|Oracle® Audit Vault Server Installation Guide
10g Release 2 (10.2.2) for Solaris Operating System (SPARC 64-Bit)
Part Number B32388-02
This chapter describes the following Oracle Audit Vault Server preinstallation requirements. This chapter includes the following sections:
To plan the installation process, you must be familiar with the features of Oracle Audit Vault. Oracle Audit Vault Administrator's Guide discusses the basic features of Oracle Audit Vault.
Before you install the Oracle software, you must complete several tasks (described in the sections that follow) as the
root user. Log in to your system as the
The system must meet the following minimum hardware requirements:
At least 1024MB of available physical RAM.
The following table gives the relationship between the available RAM and the required swap space.
|Available RAM||Swap Space Required|
|Between 1024 MB and 2048 MB||1.5 times the size of RAM|
|Between 2049 MB and 8192 MB||Equal to the size of RAM|
|More than 8192 MB||0.75 times the size of RAM|
400 MB of disk space in the
3 GB of disk space for the Oracle Audit Vault server software.
700 MB of additional disk space for the Audit Vault Server database files in the Oracle Base. This is only if the database storage option is on the file system. For other storage options, such as ASM, the database files will be stored elsewhere. Also, this 700MB disk space is only the starting size. The Audit Vault administrator must take future growth of the database size into consideration, especially as the server collects more and more audit data.
To ensure that the system meets these requirements:
To determine the physical RAM size, enter the following command:
# /usr/sbin/prtconf | grep "Memory size"
If the size of the physical RAM is less than the required size, then you must install more memory before continuing.
To determine the size of the configured swap space, enter the following command:
# /usr/sbin/swap -s
To determine the amount of disk space available in the
/tmp directory, enter the following command:
# df -k /tmp # df -h /tmp (on Solaris 10)
Delete unnecessary files from the
/tmp directory to meet the disk space requirement.
TMPDIR environment variables when setting the
oracle user's environment.
Extend the file system that contains the
/tmp directory. If necessary, contact your system administrator for information about extending file systems.
# df -k # df -h (on Solaris 10)
# /bin/isainfo -kv
Note:The following is the expected output of this command:
64-bit sparcv9 kernel modules
If you do not see the expected output, then you cannot install the software on this system.
Depending on the products that you intend to install, verify that the following software is installed on the system. The procedure following the table describes how to verify whether these requirements are addressed.
Note:Oracle Universal Installer performs checks on your system to verify that it meets the listed requirements. To ensure that these checks pass, verify the requirements before you start Oracle Universal Installer.
|Operating system||One of the following 64-bit operating system versions:
SUNWarc SUNWbtool SUNWhea SUNWlibm SUNWlibms SUNWsprot SUNWtoo SUNWi1of SUNWi1cs SUNWi15cs SUNWxwfnt SUNWsproxNote: You may also require additional font packages for Java, depending on your locale. Refer to the following Web site for more information:
|Oracle Messaging Gateway||Oracle Messaging Gateway supports the integration of Oracle Streams Advanced Queuing (AQ) with the following software:
IBM MQSeries V5.3, client and server
Tibco Rendezvous 7.2
|PL/SQL native compilation||One of the following:
|Pro*C/C++, Oracle Call Interface, Oracle C++ Call Interface, Oracle XML Developer's Kit (XDK), GNU Compiler Collection (GCC)||Sun ONE Studio 8 (C and C++ 5.5)|
|Oracle JDBC/OCI Drivers||You can use the following optional JDK versions with the Oracle JDBC/OCI drivers, however they are not required for the installation:
Note: JDK 1.4.2 is installed with this release.
# uname -r 5.9
In this example, the version shown is Solaris 9 (5.9). If necessary, refer to your operating system documentation for information about upgrading the operating system.
# pkginfo -i SUNWarc SUNWbtool SUNWhea SUNWlibm SUNWlibms SUNWsprot \ SUNWsprox SUNWtoo SUNWi1of SUNWi1cs SUNWi15cs SUNWxwfnt
If a package is not installed, then install it. Refer to your operating system or software documentation for information about installing packages.
In addition, you need to verify that the following patches are installed on the system. The procedure following the table describes how to check these requirements.
