How to setup AGENT_REGISTRATION_PASSWORD in OEM 12c/13c
How to setup AGENT_REGISTRATION_PASSWORD in OEM 12c/13c
Registration Passwords are used by the Administrators to secure Oracle Management Agents against any OMS that uses this repository. Registration Passwords can be either Persistent or One-time. Persistent Registration Passwords can be used to register multiple agents whereas One-time passwords can only be used once after which they are deleted automatically from the repository. When defining any Registration Password, it is required to specify an expiry date after which the Registration Password will be invalidated.
Steps:
Setup –> security –> registration passwords –> create
Fulfill the areas, and then the password has created.
- Persistent or One-time: ‘Persistent’ can be used for multiple agents. ‘One-time’ will be deleted once an agent uses it for registration.
- The expiry date for the password can be provided to make sure it is not open every time.
We can also set the registration password from the command line.
Go to the OMS server.
cd /bin
emctl secure setpwd [sysman pwd] [new registration pwd]
- The password is ‘Persistent’ with ‘No Expire Date’.
- There is no option to edit/delete the registration password from the command line, use the Cloud Console UI for these activities.
How to Download a specific version of the RPM package along with its dependencies
How to Download a specific version of the RPM package along with its dependencies
Use the –showduplicates to see all the installed packages and the available packages
# yum --showduplicates list [package_name]
root@funoel7:~# yum --showduplicates list httpd
Loaded plugins: langpacks, ulninfo
Installed Packages
httpd.x86_64 2.4.6-45.0.1.el7_3.4 @ol7_latest
Available Packages
httpd.x86_64 2.4.6-80.0.1.el7 ol7_latest
httpd.x86_64 2.4.6-80.0.1.el7_5.1 ol7_latest
httpd.x86_64 2.4.6-88.0.1.el7 ol7_latest
httpd.x86_64 2.4.6-89.0.1.el7_6 ol7_latest
httpd.x86_64 2.4.6-89.0.1.el7_6.1 ol7_latest
httpd.x86_64 2.4.6-90.0.1.el7 ol7_latest
httpd.x86_64 2.4.6-93.0.1.el7 ol7_latest
httpd.x86_64 2.4.6-95.0.1.el7 ol7_latest
httpd.x86_64 2.4.6-97.0.1.el7_9 ol7_latest
Solution 1:
Download the packages into a local directory
yum install --downloadonly --downloaddir=[directory] [package] [version]
yum install --downloadonly --downloaddir=/tmp/ httpd.x86_64 2.4.6-97.0.1.el7_9
Sample Output:
All dependencies are also downloaded.
root@funoel7:/tmp# ls -ltr *.rpm
-rw-r--r-- 1 root root 116596 Nov 10 20:41 mod_ssl-2.4.6-97.0.1.el7_9.x86_64.rpm
-rw-r--r-- 1 root root 94932 Nov 10 20:41 httpd-tools-2.4.6-97.0.1.el7_9.x86_64.rpm
-rw-r--r-- 1 root root 1246132 Nov 10 20:41 httpd-2.4.6-97.0.1.el7_9.x86_64.rpm
-rw-r--r-- 1 root root 504732 Dec 16 16:58 openssl-1.0.2k-21.el7_9.x86_64.rpm
-rw-r--r-- 1 root root 1254216 Dec 16 16:58 openssl-libs-1.0.2k-21.el7_9.x86_64.rpm
Solution 2:
Download package with its dependencies using yumdownloader
# yumdownloader [package]
#yumdownloader --destdir=[DIR] [package]
yumdownloader --destdir=/tmp httpd.x86_64 2.4.6-97.0.1.el7_9
download the packe along with all dependencies, use option "--resolve" along with "- -destdir"
yumdownloader --destdir=[DIR] --resolve [package]
How To Audit and Monitor An Oracle Applications User in R12
How To Audit and Monitor An Oracle Applications User in R12
Sign-On:Audit Level allows you to select a level at which to audit users who sign on to Oracle Applications and monitor.
Overview:
Users Activity in Oracle E-Business Suite can be monitored online (using a given form) or via reports available in the system administration responsibility.
