Unofficial Oracle Linux 6 Installation and Setup Guide. Next, configure the network interfaces, the hostname and DNS. The network interface configuration files are located in the /etc/sysconfig/network- scripts/ directory. Each network interface has a corresponding interface configuration script. Each files, i. e. To edit or setup an interface, change directory to /etc/sysconfig/network- scripts/: # cd /etc/sysconfig/network- scripts/Edit edit or create the following files: /etc/sysconfig/network- scripts/ifcfg- eth.
First Ethernet card configuration file/etc/sysconfig/network- scripts/ifcfg- eth. Second Ethernet card configuration file. HP Linux Imaging and Printing Print, Scan and Fax Drivers for Linux. ![]() To edit or create the first interface (eth. Append or modify as follows: DEVICE=eth. BOOTPROTO=static. DHCPCLASS=HWADDR=0. A6: 5. EIPADDR=1. NETMASK=2. 55. 2. GATEWAY=1. 92. 1. NETWORK=1. 92. 1. ONBOOT=yes. Save and close the file. Define the hostname in /etc/sysconfig/network file and in /etc/hosts: The /etc/sysconfig/network file is used by Linux to specify network configurations. By default, /etc/sysconfig/network contains the following options: NETWORKING=boolean Enter a Boolean yes to enable networking, enter no to disable networking. NETWORKING=yes. HOSTNAME=value Enter the hostname of the machine. For example: HOSTNAME=hostname. As root type "vi /etc/sysconfig/network" to enter the hostname of the machine: Append or modify as follows: HOSTNAME=myserver. Save and close the file. Oracle technology products, including Oracle Enterprise Manager, rely on a properly formatted /etc/hosts file which allows the host to be pingable, with long and short host names. The host name in the /etc/hosts file must be associated with the server's public IP address. The next example shows the proper syntax from a /etc/hosts file. Note that the localhost entries are one one line, and the IP address with the long and short names are on the next line. The next example shows an improperly formatted /etc/hosts file. Note that the long and short names are on the same line as the localhost entries. Tip: The IPv. 6 entries in the /etc/hosts files should be removed to aviod "Bug 1. AGENT DEPLOY FAILS WITH AGENT PORT PASSED BY USER IS BUSY" with Oracle Management Agent installations: :: 1 localhost localhost. The /etc/hosts file can be edited by the root user bu typing “vi /etc/hosts”, as shown in the next example.# vi. Save and close the file. Next, restart networking: # service network restart. Setup DNS in the /etc/resolv. The resolv. conf file is used by Linux to configure the Domain Name System (DNS) resolver library. The resolv. conf file contains directives including the default search domains used for fully qualified domain name (FQDN) completion when no domain suffix is supplied as part of a query. The resolv. conf file also contains a list of IP addresses of nameservers available to a host. For more information about this file, refer to the resolv. The /etc/resolv. conf file can be edited by the root user bu typing “vi /etc/resolv. Setup the search prefix and the DNS Server as follows: search my. Save and close the file. Next, ping the gateway or other hosts to confirm connectivity: $ ping yahoo. The IEEE 8. 02. 1. Q standard was introduced to partition large networks into smaller virtual local area networks (VLANs) using software without the need to move cables or add switch ports. The IEEE 8. Q standard also defines how multiple layer- 2 networks/VLANs can share the same physical link, this is also referred to as Ether. Channel and 8. 02. Q trunking. For example, with 8. Q adding a network to a local area network (LAN) entails provisioning a VLAN on the switch and enabling the VLAN on the desired switch ports and/or trunks. Linux hosts that are connected to the switch ports and/or trunks could use the new VLAN by creating a VLAN interface on the desired NIC and/or bond without moving or changing the network cabling. The following configuration enables 8. First, as root, enable the 8. Next, create a VLAN interface on eth. VLAN 2. 1. Substitute 2. VLAN ID for your VLAN. # vconfig add eth. Next, plumb the VLAN interface.# ifconfig eth. To preserve the 8. VLAN interface.# vi /etc/sysconfig/network- scripts/ifcfg- eth. DEVICE=eth. 0. 