Note:There may be more recent versions of the patches listed installed on the system. If a listed patch is not installed, then determine whether a more recent version is installed before installing the version listed.
|Installation Type or Product||Requirement|
|All installations||Patches for Solaris 9:
The following additional patches are required for Numa Systems:
|All installations||Patches for Solaris 10:
Note: Please install the following patch before you begin the installation:
123908-01 SunOS 5.10: ar patch
|PL/SQL native compilation, Pro*C/C++, Pro*FORTRAN, Oracle Call Interface, Oracle C++ Call Interface, Oracle XML Developer's Kit (XDK)||Patches for Solaris 9 :
112760-05, C 5.5: Patch for S1S8CC C compiler
|Oracle Messaging Gateway||Corrective service diskettes (CSDs) for WebSphere MQ:
Note:The following patches are not required for silent installations:
108652-66, X11 6.4.1: Xsun patch
108773-18, SunOS 5.8: IIIM and X I/O Method patch
108921-16, CDE 1.4: dtwm patch
For more information on silent installation refer to Performing a Silent Installation Using a Response File
# /usr/sbin/patchadd -p | grep patch_number(without version number)
For example, to determine if any version of the 111713 patch is installed, use the following command:
# /usr/sbin/patchadd -p | grep 111713
Typically, the computer on which you want to install Oracle Audit Vault is connected to the network, has local storage to contain the Oracle Audit Vault installation, has a display monitor, and has a CD-ROM or DVD drive.
This section describes how to install Oracle Audit Vault on computers that do not meet the typical scenario. It covers the following cases:
When you run Oracle Universal Installer, an error might occur if name resolution is not set up. To avoid this error, before you begin installation, you must ensure that host names are resolved only through the
To ensure that host names are resolved only through the
Verify that the
/etc/hosts file is used for name resolution. You can do this by checking the hosts file entry in the
nsswitch.conf file as follows:
# cat /etc/nsswitch.conf | grep hosts
The output of this command should contain an entry for files.
Verify that the host name has been set by using the
hostname command as follows:
The output of this command should be similar to the following:
Verify that the domain name has not been set dynamically by using the
domainname command as follows:
This command should not return any results.
Verify that the hosts file contains the fully qualified host name by using the following command:
# cat /etc/hosts | grep `eval hostname`
The output of this command should contain an entry for the fully qualified host name and for the
192.168.100.16 myhost.us.mycompany.com myhost 127.0.0.1 localhost localhost.localdomain
If the hosts file does not contain the fully qualified host name, then open the file and make the required changes in it.
dynamic host configuration protocol (DHCP) assigns dynamic IP addresses on a network. Dynamic addressing enables a computer to have a different IP address each time it connects to the network. In some cases, the IP address can change while the computer is still connected. You can have a mixture of static and dynamic IP addressing in a DHCP system.
In a DHCP setup, the software tracks IP addresses, which simplifies network administration. This lets you add a new computer to the network without having to manually assign that computer a unique IP address.
Audit Vault cannot be installed in an environment where the IP addresses of the Audit Vault Server or the Audit Vault Agent can change. If your environment uses DHCP, ensure that all Audit Vault systems use static IP addresses.
You can install Oracle Audit Vault on a computer that has multiple homes. A multiple-homed computer is associated with multiple IP addresses. This is typically achieved by having multiple network cards on the computer. Each IP address is associated with a host name. In addition, you can set up aliases for the host name. By default, Oracle Universal Installer uses the
ORACLE_HOSTNAME environment variable setting to find the host name. If the
ORACLE_HOSTNAME environment variable is not set and you are installing Oracle Audit Vault on a computer that has multiple network cards, then Oracle Universal Installer determines the host name by using the first entry in the
Clients must be able to access the computer either by using this host name or by using aliases for this host name. To verify this, ping the host name from the client computers using the short name (host name only) and the full name (host name and domain name). Both tests must be successful.
Setting the ORACLE_HOSTNAME Environment Variable
For example, if the fully qualified host name is
somehost.us.acme.com, then enter one of the following commands:
Bourne, Bash, or Korn shell:
$ ORACLE_HOSTNAME=somehost.us.acme.com $ export ORACLE_HOSTNAME
% setenv ORACLE_HOSTNAME somehost.us.acme.com
A computer with multiple aliases is registered with the naming service under a single IP address. The naming service resolves all of those aliases to the same computer. Before installing Oracle Audit Vault on a computer with multiple aliases, set the
ORACLE_HOSTNAME environment variable to the computer whose host name you want to use.
Depending on whether or not this is the first time Oracle software is being installed on this system and on the products that you are installing, you may need to create several operating system groups and users.
The following operating system groups and user are required if you are installing Oracle Audit Vault:
You must create this group the first time you install Oracle Audit Vault software on the system. It identifies operating system user accounts that have database administrative privileges (the
SYSDBA privilege). The default name for this group is
This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of administrative privileges (the
SYSOPER privilege). By default, members of the OSDBA group also have the
Verify that the unprivileged user
nobody exists on the system. The
nobody user must own the external jobs (
extjob) executable after the installation.
The following operating system group and user are required for all installations:
You must create this group the first time you install Oracle software on the system. The usual name chosen for this group is
oinstall. This group owns the Oracle inventory, which is a catalog of all Oracle software installed on the system.
Note:If Oracle software is already installed on the system, then the existing Oracle Inventory group must be the primary group of the operating system user that you use to install new Oracle software. The following topics describe how to identify an existing Oracle Inventory group.
You must create this user the first time you install Oracle software on the system. This user owns all software installed during the installation. This user must have the Oracle Inventory group as its primary group. It must also have the OSDBA and OSOPER groups as secondary groups.
Note:In Oracle documentation, this user is referred to as the
A single Oracle Inventory group is required for all installations of Oracle software on the system. After the first installation of Oracle software, you must use the same Oracle Inventory group for all subsequent Oracle software installations on that system. However, you can choose to create different Oracle software owner users, OSDBA groups, and OSOPER groups (other than
oper) for separate installations. By using different groups for different installations, members of these different groups have DBA privileges only on the associated databases, rather than on all databases on the system.
See Also:Oracle Database Administrator's Guide for more information about the OSDBA group and the
Note:The following topics describe how to create local users and groups. As an alternative to creating local users and groups, you could create the appropriate users and groups in a directory service, for example, Network Information Services (NIS). For information about using directory services, contact your system administrator or see your operating system documentation.
The following topics describe how to create the required operating system users and groups:
You must create the Oracle Inventory group if it does not already exist. The following topics describe how to determine the Oracle Inventory group name, if it exists, and how to create it if necessary.
Determining Whether the Oracle Inventory Group Exists
When you install Oracle software on the system for the first time, Oracle Universal Installer creates the
oraInst.loc file. This file identifies the name of the Oracle Inventory group and the path of the Oracle Inventory directory.
# more /var/opt/oracle/oraInst.loc
If the output of this command shows the
oinstall group name, then the group already exists.
oraInst.loc file exists, then the output from this command is similar to the following:
inst_group parameter shows the name of the Oracle Inventory group,
Creating the Oracle Inventory Group
oraInst.loc file does not exist, then create the Oracle Inventory group by entering the following command:
# /usr/sbin/groupadd oinstall
You must create an OSDBA group in the following circumstances:
An OSDBA group does not exist, for example, if this is the first installation of Oracle software on the system
An OSDBA group exists, but you want to give a different group of operating system users database administrative privileges in a new Oracle installation
If the OSDBA group does not exist or if you need a new OSDBA group, then create it as follows.
# /usr/sbin/groupadd dba
Create an OSOPER group only if you want to identify a group of operating system users with a limited set of database administrative privileges (SYSOPER operator privileges). For most installations, it is sufficient to create only the OSDBA group. If you want to use an OSOPER group, then you must create it in the following circumstances:
If an OSOPER group does not exist, for example, if this is the first installation of Oracle software on the system
If an OSOPER group exists, but you want to give a different group of operating system users database operator privileges in a new Oracle installation
If you need a new OSOPER group, then create it as follows.
# /usr/sbin/groupadd oper
You must create an Oracle software owner user in the following circumstances:
If an Oracle software owner user does not exist, for example, if this is the first installation of Oracle software on the system
If an Oracle software owner user exists, but you want to use a different operating system user, with a different group membership, to give database administrative privileges to those groups in a new Oracle installation
To determine whether an Oracle software owner user named
oracle exists, enter the following command:
# id -a oracle
oracle user exists, then the output from this command is similar to the following:
uid=440(oracle) gid=200(oinstall) groups=201(dba),202(oper)
If the user exists, then determine whether you want to use the existing user or create another Oracle software owner (
oracle) user. If you want to use the existing user, then ensure that the primary group of the user is the Oracle Inventory group and that it is a member of the appropriate OSDBA and OSOPER groups.