The online monitoring of user activity within Oracle Applications is achieved via the Monitor Users form (Form Name: FNDSCMON.fmx). In order to use this form and also to use the reports the profile option Sign-On: Audit Level must be set to an appropriate value. The available options are: -
• NONE: No monitoring performed on users’ activity.
• USER: Only show a list of logged-in users.
• RESPONSIBILITY: Will show the users logged in and the responsibility they are using.
• FORM: show the most detailed level, it will show the User, Responsibility, and Form being accessed.
The general overview of the process of monitoring user activity in Oracle Applications R12 is:
1. Enabling users tracking by setting the profile option “Sign-On: Audit level” to take the value for example “Form”.
2. Viewing Users online using the “Monitor Users” form.
3. Viewing Monitoring Reports about users and their activity.
4. If not used disable tracking users by changing the “Sign-On: Audit level” to take the value for example “None”.
Based on the level chosen, the information captured gets stored in the following tables:
FND_LOGINS
FND_LOGIN_RESPONSIBILITIES
FND_LOGIN_RESP_FORMS
1. Least detailed level: User.
When the profile is set to User, the only table that gets updated is the table FND_LOGINS and only one record per user session.
2. Next level: Responsibility.
When the profile is set to Responsibility both FND_LOGINS and FND_LOGIN_RESPONSIBILITIES will be updated.
FND_LOGINS gets only one record per user session.
FND_LOGIN_RESPONSIBILITIES will be updated with one record for each
responsibility selected during the session.
3. Most detailed level: Form.
When the profile is set to Form all three tables are involved.
FND_LOGINS gets only one record per user session.
FND_LOGIN_RESPONSIBILITIES will be updated with one record for each
responsibility selected during the session.
FND_LOGIN_RESP_FORMS will be updated with one record for each form selected during the session.
Enable User Tracking – Setting the Sign-On: Audit Level profile option:
To enable user tracking by changing the value of “Sign-On: Audit Level” profile option use the following steps (we will use the value Form):
1. Log in to Oracle APPS with system administrator responsibility
2. Navigate to Profile > System
3. Make sure the Site option is checked.
4. Navigate to Profile and search for sign > Click Find
5. Select the “Sign-On: Audit Level” > Click Find
6. Change its value to be Form
7. From the Menu bar click File > Save
Viewing Users Online Using the “Monitor Users” form
To monitor users online we use the “Monitor Users” screen or form. To display current users and their information using Monitor Users form:
1. Log in with System Administrator Responsibility
2. Navigate to Security: Users > Monitor
3. Click (CTL + F11) keys to display the result.
This is a very useful screen since it tells you exactly which users are logged in and what are they doing in the system at any point in time. One may check this screen before bouncing or restarting the system to make sure all users are logged out.
It is a good practice to set the Sign-On: Audit Level profile option to “Form” since it gives the most detailed information above other choices but it will impact the system performance since it collects a lot of information, so you have to keep that in mind.
Viewing Monitoring Reports about Users and their activity:
Depending on what audit level you have selected for the profile option under discussion you may also generate various reports as indicated below: –
• Sign-On Audit Concurrent Requests: View information about who is requesting what concurrent requests and from which responsibilities and forms.
• Sign-On Audit Forms:View who is navigating to what form and when they do it.
• Sign-On Audit Responsibilities: Used to view who is selecting what responsibility and when they are doing it.
• Sign-On Audit Users:Used to view who signs on and for how long.
• Sign-On Audit Unsuccessful: Show audit information about unsuccessful logins to Oracle Applications.
To view any of the given reports monitoring user activity use the following steps:
1. Navigate to System Administrator Responsibility > Concurrent > Requests Or from the Menu Bar go to View > Requests
2. Choose to Submit New Request > Single Request
3. Select the report you want from the 4 requests given above.
4. Click Submit > Find
5. Select the report you choose and click the View output button to view the report.
Notifying Users of Unsuccessful Logins to their accounts:
Sign-On Audit can track user logins and provide users with a warning message if anyone has made an unsuccessful attempt to sign on with their application username since their last sign-on. This warning message appears after a user signs on. You do not have to audit the user with Sign-On Audit to use this notification feature.
