- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Security hardening hpux 11.23 itanium
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2009 05:31 AM
тАО05-26-2009 05:31 AM
Re: Security hardening hpux 11.23 itanium
If you ran this as root, it probably has created the library file(s) in the oracle directory tree that are owned by root. So if you run this process again as the oracle user, it will fail because it can not write over any files that are owned by root.
Check the owner and permissions of
$ORACLE_HOME/lib/libclntsh*
$ORACLE_HOME/lib32/libclntsh*
or use a find command to find root owned files in the entire oracle installation directory.
Check in the oracle directory tree for any files that are owned by root and have a date stamp from the time you ran this process as root.
> i have a second server (backup server) where this linking process works as the user oracle
If you did not run this process as root on this second server, my above claim makes even more sense. (Don't run it as root)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2009 05:50 AM
тАО05-26-2009 05:50 AM
Re: Security hardening hpux 11.23 itanium
> what does the swverify -F \* verify the ownership and permissions against ???
It examines the IPD (Installed Product Database) or the contents of the '/var/adm/sw/products' directory. Therein are 'INFO' files (deeper down) that specify the modes, ownership and mtime attributes associated with the installed files. It is this information that 'swverify' uses to make its comparisons to the actual file attributes.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2009 08:21 AM
тАО05-26-2009 08:21 AM
Re: Security hardening hpux 11.23 itanium
You don't run the generated script, you just compare the scripts. It should do all of the files, including symlinks.
>what does the swverify -F \* verify the ownership and permissions against?
The IPD. Which probably be useless in problems with Oracle. Note the -F will "fix" the permission issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2009 10:31 AM
тАО05-26-2009 10:31 AM
Re: Security hardening hpux 11.23 itanium
chown_script_A.sh /etc | chown_script_B.sh > chown.sh
and the only entries in chown.sh are
chown -h entries...i assumed from looking at
chown_script_B.sh (print "chown -h") that it only picked up symbolic links ..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 01:20 AM
тАО05-27-2009 01:20 AM
Re: Security hardening hpux 11.23 itanium
chown -h entries...
Yes, you then do this on the other system and compare the chown.sh files. You may have to sort these first:
chown_script_A.sh /etc | chown_script_B.sh | sort -k4,4 > chown.txt
>I assumed from looking at chown_script_B.sh (print "chown -h") that it only picked up symbolic links
No it gets every "file". You also need to use:
chown_script_A.sh /etc | chmod_script_C.sh | sort -k3,3 > chmod.txt
And then compare those.
In your case, you probably need to look at the oracle filesystem, not /etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 01:27 AM
тАО05-27-2009 01:27 AM
Re: Security hardening hpux 11.23 itanium
The script is OK.Follow Dennis Handly's procedure.
Regards
Sunny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 08:18 AM
тАО05-27-2009 08:18 AM
Re: Security hardening hpux 11.23 itanium
./chown_script_A.ksh /u01/app/oracle/product/10.2.0.4 | ./chmod_apollo.ksh | sort -k4,4 >chmod_oracle_apollo.txt
i must have the syntax wrong because it displays all the files it can't change because they don't exist but nothing is in chmod_oracle_apollo.txt ???
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 09:24 AM
тАО05-27-2009 09:24 AM
Re: Security hardening hpux 11.23 itanium
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2009 11:11 PM
тАО05-27-2009 11:11 PM
Re: Security hardening hpux 11.23 itanium
>if I run the chmod commands individually
To make it clear, the scripts were originally developed to copy the ownership and permissions from one machine to another.
I'm hijacking the scripts to enable you to do a difference between files on two systems. To do that, you compare the output file chmod_oracle_apollo.txt with one from the other system.
Or you can toss those scripts and just compare this:
find $* -xdev -exec ll -d {} + | awk '{ print $9, $1, $3, $4 }' | sort
>but nothing is in chmod_oracle_apollo.txt?
If there is nothing in that file, then we need to debug the pipeline in stages. Does "chown_script_A.sh /u01/app/oracle/product/10.2.0.4" produce anything?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-28-2009 01:13 AM
тАО05-28-2009 01:13 AM
Re: Security hardening hpux 11.23 itanium
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com