Oracle® Audit Vault Server Installation Guide Release 10.2.3.2 for AIX Part Number E14462-03 |
|
|
PDF · Mobi · ePub |
This chapter describes the following Oracle Audit Vault Server (Audit Vault Server) preinstallation requirements. This chapter includes the following sections:
To plan the installation process, you must be familiar with the features of Oracle Audit Vault. Oracle Audit Vault discusses the basic features of Oracle Audit Vault.
Before you install the Oracle software, you must complete the tasks described in this chapter as the root
user. Log in to your system as the root
user.
The system must meet the following minimum hardware requirements:
At least 1024 MB of physical RAM.
The following table describes the relationship between installed RAM and the configured swap space requirement.
RAM | Swap Space |
---|---|
Between 1024 MB and 2048 MB | 1.5 times the size of RAM |
Between 2049 MB and 8192 MB | Equal to the size of RAM |
More than 8192 MB | 0.75 times the size of RAM |
400 MB of disk space in the /tmp
directory.
8 GB of disk space for the Oracle Audit Vault Server software.
1.8 GB of additional disk space for the Audit Vault Server database files in the Oracle Base. This is only if the database storage option is on the file system. For other storage options, such as ASM, the database files will be stored elsewhere. Also, this 1.8 GB disk space is only the starting size. The Oracle Audit Vault administrator must take future growth of the database size into consideration, especially as the server collects more and more audit data.
To ensure that the system meets these requirements:
To determine the physical RAM size, enter the following command:
# /usr/sbin/lsattr -E -l sys0 -a realmem
If the size of the physical RAM is less than the required size, then you must install more memory before continuing.
To determine the size of the configured swap space, enter the following command:
# /usr/sbin/lsps -a
If necessary, refer to the operating system documentation for information about how to configure additional swap space.
To determine the amount of disk space available in the /tmp
directory, enter the following command:
# df -k /tmp
If there is less than 400 MB of free disk space available in the /tmp
directory, then complete one of the following steps:
Delete unnecessary files from the /tmp
directory to meet the disk space requirement.
Set the TMP
and TMPDIR
environment variables when setting the oracle
user's environment.
Extend the file system that contains the /tmp
directory. If necessary, contact your system administrator for information about extending file systems.
To determine the amount of free disk space on the system, enter the following command:
# df -k
To determine whether the system architecture can run the software, enter the following command:
# /usr/bin/getconf HARDWARE_BITMODE 64
Note:
The expected output of this command is 64. If you do not see the expected output, then you cannot install the software on this system.Depending on the products that you intend to install, verify that the following software is installed on the system. The procedure following the table describes how to verify whether these requirements are addressed.
Note:
Oracle Universal Installer performs checks on your system to verify that it meets the listed requirements. To ensure that these checks pass, verify the requirements before you start Oracle Universal Installer.The platform-specific hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system versions might be certified after this guide is published, review the certification matrix on the My Oracle Support (formerly OracleMetaLink) Web site for the most up-to-date list of certified hardware platforms and operating system versions. The My Oracle Support Web site is available at
https://support.oracle.com
If you do not have a current Oracle Support Services contract, then you can access the same information at
http://www.oracle.com/technology/support/metalink/content.html
Item | Requirement |
---|---|
Operating system | The following operating system versions and maintenance level are required:
AIX 5L version 5.2, Maintenance Level 04 or later AIX 5L version 5.3, Maintenance Level 02 or later AIX 6L version 6.1 Note: To install AIX 6.1, you must download patch 6613550 from My Oracle Support: |
Operating system filesets: | The following operating system filesets are required:
bos.adt.base bos.adt.lib bos.adt.libm bos.perf.libperfstat bos.perf.perfstat bos.perf.proctools xlC.aix50.rte:7.0.0.4 or later xlC.rte:7.0.0.1 or later |
PL/SQL native compilation | One of the following:
Note: If you do not install install the IBM XL C/C++ Enterprise Edition V7.0 compiler, you need to install the IBM XL C/C++ Enterprise Edition V7.0 for AIX Runtime Environment Component. The runtime environment file sets can be downloaded with no license requirements from the following link: |