Note:If necessary, contact your system administrator before using or modifying an existing user.
See one of the following sections for more information:
To modify an existing Oracle software owner user, see Section 184.108.40.206.
To create an Oracle software owner user, see the following section.
If the Oracle software owner user does not exist or if you need a new Oracle software owner user, then create it as follows. In the following procedure, use the user name
oracle unless a user with that name already exists.
# /usr/sbin/useradd -g oinstall -G dba[,oper] oracle
In this command:
-g option specifies the primary group, which must be the Oracle Inventory group, for example,
-G option specifies the secondary groups, which must include the OSDBA group and, if required, the OSOPER group (for example,
# passwd oracle
See Section 2.6.5 to continue.
oracle user exists, but its primary group is not
oinstall or it is not a member of the appropriate OSDBA or OSOPER groups, then enter a command similar to the following to modify it. Specify the primary group using the
-g option and any required secondary group using the
# /usr/sbin/usermod -g oinstall -G dba[,oper] oracle
Before installing the software, perform the following procedure to verify that the
nobody user exists on the system:
Verify that the kernel parameters shown in the following table are set to values greater than or equal to the recommended value shown on Solaris 9 operating system. The procedure following the table describes how to verify and set the values.
Note:The following parameters are obsolete in Solaris 9:
On Solaris 10, verify that the kernel parameters shown in the following table are set to values greater than or equal to the recommended value shown. The table aslo contains the resource controls that replace the
/etc/system file for a specific kernel parameter.
Note:In Solaris 10, you are not required to make changes to the
/etc/systemfile to implement the System V TPC. Solaris 10 uses the resource control facility for its implementation.
|Parameter||Replaced by Resource Control||Recommended Value|
To view the current values of these parameters, enter the following commands:
# grep noexec_user_stack /etc/system # /usr/sbin/sysdef | grep SEM # /usr/sbin/sysdef | grep SHM
Create a backup copy of the
/etc/system file, for example:
# cp /etc/system /etc/system.orig
/etc/system file in any text editor and, if necessary, add lines similar to the following (edit the lines if the file already contains them):
set noexec_user_stack=1 set semsys:seminfo_semmni=100 set semsys:seminfo_semmns=1024 set semsys:seminfo_semmsl=256 set semsys:seminfo_semvmx=32767 set shmsys:shminfo_shmmax=4294967295 set shmsys:shminfo_shmmin=1 set shmsys:shminfo_shmmni=100 set shmsys:shminfo_shmseg=10
When the system restarts, log in and switch user to
To view the current values of the resource control, enter the following commands:
# id -p // to verify the project id uid=0(root) gid=0(root) projid=1 (user.root) # prctl -n project.max-shm-memory -i project user.root # prctl -n project.max-sem-ids -i project user.root
To modify the value of max-shm-memory to 6 GB:
# prctl -n project.max-shm-memory -v 6gb -r -i project user.root
To modify the value of max-sem-ids to 256:
# prctl -n project.max-sem-ids -v 256 -r -i project user.root
You must identify or create the following directories for the Oracle software:
The Oracle base directory is a top-level directory for Oracle software installations. On Solaris Operating System (SPARC 64-Bit) systems, the Optimal Flexible Architecture (OFA) guidelines recommend that you use a path similar to the following for the Oracle base directory:
mount_point is the mount point directory for the file system that will contain the Oracle software.
The examples in this guide use
/u01 for the mount point directory. However, you could choose another mount point directory, such as
You can use the same Oracle base directory for more than one installation or you can create separate Oracle base directories for different installations. If different operating system users install Oracle software on the same system, then each user must create a separate Oracle base directory. The following example Oracle base directories could all exist on the same system:
/u01/app/oracle /u01/app/orauser /opt/oracle/app/oracle
The following topics describe how to identify existing Oracle base directories that might be suitable for your installation and how to create an Oracle base directory if necessary.
The Oracle Inventory directory (
oraInventory) stores an inventory of all software installed on the system. It is required by, and shared by, all Oracle software installations on a single system. The first time you install Oracle software on a system, Oracle Universal Installer prompts you to specify the path to this directory. Oracle recommends that you choose the following path:
Oracle Universal Installer creates the directory that you specify and sets the correct owner, group, and permissions for it. You do not need to create it.
Note:All Oracle software installations rely on this directory. Ensure that you back it up regularly.