To inform users about unsuccessful logins to their account, you can set the “Sign-On: Notification” profile option to Yes. To do that from System Administrator Responsibility > Profile > System > Find the profile option “Sign-On: Notification” and change its value to Yes.
References:
What Tables Are Involved In Using The System Profile 'Sign-On:Audit Level'? [ID 368260.1]
How to find Patch Number or Command Execution Vulnerability(CVE) has been installed in RHEL/OEL/Centos
How to find Patch Number or Command Execution Vulnerability(CVE) has been installed in RHEL/OEL/Centos
CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. The security flaw that's been assigned a CVE ID number.
We use the rpm command to find the CVE. Each rpm package stores information about patches including date, small description, and CVE number.
Use the -q query option to display change information for the package.
rpm –changelog option
Use the command as follows:
rpm -q --changelog {package-name}
rpm -q --changelog {package-name} | more
rpm -q --changelog {package-name} | grep CVE-NUMBER
If we want to find out if CVE-2015-3183 has been applied to httpd package or not, enter:
# rpm -q --changelog httpd|grep CVE-2015-3183
Find for a kernel
# rpm -q --changelog kernel| more
OR
# rpm -q --changelog httpd | more
Sample output:
# rpm -q --changelog httpd |grep -i CVE
- updated patch for CVE-2016-8743
- Resolves: #1412975 - CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 httpd: various
- add security fix for CVE-2016-5387
- core: fix chunk header parsing defect (CVE-2015-3183)
and ap_force_authn hook (CVE-2015-3185)
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_cgid: add security fix for CVE-2014-0231 (#1120608)
- mod_proxy: add security fix for CVE-2014-0117 (#1120608)
- mod_deflate: add security fix for CVE-2014-0118 (#1120608)
- mod_status: add security fix for CVE-2014-0226 (#1120608)
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120608)
- mod_dav: add security fix for CVE-2013-6438 (#1077907)
- mod_log_config: add security fix for CVE-2014-0098 (#1077907)
Find CVE for an rpm file
The above command will query the installed package only. To query the rpm file use the below.
# rpm -qp --changelog httpd-1.3.0-1.noarch.rpm | more
Configuring Webmin and Usermin on Linux
Configure Webmin and Usermin on Linux
Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely
Usermin is a web-based interface for webmail, password changing, mail filters, fetchmail and much more. It is designed for use by regular non-root users on a Unix system, and limits them to tasks that they would be able to perform if logged in via SSH or at the console.
This example is based on OEL 7.
1) Install pre-req
wget http://public-yum.oracle.com/public-yum-ol7.repo
wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol7 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty perl-Encode-Detect
yum install pam-devel
yum install perl-Authen-PAM
2) Create a repository on server.
vi /etc/yum.repos.d/usermin.repo
[Usermin]
name=Usermin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
vi /etc/yum.repos.d/webmin.repo
[webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
3) Install GPG keys
wget https://download.webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc
4) Install Webmin and Usermin
[root@funoel7 yum.repos.d]# yum install webmin
[root@funoel7 yum.repos.d]# yum install usermin
5)Configure to make sure webmin and usermin start at system reboot automatically.
chkconfig webmin on
chkconfig usermin on
6) Open the incoming connection to port:
20000 is default for usermin console
10000 is default for webmin console
iptables -I INPUT -p tcp --dport 20000 --syn -j ACCEPT
iptables -I INPUT -p tcp --dport 10000 --syn -j ACCEPT
service iptables save
systemctl enable --now webmin.socket
systemctl enable --now usermin.socket
7)Open Browser and try to URL
https://funoel7.lab:10000--Webmin
https://funoel7.lab:20000--Usermin
Query to find historical blocking sessions in Oracle Database
Query to find historical blocking sessions
We can use either GV$ACTIVE_SESSION_HISTORY or DBA_HIST_ACTIVE_SESS_HISTORY
Query:
SELECT DISTINCT ash.sql_id,
ash.inst_id,
ash.blocking_session blocker_ses,
ash.blocking_session_serial# blocker_ser,
ash.user_id,
s.sql_text,
ash.module,
ash.sample_time
FROM GV$ACTIVE_SESSION_HISTORY ash, gv$sql s
WHERE ash.sql_id = s.sql_id
AND blocking_session IS NOT NULL
AND ash.user_id <> 0 -- exclude SYS user
AND ash.sample_time BETWEEN SYSDATE -1 AND SYSDATE
or
SELECT DISTINCT ash.sql_id,ash.session_id,
ash.blocking_session blocker_ses,
ash.blocking_session_serial# blocker_ser,
ash.user_id,
s.sql_text,
ash.module,
ash.sample_time
FROM DBA_HIST_ACTIVE_SESS_HISTORY ash, gv$sql s
WHERE ash.sql_id = s.sql_id
AND blocking_session IS NOT NULL
AND ash.user_id <> 0 -- exclude SYS user
and upper(SQL_TEXT) like upper('%PRODUCT_TABLE%') --matching a specific table
AND ash.sample_time BETWEEN SYSDATE -3 AND SYSDATE
OBIEE Security integration with EBS
OBIEE Security integration with EBS
The assumption that the RPD settings from the Source instance remain the same. You have to log in to EBS to access OBIEE.