Pro*C/C++, Oracle Call Interface, Oracle C++ Call Interface, Oracle XML Developer's Kit (XDK) |
Note: If you do not install install the IBM XL C/C++ Enterprise Edition V7.0 compiler, you need to install the IBM XL C/C++ Enterprise Edition V7.0 for AIX Runtime Environment Component. The runtime environment file sets can be downloaded with no license requirements from the following link: |
Oracle JDBC/OCI Drivers | You can use the following optional IBM JDK versions with the Oracle JDBC/OCI drivers, however they are not required for the installation:
Note: IBM JDK 1.4.2 (32-bit) is installed with this release. |
To ensure that the system meets these requirements:
To determine the version of AIX installed, enter the following command:
# oslevel -r
If the operating system version is lower than AIX 5.2.0.0 Maintenance Level 1 (5200-01), then upgrade your operating system to this level. AIX 5L version 5.2 maintenance packages are available from the following Web site:
To determine whether the required filesets are installed and committed, enter a command similar to the following:
# lslpp -l bos.adt.base bos.adt.lib bos.adt.libm bos.perf.perfstat \ bos.perf.libperfstat bos.perf.proctools
If a fileset is not installed and committed, then install it. Refer to your operating system or software documentation for information about installing filesets.
In addition, you need to verify that the following patches are installed on the system. The procedure following the table describes how to check these requirements.
Note:
There may be more recent versions of the patches listed installed on the system. If a listed patch is not installed, then determine whether a more recent version is installed before installing the version listed.To ensure that the system meets these requirements:
To determine whether an APAR is installed, enter a command similar to the following:
# /usr/sbin/instfix -i -k "IY63133 IY64978 IY63366 IY64691 IY65001 IY64737 \ IY64361 IY65305 IY58350 IY63533"
If an APAR is not installed, then download it from the following Web site and install it:
If you require a CSD for WebSphere MQ, then refer to the following Web site for download and installation information:
Typically, the computer on which you want to install Oracle Audit Vault is connected to the network, has local storage to contain the Oracle Audit Vault installation, has a display monitor, and has a CD-ROM or DVD drive.
This section describes how to install Oracle Audit Vault on computers that do not meet the typical scenario. It covers the following cases:
When you run Oracle Universal Installer, an error might occur if name resolution is not set up. To avoid this error, before you begin an installation, you must ensure that host names are resolved only through the /etc/hosts
file.
To ensure that host names are resolved only through the /etc/hosts
file:
Verify that the /etc/hosts
file is used for name resolution. You can do this by checking the hosts file entry in the netsvc.conf
file as follows:
# cat /etc/netsvc.conf | grep hosts
Ensure that the hosts keyword is configured properly for host name resolution in the environment.
Verify that the host name has been set by using the hostname
command as follows:
# hostname
The output of this command should be similar to the following:
myhost.us.example.com
Verify that the domain name has not been set dynamically by using the domainname
command as follows:
# domainname
This command should not return any results.
Verify that the hosts file contains the fully qualified host name by using the following command:
# cat /etc/hosts | grep `eval hostname`
The output of this command should contain an entry for the fully qualified host name and for the localhost
.
For example:
192.0.2.1 myhost.us.example.com myhost 127.0.0.1 localhost localhost.localdomain
If the hosts file does not contain the fully qualified host name, then open the file and make the required changes in it.
Dynamic Host Configuration Protocol (DHCP) assigns dynamic IP addresses on a network. Dynamic addressing enables a computer to have a different IP address each time it connects to the network. In some cases, the IP address can change while the computer is still connected. You can have a mixture of static and dynamic IP addressing in a DHCP system.
In a DHCP setup, the software tracks IP addresses, which simplifies network administration. This lets you add a new computer to the network without having to manually assign that computer a unique IP address.
Do not install Audit Vault Server in an environment where the IP addresses of the Audit Vault Server or the Oracle Audit Vault collection agent can change. If your environment uses DHCP, ensure that all Oracle Audit Vault systems use static IP addresses.
