Stay at Home!! Be Safe!! Take Care!!

For Any queries, please mail us at support@funoracleapps.com

Query to Find Incompatibilities for Concurrent Program in Oracle Apps R12

No comments

Query to Find Incompatibilities for Concurrent Program in Oracle Apps R12

Script:

SELECT distinct fat.application_id,
                to_run_concurrent_program_id,
                fat.APPLICATION_NAME,
                fcpt.user_concurrent_program_name,
                DECODE(TO_RUN_TYPE, 'S', 'Set', 'Program') TYPE,
                DECODE(INCOMPATIBILITY_TYPE, 'G', 'Global', 'Domain') "Incompatibilty Type"
  FROM FND_CONCURRENT_PROGRAM_SERIAL fcps,
       FND_CONCURRENT_PROGRAMS_TL    fcpt,
       FND_APPLICATION_TL            fat
 WHERE fcps.RUNNING_APPLICATION_ID = fat.application_id
   AND fcpt.CONCURRENT_PROGRAM_ID = fcps.TO_RUN_CONCURRENT_PROGRAM_ID
   --AND fcpt.CONCURRENT_PROGRAM_ID in (select CONCURRENT_PROGRAM_ID from FND_CONCURRENT_PROGRAMS where concurrent_program_name='&shortname')
   AND fcpt.LANGUAGE = 'US'
   AND fat.LANGUAGE = 'US'
AND fcpt.user_concurrent_program_name like  '%&concurrent_program_name%'
 ORDER BY 1, 2;

No comments :

Post a Comment

Query to Find the Concurrent Manager for a Concurrent Program

No comments

Query to Find the Concurrent Manager for a Concurrent Program


Script:

SELECT distinct fcqc.INCLUDE_FLAG,
       fcqc.QUEUE_APPLICATION_ID,
       fcq.USER_CONCURRENT_QUEUE_NAME,
       fcp.CONCURRENT_PROGRAM_NAME
  FROM APPLSYS.FND_CONCURRENT_QUEUE_CONTENT fcqc,
       APPLSYS.FND_CONCURRENT_PROGRAMS fcp,
       APPS.FND_CONCURRENT_QUEUES_TL fcq
 WHERE     type_id = fcp.concurrent_program_id
AND fcp.concurrent_program_name = '&PROGRAM_SHORT_NAME'
  and fcqc.INCLUDE_FLAG='I'
       AND fcq.concurrent_queue_id = fcqc.concurrent_queue_id;

No comments :

Post a Comment

Understanding SUID, SGID and Sticky bit in Linux

No comments

Understanding SUID, SGID and Sticky bit in Linux


There are 3 types of special permission that can be set on files and directories. 

1. SUID permission
2. SGID permission
3. Sticky bit

Set-user Identification (SUID)

Check for the permission of /usr/bin/passwd command :


 
# ls -lrt /usr/bin/passwd
-r-sr-sr-x   1 root     sys        31396 Jan 20  2014 /usr/bin/passwd

or 

# ls -l /bin/su 
-rwsr-xr-x-x 1 root user  16384 Jan 12 2014 /bin/su

If you check cautiously, you would locate the 2 S's in the permission field. The main s represents the SUID and the subsequent one represents SGID. 

When an command or script with SUID bit set is run, its viable UID turns into that of the owner of the file, as opposed to of the user who is running it.

The setuid permission displayed as an “s” in the owner’s execute field.

How to set SUID on a file?

# chmod 4555 [path_to_file]
Note :
If a capital “S” appears in the owner’s execute field, it indicates that the setuid bit is on, and the execute bit “x” for the owner of the file is off or denied.

Set-group identification (SGID)

SGID permission on executable file
SGID permission is like the SUID permission, just contrast is that when the script/command with SGID on is run, it runs as though it were an individual from a similar group where the file is a member.

# ls -l /usr/bin/write
-r-xr-sr-x  1   root tty 11484 Jan 15 17:55 /usr/bin/write

The setgid permission displays as an “s” in the group’s execute field.

