2.2 Running Compliance Checks Automatically
Oracle recommends that you use the daemon process to schedule recurring compliance checks at regular intervals.
Note:
Daemon mode is supported only on the Linux and Solaris operating systems.Configure the daemon to:
-
Schedule recurring compliance checks at regular interval
-
Send email notifications when the compliance check runs complete, clearly showing any differences since the last run
-
Purge collection results after a pre-determined period
-
Check and send email notification about stale passwords
-
Store multiple profiles for automated compliance check runs
-
Restart automatically if the server or node where it is running restarts
Note:
While running, the daemon answers all the prompts required by subsequent on-demand compliance checks.
To run on-demand compliance checks, do not use the daemon process started by others. Run on-demand compliance checks within the same directory where you have started the daemon.
If you change the system configuration such as adding or removing servers or nodes, then restart the daemon.
- Setting and Getting Options for the Daemon
Set the daemon options before you start the daemon. Reset the daemon options anytime after starting the daemon. - Starting and Stopping the Daemon
Start and stop the daemon and force the daemon to stop a compliance check run. - Querying the Status and Next Planned Daemon Run
Query the status and next automatic run schedule of the running daemon. - Configuring the Daemon for Automatic Start
Installing Oracle Autonomous Health Framework asroot
on Linux or Solaris automatically sets up and runs the Oracle ORAchk or Oracle EXAchk daemon. - Configuring the Daemon for Automatic Restart
By default, you must manually restart the daemon if you restart the server or node on which the daemon is running.
Related Topics
Parent topic: Compliance Checking with Oracle ORAchk and Oracle EXAchk
2.2.1 Setting and Getting Options for the Daemon
Set the daemon options before you start the daemon. Reset the daemon options anytime after starting the daemon.
To set the daemon options:
- AUTORUN_SCHEDULE
Schedule recurring compliance check runs using theAUTORUN_SCHEDULE
daemon option. - AUTORUN_FLAGS
TheAUTORUN_FLAGS
daemon option determines how compliance checks are run. - NOTIFICATION_EMAIL
Set theNOTIFICATION_EMAIL
daemon option to send email notifications to the recipients you specify. - collection_retention
Set thecollection_retention
daemon option to purge health check collection results that are older than a specified number of days. - PASSWORD_CHECK_INTERVAL
ThePASSWORD_CHECK_INTERVAL
daemon option defines the frequency, in hours, for the daemon to validate the passwords entered when the daemon was started the first time. - Setting Multiple Option Profiles for the Daemon
Use only one daemon process for each server. Do not start a single daemon on multiple databases in a cluster, or multiple daemons on the same database. - Getting Existing Options for the Daemon
Query the values that you set for the daemon options.
Related Topics
Parent topic: Running Compliance Checks Automatically
2.2.1.1 AUTORUN_SCHEDULE
Schedule recurring compliance check runs using the
AUTORUN_SCHEDULE
daemon option.
To schedule recurring compliance check runs:
$ orachk –set "AUTORUN_SCHEDULE=3 * * 0"
$ exachk –set "AUTORUN_SCHEDULE=3 * * 0"
Optionally, you can specify the name
of the profile. If you do not specify, then
id
=DEFAULT
.
$ orachk -id dba -set "AUTORUN_SCHEDULE=3 * * 0"
$ exachk -id dba -set "AUTORUN_SCHEDULE=3 * * 0"
Parent topic: Setting and Getting Options for the Daemon
2.2.1.2 AUTORUN_FLAGS
The AUTORUN_FLAGS
daemon option determines how compliance
checks are run.
To configure how compliance checks should run:
$ orachk –set "AUTORUN_FLAGS=-profile sysadmin –tag sysadmin"
$ exachk –set "AUTORUN_FLAGS=-profile sysadmin –tag sysadmin"
Parent topic: Setting and Getting Options for the Daemon
2.2.1.3 NOTIFICATION_EMAIL
Set the NOTIFICATION_EMAIL
daemon option to send email notifications to the recipients you specify.