You can install Oracle Audit Vault on a multi-homed computer. A multi-homed computer has multiple network cards, which in turn, allows it to have multiple IP addresses. Each IP address is associated with a host name. In addition, you can set up aliases for the host name. By default, Oracle Universal Installer uses the ORACLE_HOSTNAME
environment variable setting to find the host name. If the ORACLE_HOSTNAME
environment variable is not set and you are installing Oracle Audit Vault on a computer that has multiple network cards, then Oracle Universal Installer determines the host name by using the first entry in the /etc/hosts
file.
Clients must be able to access the computer either by using this host name or by using aliases for this host name. To verify this, ping the host name from the client computers using the short name (host name only) and the full name (host name and domain name). Both tests must be successful.
Setting the ORACLE_HOSTNAME Environment Variable
Use the following procedure to set the ORACLE_HOSTNAME
environment variable.
For example, if the fully qualified host name is myhost.us.example.com
, then enter one of the following commands:
Bourne, Bash, or Korn shell:
$ ORACLE_HOSTNAME=myhost.us.example.com $ export ORACLE_HOSTNAME
C shell:
% setenv ORACLE_HOSTNAME myhost.us.example.com
A computer with multiple aliases is registered with the naming service under a single IP address. The naming service resolves all of those aliases to the same computer. Before installing Oracle Audit Vault on a computer with multiple aliases, set the ORACLE_HOSTNAME
environment variable to the computer whose host name you want to use.
Depending on whether you are installing Oracle software for the first time on this system and the products that you are installing, you may need to create several operating system groups and users. Log in to your system as the root
user before you attempt to create these operating system groups and users.
If you are installing Audit Vault Server, it requires the following operating system groups and user:
You must create this group the first time you install Oracle Audit Vault software on the system. It identifies operating system user accounts that have database administrative privileges (the SYSDBA
privilege). The default name for this group is dba
.
This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of administrative privileges (the SYSOPER
privilege). By default, members of the OSDBA group also have the SYSOPER
privilege.
Verify that the unprivileged user nobody
exists on the system. The nobody
user must own the external jobs (extjob
) executable after the installation.
The following operating system group and user are required for all installations:
The Oracle Inventory group (oinstall
)
You must create this group the first time you install Oracle software on the system. The usual name chosen for this group is oinstall
. This group owns the Oracle inventory, which is a catalog of all Oracle software installed on the system.
Note:
If Oracle software is already installed on the system, then the existing Oracle Inventory group must be the primary group of the operating system user that you use to install new Oracle software. The following topics describe how to identify an existing Oracle Inventory group.The Oracle software owner user (typically, oracle
)
You must create this user the first time you install Oracle software on the system. This user owns all software installed during the installation. This user must have the Oracle Inventory group as its primary group. It must also have the OSDBA and OSOPER groups as secondary groups.
Note:
In Oracle documentation, this user is referred to as theoracle
user.All installations of Oracle software on the system require a single Oracle Inventory group. After the first installation of Oracle software, you must use the same Oracle Inventory group for all subsequent Oracle software installations on that system. However, you can choose to create different Oracle software owner users, OSDBA groups, and OSOPER groups (other than oracle
, dba
, and oper
) for separate installations. By using different groups for different installations, members of these different groups have DBA privileges only on the associated databases, rather than on all databases on the system.
See Also:
Oracle Database Administrator's Guide for more information about the OSDBA group and theSYSDBA
and SYSOPER
privilegesNote:
The following topics describe how to create local users and groups. As an alternative to creating local users and groups, you could create the appropriate users and groups in a directory service, for example, Network Information Services (NIS). For information about using directory services, contact your system administrator or see your operating system documentation.The following topics describe how to create the required operating system users and groups:
You must create the Oracle Inventory group if it does not already exist. The following topics describe how to determine the Oracle Inventory group name, if it exists, and how to create it if necessary.
Determining Whether the Oracle Inventory Group Exists
When you install Oracle software on the system for the first time, Oracle Universal Installer creates the oraInst.loc
file. This file identifies the name of the Oracle Inventory group and the path of the Oracle Inventory directory.
To determine whether the Oracle Inventory group exists, enter the following command:
# more /etc/oraInst.loc
If the output of this command shows the oinstall
group name, then the group already exists.
