Oracle® Audit Vault Server Installation Guide Release 10.2.3 for Linux x86 Part Number E11055-02 |
|
|
View PDF |
This chapter describes the following Oracle Audit Vault Server preinstallation requirements. This chapter includes the following sections:
To plan the installation process, you must be familiar with the features of Oracle Audit Vault. Oracle Audit Vault Administrator's Guide discusses the basic features of Oracle Audit Vault.
Before you install the Oracle software, you must complete several tasks (described in the sections that follow) as the root
user. Log in to your system as the root
user.
The system must meet the following minimum hardware requirements:
At least 1024 MB of available physical memory (RAM)
The following table gives the relationship between the available RAM and the required swap space:
Available RAM | Swap Space Required |
---|---|
Between 1024 MB and 2048 MB | 1.5 times the size of RAM |
Between 2049 MB and 8192 MB | Equal to the size of RAM |
More than 8192 MB | 0.75 times the size of RAM |
Audit Vault Server installation disk space requirements
1.4 GB of disk space for the Oracle Audit Vault Server software files in the Oracle base directory
700 MB of additional disk space for the Audit Vault Server database files in the Oracle base directory. This is only if the database storage option is on the file system. For other storage options, such as Automatic Storage Management (ASM), the database files will be stored elsewhere. Also, this 700 MB of disk space is only the starting size. The Audit Vault administrator must take future growth of the database size into consideration, especially as the server collects more and more audit data.
To ensure that the system meets these requirements, perform the following tasks:
To determine the physical RAM size, enter the following command:
# grep MemTotal /proc/meminfo
If the size of the physical RAM installed in the system is less than the required size, then you must install more memory before continuing.
To determine the size of the configured swap space, enter the following command:
# grep SwapTotal /proc/meminfo
If necessary, see your operating system documentation for information about how to configure additional swap space.
To determine the available RAM and swap space, enter the following command:
# free
Note:
Oracle recommends that you take multiple readings for the available RAM and swap space before determining a value. This is because the available RAM and swap space keep changing depending on the user interactions with the computer.To determine the amount of disk space available in the /tmp
directory, enter the following command:
# df -k /tmp
If there is less than 400 MB of disk space available in the /tmp
directory, then complete one of the following steps:
Delete unnecessary files from the /tmp
directory to meet the disk space requirement.
Set the TEMP
and TMPDIR
environment variables when setting the environment of the oracle
users.
Extend the file system that contains the /tmp
directory. If necessary, contact your system administrator for information about extending file systems.
To determine the amount of free disk space on the system, enter the following command:
# df -k
To determine whether the system architecture can run the software, enter the following command:
# grep "model name" /proc/cpuinfo
Note:
This command displays the processor type. Verify that the processor architecture matches the Oracle software release that you want to install. If you do not see the expected output, then you cannot install the software on this system.Depending on the products that you intend to install, verify that the software is installed on the system listed in Table 2-1. The procedure following Table 2-1 describes how to verify whether these requirements are addressed.
Note:
Oracle Universal Installer checks your system to verify that it meets the listed requirements. To ensure that your system passes these checks, verify the requirements before you start Oracle Universal Installer.Note:
The platform-specific hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system versions might be certified after this guide is published, review the certification matrix on the OracleMetaLink Web site for the most up-to-date list of certified hardware platforms and operating system versions. The OracleMetaLink Web site is available athttps://metalink.oracle.com
If you do not have a current Oracle Support Services contract, then you can access the same information at
http://www.oracle.com/technology/support/metalink/content.html
Table 2-1 Operating System, Kernel Version, and Packages Requirements
To ensure that the system meets these requirements, perform the following tasks:
To determine which distribution and version of Linux is installed, enter the following command:
# cat /etc/issue
Note:
Only the distributions and versions listed in the previous table are supported. Do not install the software on other versions of Linux.To determine whether the required kernel is installed, enter the following command:
# uname -r
The following is sample output obtained by running this command on a Red Hat Enterprise Linux 3.0 system:
2.4.21-15.EL
In this example, the output shows the kernel version (2.4.21
) and errata level (15.EL
) on the system.
If the kernel version does not meet the requirement specified in Table 2-1, then contact your operating system vendor for information about obtaining and installing kernel updates.
To determine whether the required packages are installed, enter commands similar to the following:
# rpm -q package_name
If a package is not installed, then install it from your Linux distribution media or download the required package version from the Web site of your Linux vendor.
Typically, the computer on which you want to install Oracle Audit Vault is connected to the network, has local storage to contain the Oracle Audit Vault installation, has a display monitor, and has a CD-ROM or DVD drive.
This section describes how to install Oracle Audit Vault on computers that do not meet the typical scenario. It covers the following cases:
When you run Oracle Universal Installer, an error might occur if name resolution is not set up. To avoid this error, before you begin installation, you must ensure that host names are resolved only through the /etc/hosts
file.
To ensure that host names are resolved only through the /etc/hosts
file:
Verify that the /etc/hosts
file is used for name resolution. You can do this by checking the hosts file entry in the nsswitch.conf
file as follows:
# cat /etc/nsswitch.conf | grep hosts
The output of this command should contain an entry for files.
Verify that the host name has been set by using the hostname
command as follows:
# hostname
The output of this command should be similar to the following:
myhost.mycomputer.com
Verify that the domain name has not been set dynamically by using the domainname
command as follows:
# domainname
This command should not return any results.
Verify that the hosts file contains the fully qualified host name by using the following command:
# cat /etc/hosts | grep `eval hostname`
The output of this command should contain an entry for the fully qualified host name and for the localhost
.
For example:
192.168.100.16 myhost.us.mycompany.com myhost 127.0.0.1 localhost localhost.localdomain
If the hosts file does not contain the fully qualified host name, then open the file and make the required changes in it.
Dynamic Host Configuration Protocol (DHCP) assigns dynamic IP addresses on a network. Dynamic addressing enables a computer to have a different IP address each time it connects to the network. In some cases, the IP address can change while the computer is still connected. You can have a mixture of static and dynamic IP addressing in a DHCP system.
In a DHCP setup, the software tracks IP addresses, which simplifies network administration. This lets you add a new computer to the network without having to manually assign that computer a unique IP address.
Audit Vault cannot be installed in an environment where the IP addresses of the Audit Vault Server or the Audit Vault Agent can change. If your environment uses DHCP, ensure that all Audit Vault systems use static IP addresses.
You can install Oracle Audit Vault on a multi-homed computer. A multiple-homed computer is associated with multiple IP addresses. This is typically achieved by having multiple network cards on the computer. Each IP address is associated with a host name. In addition, you can set up aliases for the host name. By default, Oracle Universal Installer uses the ORACLE_HOSTNAME
environment variable setting to find the host name. If the ORACLE_HOSTNAME
environment variable is not set and you are installing Oracle Audit Vault on a computer that has multiple network cards, then Oracle Universal Installer determines the host name by using the first entry in the /etc/hosts
file.
Clients must be able to access the computer either by using this host name or by using aliases for this host name. To verify this, ping the host name from the client computers using the short name (host name only) and the full name (host name and domain name). Both tests must be successful.
Setting the ORACLE_HOSTNAME Environment Variable
Use the following procedure to set the ORACLE_HOSTNAME
environment variable.
For example, if the fully qualified host name is somehost.us.acme.com
, then enter one of the following commands:
Bourne, Bash, or Korn shell:
$ ORACLE_HOSTNAME=somehost.us.acme.com $ export ORACLE_HOSTNAME
C shell:
% setenv ORACLE_HOSTNAME somehost.us.acme.com
A computer with multiple aliases is registered with the naming service under a single IP address. The naming service resolves all of those aliases to the same computer. Before installing Oracle Audit Vault on a computer with multiple aliases, set the ORACLE_HOSTNAME
environment variable to the computer whose host name you want to use.
Depending on whether or not this is the first time Oracle software is being installed on this system and on the products that you are installing, you may need to create several operating system groups and users.