To configure email notifications:
After the first health check run, the daemon notifies the recipients with report output attached.
For the subsequent health check runs after the first email notification, the daemon emails the summary of differences between the most recent runs to all recipients specified in the NOTIFICATION_EMAIL
list.
Related Topics
Parent topic: Setting and Getting Options for the Daemon
2.2.1.4 collection_retention
Set the collection_retention
daemon option to purge health check collection results that are older than a specified number of days.
To configure collection retention period:
$ orachk –set "collection_retention=60"
$ exachk –set "collection_retention=60"
Parent topic: Setting and Getting Options for the Daemon
2.2.1.4.1 To Control Collection Retention Using Size
RAT_PURGE_SIZE
. When the
health check collections consume the size
specified, then Oracle ORAchk starts purging the
old collections, and retains the space specified
using RAT_PURGE_SIZE
.
$export RAT_PURGE_SIZE=4096
2.2.1.5 PASSWORD_CHECK_INTERVAL
The PASSWORD_CHECK_INTERVAL
daemon option defines the frequency, in hours, for the daemon to validate the passwords entered when the daemon was started the first time.
If an invalid password is found due to a password change, then the daemon stops, makes an entry in the daemon log, and then sends an email notification message to the recipients specified in the NOTIFICATION_EMAIL
option.
To configure password validation frequency:
$ orachk –set "PASSWORD_CHECK_INTERVAL=1"
$ exachk –set "PASSWORD_CHECK_INTERVAL=1"
Related Topics
Parent topic: Setting and Getting Options for the Daemon
2.2.1.6 Setting Multiple Option Profiles for the Daemon
Use only one daemon process for each server. Do not start a single daemon on multiple databases in a cluster, or multiple daemons on the same database.
The daemon does not start, if the daemon detects another Oracle Autonomous Health Framework daemon process running locally.
Define multiple different run profiles using the same daemon. Defining multiple different run profiles enables you to run multiple different compliance checks with different daemon options, such as different schedules, email notifications, and automatic run flags. The daemon manages all profiles.
Define daemon option profiles using the –id id
option before the –set
option, where id
is the name of the profile.
$ orachk –id id –set "option=value"
$ exachk –id id –set "option=value"
To set multiple option profiles for the daemon:
For example, if the database administrator wants to run checks within the dba
profile and the system administrator wants to run checks in the sysadmin
profile, then configure the daemon using the profiles option.
Related Topics
Parent topic: Setting and Getting Options for the Daemon
2.2.1.7 Getting Existing Options for the Daemon
Query the values that you set for the daemon options.
To query the values, use [-id ID] -get
option | all
.
ID
is a daemon option profile.option
is a specific daemon option you want to retrieve.all
returns values of all options.
To get existing options for the daemon:
Parent topic: Setting and Getting Options for the Daemon
2.2.2 Starting and Stopping the Daemon
Start and stop the daemon and force the daemon to stop a compliance check run.
To start and stop the daemon:
–d stop
option.
Parent topic: Running Compliance Checks Automatically
2.2.3 Querying the Status and Next Planned Daemon Run
Query the status and next automatic run schedule of the running daemon.
-d status|info|nextautorun
-d status
: Checks if the daemon is running.-d info
: Displays information about the running daemon.-d nextautorun [-id ID]
: Displays the next automatic run time.
To query the status and next planned daemon run:
Parent topic: Running Compliance Checks Automatically
2.2.4 Configuring the Daemon for Automatic Start
Installing Oracle Autonomous Health Framework as root
on
Linux or Solaris automatically sets up and runs the Oracle ORAchk or Oracle EXAchk daemon.
To configure the daemon to stop or start automatically:
Run these commands as root
.
Parent topic: Running Compliance Checks Automatically
2.2.5 Configuring the Daemon for Automatic Restart
By default, you must manually restart the daemon if you restart the server or node on which the daemon is running.
However, if you use the automatic restart option, the daemon restarts automatically after the server or node reboot.
Configure the daemons to auto restart as root
.
To configure the daemon to restart automatically:
Parent topic: Running Compliance Checks Automatically