RAC Attack - Oracle Cluster Database at Home/Prep for Oracle

 Edit /etc/sysctl.conf

[root@collabn1 ~]# gedit /etc/sysctl.conf kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 1024 65000 net.core.rmem_default=4194304 net.core.rmem_max=4194304 net.core.wmem_default=262144 net.core.wmem_max=262144 [root@collabn1 ~]# sysctl -p
 * 1) semaphores: semmsl, semmns, semopm, semmni

 Edit /etc/security/limits.conf

oracle              soft    nproc   2047 oracle              hard    nproc   16384 oracle              soft    nofile  1024 oracle              hard    nofile  65536

 Edit /etc/pam.d/login and insert the following lines BEFORE the "selinux open" line.

session   required     /lib/security/pam_limits.so session    required     pam_limits.so

 Create groups and users. Make the oracle password racattack

[root@collabn1 ~]# groupadd oinstall [root@collabn1 ~]# groupadd dba [root@collabn1 ~]# groupadd oper [root@collabn1 ~]# groupadd asmdba [root@collabn1 ~]# groupadd asmoper [root@collabn1 ~]# groupadd asmadmin [root@collabn1 ~]# [root@collabn1 ~]# useradd -u 500 -g oinstall -G dba,oper,asmdba,asmoper,asmadmin oracle [root@collabn1 ~]# passwd oracle Changing password for user oracle. New UNIX password: racattack BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: racattack passwd: all authentication tokens updated successfully.

 Create directories.

[root@collabn1 ~]# mkdir -p /u01/grid/oracle/product/11.2.0/grid_1 [root@collabn1 ~]# mkdir -p /u01/app/oracle/product/11.2.0/db_1 [root@collabn1 ~]# chown -R oracle:oinstall /u01

 Logout of your session and login as the oracle user.

 Disable GNOME CD automount for the oracle user. Go to the menu System >> Preferences >> Removable Drives and Media.

</li><li style="margin-top:3em"> Uncheck all of the options under Removable Storage and click Close.

</li><li style="margin-top:3em"> Open a terminal window.

</li><li style="margin-top:3em"> From the menus, open Edit >> Current Profile.

</li><li style="margin-top:3em"> In the Title and Command tab, check the box for Run command as a login shell, then close the dialog.

</li><li style="margin-top:3em"> If you are using gedit, then open Edit > Preferences to disable text wrapping and enable line numbers.

</li><li style="margin-top:3em"> Setup ssh equivalence for oracle user.

[oracle@collabn1 ~]$ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is 3f:65:e6:77:af:11:84:56:a4:b9:0f:8b:41:b4:2f:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. oracle@localhost's password: ^C [oracle@collabn1 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_rsa): ^M [default] Enter passphrase (empty for no passphrase): ^M [no password] Enter same passphrase again: ^M [no password] Your identification has been saved in /home/oracle/.ssh/id_rsa. Your public key has been saved in /home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 0a:33:74:d4:7a:c0:c6:d0:56:33:10:4e:71:63:4c:e8 oracle@collabn1.vm.ardentperf.com [oracle@collabn1 ~]$ cat /home/oracle/.ssh/id_rsa.pub >> /home/oracle/.ssh/authorized_keys

</li><li style="margin-top:3em"> Setup oracle and root users' profiles.

[oracle@collabn1 ~]$ su - root [root@collabn1 ~]# gedit /etc/oratab grid:/u01/grid/oracle/product/11.2.0/grid_1:N [root@collabn1 ~]# chown oracle:dba /etc/oratab [root@collabn1 ~]# gedit /root/.bashrc ORAENV_ASK=NO ORACLE_SID=grid . oraenv >/dev/null unset ORAENV_ASK [root@collabn1 ~]# su - oracle [oracle@collabn1 ~]$ cd /mnt [oracle@collabn1 ~]$ cat */oracle-profile >>/home/oracle/.bash_profile

</li><li style="margin-top:3em"> Close and re-open your terminal sessions so that the new profiles take effect.

</li><li style="margin-top:3em"> Install fix_cssd script.

[oracle@collabn1 ~]$ su - root [root@collabn1 ~]# cd / [root@collabn1 ~]# tar xvf mnt/*/fix_cssd.tar root/fix_cssd/fix_cssd.sh [root@collabn1 ~]# chmod 774 /root/fix_cssd/fix_cssd.sh [root@collabn1 ~]# gedit /etc/rc.d/rc.local cd /root/fix_cssd nohup nice -n -20 ./fix_cssd.sh 2>&1 & [root@collabn1 ~]# /etc/rc.d/rc.local nohup: appending output to `nohup.out'

</li></ol>