The following operating system groups and user are required if you are installing Oracle Audit Vault:
You must create this group the first time you install Oracle Audit Vault software on the system. It identifies operating system user accounts that have database administrative privileges (the SYSDBA
privilege). The default name for this group is dba
.
This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of administrative privileges (the SYSOPER
privilege). By default, members of the OSDBA group also have the SYSOPER
privilege.
Verify that the unprivileged user nobody
exists on the system. The nobody
user must own the external jobs (extjob
) executable after the installation.
The following operating system group and user are required for all installations:
The Oracle Inventory group (oinstall
)
You must create this group the first time you install Oracle software on the system. The usual name chosen for this group is oinstall
. This group owns the Oracle inventory, which is a catalog of all Oracle software installed on the system.
Note:
If Oracle software is already installed on the system, then the existing Oracle Inventory group must be the primary group of the operating system user that you use to install new Oracle software. The following topics describe how to identify an existing Oracle Inventory group.The Oracle software owner user (typically, oracle
)
You must create this user the first time you install Oracle software on the system. This user owns all software installed during the installation. This user must have the Oracle Inventory group as its primary group. It must also have the OSDBA and OSOPER groups as secondary groups.
Note:
In Oracle documentation, this user is referred to as theoracle
user.A single Oracle Inventory group is required for all installations of Oracle software on the system. After the first installation of Oracle software, you must use the same Oracle Inventory group for all subsequent Oracle software installations on that system. However, you can choose to create different Oracle software owner users, OSDBA groups, and OSOPER groups (other than oracle
, dba
, and oper
) for separate installations. By using different groups for different installations, members of these different groups have DBA privileges only on the associated databases, rather than on all databases on the system.
See Also:
Oracle Database Administrator's Guide for more information about the OSDBA group and theSYSDBA
and SYSOPER
privilegesNote:
The following topics describe how to create local users and groups. As an alternative to creating local users and groups, you could create the appropriate users and groups in a directory service, for example, Network Information Services (NIS). For information about using directory services, contact your system administrator or see your operating system documentation.The following topics describe how to create the required operating system users and groups:
You must create the Oracle Inventory group if it does not already exist. The following topics describe how to determine the Oracle Inventory group name, if it exists, and how to create it if necessary.
Determining Whether the Oracle Inventory Group Exists
When you install Oracle software on the system for the first time, Oracle Universal Installer creates the oraInst.loc
file. This file identifies the name of the Oracle Inventory group and the path of the Oracle Inventory directory.
To determine whether the Oracle Inventory group exists, enter the following command:
# more /etc/oraInst.loc
If the output of this command shows the oinstall
group name, then the group already exists.
If the oraInst.loc
file exists, then the output from this command is similar to the following:
inventory_loc=/u01/app/oracle/oraInventory inst_group=oinstall
The inst_group
parameter shows the name of the Oracle Inventory group, oinstall
.
Creating the Oracle Inventory Group
If the oraInst.loc
file does not exist, then create the Oracle Inventory group by entering the following command:
# /usr/sbin/groupadd oinstall
You must create an OSDBA group in the following circumstances:
An OSDBA group does not exist, for example, if this is the first installation of Oracle software on the system
An OSDBA group exists, but you want to give a different group of operating system users database administrative privileges in a new Oracle installation
If the OSDBA group does not exist or if you need a new OSDBA group, then create it as follows. In the following command, use the group name dba
unless a group with that name already exists.
# /usr/sbin/groupadd dba
Create an OSOPER group only if you want to identify a group of operating system users with a limited set of database administrative privileges (SYSOPER operator privileges). For most installations, it is sufficient to create only the OSDBA group. If you want to use an OSOPER group, then you must create it in the following circumstances:
If an OSOPER group does not exist, for example, if this is the first installation of Oracle software on the system
If an OSOPER group exists, but you want to give a different group of operating system users database operator privileges in a new Oracle installation
If you need a new OSOPER group, then create it as follows. In the following command, use the group name oper
unless a group with that name already exists.
