This is Kevin Sheehan's Typepad Profile.
Join Typepad and start following Kevin Sheehan's activity
Kevin Sheehan
Leesburg, VA
CISSP, ITIL certified senior level technology director with over 30 years experience in large-scale enterprise application deployments in the government and telecommunications sectors with specialties in the entire Oracle technology stack including designing, hosting, monitoring, tuning and securing such implementations.
Recent Activity
How to prepare AWS EBS Volumes as Candidate ASM Volumes
I've seen a number of posts saying a disadvantage of running Oracle databases on AWS is that AWS does not support ASM. Not true and it's actually quite simple to set this up. It turns out that Amazon Web Services... Continue reading
Posted Dec 21, 2014 at SecureDBA
Comment
0
How to Implement Auto Discovery in Oracle Enterprise Manager 12c
Intended Audience: Oracle Enterprise Manager (OEM) Cloud Control Administrators Purpose: This document provides a guideline for how to implement Auto Discovery in OEM 12c. It is not a detailed build document or cookbook. Its purpose is to provide experienced OEM... Continue reading
Posted Feb 16, 2014 at SecureDBA
Comment
0
How to Implement Compliance Monitoring in Oracle Enterprise Manager 12c
This document provides a guideline for how to implement compliance monitoring in OEM 12c. It is not a detailed build document or cookbook. Its purpose is to provide experienced OEM administrators a quick start and avoid pitfalls. Continue reading
Posted Sep 14, 2012 at SecureDBA
Comment
0
Tri - SELinux in enforcing mode is the default. Take a look at post #7.
Securing Oracle Enterprise Linux - Part 5 - Enable System Accounting
This is the fifth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified against Oracle Enterprise Linux (OEL) 5.5. You can download OEL here. In Pa...
If users want files to be saved permanently, they should not be saving them in /var/tmp. We do recreate /var/tmp as a soft link under /tmp. This prevents users from creating hard links under /var.
Securing Oracle Enterprise Linux - Part 3 - Preparation
This is the third in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified against Oracle Enterprise Linux (OEL) 5.5. You can download OEL here. In Pa...
Thanks!
Securing Oracle Enterprise Linux - Part 3 - Preparation
This is the third in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified against Oracle Enterprise Linux (OEL) 5.5. You can download OEL here. In Pa...
Thanks Dimitar!
Collaborate10 IOUG Project Lockdown OHS Web Server
Kevin and I will be presenting this session at the IOUG conference. If you are attending the conference I hope you will sit in. Here are the details: ID: 712 TITLE: Project Lockdown – OHS Web Server Edition DATE: Tuesday, April 20, 2010 TIME: 4:30:00 PM until 5:30:00 PM ROOM: MANDALAY K Colla...
Thanks - If only I could find the time to post more - the job that pays the bills has been getting in the way of late.
Securing Oracle Enterprise Linux - Part 9 - Network Parameter Hardening
This is the ninth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified against Oracle Enterprise Linux (OEL) 5.5. You can download OEL here. In Pa...
Mudgen, CIS used to post two scripts: do-backup.sh and do.restore.sh. The intention of the first was to backup any configuration files that might change in the hardening process and the other was obviously to restore them should things not go as expected.
The stepwise scripts were never supplied by CIS but simply listed in their Adobe document. I simply cut and pasted them into scripts (resolving the end-line character issues that method creates). So yes, these scripts are right from CIS.
The stepwise scripts make the hardening changes and then perform a diff between the updated file and the backup created by do-backup.sh so you can more easily see what the script did.
One of the first things I noticed as I started the process was that the do-backup.sh script had errors: missing spaces between file names and missing files. I think this is why they no longer post it on the CIS website. The do-back.sh that I post in Step 3 of this series has those errors corrected. So yes, this is the CIS script but corrected so it works as CIS intended.
Finally, I am working through this stepwise as well in what little spare time I have and I have not completed the process. Therefore, there may be errors in do-backup.sh that I have yet to uncover as I am only about half way through as of this writing. My last post was on Chapter 5 from the CIS document (System Network Parameter Tuning). My next post will be starting at Chapter 6 (Logging).
Securing Oracle Enterprise Linux - Part 1 - Partitioning Strategy
This is the first in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified against Oracle Enterprise Linux (OEL) 5.5. You can download OEL here. How ...
Thanks Tom - let's call it even as we'll be sure to use this going forward.
Collaborate10 IOUG Project Lockdown OHS Web Server
Kevin and I will be presenting this session at the IOUG conference. If you are attending the conference I hope you will sit in. Here are the details: ID: 712 TITLE: Project Lockdown – OHS Web Server Edition DATE: Tuesday, April 20, 2010 TIME: 4:30:00 PM until 5:30:00 PM ROOM: MANDALAY K Colla...
Tom,
We have not found a way around the loss of .apachectl -configtest and in fact are no longer even using Oracle on the middle tier for our latest gig. On the downside, we're using WebSphere, on the upside, we jettisoned the IBM HTTP Server (IHS) in favor of compiling our own Apache 2.2 and we then use the F5 Local Traffic Manager for load balancing both the web and app tiers. This let us also eliminate the rather cheesy WebSphere plug-in that IBM uses to load balance the app tier. However, there may be Oracle Exalogic in our future so we'll find ourselves back in the same boat as you. Removing the macros might not be so bad as long as the Oracle patches are not freaking out about it. You might have to keep the macro versions around just for patching which starts to become a real pain.
Collaborate10 IOUG Project Lockdown OHS Web Server
Kevin and I will be presenting this session at the IOUG conference. If you are attending the conference I hope you will sit in. Here are the details: ID: 712 TITLE: Project Lockdown – OHS Web Server Edition DATE: Tuesday, April 20, 2010 TIME: 4:30:00 PM until 5:30:00 PM ROOM: MANDALAY K Colla...
I can walk you through that but I have a few clarifying questions? Is this Oracle 10.2.0.4 or 10.2.0.5? Is the platform x86, x86-64 or SPARC 64-bit? Since you are asking about a minimal install, I assume you do not want any of the advanced features like RAC, Data Guard, etc., correct?
When Less is More - Creating a Minimal Install of Oracle Enterprise Linux
A default install of Oracle Enterprise Linux (OEL) comes with a lot of packages you would not want on a secure production server. So how do you create a minimal install of OEL? Turns out it's pretty easy. For this example lets assume OEL 5.5 as the OS and that the server will be used to host an...
Securing Oracle Enterprise Linux - Part 9 - Network Parameter Hardening
This is the ninth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Oct 31, 2010 at SecureDBA
Comment
4
Securing Oracle Enterprise Linux - Part 7 - Configure Firewall
This is the seventh in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Oct 3, 2010 at SecureDBA
Comment
1
Securing Oracle Enterprise Linux - Part 8 - Minimize Boot Services
This is the eighth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 18, 2010 at SecureDBA
Comment
0
Securing Oracle Enterprise Linux - Part 6 - Minimize Network Services
This is the sixth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 17, 2010 at SecureDBA
Comment
0
Securing Oracle Enterprise Linux - Part 5 - Enable System Accounting
This is the fifth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 17, 2010 at SecureDBA
Comment
2
Securing Oracle Enterprise Linux - Part 4 - Hardening ssh
This is the fourth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 17, 2010 at SecureDBA
Comment
0
Securing Oracle Enterprise Linux - Part 3 - Preparation
This is the third in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Jul 11, 2010 at SecureDBA
Comment
5
Securing Oracle Enterprise Linux - Part 2 - Minimal Install
A default install of Oracle Enterprise Linux (OEL) comes with a lot of packages you would not want on a secure production server. So how do you create a minimal install of OEL? Turns out it's pretty easy Continue reading
Posted Jul 5, 2010 at SecureDBA
Comment
0
Securing Oracle Enterprise Linux - Part 1 - Partitioning Strategy
This is the first in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Jul 5, 2010 at SecureDBA
Comment
2
When Less is More - Creating a Minimal Install of Oracle Enterprise Linux
A default install of Oracle Enterprise Linux (OEL) comes with a lot of packages you would not want on a secure production server. So how do you create a minimal install of OEL? Turns out it's pretty easy. For this... Continue reading
Posted Jun 13, 2010 at SecureDBA
Comment
2
Kevin Sheehan is now following The Typepad Team
Mar 15, 2010
This is a great idea Brian. Then we can just pass the http-server start-parameters within opmn.conf such as the following:
data id="command-line" value="-DRUNPROXY -DTESTENV -DINTRANET"/
Is your web server an all inclusive resort?
The Apache web server is a versatile product with lots of options to configure and support a wide variety of web applications. It can act as a proxy server, directly run applications such as Perl and PHP, front-end a Java application server, or just serve up content. This reminds me of the all ...
Oracle Announces Cumulative CPU Patches for E-Business Suite 11i
With the release of the Critcal Patch Update for January 1020 Oracle has made E-Business Suite 11i patches cumulative. While Release 12 customers have had this capability, this is a welcome relief for 11i customers, making it much easier for... Continue reading
Posted Jan 17, 2010 at SecureDBA
Comment
0
Subscribe to Kevin Sheehan’s Recent Activity