Oracle Weblogic 反序列化漏洞 (CVE-2018-2893 )的補丁升級操作

eric0435發表於2018-07-20

Oracle官方釋出了7月份的關鍵補丁更新 CPU(CriticalPatchUpdate ),其中包含一個高危的 Weblogic 反序列化漏洞 (CVE-2018-2893 ),該漏洞透過JRMP協議利用RMI機制的缺陷達到執行任意反序列化程式碼的目。 攻擊者可以在未授權情況下將 payload 封裝在T3協議中,透過對T3協議中的 payload 進行反序列化,從而實現對存在漏洞的 進行反序列化,從而實現對存在漏洞的WebLogic元件進行遠端攻擊,執行任意程式碼並可獲取目標系統的所有許可權。受影響的頒佈為Oracle WebLogicServer 10.3.6.0,Oracle WebLogicServer 12.1.3.0,Oracle WebLogicServer 12.2.1.2,Oracle WebLogicServer 12.2.1.3

Oracle目前已經發布了升級補丁可參考連結"Critical Patch Update (CPU) Program July 2018 Patch Availability Document (PAD) (Doc ID 2394520.1)"

我們的生產環境WebLogic主要是兩個版本10.3.6.0與12.1.3.0。下面是具體操作
對於10.3.6.0版本需要執行bsh.sh指令碼來進行補丁安裝
1.首先下載補丁包27919965_1036_Generic.zip

2.將補丁包27919965_1036_Generic.zip上傳到{MW_HOME}/utils/bsu/cache_dir 其中MW_HOME是Weblogic的BASE目錄,類似於Oracle BASE目錄

3.將補丁包27919965_1036_Generic.zip解壓

[root@app1 cache_dir]# unzip p27919965_1036_Generic.zip
Archive:  p27919965_1036_Generic.zip
 extracting: B47X.jar                
  inflating: patch-catalog_26112.xml  
  inflating: README.txt

4.執行安裝命令(bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}) 其中WL_HOME是WebLogic home目錄

root@app1 bsu]# ./bsu.sh -install -patch_download_dir=/wls11g/utils/bsu/cache_dir -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3
Checking for conflicts...............
No conflict(s) detected
Installing Patch ID: B47X..
Result: Success

5.檢查補丁包是否安裝成功

[root@app1 bsu]# ./bsu.sh -prod_dir=/wls11g/wlserver_10.3 -status=applied -verbose -view 
ProductName:       WebLogic Server
ProductVersion:    10.3 MP6
Components:        WebLogic Server/Core Application Server,WebLogic Server/Admi
                   nistration Console,WebLogic Server/Configuration Wizard and 
                   Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
                   r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
                    Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
                   erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
                   erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
                   ic Server/Evaluation Database,WebLogic Server/Workshop Code 
                   Completion Support
BEAHome:           /wls11g
ProductHome:       /wls11g/wlserver_10.3
PatchSystemDir:    /wls11g/utils/bsu
PatchDir:          /wls11g/patch_wls1036
Profile:           Default
DownloadDir:       /wls11g/utils/bsu/cache_dir
JavaVersion:       1.6.0_29
JavaVendor:        Sun
Patch ID:          B47X
PatchContainer:    B47X.jar
Checksum:          -345780037
Severity:          optional
Category:          General
CR/BUG:            27919965
Restart:           true
Description:       WLS PATCH SET UPDATE 10.3.6.0.180717
WLS PATCH SET UPDATE 10
                   .3.6.0.180717

6.重啟WebLogic

[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.
Starting weblogic: 
[root@app1 bsu]# .
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=1024m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java-
1.6.0-openjdk-
1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl
s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-
contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar:.:/weblogic11_64/jdk1.6.0_20/lib/dt.jar:/weblogic11_64/jdk1.6.0_20/lib/tools.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/bin:/weblogic11_64/jdk1.6.0_20/bin:/usr/lib64/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server   -Xms4096m -Xmx4096m  -XX:MaxPermSize=1024m -Dweblogic.Name=AdminServer -
Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true   -da -Dplatform.home=/wls11g/wlserver_10.3 -
Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -
Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath -
Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -verbose:gc -XX:
+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false  
weblogic.Server
<Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -
Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 
<Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -
Dweblogic.security.allowCryptoJDefaultPRNG=true>