# /usr/sbin/groupadd oper
You must create an Oracle software owner user in the following circumstances:
If an Oracle software owner user does not exist, for example, if this is the first installation of Oracle software on the system
If an Oracle software owner user exists, but you want to use a different operating system user, with a different group membership, to give database administrative privileges to those groups in a new Oracle installation
To determine whether an Oracle software owner user named oracle
exists, enter the following command:
# id oracle
If the oracle
user exists, then the output from this command is similar to the following:
uid=440(oracle) gid=200(oinstall) groups=201(dba),202(oper)
If the user exists, then determine whether you want to use the existing user or create another Oracle software owner (oracle
) user. If you want to use the existing user, then ensure that the primary group of the user is the Oracle Inventory group and that it is a member of the appropriate OSDBA and OSOPER groups.
Note:
If necessary, contact your system administrator before using or modifying an existing user.See one of the following sections for more information:
To modify an existing Oracle software owner user, see Section 2.6.4.3.
To create an Oracle software owner user, see the following section.
If the Oracle software owner user does not exist or if you need a new Oracle software owner user, then create it as follows. In the following procedure, use the user name oracle
unless a user with that name already exists.
To create the oracle
user, enter a command similar to the following:
# /usr/sbin/useradd -g oinstall -G dba[,oper] oracle
In this command:
The -g
option specifies the primary group, which must be the Oracle Inventory group, for example, oinstall
.
The -G
option specifies the secondary groups, which must include the OSDBA group and, if required, the OSOPER group (for example, dba
or dba
, oper
).
Set the password of the oracle
user:
# passwd oracle
See Section 2.6.5 to continue.
If the oracle
user exists, but its primary group is not oinstall
or it is not a member of the appropriate OSDBA or OSOPER groups, then enter a command similar to the following to modify it. Specify the primary group using the -g
option and any required secondary group using the -G
option:
# /usr/sbin/usermod -g oinstall -G dba[,oper] oracle
Note:
The kernel parameter and shell limit values shown in the following section are recommended minimum values only or the value checked at the time of the installation. For production database systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information about tuning kernel parameters.Verify that the kernel parameters shown in the following table are set to values greater than or equal to the recommended minimum value shown or the value checked at the time of the installation.
Note:
If the current value for any parameter is higher than the value listed in this table, then do not change the value of that parameter.To view the current values specified for these kernel parameters, and to change them if necessary:
Enter the commands shown in the following table to view the current values of the kernel parameters:
Note:
You will need root privileges to run the commands.
Make a note of the current parameter values and identify any values that you must change.
Parameter | Command |
---|---|
semmsl, semmns, semopm, and semmni | # /sbin/sysctl -a | grep sem
This command displays the value of the semaphore parameters in the order listed. |
shmall, shmmax, and shmmni | # /sbin/sysctl -a | grep shm
This command displays the details of the shared memory segment sizes. |
file-max | # /sbin/sysctl -a | grep file-max
This command displays the maximum number of file handles. |
ip_local_port_range | # /sbin/sysctl -a | grep ip_local_port_range
This command displays a range of port numbers. |
rmem_default | # /sbin/sysctl -a | grep rmem_default |
rmem_max | # /sbin/sysctl -a | grep rmem_max |
wmem_default | # /sbin/sysctl -a | grep wmem_default |
wmem_max | # /sbin/sysctl -a | grep wmem_max |
If the value of any kernel parameter is different from the recommended minimum value, then complete the following procedure:
Using any text editor, create or edit the /etc/sysctl.conf
file, and add or edit lines similar to the following:
Note:
Include lines only for the kernel parameter values that you want to change. For the semaphore parameters (kernel.sem
), you must specify all four values. However, if any of the current values are larger than the recommended value, then specify the larger value. You should set the value of kernel.shmmax
to 536870912; however, Oracle recommends that you set the value to 2 GB, as shown.kernel.shmall = 2097152 kernel.shmmax = 2147483648 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 fs.file-max = 65536 net.ipv4.ip_local_port_range = 1024 65000 net.core.rmem_default = 262144 net.core.rmem_max = 262144 net.core.wmem_default = 262144 net.core.wmem_max = 262144
If you specify the values in the /etc/sysctl.conf
file, they persist when you restart the system.
