為monitor打PSU4 (10.2.0.4.4)的步驟
最近在監控伺服器上新安裝了一個oracle 10.2.0.4,被安全科掃描出漏洞,
詳細資訊如下:
--------------------------------------
10.0.3.23
漏洞編號: 3661 CVE號: CVE-2009-0688 CVE-2009-2404 CVE-2010-0086 CVE-2010-0453 CVE-2010-0851 CVE-2010-0852 CVE-2010-0853
漏洞名稱: Oracle 2010.04安全更新修復多個安全漏洞 漏洞型別: 資料庫測試
風險級別: 高風險 依賴埠: 1521, 1541
漏洞描述: 該指令碼透過資料庫的版本進行漏洞識別,可能存在誤報。
2010年04月Oracle釋出的重要補丁更新公告修復了Oracle 的47個安全漏洞,首次以甲骨文名義修補Oracle Sun Product Suite的16個安全漏洞。涉及的Oracle的產品包括Oracle Database、 Fusion Middleware、Collaboration Suite、E-Business Suite、Oracle Transportation Management、 Agile - Engineering Data Management、PeopleSoft/JDE、Communications Industry Suite、Life Sciences Industry Suite、Retail Industry Suite等。這些產品中的漏洞可能導致遠端執行任意程式碼、資訊洩漏或拒絕服務等嚴重後果。Oracle已經提供了補丁,請廣大使用者及時下載更新。
解決方法: 1、最終解決方案:
目前廠商已經發布安全更新用於修復這些漏洞,請及時應用Oracle 2010.04月安全更新,補丁下載參考頁面地址如下:
http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
相關埠: 1521
獲取資訊: 無
--------------------------------------
根據上述連結,找到10.2.0.4上的最新的PSU為10.2.0.4.4 (PSU4 2010.4月釋出)
p9352164_10204_Linux-x86-64.zip
上述補丁的readme.html中提示Opatch必須是10.2.0.4.7或以上
You must use the OPatch 10.2 version 10.2.0.4.7 or later to apply this patch. Oracle recommends that you use the latest released OPatch 10.2, which is available for download from My Oracle Support patch 6880880 by selecting the 10.2.0.0.0 release.
檢視當前版本
[oracle@monitor OPatch]$ ./opatch --version
Invoking OPatch 10.2.0.4.2
到metalink下載 (6880880) 並提readme.html提示安裝10gR2最新opatch工具
步驟見後面的文件 (在安裝前先備份原OPatch目錄)
安裝完成後檢視版本
[oracle@monitor OPatch]$ ./opatch version
Invoking OPatch 10.2.0.5.1
OPatch Version: 10.2.0.5.1
OPatch succeeded.
由於monitor上的oracle是直接把其它的oracle目錄copy過來的,在copy時忽略了/etc/oraInst.loc檔案
查系統中現有補丁時報錯
[oracle@monitor ~]$ cd /oracle/product/10.2.0/db_1/OPatch/
[oracle@monitor OPatch]$ ls
docs emdpatch.pl jlib opatch opatch.ini opatch.pl opatchprereqs
[oracle@monitor OPatch]$ ./opatch lsinventory
Invoking OPatch 10.2.0.4.2
Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation. All rights reserved.
Oracle Home : /oracle/product/10.2.0/db_1
Central Inventory : n/a
from :
OPatch version : 10.2.0.4.2
OUI version : 10.2.0.4.0
OUI location : /oracle/product/10.2.0/db_1/oui
Log file location : n/a
OPatch cannot find a valid oraInst.loc file to locate Central Inventory.
OPatch failed with error code 104
[oracle@monitor OPatch]$
從另一個db上copy 檔案/etc/oraInst.loc過來
[root@monitor etc]# scp .
[root@monitor oracle]# scp -r .
[root@monitor oracle]# chown -R oracle.oinstall oraInventory/
再次檢查oracle的補丁,這次OK
[oracle@monitor OPatch]$ ./opatch lsinventory
Invoking OPatch 10.2.0.4.2
Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation. All rights reserved.
Oracle Home : /oracle/product/10.2.0/db_1
Central Inventory : /home/oracle/oraInventory
from : /etc/oraInst.loc
OPatch version : 10.2.0.4.2
OUI version : 10.2.0.4.0
OUI location : /oracle/product/10.2.0/db_1/oui
Log file location : /oracle/product/10.2.0/db_1/cfgtoollogs/opatch/opatch2011-09-26_19-13-55PM.log
Lsinventory Output file location : /oracle/product/10.2.0/db_1/cfgtoollogs/opatch/lsinv/lsinventory2011-09-26_19-13-55PM.txt
--------------------------------------------------------------------------------
Installed Top-level Products (2):
Oracle Database 10g 10.2.0.1.0
Oracle Database 10g Release 2 Patch Set 3 10.2.0.4.0
There are 2 products installed in this Oracle Home.
