Frits Hoogland Weblog

I use vmware fusion virtual machines for experimenting with the database on windows, linux and solaris.

I’ve just copied my plain linux operating system install and installed oracle 10 and oracle 11. Of course, I’ve renamed the machine. That is what this blogpost is about.

To honest, I am quite lazy. So lazy that I forgot to link the system name set in /etc/sysconfig/network to the ip-address given (done in /etc/hosts).

This does not affect the software installation, but does affect the creating of the database. It is reported as an internal error (ORA-600):

ORA-00600: internal error code, arguments: [keltnfy-ldmInit], [46], [1], [], [], [], [], []

Meaning: the hostname can not be translated to an ip-address.
Resolution: lookup hostname using the hostname command, lookup the ip-address using the /sbin/ifconfig -a command, and link both in /etc/hosts

Sound cryptic, doesn’t it?

In most situations where you do configuration, tuning or other settings of web environments (apache, oracle http server, OC4J, weblogic, websphere, etc.) you have access from ‘the inside’, most of the time access via a separate LAN (often called ‘administration LAN’) which let’s you get access in another way than the regular web traffic, which comes in from ‘the outside’ which is firewalled different (or is the only connection being firewalled), thus is handled different.

There are situations where you want to see what traffic from ‘the outside’ does instead of your ‘inside connection’, for example:
- ssl/certificates/wallets
- connecting webservers with the webcache
- altering hostnames
- review firewalling and webtraffic routing
- review NIDS (network intrusion detection)

This is where tor comes in.

What does Tor do? The best explanation is on the tor website. What it does is route your traffic encrypted through an anonymous, distributed network. Tor accomplishes much security related things, for this subject it’s important it setups an connection randomly on the internet.

Tor is not available on the RHEL/OEL/CentOS CD/DVD’s and network repositories. It’s also not present in EPEL (extra packages for Enterprise Linux), so it must be downloaded from the tor download page (choose ’stable’).

In order to fully use it, you need privoxy, which is present in the repository (thus can be installed using yum).

After the installation of both, there’s a little configuration necessary, but then you’ve got a proxy setup which let’s you browse the internet (anonymously) from a random place on the internet!

For people who have security considerations, and/or doubts about anonymity of their traffic, anything which can use a proxy can use it.

This means nikto can be used entirely anonymous, whilst things like nmap, nessus can’t with this setup.

During a stroll through the filesystem I encountered an executable (a python script actually) called ’sosreport’. You’ve got to admit: the name sounds intriguing.

The man-page says ‘Generate debugging information for this system’. This is getting even more interesting…

Lets run it!

$ /usr/sbin/sosreport

sosreport requires root permissions to run.

The utility requires root permissions. Not very surprising, root got all permissions to get internal system information.

Again, now as root:

# sosreport

Please send this file to your support representative.


Let’s see what it provides, and see if it got any benefits above Oracle’s RDA…
It produces two files in /tmp:

-rw-r--r-- 1 root root 33 May 1 14:34 sosreport-fritshoogland.9999-725705-3400ad.tar.bz2.md5
-rw------- 1 root root 631098 May 1 14:34 sosreport-fritshoogland.9999-725705-3400ad.tar.bz2


The list of files when extracting sosreport-fritshoogland.9999-725705-3400ad.tar.bz2 simply is too big to put in the blogpost.
It contains all linux configuration files (yes, that’s a bold statement), all startup/shutdown scripts, all kind of current system information (dmidecode, lsmod, lspci, netstat, iptables, rpm, network routes, LVM, device mapper, EMC multipathing, etc.), could go on and on!

This command is able to let anyone who can get access to the system make a file with all relevant settings for troubleshooting. That’s handy! It’s very hard to get information about network configuration, firewall (iptables), etc. out of inexperienced administrators. This command lets you get all information so you can do the troubleshooting out of the archive instead of a question and answer game with the administrator!

On May 26, Planboard organises it’s 3rd Planboard DBA Symposium. It’s an event by Oracle DBA’s for Oracle DBA’s, with presentations covering a wide range of topics (RAC Rolling upgrades, grouping in SQL, APEX and security to name a few)! See the full lineup here: http://www.planboard.com/?q=node/71

All other information (location, price, etc.) are on that page too. If you are an Oracle database professional and want to learn something and be able to discuss various things with likeminded professionals, be there!