This is Kevin Sheehan's Typepad Profile.
Join Typepad and start following Kevin Sheehan's activity
Join Now!
Already a member? Sign In
Kevin Sheehan
Leesburg, VA
CISSP, ITIL certified senior level technology director with over 30 years experience in large-scale enterprise application deployments in the government and telecommunications sectors with specialties in the entire Oracle technology stack including designing, hosting, monitoring, tuning and securing such implementations.
Recent Activity
I've seen a number of posts saying a disadvantage of running Oracle databases on AWS is that AWS does not support ASM. Not true and it's actually quite simple to set this up. It turns out that Amazon Web Services... Continue reading
Posted Dec 21, 2014 at SecureDBA
Intended Audience: Oracle Enterprise Manager (OEM) Cloud Control Administrators Purpose: This document provides a guideline for how to implement Auto Discovery in OEM 12c. It is not a detailed build document or cookbook. Its purpose is to provide experienced OEM... Continue reading
Posted Feb 16, 2014 at SecureDBA
This document provides a guideline for how to implement compliance monitoring in OEM 12c. It is not a detailed build document or cookbook. Its purpose is to provide experienced OEM administrators a quick start and avoid pitfalls. Continue reading
Posted Sep 14, 2012 at SecureDBA
Tri - SELinux in enforcing mode is the default. Take a look at post #7.
1 reply
If users want files to be saved permanently, they should not be saving them in /var/tmp. We do recreate /var/tmp as a soft link under /tmp. This prevents users from creating hard links under /var.
1 reply
Thanks!
1 reply
Thanks Dimitar!
1 reply
Thanks - If only I could find the time to post more - the job that pays the bills has been getting in the way of late.
1 reply
Mudgen, CIS used to post two scripts: do-backup.sh and do.restore.sh. The intention of the first was to backup any configuration files that might change in the hardening process and the other was obviously to restore them should things not go as expected. The stepwise scripts were never supplied by CIS but simply listed in their Adobe document. I simply cut and pasted them into scripts (resolving the end-line character issues that method creates). So yes, these scripts are right from CIS. The stepwise scripts make the hardening changes and then perform a diff between the updated file and the backup created by do-backup.sh so you can more easily see what the script did. One of the first things I noticed as I started the process was that the do-backup.sh script had errors: missing spaces between file names and missing files. I think this is why they no longer post it on the CIS website. The do-back.sh that I post in Step 3 of this series has those errors corrected. So yes, this is the CIS script but corrected so it works as CIS intended. Finally, I am working through this stepwise as well in what little spare time I have and I have not completed the process. Therefore, there may be errors in do-backup.sh that I have yet to uncover as I am only about half way through as of this writing. My last post was on Chapter 5 from the CIS document (System Network Parameter Tuning). My next post will be starting at Chapter 6 (Logging).
1 reply
Thanks Tom - let's call it even as we'll be sure to use this going forward.
1 reply
Tom, We have not found a way around the loss of .apachectl -configtest and in fact are no longer even using Oracle on the middle tier for our latest gig. On the downside, we're using WebSphere, on the upside, we jettisoned the IBM HTTP Server (IHS) in favor of compiling our own Apache 2.2 and we then use the F5 Local Traffic Manager for load balancing both the web and app tiers. This let us also eliminate the rather cheesy WebSphere plug-in that IBM uses to load balance the app tier. However, there may be Oracle Exalogic in our future so we'll find ourselves back in the same boat as you. Removing the macros might not be so bad as long as the Oracle patches are not freaking out about it. You might have to keep the macro versions around just for patching which starts to become a real pain.
1 reply
I can walk you through that but I have a few clarifying questions? Is this Oracle 10.2.0.4 or 10.2.0.5? Is the platform x86, x86-64 or SPARC 64-bit? Since you are asking about a minimal install, I assume you do not want any of the advanced features like RAC, Data Guard, etc., correct?
1 reply
This is the ninth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Oct 31, 2010 at SecureDBA
Image
This is the seventh in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Oct 3, 2010 at SecureDBA
This is the eighth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 18, 2010 at SecureDBA
This is the sixth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 17, 2010 at SecureDBA
This is the fifth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 17, 2010 at SecureDBA
This is the fourth in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Aug 17, 2010 at SecureDBA
This is the third in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Jul 11, 2010 at SecureDBA
A default install of Oracle Enterprise Linux (OEL) comes with a lot of packages you would not want on a secure production server. So how do you create a minimal install of OEL? Turns out it's pretty easy Continue reading
Posted Jul 5, 2010 at SecureDBA
This is the first in a series of posts that describe how to secure Oracle Enterprise Linux. These posts are based on the Center for Internet Security Secure Base Line for Red Hat Enterprise Linux 5 but have been verified... Continue reading
Posted Jul 5, 2010 at SecureDBA
A default install of Oracle Enterprise Linux (OEL) comes with a lot of packages you would not want on a secure production server. So how do you create a minimal install of OEL? Turns out it's pretty easy. For this... Continue reading
Posted Jun 13, 2010 at SecureDBA
Kevin Sheehan is now following The Typepad Team
Mar 15, 2010
This is a great idea Brian. Then we can just pass the http-server start-parameters within opmn.conf such as the following: data id="command-line" value="-DRUNPROXY -DTESTENV -DINTRANET"/
1 reply
With the release of the Critcal Patch Update for January 1020 Oracle has made E-Business Suite 11i patches cumulative. While Release 12 customers have had this capability, this is a welcome relief for 11i customers, making it much easier for... Continue reading
Posted Jan 17, 2010 at SecureDBA