Security hardening hpux 11.23 itanium

their is an oracle process genlcntsh which creates a file called libclntsh.so.10.1. this file is critical to the linking process for the oracle binaries. when i run the process as root it works, when i run it as oracle i get an error 'Failed to link libclntsh.so.10.1'..
oracle says this points in the direction of 'security hardening', evidently some module has the wrong read/write/access permission.

i have a second server (backup server) where this linking process works as the user oracle.

how does one go about comparing the access rights on the files between two servers ??
0 Kudos
Reply
27 REPLIES 27
Steven Schweda
Honored Contributor

тАО05-24-2009 09:14 PM

тАО05-24-2009 09:14 PM

Re: Security hardening hpux 11.23 itanium

"ls -l"?
"lsacl"?
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО05-24-2009 09:29 PM

тАО05-24-2009 09:29 PM

Solution

Re: Security hardening hpux 11.23 itanium

>how does one go about comparing the access rights on the files between two servers?

You could use my scripts in the following thread and then compare the generated output script.
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1215123
Reply
Donald Thaler
Super Advisor

тАО05-25-2009 09:16 AM

тАО05-25-2009 09:16 AM

Re: Security hardening hpux 11.23 itanium

swverify -F\* returns illegal option -- * ??
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-25-2009 10:50 AM

тАО05-25-2009 10:50 AM

Re: Security hardening hpux 11.23 itanium

Shalom,

swverify \*

Not what you wrote.

/sbin/init.d/swagentd -r

Try again.

Compare permissions of the libclntsh.so.10.1. library on the good system to the bad and make corrections and try again.

Look at the oracle install logs for other issues.

Check the environment of the install user on both systems for variations.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Dennis Handly
Acclaimed Contributor

тАО05-25-2009 04:39 PM

тАО05-25-2009 04:39 PM

Re: Security hardening hpux 11.23 itanium

>swverify -F\* returns illegal option -- *

You need a space between -F and \*.
(You might want to leave out the -F first as SEP suggests.)
Reply
Donald Thaler
Super Advisor

тАО05-26-2009 04:45 AM

тАО05-26-2009 04:45 AM

Re: Security hardening hpux 11.23 itanium

dennis... i noticed your chown_script_B.ksh only deals with symbolic links (chown -h), whats the downside (if any) of changing the script to do all files in a particular directory
0 Kudos
Reply
Donald Thaler
Super Advisor

тАО05-26-2009 05:04 AM

тАО05-26-2009 05:04 AM

Re: Security hardening hpux 11.23 itanium

what exactly does swverify -F \* do ??
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-26-2009 05:07 AM

тАО05-26-2009 05:07 AM

Re: Security hardening hpux 11.23 itanium

Shalom,

No impact to changing ownership on soft links.

Like to see that script.

Try the swverify both ways, my way first then Dennis. If the results are not too verbose post them.



SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Donald Thaler
Super Advisor

тАО05-26-2009 05:12 AM

тАО05-26-2009 05:12 AM

Re: Security hardening hpux 11.23 itanium

steven to see dennis's script go to:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1215123

what does the swverify -F \* verify the ownership and permissions against ???
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.