執行重啟命令後,weblogic進行自動終止,並且沒有生成任何日誌與錯誤資訊,如是我選擇刪除該補丁

7.刪除補丁

root@app1 bsu]# ./bsu.sh -remove -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3
Checking for conflicts..............
No conflict(s) detected
Removing Patch ID: B47X..
Result: Success

8.重啟WebLogic恢復正常

[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.
Starting weblogic: 
[root@app1 bsu]# .
.
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java-
1.6.0-openjdk-
1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl
s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-
contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server   -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -
Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true   -da -Dplatform.home=/wls11g/wlserver_10.3 -
Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -
Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath -
Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -verbose:gc -XX:
+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false  
weblogic.Server
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -
Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -
Dweblogic.security.allowCryptoJDefaultPRNG=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> 
<Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 > 
<Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> 
<Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> 
<Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All 
server side log events will be written to this file.> 
<Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> 
<Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at 
'/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>

9.由於安裝補丁後不能正常啟動weblogic所以選擇禁用T3協議
登入控制檯後在 bash_domain的配置頁面中選擇“安全”選項卡頁面,再點選"篩選器"並在連線篩選器規則中設定以下規則

127.0.0.1 * * allow t3 t3s
0.0.0.0/0 * * deny t3 t3s


10.然後重新啟動weblogic

[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.
Starting weblogic: 
[root@app1 bsu]# .
.
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java-
1.6.0-openjdk-
1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl
s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-
contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-
1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server   -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -
Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true   -da -Dplatform.home=/wls11g/wlserver_10.3 -
Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -
Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath -
Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -verbose:gc -XX:
+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false  
weblogic.Server
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -
Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -
Dweblogic.security.allowCryptoJDefaultPRNG=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> 
<Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 > 
<Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> 
<Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> 
<Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All 
server side log events will be written to this file.> 
<Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> 
<Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at 
'/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>

對於12.1.3.0版本使用OPatch來進行補丁安裝
1.將最新的OPatch工具上傳到WebLogic所在伺服器並解壓

[root@ldjc wls12c]# unzip p6880880_132000_Generic.zip
Archive:  p6880880_132000_Generic.zip
replace OPatch/ocm/lib/emocmutl.jar? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: OPatch/ocm/lib/emocmutl.jar  
replace OPatch/ocm/doc/dummy.txt? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
 extracting: OPatch/ocm/doc/dummy.txt  
 extracting: OPatch/ocm/bin/dummy    
  inflating: OPatch/ocm/ocm_platforms.txt  
 extracting: OPatch/ocm/generic.zip  
  inflating: OPatch/oplan/README.html  
  inflating: OPatch/oplan/oplan      
  inflating: OPatch/oplan/README.txt  
  inflating: OPatch/oplan/jlib/EMrepoDrivers.jar  
  inflating: OPatch/oplan/jlib/automation.jar  
  inflating: OPatch/oplan/jlib/Validation.jar  
  inflating: OPatch/oplan/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/oplan/jlib/CRSProductDriver.jar  
  inflating: OPatch/oplan/jlib/OsysModel.jar  
  inflating: OPatch/oplan/jlib/oplan.jar  
  inflating: OPatch/oplan/jlib/jaxb/activation.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/oplan/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/oplan/jlib/ValidationRules.jar  
  inflating: OPatch/oplan/jlib/patchsdk.jar  
  inflating: OPatch/oplan/jlib/osysmodel-utils.jar  
  inflating: OPatch/oplan/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/operr.bat        
  inflating: OPatch/opatchprereqs/oui/knowledgesrc.xml  
   creating: OPatch/opatchprereqs/opatch/
  inflating: OPatch/opatchprereqs/opatch/opatch_prereq.xml  
  inflating: OPatch/opatchprereqs/opatch/rulemap.xml  
  inflating: OPatch/opatchprereqs/opatch/runtime_prereq.xml  
  inflating: OPatch/opatchprereqs/opatch_prereq.sh  
  inflating: OPatch/opatchprereqs/prerequisite.properties  
  inflating: OPatch/opatch           
  inflating: OPatch/emdpatch.pl      
  inflating: OPatch/version.txt      
  inflating: OPatch/opatch.ini       
  inflating: OPatch/operr            
  inflating: OPatch/README.txt       
  inflating: OPatch/opatch.pl        
  inflating: OPatch/scripts/opatch_wls.bat  
  inflating: OPatch/scripts/opatch_jvm_discovery.bat  
  inflating: OPatch/scripts/opatch_wls  
  inflating: OPatch/scripts/opatch_jvm_discovery  
  inflating: OPatch/docs/operr_readme.txt  
  inflating: OPatch/docs/README.txt  
  inflating: OPatch/jlib/oracle.opatch.classpath.windows.jar  
  inflating: OPatch/jlib/opatchsdk.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.unix.jar  
  inflating: OPatch/jlib/opatch.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.jar  
  inflating: OPatch/opatch.bat       
[root@ldjc wls12c]# chown -R xxxx:xxxx /wls12c/OPatch