If the oraInst.loc
file exists, then the output from this command is similar to the following:
inventory_loc=/u01/app/oracle/oraInventory inst_group=oinstall
The inst_group
parameter shows the name of the Oracle Inventory group, oinstall
.
Creating the Oracle Inventory Group
If the oraInst.loc
file does not exist, then create the Oracle Inventory group by using the following procedure:
You must create an OSDBA group in the following circumstances:
An OSDBA group does not exist, for example, if this is the first installation of Oracle software on the system
An OSDBA group exists, but you want to give a different group of operating system users database administrative privileges in a new Oracle installation
If the OSDBA group does not exist or if you need a new OSDBA group, then create it as follows.
In the following procedure, use the group name dba
unless a group with that name already exists.
Create an OSOPER group only if you want to identify a group of operating system users with a limited set of database administrative privileges (SYSOPER operator privileges). For most installations, it is sufficient to create only the OSDBA group. If you want to use an OSOPER group, then you must create it in the following circumstances:
If an OSOPER group does not exist, for example, if this is the first installation of Oracle software on the system
If an OSOPER group exists, but you want to give a different group of operating system users database operator privileges in a new Oracle installation
If you need a new OSOPER group, then create it as follows.
In the following procedure, use the group name oper
unless a group with that name already exists.
You must create an Oracle software owner user in the following circumstances:
If an Oracle software owner user does not exist, for example, if this is the first installation of Oracle software on the system
If an Oracle software owner user exists, but you want to use a different operating system user, with a different group membership, to give database administrative privileges to those groups in a new Oracle installation
To determine whether an Oracle software owner user named oracle
exists, enter the following command:
# id oracle
If the oracle
user exists, then the output from this command is similar to the following:
uid=440(oracle) gid=200(oinstall) groups=201(dba),202(oper)
If the user exists, then determine whether you want to use the existing user or create another Oracle software owner (oracle
) user. If you want to use the existing user, then ensure that the primary group of the user is the Oracle Inventory group and that it is a member of the appropriate OSDBA and OSOPER groups.
Note:
If necessary, contact your system administrator before using or modifying an existing user.See one of the following sections for more information:
To modify an existing Oracle software owner user, see Section 2.6.4.3.
To create an Oracle software owner user, see the following section.
If the Oracle software owner user does not exist or if you require a new Oracle software owner user, then create it as follows. In the following procedure, use the user name oracle
unless a user with that name already exists.
# smit security
Choose the appropriate menu items to create the oracle
user, specifying the following information:
In the Primary GROUP field, specify the Oracle Inventory group, for example oinstall
.
In the Group SET field, specify the OSDBA group and if required, the OSOPER group. For example, dba
or dba,oper
.
Note:
The UID for theoracle
user must be less than 65536.Press F10 to exit.
Set the password of the oracle
user:
# passwd oracle
See Section 2.6.5 to continue.
If the oracle
user exists, but its primary group is not oinstall
or it is not a member of the appropriate OSDBA or OSOPER groups, then you can modify it as follows:
Enter the following command:
# smit security
Choose the appropriate menu items to modify the oracle
user.
In the Primary GROUP field, specify the Oracle Inventory group, for example oinstall
.
In the Group SET field, specify the required secondary groups, for example dba
and oper
.
Press F10 to exit.
Before installing the software, perform the following procedure to verify that the nobody
user exists on the system:
To determine whether the user exists, enter the following command:
# id nobody
If this command displays information about the nobody
user, then you do not have to create that user.
If the nobody
user does not exist, then enter the following command to create it:
# smit security
Specify the appropriate options to create an unprivileged nobody
user, then press F10 to exit.
Note:
The parameter and shell limit values shown in this section are recommended values only. For production database systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information about tuning kernel parameters.Oracle recommends that you set shell limits and system configuration parameters as described in the following sections:
Verify that the shell limits shown in the following table are set to the values shown. The procedure following the table describes how to verify and set the values.
