ITPub博客

首页 > Linux操作系统 > Linux操作系统 > 为monitor打PSU4 (10.2.0.4.4)的步骤

为monitor打PSU4 (10.2.0.4.4)的步骤

原创 Linux操作系统 作者:tengrid 时间:2011-09-26 18:51:41 0 删除 编辑

最近在监控服务器上新安装了一个oracle 10.2.0.4,被安全科扫描出漏洞,
详细信息如下:
--------------------------------------
10.0.3.23

漏洞编号: 3661 CVE号: CVE-2009-0688 CVE-2009-2404 CVE-2010-0086 CVE-2010-0453 CVE-2010-0851 CVE-2010-0852 CVE-2010-0853 
漏洞名称: Oracle 2010.04安全更新修复多个安全漏洞 漏洞类型: 数据库测试 
风险级别: 高风险  依赖端口: 1521, 1541 
漏洞描述: 该脚本通过数据库的版本进行漏洞识别,可能存在误报。
2010年04月Oracle发布的重要补丁更新公告修复了Oracle 的47个安全漏洞,首次以甲骨文名义修补Oracle Sun Product Suite的16个安全漏洞。涉及的Oracle的产品包括Oracle Database、 Fusion Middleware、Collaboration Suite、E-Business Suite、Oracle Transportation Management、 Agile - Engineering Data Management、PeopleSoft/JDE、Communications Industry Suite、Life Sciences Industry Suite、Retail Industry Suite等。这些产品中的漏洞可能导致远程执行任意代码、信息泄漏或拒绝服务等严重后果。Oracle已经提供了补丁,请广大用户及时下载更新。 
解决方法: 1、最终解决方案:
目前厂商已经发布安全更新用于修复这些漏洞,请及时应用Oracle 2010.04月安全更新,补丁下载参考页面地址如下:
http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html 
 
相关端口: 1521 
获取信息: 无 
--------------------------------------

根据上述链接,找到10.2.0.4上的最新的PSU为10.2.0.4.4 (PSU4 2010.4月发布)
p9352164_10204_Linux-x86-64.zip

上述补丁的readme.html中提示Opatch必须是10.2.0.4.7或以上
You must use the OPatch 10.2 version 10.2.0.4.7 or later to apply this patch. Oracle recommends that you use the latest released OPatch 10.2, which is available for download from My Oracle Support patch 6880880 by selecting the 10.2.0.0.0 release.

查看当前版本
[oracle@monitor OPatch]$ ./opatch --version
Invoking OPatch 10.2.0.4.2

到metalink下载 (6880880) 并提readme.html提示安装10gR2最新opatch工具
步骤见后面的文档 (在安装前先备份原OPatch目录)

安装完成后查看版本
[oracle@monitor OPatch]$ ./opatch version
Invoking OPatch 10.2.0.5.1

OPatch Version: 10.2.0.5.1

OPatch succeeded.


由于monitor上的oracle是直接把其它的oracle目录copy过来的,在copy时忽略了/etc/oraInst.loc文件
查系统中现有补丁时报错
[oracle@monitor ~]$ cd /oracle/product/10.2.0/db_1/OPatch/
[oracle@monitor OPatch]$ ls
docs  emdpatch.pl  jlib  opatch  opatch.ini  opatch.pl  opatchprereqs
[oracle@monitor OPatch]$ ./opatch lsinventory
Invoking OPatch 10.2.0.4.2

Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation.  All rights reserved.


Oracle Home       : /oracle/product/10.2.0/db_1
Central Inventory : n/a
   from           :
OPatch version    : 10.2.0.4.2
OUI version       : 10.2.0.4.0
OUI location      : /oracle/product/10.2.0/db_1/oui
Log file location : n/a

OPatch cannot find a valid oraInst.loc file to locate Central Inventory.

OPatch failed with error code 104
[oracle@monitor OPatch]$


从另一个db上copy 文件/etc/oraInst.loc过来
[root@monitor etc]# scp root@10.0.3.22:/etc/oraInst.loc .
[root@monitor oracle]# scp -r root@10.0.3.22:/home/oracle/oraInventory .
[root@monitor oracle]# chown -R oracle.oinstall oraInventory/

再次检查oracle的补丁,这次OK
[oracle@monitor OPatch]$ ./opatch lsinventory
Invoking OPatch 10.2.0.4.2

Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation.  All rights reserved.