2.將補丁包上傳unzip p27919943_121300_Generic.zip到WebLogic所在伺服器並解壓

[root@ldjc soft]# unzip p27919943_121300_Generic.zip
Archive:  p27919943_121300_Generic.zip
   creating: 27919943/
   creating: 27919943/etc/
   creating: 27919943/etc/config/
  inflating: 27919943/etc/config/actions.xml  
  inflating: 27919943/etc/config/inventory.xml  
   creating: 27919943/files/
   creating: 27919943/files/inventory/
   creating: 27919943/files/inventory/Components/
   creating: 27919943/files/inventory/Components/oracle.css.mod/
   creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/
   creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/
   creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/
  inflating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/compDef.xml  
   creating: 27919943/files/inventory/Components/oracle.fmwconfig.common.shared/
...省略...

3.安裝補丁

[weblogic@ldjc OPatch]$ ./opatch apply /soft/27919943/
Oracle Interim Patch Installer version 13.2.0.0.0
Copyright (c) 2014, Oracle Corporation.  All rights reserved.
Oracle Home       : /wls12c
Central Inventory : /home/weblogic/oraInventory
   from           : /wls12c/oraInst.loc
OPatch version    : 13.2.0.0.0
OUI version       : 13.2.0.0.0
Log file location : /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log
OPatch detects the Middleware Home as "/wls12c"
Jul 20, 2018 6:54:41 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level  0
Applying interim patch '27919943' to OH '/wls12c'
Verifying environment and performing prerequisite checks...
Interim patch 27919943 is a superset of the patch(es) [  22250567 21370953 ] in the Oracle Home
OPatch will roll back the subset patches and apply the given patch.
All checks passed.
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/wls12c')
Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Rolling back interim patch '22250567' from OH '/wls12c'
Patching component oracle.wls.libraries, 12.1.3.0.0...
Patching component oracle.wls.libraries, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
RollbackSession removing interim patch '22250567' from inventory
Rolling back interim patch '21370953' from OH '/wls12c'
Patching component oracle.wls.libraries, 12.1.3.0.0...
Patching component oracle.wls.libraries, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
Patching component oracle.wls.core.app.server, 12.1.3.0.0...
Patching component oracle.wls.core.app.server, 12.1.3.0.0...
Patching component oracle.wls.libraries.mod, 12.1.3.0.0...
Patching component oracle.wls.libraries.mod, 12.1.3.0.0...
Patching component oracle.webservices.wls, 12.1.3.0.0...
Patching component oracle.webservices.wls, 12.1.3.0.0...
Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...
Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...
Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...
Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...
Patching component oracle.wls.admin.console.en, 12.1.3.0.0...
Patching component oracle.wls.admin.console.en, 12.1.3.0.0...
RollbackSession removing interim patch '21370953' from inventory
OPatch back to application of the patch '27919943' after auto-rollback.
Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...
Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...
Patching component oracle.css.mod, 12.1.3.0.0...
Patching component oracle.css.mod, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0...
Patching component oracle.wls.common.nodemanager, 12.1.3.0.0...
Patching component oracle.wls.common.nodemanager, 12.1.3.0.0...
Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...
Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...
Patching component oracle.webservices.base, 12.1.3.0.0...
Patching component oracle.webservices.base, 12.1.3.0.0...
Patching component oracle.wls.shared.with.cam, 12.1.3.0.0...
Patching component oracle.wls.shared.with.cam, 12.1.3.0.0...
Patching component oracle.webservices.orawsdl, 12.1.3.0.0...
Patching component oracle.webservices.orawsdl, 12.1.3.0.0...
Patching component oracle.wls.libraries.mod, 12.1.3.0.0...
Patching component oracle.wls.libraries.mod, 12.1.3.0.0...
Patching component oracle.wls.admin.console.en, 12.1.3.0.0...
Patching component oracle.wls.admin.console.en, 12.1.3.0.0...
Patching component oracle.wls.core.app.server, 12.1.3.0.0...
Patching component oracle.wls.core.app.server, 12.1.3.0.0...
Patching component oracle.webservices.wls, 12.1.3.0.0...
Patching component oracle.webservices.wls, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0...
Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0...
Patching component oracle.wls.libraries, 12.1.3.0.0...
Patching component oracle.wls.libraries, 12.1.3.0.0...
Verifying the update...
Patch 27919943 successfully applied
Log file location: /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log
OPatch succeeded.