Important Points
a) E-Business Suite and OBIEE URL's are on the same domain
b) E-Business Suite and OBIEE are both using the same security protocol. When E-Business Suite and OBIEE are configured for different security protocols, for example, E-Business Suite for HTTPS and OBIEE for HTTP, then the cookie will not be passed and hence cannot be seen from the OBIEE URL browser, and the integration will fail. So E-Business Suite and OBIEE need to be either on HTTP or HTTPS.
On OBIEE server
Update authenticationschemas.xml
Update the authenticationschemas.xml file to add the name of the EBS ICX authentication cookie.
To update authenticationschemas.xml:
Open the file authenticationschemas.xml for editing. You can find this file at:
$ORACLE_HOME/bifoundation/web/display
Find the following element:
<AuthenticationSchema name="EBS-ICX">
Locate the sub-element RequestVariable source=”cookie” and change the value of the nameInSource attribute from ICX_SESSION to the name of the EBS ICX authentication cookie prefix. For example:
<RequestVariable source="cookie" type="auth" nameInSource="<strong>TERP</strong>" biVariableName="NQ_SESSION.ICX_SESSION_COOKIE" />
Do not update the RequestVariable source=”url” sub-element.
To know your Oracle E-Business Suite the name of the EBS ICX authentication cookie if you do not know it. Alternatively, follow these steps to find the cookie name:
Log in to Oracle E-Business Suite on chrome and follow below
The cookie is displayed like TERP=sQAQGTMiWM61kvi1RD4Hbwr1qi
The value you need to provide in authenticationschemas.xml is the prefix of the EBS ICX authentication cookie.
In this example, the EBS ICX authentication cookie is like TERP=sQAQGTMiWM61kvi1RD4Hbwr1qivm, and the prefix is TERP.
Find the following element:
<SchemaKeyVariable source="cookie>
Change the value of the nameInSource attribute from ICX_SESSION to the name of the EBS ICX authentication cookie prefix . For example:
<SchemaKeyVariable source="cookie" nameInSource="TERP" forceValue="EBS-ICX"/>
Save and close the file.
Update instanceconfig.xml
Update the instanceconfig.xml file to add EBS ICX as one of the enabled schemas, and set it as the default. You must update the instanceconfig.xml file to configure login and logout information.
To update instanceconfig.xml:
Open the file instanceconfig.xml for editing. You can find this file at:
$ORACLE_INSTANCE/config/OracleBIPresentationServicesComponent/coreapplication_obipsn
Locate the Authentication element.
Include EBS ICX in the list of enabled schemas. For example:
<EnabledSchemas>UidPwd,Impersonate,UidPwd-soap,Impersonate-soap,<strong>EBS-ICX</strong></EnabledSchemas>
Ignore the comment in instanceconfig.xml that says this setting is centrally managed. EBS ICX must be manually added to the EnabledSchemas element.
Locate schema name and update EBS URL
<Schema name="EBS-ICX" logoffURL="http://funebs122.lab:8030/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE"/>
Save and close the file.
Restart Oracle Business Intelligence services.