Oracle Home       : /oracle/product/10.2.0/db_1
Central Inventory : /home/oracle/oraInventory
   from           : /etc/oraInst.loc
OPatch version    : 10.2.0.4.2
OUI version       : 10.2.0.4.0
OUI location      : /oracle/product/10.2.0/db_1/oui
Log file location : /oracle/product/10.2.0/db_1/cfgtoollogs/opatch/opatch2011-09-26_19-13-55PM.log

Lsinventory Output file location : /oracle/product/10.2.0/db_1/cfgtoollogs/opatch/lsinv/lsinventory2011-09-26_19-13-55PM.txt

--------------------------------------------------------------------------------
Installed Top-level Products (2):

Oracle Database 10g                                                  10.2.0.1.0
Oracle Database 10g Release 2 Patch Set 3                            10.2.0.4.0
There are 2 products installed in this Oracle Home.


There are no Interim patches installed in this Oracle Home.


--------------------------------------------------------------------------------

OPatch succeeded.
[oracle@monitor OPatch]$


按照p9352164的readme.html步骤打补丁

$cd $ORACLE_HOME/OPatch
$./opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir /home/oracle/patches/9352164
$./opatch apply /home/oracle/patches/9352164
cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> STARTUP
SQL> @catbundle.sql psu apply
SQL> -- Execute the next statement only if this is the first 10.2.0.4 PSU applied in the Oracle home.
SQL> @utlrp.sql
SQL> QUIT

SELECT * FROM registry$history where ID = '6452863'

cd $ORACLE_HOME/cpu/view_recompile
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> @recompile_precheck_jan2008cpu.sql
SQL> QUIT

cd $ORACLE_HOME/cpu/view_recompile
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> SHUTDOWN IMMEDIATE
SQL> STARTUP UPGRADE
SQL> @view_recompile_jan2008cpu.sql
SQL> SHUTDOWN;
SQL> STARTUP;
SQL> QUIT

cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> @utlrp.sql

SQL> alter package schemaname.packagename compile;

 

/*** opatch工具升级步骤及注意事项
Patch summary:
--------------
README file for OPatch 10.2.0.5.1, the Oracle Interim Patching Tool.

This patch installs the "OPatch" utility. OPatch is used for patching
Oracle software. If you have an older version of opatch it is strongly
recommended to back it up.

OPatch is Oracle's only supported method of installing Interim
patches. It updates the central and per-product inventories with the
details of the patch.

How to install the utility:
---------------------------
To install this patch simply extract the file "zipped file"
using unzip or winzip, depending upon the platform. You should extract
the zip file directly under the ORACLE_HOME.

To check the version of the opatch utility installed in the above step,
go to the OPatch directory and run "opatch version"

How to run the utility:
-----------------------
OPatch tool requires JDK to be present in the Oracle Home.
It requires JDK version of 1.4.2 or higher for proper functioning.

It can be invoked directly using

    /opatch [] [options]

You can use the following command format to view help information:

    /opatch [] -help

OPatch can be manually invoked using Perl:

  /perl /opatch.pl [options]

You can use the following command format to view help information:

  /perl /opatch.pl  [] -help

There is a User's Guide in the 'docs' subdirectory that has full
details on running the tool. There is FAQ file in the same directory
that answers many of the common questions.

If you don't have Perl, you can download Perl from Metalink
(http://metalink.oracle.com) using Bug 2417872. Source code for perl
is also available from http://www.cpan.org (the Comprehensive Perl
Archive Network). Links to binary versions of perl for supported
operating systems is also provided on the CPAN web site.

You can download the required version of JDK from
http://java.sun.com

Special Instructions:
---------------------
Windows:
--------
  1) If your "Central Inventory" is not under
       C:\Program Files\oracle\inventory, please set env. var. INVENTORY_LOC
            to the value of the registry key
                 \\HKEY_LOCAL_MACHINE\Software\Oracle\inst_loc

  2) Make sure you have java.exe in your PATH

========================================================================
***/

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/94384/viewspace-708329/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2009-05-18

  • 博文量
    136
  • 访问量
    378943