Note :
If a lowercase letter “l” appears in the group’s execute field, it indicates that the setgid bit is on, and the execute bit for the group is off or denied.

How to set SGID on a file

# chmod 2555 [path_to_file]

SGID on a directory

– When SGID permission is set on a directory, files created in the directory belong to the group of which the directory is a member.
– For example if a user having write permission in the directory creates a file there, that file is a member of the same group as the directory and not the user’s group.

– This is very useful in creating shared directories.


How to set SGID on a directory

# chmod g+s [path_to_directory]

Sticky Bit

The sticky bit is essentially utilized on shared directories. 

For example,/var/tmp and/tmp in light of the fact that users can make files, read and execute file possessed by different users, however are not permitted to remove files owned by other users.

For instance if user sway makes a file named /tmp/kevin, other user himanshu can not erase this record in any event,even when /tmp permission of  of 777. if sticky bit is not set then user himanshu can erase /tmp/kevin, as the /tmp/kevin file inherits the parent directory permissions.

Note: root user and owner of file can evacuate their own files.

Example of sticky bit :
# ls -ld /var/tmp
drwxrwxrwt  2   sys   sys   512   Jan 26 11:02  /var/tmp
- T refers to when the execute permissions are off.
- t refers to when the execute permissions are on.

How to set sticky bit permission?

# chmod +t [path_to_directory]
or 
# chmod 1777 [path_to_directory]

No comments :

Post a Comment

How to use FTPS or SSL with FTP on Linux

No comments

How to use FTPS or SSL with FTP on Linux



Ftp uses port 21 for connection, if we want to use secure connection/transfers over ftp we can use below configuration.

In this post I am using 
1) VSFTPD(Very Secure FTP Daemon)
2) OpenSSL for certificate


  • To install both packages, run below
yum install vsftpd
yum install openssl


  •  Create Certificate and keys using OpenSSL


openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Generating a 1024 bit RSA private key
....++++++
.....................++++++
writing new private key to '/etc/vsftpd/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Uttar Pradesh
Locality Name (eg, city) [Default City]:Noida
Organization Name (eg, company) [Default Company Ltd]:Fun Oracle Apps Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:FOA Server
Email Address []:support@funoracleapps.com


My Key and Cert files are same /etc/vsftpd/vsftpd.pem . You can give different names as well.


  • Configure VSFTPD
 Edit /etc/vsftpd/vsftpd.conf

Add below lines in the file

###FTP SSL parameters####
# Turn ON SSL
ssl_enable=YES
allow_anon_ssl=NO
# Use encryption for data
force_local_data_ssl=YES
# Use encryption for authentication
force_local_logins_ssl=YES

## Mention the Certificate and key file location####

rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem

###Enable TLS###

ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

*****************************************************************************************************
Other basic configurations if not already present/reuired

To allow all the local users added to the system to use FTP service, edit following line:

local_enable=YES
To prevent anonymous logins, edit the following line:

anonymous_enable=NO
To accept FTP write commands, edit the following line:

write_enable=YES

With this setting, only a local user can access the FTP server and can issue write commands. But, if you want to preserve the individuality between the users and their contents you can setup a ‘chroot jail’ for the users, so that users are bound to work in their home directories and are not permitted to access any files outside them.

chroot_local_user=YES

To enable logging of the transfers carried out, edit the following lines:

xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog
********************************************************************************************************

  • Restart vsftpd

     service vsftpd restart
  • Configure Automatic start of vsftpd
        chkconfig vsftpd on
   



No comments :

Post a Comment

Most Popular Linux Types

No comments

Most Popular Linux Types 



  • Linux Mint
  • Ubuntu
  • Debian
  • Red Hat
  • CentOS
  • Fedora
  • openSUSE

No comments :

Post a Comment

How to Start and Stop vsftpd in Linux

No comments

How to Start and Stop vsftpd in Linux

vsftpd RPM installs the /etc/rc.d/init.d/vsftpd script, which can be accessed via  /sbin/service command.

To start the server, as root :

/sbin/service vsftpd start

To stop the server, as root :

/sbin/service vsftpd stop

To restart the server, as root type:
/sbin/service vsftpd restart

The condrestart (conditional restart) option only starts vsftpd if it is currently running. 
It does not start the daemon if it is not running.

To conditionally restart the server, as root :

/sbin/service vsftpd condrestart

No comments :

Post a Comment

Error: The certificate /usr/share/rhn/ULN-CA-CERT is expired in Linux

No comments

Error: The certificate /usr/share/rhn/ULN-CA-CERT is expired in Linux

While running yum utility if we are getting error with certificate expired for the repository. Then we can download the new correct certificate.

Error Message:
The certificate /usr/share/rhn/ULN-CA-CERT is expired. Please ensure you have the correct certificate and your system time is correct.

To update the client SSL certificate on your Oracle Linux machine, run the following steps.

        # cp /usr/share/rhn/ULN-CA-CERT /usr/share/rhn/ULN-CA-CERT.old
        # wget https://linux-update.oracle.com/rpms/ULN-CA-CERT.sha2
        # cp ULN-CA-CERT.sha2 /usr/share/rhn/ULN-CA-CERT

No comments :

Post a Comment

Setup a password less SSH Connectivity Quickly on Linux

No comments

Setup a password less SSH Connectivity Quickly on Linux



We can use ssh to connect between servers, but many times it is required to setup a password less connectivity between the servers.

We can follow below steps to quickly setup password less ssh.

1) Generate ssh keys on Source system using below command.


ssh-keygen

2) Copy the ssh keys to the remote system where we need password less connectivity.

ssh-copy-id userid@remote-host

It will prompt for password first time.

3) Once above step is completed, Please try ssh and it will connect without password.

ssh himanshu@lfcs.lab



No comments :

Post a Comment

Enforcing strong passwords in Linux using PAM (Pluggable Authentication Modules)

No comments

Enforcing strong passwords in Linux using PAM (Pluggable Authentication Modules)


In this post I am going to share how can we force users to set strong passwords in Linux using pam_cracklib module in PAM.
It will help to provide security for all users on the system. 
Note: If root is changing password for any user then this policy will not effect for root user. Root will bypass the policy.
Example:

  • Prompt 2 times for password change else will error in case of an error
  • 8 characters minimum length (minlen option)
  • at least 6 characters should be different from old password when entering a new one (difok option)
  • at least 1 digit (dcredit option)
  • at least 1 uppercase (ucredit option)
  • at least 1 other character (ocredit option)
  • at least 1 lowercase (lcredit option)

Edit the /etc/pam.d/passwd file and enter
 as:
#%PAM-1.0
password required pam_cracklib.so retry=2 minlen=8 difok=6 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1
password required pam_unix.so use_authtok sha512 shadow

Sample Output:
File Content for /etc/pam.d/passwd


User tries to change password for simple format.


No comments :

Post a Comment

Enabling Custom SSH Banner in Linux

No comments

Enabling Custom SSH Banner in Linux 


We can enable custom banner which user can see when they login via SSH.


Steps:


1) Banner is by default disabled in sshd.

2) Login as the root user and create a custom login banner file:

# vi /etc/ssh/sshd-banner

Enter a Custom Text like below

Welcome to Himanshu's Server Remote Login!

3) Open sshd configuration file /etc/sshd/sshd_config using a text editor:

# vi /etc/sshd/sshd_config

4) Add/edit the following line:
Uncomment Banner line and put your custom banner file path.
# no default banner path
Banner /etc/ssh/sshd-banner


5) Save file and restart the sshd server:

# /etc/init.d/sshd restart
or
#service sshd restart
6) Test your new banner by trying to login using ssh

$ ssh bob@lfcs.lab


No comments :

Post a Comment

Re-Create EBS 12.2.x Weblogic Domain

No comments

Re-Create EBS 12.2.x Weblogic Domain


In EBS R12.2 version Weblogic is configured and in case any files gets corrupted/deleted in Domain it will majorly impact the EBS application.


We can perform below steps to recreate the Weblogic Domain

1) Make sure database and listener are running.
2) Stop all application services or kill them if required.
3) Source the RUN environment
4) Run 
$FND_TOP/bin/txkrun.pl -script=ChkEBSDependecies -server=ALL_SERVERS
5) cd $FND_TOP/patch/115/bin
   perl txkEBSDomainConfig.pl

Below prompts are shown by the script:
  Enter the full path of Applications Context File [DEFAULT - ]: Complete path of the RUN context file
  Enter the server start mode for the domain [DEFAULT - prod]: prod
  Enter the APPS schema password :
  Enter weblogic admin server password :

Sample Output:
SUCCESS: VALID FMW HOME /u01/oracle/PROD/fs1/FMW_Home
SUCCESS: VALID OHS HOME /u01/oracle/PROD/fs1/FMW_Home/webtier
SUCCESS: VALID Node Manager Port 5556
SUCCESS: VALID Node Manager Type plain
SUCCESS: VALID Admin Server Port 7001
SUCCESS: VALID OACORE Managed Server Port 7201
SUCCESS: VALID FORMS Managed Server Port 7401
SUCCESS: VALID OAFM Managed Server Port 7601
SUCCESS: VALID FORMS-C4WS Managed Server Port 7801
SUCCESS: VALID JRF TEMPLATE /u01/oracle/PROD/fs1/FMW_Home/oracle_common/common/templates/applications/jrf_template_11.1.1.jar
SUCCESS: VALID EM TEMPLATE /u01/oracle/PROD/fs1/FMW_Home/oracle_common/common/templates/applications/oracle.em_11_1_1_0_0_template.jar
SUCCESS: VALID EM EBS PLUGIN TEMPLATE /u01/oracle/PROD/fs1/FMW_Home/Oracle_EBS-app1/common/templates/applications/oracle.emai_ebs_template_11.1.1.jar
SUCCESS: VALID UIX LIBRARY /u01/oracle/PROD/fs1/FMW_Home/oracle_common/modules/oracle.uix_11.1.1/uix11.war
SUCCESS: VALID PORTLET TEMPLATE /u01/oracle/PROD/fs1/FMW_Home/oracle_common/common/templates/applications/oracle.portlet_component_template_11.1.1.jar
SUCCESS: VALID OWSM TEMPLATE /u01/oracle/PROD/fs1/FMW_Home/oracle_common/common/templates/applications/oracle.wsmpm_template_11.1.1.jar

6) Now Start all Application tier services using $ADMIN_SCRIPTS_HOME/adstrtal.sh
7) Run fs_clone to make changes in Patch file system as well.

No comments :

Post a Comment

Multi-Factor Authentication in Linux using Google Authenticator

No comments

Multi-Factor Authentication in Linux using Google Authenticator



I would setting up a multifactor authentication in my Centos 7 for a user Kevin for ssh connectivity.

1) Add the EPEL (Extra Packages for Enterprise Linux) repo.

sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

2) Install the google-autheticator

sudo yum install google-authenticator


3) Run the google autheticator app for the user for which we want to setup the MFA. Note secret key and Verification code will be shown which would be needed for setting up google Autheticator on Android/Iphone

google-authenticator

It will prompt you certain questions as below , Provide the mentioned values


[kevin@lcfs ~]$ google-authenticator

Do you want authentication tokens to be time-based (y/n) y
Warning: pasting the following URL into your browser exposes the OTP secret to Google:


