1. Critical Patch 적용
oracle 유저로 OPatch 파일 업데이트
cd $ORACLE_HOME OPatch/opatch version mv OPatch OPatch.old cp -r /media/oracle/OPatch . OPatch/opatch version
[oracle@orcl ~]$ cd $ORACLE_HOME [oracle@orcl db_1]$ OPatch/opatch version Oracle Interim Patch Installer version 1.0.0.0.55 Copyright (c) 2006 Oracle Corporation. All Rights Reserved.. We recommend you refer to the OPatch documentation under OPatch/docs for usage reference. We also recommend using the latest OPatch version. For the latest OPatch version and other support related issues, please refer to document 293369.1 which is viewable from metalink.oracle.com OPatch Version: 1.0.0.0.55 [oracle@orcl db_1]$ mv OPatch OPatch.old [oracle@orcl db_1]$ cp -r /media/oracle/OPatch . [oracle@orcl db_1]$ OPatch/opatch version Oracle Interim Patch Installer version 1.0.0.0.64 Copyright (c) 2011 Oracle Corporation. All Rights Reserved.. Oracle recommends you to use the latest OPatch version and read the OPatch documentation available in the OPatch/docs directory for usage. For information about the latest OPatch and other support-related issues, refer to document ID 293369.1 available on My Oracle Support (https://myoraclesupport.oracle.com) OPatch Version: 1.0.0.0.64
oracle 유저로 패치 내역 조사
export PATH=$PATH:$ORACLE_HOME/OPatch:/usr/ccs/bin opatch lsinventory
[oracle@orcl ~]$ export PATH=$PATH:$ORACLE_HOME/OPatch:/usr/ccs/bin [oracle@orcl ~]$ opatch lsinventory Oracle Interim Patch Installer version 1.0.0.0.55 Copyright (c) 2006 Oracle Corporation. All Rights Reserved.. We recommend you refer to the OPatch documentation under OPatch/docs for usage reference. We also recommend using the latest OPatch version. For the latest OPatch version and other support related issues, please refer to document 293369.1 which is viewable from metalink.oracle.com Oracle Home = /u01/app/oracle/product/9.2.0/db_1 Location of Oracle Universal Installer components = /u01/app/oracle/product/9.2.0/db_1/oui Location of OraInstaller.jar = "/u01/app/oracle/product/9.2.0/db_1/oui/jlib" Oracle Universal Installer shared library = /u01/app/oracle/product/9.2.0/db_1/oui/lib/linux/liboraInstaller.so Location of Oracle Inventory Pointer = /etc/oraInst.loc Location of Oracle Inventory = /u01/app/oracle/product/9.2.0/db_1/inventory Path to Java = /u01/app/oracle/product/9.2.0/db_1/jre/1.4.2/bin/java Log file = /u01/app/oracle/product/9.2.0/db_1/.patch_storage/<patch ID>/*.log Creating log file "/u01/app/oracle/product/9.2.0/db_1/.patch_storage/LsInventory__06-16-2017_10-22-42.log" Result: There is no Interim Patch OPatch succeeded.
oracle 유저로 패치 수행
cd 9655027 opatch apply
[oracle@orcl oracle]$ cd 9655027 [oracle@orcl 9655027]$ opatch apply Oracle Interim Patch Installer version 1.0.0.0.64 Copyright (c) 2011 Oracle Corporation. All Rights Reserved.. Oracle recommends you to use the latest OPatch version and read the OPatch documentation available in the OPatch/docs directory for usage. For information about the latest OPatch and other support-related issues, refer to document ID 293369.1 available on My Oracle Support (https://myoraclesupport.oracle.com) Oracle Home : /u01/app/oracle/product/9.2.0/db_1 Oracle Home Inventory : /u01/app/oracle/product/9.2.0/db_1/inventory Central Inventory : /u01/app/oracle/oraInventory from : /etc/oraInst.loc OUI location : /u01/app/oracle/product/9.2.0/db_1/oui OUI shared library : /u01/app/oracle/product/9.2.0/db_1/oui/lib/linux/liboraInstaller.so Java location : /u01/app/oracle/product/9.2.0/db_1/jre/1.4.2/bin/java Log file location : /u01/app/oracle/product/9.2.0/db_1/.patch_storage/<patch ID>/*.log Creating log file "/u01/app/oracle/product/9.2.0/db_1/.patch_storage/9655027/Apply_9655027_06-16-2017_10-45-11.log" Invoking fuser to check for active processes. Invoking fuser on "/u01/app/oracle/product/9.2.0/db_1/bin/agentctl" Invoking fuser on "/u01/app/oracle/product/9.2.0/db_1/Apache/Apache/bin/rotatelogs" Invoking fuser on "/u01/app/oracle/product/9.2.0/db_1/Apache/Apache/bin/httpd" Invoking fuser on "/u01/app/oracle/product/9.2.0/db_1/bin/dbsnmp" Invoking fuser on "/u01/app/oracle/product/9.2.0/db_1/Apache/Apache/bin/htpasswd" Invoking fuser on "/u01/app/oracle/product/9.2.0/db_1/bin/oracle" Provide your email address to be informed of security issues, install and initiate Oracle Configuration Manager. Easier for you if you use your My Oracle Support Email address/User Name. Visit http://www.oracle.com/support/policies.html for details. Email address/User Name: You have not provided an email address for notification of security issues. Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]: Y Oracle Configuration Manager has been installed but not configured. OCM enables Oracle to provide superior, proactive support for our customers. Oracle strongly recommends customers configure OCM. To complete the configuration of OCM, refer to the OCM Installation and Administration Guide (http://www.oracle.com/technology/documentation/ocm.html). Backing up comps.xml ... OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only. Please shut down Oracle instances running out of this ORACLE_HOME (Oracle Home = /u01/app/oracle/product/9.2.0/db_1) Is this system ready for updating? Please respond Y|N > Y Executing the Apply pre-patch script (/media/oracle/9655027/custom/scripts/pre)... Applying patch 9655027... Patching archive files... Patching jar files... Patching copy files... Creating new directory "/u01/app/oracle/product/9.2.0/db_1/cpu/CPUJul2010/owa_all/101" Creating new directory "/u01/app/oracle/product/9.2.0/db_1/cpu/CPUJul2010/owa_all/90" Creating new directory "/u01/app/oracle/product/9.2.0/db_1/cpu/CPUJul2010/owa_all/30" Creating new directory "/u01/app/oracle/product/9.2.0/db_1/oraolap/admin" Creating new directory "/u01/app/oracle/product/9.2.0/db_1/cpu/view_recompile" Creating new directory "/u01/app/oracle/product/9.2.0/db_1/cpu/scripts" Creating file to hold list of directories that were mkdir'ed: "/u01/app/oracle/product/9.2.0/db_1/.patch_storage/9655027/opatch_dirs_created.lst" Running make for target client_sharedlib. Running make for target ioracle. Running make for target ioklist. Running make for target iokinit. Running make for target iokdstry. Running make for target libnk59.so. Running make for target itnsping. Running make for target ilsnrctl. Running make for target itnslsnr. Running make for target idbsnmp. Running make for target iagentctl. Running make for target oidldapd. Running make for target newsqlplus. Inventory is good and does not have any dangling patches. Updating inventory... Verifying patch... Backing up comps.xml ... Executing the Apply post-patch script (/media/oracle/9655027/custom/scripts/post)... OPatch succeeded.
oracle 유저로 패치 결과 조사
opatch lsinventory
[oracle@orcl 9655027]$ opatch lsinventory Oracle Interim Patch Installer version 1.0.0.0.64 Copyright (c) 2011 Oracle Corporation. All Rights Reserved.. Oracle recommends you to use the latest OPatch version and read the OPatch documentation available in the OPatch/docs directory for usage. For information about the latest OPatch and other support-related issues, refer to document ID 293369.1 available on My Oracle Support (https://myoraclesupport.oracle.com) Oracle Home : /u01/app/oracle/product/9.2.0/db_1 Oracle Home Inventory : /u01/app/oracle/product/9.2.0/db_1/inventory Central Inventory : /u01/app/oracle/oraInventory from : /etc/oraInst.loc OUI location : /u01/app/oracle/product/9.2.0/db_1/oui OUI shared library : /u01/app/oracle/product/9.2.0/db_1/oui/lib/linux/liboraInstaller.so Java location : /u01/app/oracle/product/9.2.0/db_1/jre/1.4.2/bin/java Log file location : /u01/app/oracle/product/9.2.0/db_1/.patch_storage/<patch ID>/*.log Creating log file "/u01/app/oracle/product/9.2.0/db_1/.patch_storage/LsInventory__06-16-2017_10-47-52.log" Result: Installed Patch List: ===================== 1) Patch 9655027 applied on Fri Jun 16 10:47:16 KST 2017 Unique Patch ID: 12691158 [ Bug fixes: 6057120 5517051 7120509 5901910 6066116 8534403 4057920 9352224 5744161 6453643 6375910 5527732 5089244 5514908 7127618 9119275 7576801 6654193 6395038 9655027 6690077 5901875 6954722 8290638 6826554 6079582 7592365 5917099 5964709 5369855 5839764 7375695 7154111 3345222 5116414 6521027 6120177 4528014 4157520 7154115 6042409 5284303 5526018 6117049 5722472 6404861 2855117 5372831 5631915 6647071 6769003 5631836 6451637 6055396 4334992 5849054 6319169 88366758 4683638 6639973 6079599 5558878 6020552 2701372 6053580 5188321 6613049 6703834 5345437 4609147 7335157 5080775 6350567 4088156 5965170 5703297 6153972 5929055 6862814 8525675 5933477 5490859 6864197 6619946 4215910 5605370 6444045 5754150 5491035 5726053 4115449 6404447 6493035 5745084 4969005 6864082 9117646 6646842 4970079 6787081 8290549 5057695 5149865 6529567 4599763 ] OPatch succeeded.
oracle 유저로 remove_demo 실행
cd 9655027 sh remove_demo.sh
[oracle@orcl oracle]$ cd 9655027 [oracle@orcl 9655027]$ sh remove_demo.sh Your ORACLE_HOME is /u01/app/oracle/product/9.2.0/db_1 This script will remove the Vulnerable OHS Demos /u01/app/oracle/product/9.2.0/db_1/Apache/Apache/fcgi-bin/echo* Please note that you will NOT be able to restore these demos after removing, if you may want to restore these demos, please manually backup all the files under /u01/app/oracle/product/9.2.0/db_1/Apache/Apache/fcgi-bin/ directory, and then rerun remove_demo.sh Continue to remove the Vulnerable OHS Demos. Please respond Y|[N] => Y Removing the Vulnerable OHS Demos... Patch Installation Script Completed Exiting...
vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf 주석처리
# FastCGIServer fcgi-bin/echo -initial-env ORACLE_HOME \ # -initial-env NLS_LANG
root 유저로 수행
chown root $ORACLE_HOME/bin/dbsnmp chmod 6750 $ORACLE_HOME/bin/dbsnmp
[root@orcl ~]# chown root /u01/app/oracle/product/9.2.0/db_1/bin/dbsnmp [root@orcl ~]# chmod 6750 /u01/app/oracle/product/9.2.0/db_1/bin/dbsnmp