4.檢視補丁是否安裝成功從輸出結果可以看到已經安裝成功

[weblogic@ldjc OPatch]$ ./opatch lspatches
Jul 20, 2018 7:00:17 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level  0
27919943;WLS PATCH SET UPDATE 12.1.3.0.180717
20741228;JDBC 12.1.3.1 BP1
OPatch succeeded.

5.重啟weblogic

[root@ldjc base_domain]# service weblogic restart
Stopping weblogic: 
Starting weblogic: 
.
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=256m
.
CLASSPATH=/opt/jdk1.7.0_75/lib/tools.jar:/wls12c/wlserver/server/lib/weblogic_sp.jar:/wls12c/wlserver/server/lib/weblogic.jar:/wls12c/wlserver/../oracle_common/modules/net.sf.antcontrib_1.1
.0.0_1-0b3/lib/ant-contrib.jar:/wls12c/wlserver/modules/features/oracle.wls.common.nodemanager_2.0.0.0.jar:/wls12c/wlserver/../oracle_common/modules/com.oracle.cie.config-wls-
online_8.1.0.0.jar:/wls12c/wlserver/common/derby/lib/derbyclient.jar:/wls12c/wlserver/common/derby/lib/derby.jar:/wls12c/wlserver/server/lib/xqrl.jar
.
PATH=/wls12c/wlserver/server/bin:/wls12c/wlserver/../oracle_common/modules/org.apache.ant_1.9.2/bin:/opt/jdk1.7.0_75/jre/bin:/opt/jdk1.7.0_75/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at *
***************************************************
starting weblogic with Java version:
java version "1.7.0_75"
Java(TM) SE Runtime Environment (build 1.7.0_75-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.75-b04, mixed mode)
Starting WLS with line:
/opt/jdk1.7.0_75/bin/java -server   -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -
Djava.security.policy=/wls12c/wlserver/server/lib/weblogic.policy  -Xverify:none -Djava.endorsed.dirs=/opt/jdk1.7.0_75/jre/lib/endorsed:/wls12c/wlserver/../oracle_common/modules/endorsed  
-da -Dwls.home=/wls12c/wlserver/server -Dweblogic.home=/wls12c/wlserver/server     -Dweblogic.utils.cmm.lowertier.ServiceDisabled=true  weblogic.Server
<Jul 20, 2018 7:20:33 AM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls12c/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All 
server side log events will be written to this file.> 
<Jul 20, 2018 7:20:35 AM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> 
<Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.runtime.> 
<Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.domainruntime.> 
<Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://12.18.1.249:7001/jndi/weblogic.management.mbeanservers.edit.> 
<Jul 20, 2018 7:20:36 AM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3 was not deployed. Error: 
[Deployer:149158]No application files exist at "/wls12c/wlserver/server/lib/../../../oracle_common/modules/com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3.war".> 
<Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY.> 
<Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.>

到此補丁升級完成


來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26015009/viewspace-2158202/,如需轉載,請註明出處,否則將追究法律責任。

相關文章