Do not delete this directory unless you have completely removed all Oracle software from the system.
The Oracle home directory is the directory where you choose to install the software for a particular Oracle product. You must install different Oracle products, or different releases of the same Oracle product, in separate Oracle home directories. When you run Oracle Universal Installer, it prompts you to specify the path to this directory and a name that identifies it. The directory that you specify must be a subdirectory of the Oracle base directory. Oracle recommends that you specify a path similar to the following for the Oracle home directory:
Oracle Universal Installer creates the directory path that you specify under the Oracle base directory. It also sets the correct owner, group, and permissions on it. You do not need to create this directory.
Before starting the installation, you must either identify an existing Oracle base directory or if required, create one. This section contains the following topics:
Note:You can choose to create an Oracle base directory, even if other Oracle base directories exist on the system.
Existing Oracle base directories might not have paths that comply with Optimal Flexible Architecture (OFA) guidelines. However, if you identify an existing Oracle Inventory directory or existing Oracle home directories, then you can usually identify the Oracle base directories, as follows:
To identify an existing Oracle Inventory directory
# more /var/opt/oracle/oraInst.loc
oraInst.loc file exists, then the output from this command is similar to the following:
inventory_loc parameter identifies the Oracle Inventory directory (
oraInventory). The parent directory of the
oraInventory directory is typically an Oracle base directory. In the previous example,
/u01/app/oracle is an Oracle base directory.
# more /var/opt/oracle/oratab
*:/u03/app/oracle/product/1.0.0/db_1:N *:/opt/orauser/infra_904:N *:/oracle/9.2.0:N
The directory paths specified on each line identify Oracle home directories. Directory paths that end with the user name of the Oracle software owner that you want to use are valid choices for an Oracle base directory. If you intend to use the
oracle user to install the software, then you could choose one of the following directories from the previous example:
Note:If possible, choose a directory path similar to the first (
/u03/app/oracle). This path complies with the OFA guidelines.
Before deciding to use an existing Oracle base directory for this installation, ensure that it satisfies the following conditions:
It should not be on the same file system as the operating system.
It must have sufficient free disk space as described in the table in Section 2.3.
# df -k oracle_base_path
If an Oracle base directory does not exist on the system or if you want to create an Oracle base directory, then complete the steps in Section 2.9.2.
Before you create an Oracle base directory, you must identify an appropriate file system with sufficient free disk space, as indicated in the table in Section 2.3.
k command to determine the free disk space on each mounted file system.
From the display, identify a file system that has appropriate free space.
Note the name of the mount point directory for the file system that you identified.
To create the Oracle base directory and specify the correct owner, group, and permissions for it:
# mkdir -p /mount_point/app/oracle_sw_owner # chown -R oracle:oinstall /mount_point/app/oracle_sw_owner # chmod -R 775 /mount_point/app/oracle_sw_owner
For example, if the mount point you identify is
oracle is the user name of the Oracle software owner, then the recommended Oracle base directory path is:
When you configure the environment of the
oracle user (see Section 2.6.4), set the
ORACLE_BASE environment variable to specify the Oracle base directory that you created.
If you choose to place the Oracle Audit Vault database files on a file system, then use the following guidelines when deciding where to place them:
The default path suggested by Oracle Universal Installer for the database file directory is a subdirectory of the Oracle base directory.
If you want to use a single file system, then choose a file system on a physical device that is dedicated to the database.
For best performance and reliability, choose a redundant arrays of independent disks (RAID) device or a logical volume on more than one physical device and implement the stripe-and-mirror-everything (SAME) methodology.
If you want to use more than one file system, then choose file systems on separate physical devices that are dedicated to the database.
This method enables you to distribute physical I/O and create separate control files on different devices for increased reliability. It also enables you to fully implement the OFA guidelines.
For optimum performance, the file systems that you choose should be on physical devices that are used only by the database.
oracle user must have write permissions to create the files in the path that you specify.
Before you begin the Audit Vault Server installation, you should check to see that the
DISPLAY environment variable is set to a proper value. For example, for the Bourne, Bash, or Korn shell, you would enter the following commands, where
myhost.us.oracle.com is your host name:
$ DISPLAY=myhost.us.oracle.com:1.0 $ export DISPLAY
For example, for the C shell, you would enter the following command, where
myhost.us.oracle.com is your host name:
% setenv DISPLAY myhost.us.oracle.com:1.0