Query to find the size of Databases on an ASM diskgroup
Query to find the size of Databases on an ASM disk group
Assupmtion: All datafiles/redolog/temp files are on ASM.
Query:
column DATABASE format a25
col "GB" format 99,999.9
set pagesize 20
SELECT
disk_group_name
,SUBSTR(alias_path,2,INSTR(alias_path,'/',1,2)-2) Database
,ROUND(SUM(alloc_bytes)/1024/1024/1024,1) "GB"
,ROUND(SUM(alloc_bytes)/1024/1024,1) "MB"
FROM
(SELECT
SYS_CONNECT_BY_PATH(alias_name, '/') alias_path
,alloc_bytes, disk_group_name
FROM
(SELECT
g.name disk_group_name
, a.parent_index pindex
, a.name alias_name
, a.reference_index rindex
, f.space alloc_bytes
, f.type type
FROM
v$asm_file f RIGHT OUTER JOIN v$asm_alias a
USING (group_number, file_number)
JOIN v$asm_diskgroup g
USING (group_number)
)
WHERE type IS NOT NULL
START WITH (MOD(pindex, POWER(2, 24))) = 0
CONNECT BY PRIOR rindex = pindex
)
GROUP BY disk_group_name, SUBSTR(alias_path,2,INSTR(alias_path,'/',1,2)-2)
ORDER BY 1;
Run as grid owner by connecting sqlplus '/as sysasm'
Sample Output:
DISK_GROUP_NAME DATABASE GB MB
------------------ ------------------------- --------- ----------
TEST_DG DEV1 88.3 90440
TEST_DG DEV2 104.5 106982
TEST_DG TERP1 1,127.4 1154435
How to find cookie details in Chrome Browser
How to find cookie details in Chrome Browser
A cookie is a small piece of data stored on the user's computer by the web browser while browsing a website. Cookies were designed to be a reliable mechanism for websites to remember stateful information or to record the user's browsing activity.
How to check cookie in Google Chrome
Start browsing using a new tab window and navigate to the URL of your website. Open the Developer Tools. Depending on your browser this can be done in different ways. For Google Chrome go to View > Developer > Developer Tools or CMD + ALT + I on Mac or F12 on Windows or Ctrl + Shift + J on windows.
Now open the Application tab and check the cookies for each domain. Usually, the cookies have names that resemble the name of the service they are being used by. You can also Google search the cookie names to find specific information about them.
How to find if the Linux OS needs Reboot after Patching/Updates
How to find if the Linux OS needs Reboot after Patching/Updates
In this post, I am going to share how to identify if servers/services need a reboot after OS patching.
RHEL/OEL/Centos
We might need to reboot because of core library updates, at least if it is glibc. (And also, services may need to be restarted after updates).
With the yum-utils package, you can use a command called needs-restarting.
You can use it both for checking if a full reboot is required because of kernel or core libraries updates (using the -r option), or what services need to be restarted (using the -s option).
needs-restarting -r returns 0 if a reboot is not needed, and 1 if it is, so it is perfect to use in a script.
Example
[himanshu@fundb ~]$ needs-restarting -r
No core libraries or services have been updated.
Reboot is probably not necessary.
Now let's do an OS update
yum update -y
Once completed, please check the restart required or not.
[root@fundb ~]# needs-restarting -r
Core libraries or services have been updated:
kernel -> 3.10.0-1160.25.1.el7
glibc -> 2.17-324.0.1.el7_9
systemd -> 219-78.0.3.el7_9.3
openssl-libs -> 1:1.0.2k-21.0.1.el7_9
linux-firmware -> 999:20201217-999.7.git7455a360.el7
Reboot is required to ensure that your system benefits from these updates.
Debian/Ubuntu/Linux Mint
The system needs a reboot if the file /var/run/reboot-required exists and can be checked as follows:
#!/bin/bash
if [ -f /var/run/reboot-required ]; then
echo 'reboot required'
fi
Packages with pending changes that require a restart are listed in:
root@system:/root# cat /var/run/reboot-required.pkgs
libso2.0.0
OpenSUSE/SLES(Suse Linux)
zypper natively has the ability to find services and processes that need to be restarted.
sudo zypper ps
Subscribe to:
Posts
(
Atom
)