Shell Limit (As Shown in smit) | Recommended Value |
---|---|
Soft FILE size | -1 (Unlimited) |
Soft CPU time | -1 (Unlimited)
Note: This is the default value. |
Soft DATA segment | -1 (Unlimited) |
Soft STACK size | -1 (Unlimited) |
To view the current value specified for these shell limits, and to change them if necessary:
Enter the following command:
# smit chuser
In the User NAME field, enter the user name of the Oracle software owner, for example oracle
.
Scroll down the list and verify that the value shown for the soft limits listed in the previous table is -1.
If necessary, edit the existing value.
When you have finished making changes, press F10 to exit.
Verify that the maximum number of processes allowed for each user is set to 2048 or greater:
Note:
For production systems, this value should be at least 128 plus the sum of thePROCESSES
and PARALLEL_MAX_SERVERS
initialization parameters for each database running on the system.Enter the following command:
# smit chgsys
Verify that the value shown for Maximum number of PROCESSES allowed for each user is greater than or equal to 2048.
If necessary, edit the existing value.
When you have finished making changes, press F10 to exit.
You must identify or create the following directories for the Oracle software:
The Oracle base directory is a top-level directory for Oracle software installations. On AIX systems, the Optimal Flexible Architecture (OFA) guidelines recommend that you use a path similar to the following for the Oracle base directory:
/mount_point/app/oracle_sw_owner
mount_point
is the mount point directory for the file system that will contain the Oracle software.
The examples in this guide use /u01
for the mount point directory. However, you could choose another mount point directory, such as /oracle
or /opt/oracle
.
oracle_sw_owner
is the operating system user name of the Oracle software owner, for example, oracle
.
You can use the same Oracle base directory for more than one installation or you can create separate Oracle base directories for different installations. If different operating system users install Oracle software on the same system, then each user must create a separate Oracle base directory. The following example Oracle base directories could all exist on the same system:
/u01/app/oracle /u01/app/orauser /opt/oracle/app/oracle
The following topics describe how to identify existing Oracle base directories that might be suitable for your installation and how to create an Oracle base directory if necessary.
Regardless of whether you create an Oracle base directory or decide to use an existing one, you must set the ORACLE_BASE
environment variable to specify the full path to this directory.
The Oracle Inventory directory (oraInventory
) stores an inventory of all software installed on the system. It is required by, and shared by, all Oracle software installations on a single system. The first time you install Oracle software on a system, Oracle Universal Installer prompts you to specify the path to this directory. Oracle recommends that you choose the following path:
oracle_base/oraInventory
Oracle Universal Installer creates the directory that you specify and sets the correct owner, group, and permissions for it. You do not need to create it.
Note:
All Oracle software installations rely on this directory. Ensure that you back it up regularly.Do not delete this directory unless you have completely removed all Oracle software from the system.
The Oracle home directory is the directory where you choose to install the software for a particular Oracle product. You must install different Oracle products, or different releases of the same Oracle product, in separate Oracle home directories. When you run Oracle Universal Installer, it prompts you to specify the path to this directory and a name that identifies it. The directory that you specify must be a subdirectory of the Oracle base directory. Oracle recommends that you specify a path similar to the following for the Oracle home directory:
oracle_base/product/10.2.3/av_1
Oracle Universal Installer creates the directory path that you specify under the Oracle base directory. It also sets the correct owner, group, and permissions on it. You do not need to manually create this directory on your system.
Before starting the installation, you must either identify an existing Oracle base directory or if required, create one. This section contains the following topics:
Note:
You can choose to create an Oracle base directory, even if other Oracle base directories exist on the system.Existing Oracle base directories might not have paths that comply with Optimal Flexible Architecture (OFA) guidelines. However, if you identify an existing Oracle Inventory directory or existing Oracle home directories, then you can usually identify the Oracle base directories, as follows:
To identify an existing Oracle Inventory directory
Enter the following command to view the contents of the oraInst.loc
file:
# more /etc/oraInst.loc
If the oraInst.loc
file exists, then the output from this command is similar to the following:
inventory_loc=/u01/app/oracle/oraInventory inst_group=oinstall
The inventory_loc
parameter identifies the Oracle Inventory directory (oraInventory
). The parent directory of the oraInventory
directory is typically an Oracle base directory. In the previous example, /u01/app/oracle
is an Oracle base directory.