Do you want me to update your "/home/kevin/.google_authenticator" file? (y/n) y

Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y

By default, a new token is generated every 30 seconds by the mobile app.
In order to compensate for possible time-skew between the client and the server,
we allow an extra token before and after the current time. This allows for a
time skew of up to 30 seconds between authentication server and client. If you
experience problems with poor time synchronization, you can increase the window
from its default size of 3 permitted codes (one previous code, the current
code, the next code) to 17 permitted codes (the 8 previous codes, the current
code, and the 8 next codes). This will permit for a time skew of up to 4 minutes
between client and server.
Do you want to do so? (y/n) n

If the computer that you are logging into isn't hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting? (y/n) y



4) Edit the PAM authetication moddule to use google authetication

sudo vi /etc/pam.d/sshd
Add the following line to the bottom of the file.

/etc/pam.d/sshd
. . .
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare
auth required pam_google_authenticator.so nullok

5) Edit the ssh configuration file to accept Authetication using MFA.

sudo vi /etc/ssh/sshd_config
Look for ChallengeResponseAuthentication lines. Comment out the no line and uncomment the no line.

/etc/ssh/sshd_config
. . .
# Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
#ChallengeResponseAuthentication no

6) Restart sshd service
service sshd restart

7) Install the Google Autheticator App and configured using secrete key received from step 3.



8) Trying logging using user Kevin and verify.

himanshu@himanshu-ThinkPad-T430 ~ $ ssh kevin@lfcs.lab
Password: 
Verification code: 
Last login: Sat Apr 11 12:37:19 2020 from 192.168.56.1
[kevin@lcfs ~]$ exit

No comments :

Post a Comment

[opmn] [ERROR:1] [] [internal] /u01/APPS/GPROD/fs1/FMW_Home/webtier/opmn/bin/opmn: unexpected exit: status 200

No comments

[opmn] [ERROR:1] [] [internal] /u01/APPS/GPROD/fs1/FMW_Home/webtier/opmn/bin/opmn: unexpected exit: status 200


OPMN fails to start running adstartall.sh in a 12.2 environment and returns a message to check file adopmnctl.txt.


Error:

[opmn] [ERROR:1] [] [internal] /u01/APPS/GPROD/fs1/FMW_Home/webtier/opmn/bin/opmn: unexpected exit: status 200

Cause:

It might be due to corruption of directory

Solution:


1. Stop all services.
2. Rename the directory: OPMN/opmn/states  (eg. /u01/APPS/GPROD/fs1/FMW_Home/webtier/instances/EBS*/config/OPMN/opmn/states in the example above.)

3. Restart the services and confirm the error no longer occurs.

No comments :

Post a Comment

How to Allow|Deny SSH Access To A Particular User|Group In Linux

No comments

How to Allow|Deny SSH Access To A Particular User|Group In Linux


To Make any changes in ssh we have to edit configuration file in Linux.

File name:
/etc/ssh/sshd_config


After making the any Changes to the above file we have to restart sshd services with below command

service sshd restart



Configuration Changes Examples for User|Groups

1) Allow ssh access from only one user

Edit the ssdd_config file and add|edit below

AllowUsers himanshu

2) Allow ssh access from multiple users 

Edit the ssdd_config file and add|edit below

AllowUsers himanshu bob kevin

3) Allow ssh access from a particular group

AllowGroups dba

4) Deny ssh access from only one user

Edit the ssdd_config file and add|edit below

DenyUsers himanshu

5) Deny ssh access from multiple users

Edit the ssdd_config file and add|edit below

DenyUsers himanshu bob

6) Deny ssh access from group

Edit the ssdd_config file and add|edit below

DenyGroups dba

No comments :

Post a Comment

Linux Shell Script to Create Multiple User, Set Password and Expire Password

No comments

Linux Shell Script to create Multiple Users and Expire Password


Example Script to create multiple users in linux at same time.Remember this has to be executed via administrative user or root.


for u in kevin nancy scott ; do
useradd $u
echo "$u:Password1" | chpasswd
passwd -e $u
done

We can also create a file and pass any number of users.