On SUSE systems only, enter the following command to ensure that the system reads the /etc/sysctl.conf
file when it restarts:
# /sbin/chkconfig boot.sysctl on
Setting Shell Limits for the Oracle User
To improve the performance of the software on Linux systems, you must increase the following shell limits for the oracle
user:
Shell Limit | Item in limits.conf | Hard Limit |
---|---|---|
Maximum number of open file descriptors | nofile |
65536 |
Maximum number of processes available to a single user | nproc |
16384 |
To increase the shell limits:
Add the following lines to the /etc/security/limits.conf
file:
oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536
Add or edit the following line in the /etc/pam.d/login
file, if it does not already exist:
session required /lib/security/pam_limits.so
Depending on the default shell of the oracle
user, make the following changes to the default shell startup file:
For a Bourne, Bash, or Korn shell, add the following lines to the /etc/profile
file (or the /etc/profile.local
file on SUSE systems):
if [ $USER = "oracle" ]; then if [ $SHELL = "/bin/ksh" ]; then ulimit -p 16384 ulimit -n 65536 else ulimit -u 16384 -n 65536 fi fi
For a C shell (csh
or tcsh
), add the following lines to the /etc/csh.login
file (or the /etc/csh.login.local
file on SUSE systems):
if ( $USER == "oracle" ) then limit maxproc 16384 limit descriptors 65536 endif
You must identify or create the following directories for the Oracle software:
The Oracle base directory is a top-level directory for Oracle software installations. On Linux systems, the Optimal Flexible Architecture (OFA) guidelines recommend that you use a path similar to the following for the Oracle base directory:
/mount_point/app/oracle_sw_owner
mount_point
is the mount point directory for the file system that will contain the Oracle software.
The examples in this guide use /u01
for the mount point directory. However, you could choose another mount point directory, such as /oracle
or /opt/oracle
.
oracle_sw_owner
is the operating system user name of the Oracle software owner, for example, oracle
.
You can use the same Oracle base directory for more than one installation or you can create separate Oracle base directories for different installations. If different operating system users install Oracle software on the same system, then each user must create a separate Oracle base directory. The following example Oracle base directories could all exist on the same system:
/u01/app/oracle /u01/app/orauser /opt/oracle/app/oracle
The following topics describe how to identify existing Oracle base directories that might be suitable for your installation and how to create an Oracle base directory if necessary.
Regardless of whether you create an Oracle base directory or decide to use an existing one, you must set the ORACLE_BASE
environment variable to specify the full path to this directory.
The Oracle Inventory directory (oraInventory
) stores an inventory of all software installed on the system. It is required by, and shared by, all Oracle software installations on a single system. The first time you install Oracle software on a system, Oracle Universal Installer prompts you to specify the path to this directory. Oracle recommends that you choose the following path:
oracle_base/oraInventory
Oracle Universal Installer creates the directory that you specify and sets the correct owner, group, and permissions for it. You do not need to create it.
Note:
All Oracle software installations rely on this directory. Ensure that you back it up regularly.Do not delete this directory unless you have completely removed all Oracle software from the system.
The Oracle home directory is the directory where you choose to install the software for a particular Oracle product. You must install different Oracle products, or different releases of the same Oracle product, in separate Oracle home directories. When you run Oracle Universal Installer, it prompts you to specify the path to this directory and a name that identifies it. The directory that you specify must be a subdirectory of the Oracle base directory. Oracle recommends that you specify a path similar to the following for the Oracle home directory:
oracle_base/product/10.2.2/av_1
Oracle Universal Installer creates the directory path that you specify under the Oracle base directory. It also sets the correct owner, group, and permissions on it. You do not need to create this directory.