To identify existing Oracle home directories
Enter the following command to view the contents of the oratab
file:
# more /etc/oratab
If the oratab
file exists, then it contains lines similar to the following:
*:/u03/app/oracle/product/1.0.0/db_1:N *:/opt/orauser/infra_904:N *:/oracle/9.2.0:N
The directory paths you specify on each line identify Oracle home directories. Directory paths that end with the user name of the Oracle software owner that you want to use are valid choices for an Oracle base directory. If you intend to use the oracle
user to install the software, then you could choose one of the following directories from the previous example:
/u03/app/oracle /oracle
Note:
If possible, choose a directory path similar to the first (/u03/app/oracle
). This path complies with the OFA guidelines.Before deciding to use an existing Oracle base directory for this installation, ensure that it satisfies the following conditions:
It should not be on the same file system as the operating system.
It must have sufficient free disk space as described in the table in Section 2.3.
To determine the free disk space on the file system where the Oracle base directory is located, enter the following command:
# df -k oracle_base_path
If an Oracle base directory does not exist on the system or if you want to create an Oracle base directory, then complete the steps in Section 2.9.2.
Before you create an Oracle base directory, you must identify an appropriate file system with sufficient free disk space, as indicated in the table in Section 2.3.
To identify an appropriate file system:
Use the df -
k
command to determine the free disk space on each mounted file system.
From the display, identify a file system that has appropriate free space.
Note the name of the mount point directory for the file system that you identified.
To create the Oracle base directory and specify the correct owner, group, and permissions for it:
Enter commands similar to the following to create the recommended subdirectories in the mount point directory that you identified, and set the appropriate owner, group, and permissions on them:
# mkdir -p /mount_point/app/oracle_sw_owner # chown -R oracle:oinstall /mount_point/app/oracle_sw_owner # chmod -R 775 /mount_point/app/oracle_sw_owner
For example, if the mount point you identify is /u01
and oracle
is the user name of the Oracle software owner, then the recommended Oracle base directory path is:
/u01/app/oracle
When you configure the environment of the oracle
user (see Section 2.6.1), set the ORACLE_BASE
environment variable to specify the Oracle base directory that you created.
If you choose to place the Oracle Audit Vault database files on a file system, then use the following guidelines when deciding where to place them:
The default path suggested by Oracle Universal Installer for the database file directory is a subdirectory of the Oracle base directory.
You can choose either a single file system or more than one file system to store the database files:
If you want to use a single file system, then choose a file system on a physical device that is dedicated to the database.
For best performance and reliability, choose a redundant arrays of independent disks (RAID) device or a logical volume on more than one physical device and implement the stripe-and-mirror-everything (SAME) methodology.
If you want to use more than one file system, then choose file systems on separate physical devices that are dedicated to the database.
This method enables you to distribute physical I/O and create separate control files on different devices for increased reliability. It also enables you to fully implement the OFA guidelines.
For optimum performance, the file systems that you choose should be on physical devices that are used only by the database.
The oracle
user must have write permissions to create the files in the path that you specify.
Before you begin the Audit Vault Server installation, you should check to see that the DISPLAY
environment variable is set to a proper value. For example, for the Bourne, Bash, or Korn shell, you would enter the following commands, where myhost.us.example.com
is your host name:
$ DISPLAY=myhost.us.example.com:1.0 $ export DISPLAY
For example, for the C shell, you would enter the following command, where myhost.us.example.com
is your host name:
% setenv DISPLAY myhost.us.example.com:1.0
Ensure that the NLS_LANG
environment variable is not set.
For example, for C shell:
unsetenv NLS_LANG
For example, for Bourne, Bash, or Korn shells:
unset NLS_LANG
Note:
Do not run the rootpre.sh script if you have a later release of the Oracle Audit Vault software already installed on this system.Switch user to root
:
$ su - password: #
For new rootpre.sh
section for chapter 1 of Audit Vault Installation Guide:
Go to the location where you unzipped the files from patch 6613550:
# /patch6613550/rootpre.sh
./runInstaller -ignoreSysPreReqs
Exit from the root account:
# exit