Sample file

$ cat newusers

himanshu
kevin
bob
marley
nancy


for u in `cat newusers` ; do
useradd $u
echo "$u:Password1" | chpasswd
passwd -e $u
done

No comments :

Post a Comment

Providing Root Privileges to User/Group in Linux

No comments

Providing Root Privileges User/Group in Linux



If we need to provide any user the privileges as root user to perform any administrative task, we can do via giving sudo access.

The important commands and file related to provide these privileges are as below:

1) File which Controls this privilege

/etc/sudoers

2) If we want to edit /etc/sudoers file then use following command

 visudo

3) We need to change permission in below line in /etc/sudoers file.


4) Syntax for adding sudo permission

username host_list = (users) command

username : This corresponds to the user to which sudo access need to be provided
host_list: This defines the hosts on which the user is allowed sudo access
users: This defines the users as which ‘username’ can execute the commands
command : This defines the commands that the user is allowed to execute as root/another user.

5)  Allow a specific user to run any commands as any user in any hosts

 himanshu ALL=(ALL) ALL

6) Allow users in a specific group to run any command(like dba is the group in my system)

%dba ALL=(ALL) ALL

7) Allow user to run commands without authenticating

himanshu ALL=(ALL) NOPASSWD: ALL

8) Run the previously executed command in sudo

sudo !!


No comments :

Post a Comment

Installing CentOS 7 on Virtual Box

No comments

Installing CentOS 7 on Virtual Box


In this post I would share the steps for how to setup a Linux environment on a Home system/laptop/desktop.

Download requirements:

1)  VirtualBox--It is a virtualisation software. You can download latest version as per your operating system.


2) CentOS 7 Operating system -Download the ISO image


Installing Virtual Box


Installing Virtual Box on Windows is direct and easy.

Start the Installer and Proceed as per below steps.

















Once the installation is complete. Please Start Virtual box and verify!




Installing CentOS 7 on Virtual Box

1) Open Virtual Box and Click on New



2) Provide the details as per below screens

3) Select the appropriate RAM. I have selected 3 GB Ram for my Virtual Machine. 



4) Select to create a harddisk



5) Select Type of hard disk as VDI.



6) Select Storage as dynamically allocated.



7) Provide location to created hard disk and size(I have taken 12 GB size for my VM)



8) Till above steps a new machine would be shown on Virtual Box Manager. Select the machine and click settings




9) Select General> Advanced and make clipboard and Drag n Drop as bidirectional.



10) Select System> Processor. Change the number of process depending on your system. Note: Don't take it beyond green marked threshold.



11) Select Display>Screen and change Video Memory as 128 MB as I am installing GUI.



12) Select Storage > Controller IDE and mount the ISO image of CentOS 7 which was downloaded.







13) Select Network and enable Adapter 1 and Adapter 2.

Adapter 1--> Bridged Adapter (will use for internet)
Adapter 2 --> Host Only Adapter (Will Map Hostname)





14) Once completed close the setting and click on start VM.





15) Select Desired Language




16) The installer will automatically try to detect for date, keyboard and languages. Click on Software Selection and select KDE plasma.





17) Select on Installation Destination and then click Done. As we just verifying the selection the installer made. We are not giving custom file system layout.



18) Click on Network and Hostname and switch on both network.  For second ethernet provide desired hostname as in form (hostname.domain). I have given in my case as lfcs.lab









19) Click Next and select change root password. Provide the root password and installer will proceed.





20) Once the installer completes, Please click on reboot.




21) After Reboot Select the License Information and accept. Then click on finish configuration.




22) Once it finishes System will reboot and ask you to login first time. We will login with root user.



23) Installation is finished. Now we will install Kernel headers and then install Guest Additions

Open Terminal from root and run Below
yum install kernel-devel
yum install kernel-headers
yum install gcc

Once completed install Guest Additions









Once completed Restart the system and Enjoy..


No comments :

Post a Comment