Before starting the installation, you must either identify an existing Oracle base directory or if required, create one. This section contains the following topics:
Note:
You can choose to create an Oracle base directory, even if other Oracle base directories exist on the system.Existing Oracle base directories might not have paths that comply with Optimal Flexible Architecture (OFA) guidelines. However, if you identify an existing Oracle Inventory directory or existing Oracle home directories, then you can usually identify the Oracle base directories, as follows:
To identify an existing Oracle Inventory directory
Enter the following command to view the contents of the oraInst.loc
file:
# more /etc/oraInst.loc
If the oraInst.loc
file exists, then the output from this command is similar to the following:
inventory_loc=/u01/app/oracle/oraInventory inst_group=oinstall
The inventory_loc
parameter identifies the Oracle Inventory directory (oraInventory
). The parent directory of the oraInventory
directory is typically an Oracle base directory. In the previous example, /u01/app/oracle
is an Oracle base directory.
To identify existing Oracle home directories
Enter the following command to view the contents of the oratab
file:
# more /etc/oratab
If the oratab
file exists, then it contains lines similar to the following:
*:/u03/app/oracle/product/1.0.0/db_1:N *:/opt/orauser/infra_904:N *:/oracle/9.2.0:N
The directory paths specified on each line identify Oracle home directories. Directory paths that end with the user name of the Oracle software owner that you want to use are valid choices for an Oracle base directory. If you intend to use the oracle
user to install the software, then you could choose one of the following directories from the previous example:
/u03/app/oracle /oracle
Note:
If possible, choose a directory path similar to the first (/u03/app/oracle
). This path complies with the OFA guidelines.Before deciding to use an existing Oracle base directory for this installation, ensure that it satisfies the following conditions:
It should not be on the same file system as the operating system.
It must have sufficient free disk space as described in the table in Section 2.3.
To determine the free disk space on the file system where the Oracle base directory is located, enter the following command:
# df -h oracle_base_path
If an Oracle base directory does not exist on the system or if you want to create an Oracle base directory, then complete the steps in Section 2.9.2.
Before you create an Oracle base directory, you must identify an appropriate file system with sufficient free disk space, as indicated in the table in Section 2.3.
To identify an appropriate file system:
Use the df -
k
command to determine the free disk space on each mounted file system.
From the display, identify a file system that has appropriate free space.
Note the name of the mount point directory for the file system that you identified.
To create the Oracle base directory and specify the correct owner, group, and permissions for it:
Enter commands similar to the following to create the recommended subdirectories in the mount point directory that you identified, and set the appropriate owner, group, and permissions on them:
# mkdir -p /mount_point/app/oracle_sw_owner # chown -R oracle:oinstall /mount_point/app/oracle_sw_owner # chmod -R 775 /mount_point/app/oracle_sw_owner
For example, if the mount point you identify is /u01
and oracle
is the user name of the Oracle software owner, then the recommended Oracle base directory path is:
/u01/app/oracle
When you configure the environment of the oracle
user (see Section 2.6.4), set the ORACLE_BASE
environment variable to specify the Oracle base directory that you created.
If you choose to place the Oracle Audit Vault database files on a file system, then use the following guidelines when deciding where to place them:
The default path suggested by Oracle Universal Installer for the database file directory is a subdirectory of the Oracle base directory.
You can choose either a single file system or more than one file system to store the database files:
If you want to use a single file system, then choose a file system on a physical device that is dedicated to the database.
For best performance and reliability, choose a redundant arrays of independent disks (RAID) device or a logical volume on more than one physical device and implement the stripe-and-mirror-everything (SAME) methodology.
If you want to use more than one file system, then choose file systems on separate physical devices that are dedicated to the database.
This method enables you to distribute physical I/O and create separate control files on different devices for increased reliability. It also enables you to fully implement the OFA guidelines.
For optimum performance, the file systems that you choose should be on physical devices that are used only by the database.
The oracle
user must have write permissions to create the files in the path that you specify.
Before you begin the Audit Vault Server installation, you should check to see that the DISPLAY
environment variable is set to a proper value. For example, for the Bourne, Bash, or Korn shell, you would enter the following commands, where myhost.us.oracle.com
is your host name:
$ DISPLAY=myhost.us.oracle.com:1.0 $ export DISPLAY
For example, for the C shell, you would enter the following command, where myhost.us.oracle.com
is your host name:
% setenv DISPLAY myhost.us.oracle.com:1.0