There are no Interim patches installed in this Oracle Home.
--------------------------------------------------------------------------------
OPatch succeeded.
[oracle@monitor OPatch]$
按照p9352164的readme.html步驟打補丁
$cd $ORACLE_HOME/OPatch
$./opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir /home/oracle/patches/9352164
$./opatch apply /home/oracle/patches/9352164
cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> STARTUP
SQL> @catbundle.sql psu apply
SQL> -- Execute the next statement only if this is the first 10.2.0.4 PSU applied in the Oracle home.
SQL> @utlrp.sql
SQL> QUIT
SELECT * FROM registry$history where ID = '6452863'
cd $ORACLE_HOME/cpu/view_recompile
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> @recompile_precheck_jan2008cpu.sql
SQL> QUIT
cd $ORACLE_HOME/cpu/view_recompile
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> SHUTDOWN IMMEDIATE
SQL> STARTUP UPGRADE
SQL> @view_recompile_jan2008cpu.sql
SQL> SHUTDOWN;
SQL> STARTUP;
SQL> QUIT
cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> @utlrp.sql
SQL> alter package schemaname.packagename compile;
/*** opatch工具升級步驟及注意事項
Patch summary:
--------------
README file for OPatch 10.2.0.5.1, the Oracle Interim Patching Tool.
This patch installs the "OPatch" utility. OPatch is used for patching
Oracle software. If you have an older version of opatch it is strongly
recommended to back it up.
OPatch is Oracle's only supported method of installing Interim
patches. It updates the central and per-product inventories with the
details of the patch.
How to install the utility:
---------------------------
To install this patch simply extract the file "zipped file"
using unzip or winzip, depending upon the platform. You should extract
the zip file directly under the ORACLE_HOME.
To check the version of the opatch utility installed in the above step,
go to the OPatch directory and run "opatch version"
How to run the utility:
-----------------------
OPatch tool requires JDK to be present in the Oracle Home.
It requires JDK version of 1.4.2 or higher for proper functioning.
It can be invoked directly using
You can use the following command format to view help information:
OPatch can be manually invoked using Perl:
You can use the following command format to view help information:
There is a User's Guide in the 'docs' subdirectory that has full
details on running the tool. There is FAQ file in the same directory
that answers many of the common questions.
If you don't have Perl, you can download Perl from Metalink
() using Bug 2417872. Source code for perl
is also available from (the Comprehensive Perl
Archive Network). Links to binary versions of perl for supported
operating systems is also provided on the CPAN web site.
You can download the required version of JDK from
Special Instructions:
---------------------
Windows:
--------
1) If your "Central Inventory" is not under
C:\Program Files\oracle\inventory, please set env. var. INVENTORY_LOC
to the value of the registry key
2) Make sure you have java.exe in your PATH
========================================================================
***/
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/94384/viewspace-708329/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 阿里打敗騰訊的步驟阿里
- 批量打patch (adpatch) 的設定步驟
- win10@怎麼打_win10打出@符號的步驟Win10符號
- oracle 11g 單例項打補丁操作步驟Oracle單例
- 成為Java全棧工程師的步驟Java全棧工程師
- 初為專案經理的工作步驟(轉)
- 步步為贏,做好資料分析的7個步驟
- 10個步驟讓你成為高效的Web開發者Web
- Oracle 11g RAC 環境打PSU補丁的詳細步驟Oracle
- 需求分析的步驟
- 為你解析機器學習品酒步驟(附視訊)機器學習
- xftp安裝步驟,xftp安裝的2大步驟FTP
- 操作步驟
- 成為專業人士的3個步驟,拿走不謝!
- 給oracle 10.2.0.4.0 打em補丁8350262執行步驟Oracle
- charles的安裝步驟
- 安裝jdk的步驟JDK
- ORACLE重建OEM的步驟Oracle
- 建立oracle快照的步驟Oracle
- GreenPlum的安裝步驟
- 學習SAP的步驟
- 學習java的步驟Java
- 建立BAPI程式的步驟API
- 九個步驟讓你成為PHP專家PHP
- 寶塔皮膚安裝網站後打不開的解決方法及排查步驟網站
- Linux中更換yum源為阿里的詳細步驟Linux阿里
- 成為Web開發人員的7個簡單步驟Web
- vnc安裝步驟,vnc安裝步驟詳解VNC
- OGG實施操作步驟(包括操作過程中的所有步驟)
- AJAX 操作步驟
- MHA搭建步驟
- 部署MySQL步驟MySql
- 專案步驟
- 安裝寶塔皮膚後網址打不開的解決方法及快速排查步驟
- CRM系統管理線索分為幾個步驟?
- 正思維的操作步驟
- 搭建CRM系統的步驟
- 【教程】Debug 的基本步驟