« SWAMP Products Module Comes Together | Main | LOOPing for Data - Part I »

October 27, 2005

Solaris 10g Box locked down and readied for Oracle 10g

Since I was sick last week, this was the first time for me to participate in the Unix/Solaris + Oracle 10g group. The goal of this group is to install Solaris 10 on a box from scratch (which they did last week), lock down the security on the box, then install Oracle 10g on it.

This week Shaun, Mike Ellis, Dale, and myself worked on locking down security on the box. We were given a list of commands from Travis and Troy. We executed these commands, which did such things as lock down access to certain directories to root; disabled services such as FTP, Telnet, and smtp; and changed the default shell to tcsh. We actually screwed up the tcsh part (put in tsch by mistake). This was interesting because when we went to log in after a reboot, all we got was an error message saying there was no shell. Travis rescued us, though, and showed us how to use stop+a to get a command line, then go in and fix the error. The box then booted up just fine.

The next thing we did was to modify the /etc/system file by adding oracle parameters. This is required before performing the actual 10g install. Mike Ellis looked up the meaning of the parameters, and we entered these values:

shmmax=4294967295
shmmin=1
shmni=100
shmseg=10
semmsl=256 (this is 10 + max processes allowed by the db)
semmns=430
semopm=300 (we originally had 100, recommended is 500, we averaged)
semvmx=32767

Next week we will do the Oracle 10g install and see if these parameters are good enough for it to work!

While modifying the /etc/system file, Shaun demonstrated his VI editing skills, and shared with each of us a VI reference sheet he had. We all need some work on our VI skills. Travis gave us a few pointers as well.

In summary, this was not the most exciting work, but it was very necessary! I'm grateful for the chance to see how to lock down a Unix box, and was able to get a good grasp on it in a short amount of time. I'll probably get a good grasp on VI about the same time h, e, double hockeysticks freezes over.....

Posted by rossm at October 27, 2005 11:28 AM

Comments

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?