2. IPADDR=xx. xx. xx. NETMASK=xx. xx. xx. ONBOOT=yes. BOOTPROTO=static. USERCTL=no. VLAN=yes. Next, edit the /etc/sysconfig/network- scripts/eth. DEVICE=eth. 0ONBOOT=yes. BOOTPROTO=none. USERCTL=no. HWADDR=0. 0: 2. 5: 9. C: 2. FOnce the /etc/sysconfig/network- scripts file is created, restart the network service to load the interface.# service network restart. Even if IPv. 6 is not being used, IPv. Oracle technology products. For example, IPv. IPv. 4 and IPv. 6 at the same time. IPv. 6 creates an IPv. IPv. 4 interface. Web. Logic and many other Oracle technologies see the IPv. If IPv. 6 is not being used, a best practice is to disable IPv. Add the following entries to /etc/sysctl. To disable IPv. 6 on a running system, as root type: echo 1 > /proc/sys/net/ipv. With IPv. 6 disabled, if X forwarding breaks, edit /etc/ssh/sshd_config and make one of the following changes: (1) Change the line#Address. Family anyto. Address. Family inet(inet is ipv. Remove the hash mark (#) in front of the line#Listen. Address 0. 0. 0. 0. there. Next, restart ssh.Next, type chkconfig ip.Finally, remove the IPv. Bug 1. 36. 52. 66. AGENT DEPLOY FAILS WITH AGENT PORT PASSED BY USER IS BUSY" with Oracle Management Agent installations. The next example shows the Pv. Linux IPv. 4 and IPv. Oracle Linux with a default policy and ruleset in /etc/sysconfig/iptables. Host firewalls, for example iptables, are a fundamental part of an information security program. If your information security program requires host firewalls, a best practice is to configure host firewalls during the last phase of the Oracle deployment. To open the necessary ports in iptables, as root edit the /etc/sysconfig/iptables file and add the desired iptables rules. The next example show the iptables rules from a default Oracle Linux installation.*filter: INPUT ACCEPT [1: 5. FORWARD ACCEPT [0: 0]: OUTPUT ACCEPT [1: 1. A INPUT - p tcp - m state - -state NEW - m tcp - -dport 1. ACCEPTCOMMITThe next example shows the iptabes rules from a Oracle Linux host with an Oracle Database that allows a SQL client with IP address 1. Database. *filter: INPUT ACCEPT [0: 0]: FORWARD ACCEPT [0: 0]: OUTPUT ACCEPT [0: 0]- A INPUT - m state - -state ESTABLISHED,RELATED - j ACCEPT- A INPUT - p icmp - j ACCEPT- A INPUT - i lo - j ACCEPT- A INPUT - m state - -state NEW - m tcp - p tcp - -dport 2. ACCEPT# What: oracle database: permit SQL*Net traffic from client- A INPUT - m state - -state NEW - m tcp - p tcp - s 1. ACCEPT# End of modifications for oracle database- A INPUT - j REJECT - -reject- with icmp- host- prohibited- A FORWARD - j REJECT - -reject- with icmp- host- prohibited. COMMITiptables can be disabled by typing the following command as root.# service iptables stop & & service ip. Security Enhanced Linux (SELinux) is a default Linux feature that offers mandatory access controls, using Linux kernel security modules (LSM) along with user- space tools. Starting with Oracle Database 1. Release 2 (1. 1. 2), Security Enhanced Linux is supported for Oracle Linux 4, Red Hat Enterprise Linux 4, Oracle Linux 5, and Red Hat Enterprise Linux 5. Security Enhanced Linux is not supported for the Oracle Enterprise Manager 1. Oracle Management Service. Mandatory access controls, for example Security Enhanced Linux, may be a part of your organizations information security program. If your information security program requires mandatory access controls for the 1. Oracle Management Repository, a best practice is to configure Security Enhanced Linux during the last phase of the Enterprise Manager deployment. To confirm the status of SELinux, as root type sestatus as shown in the next example.# sestatus. SELinux status: disabled. The above example shows a host with SELinux disabled. Security Enhanced Linux can be temporarily set to permissive by typing "echo 0 > /selinux/enforce", as root. Security Enhanced Linux can be re- enabled (enforcing) by typing "echo 1 > /selinux/enforce", as root. Security Enhanced Linux can be permanently disabled by changing the "SELINUX=enforcing" entry to "SELINUX=disabled" in the "/etc/selinux/config" file. Security Enhanced Linux can be re- enabled by changing the "SELINUX=disabled" entry to "SELINUX=enforcing" in the "/etc/selinux/config" file. A re- boot is required after changing the "SELINUX=” value to enable to new settings.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |