How to Download oracle softwares using wget on Linux servers

a. Please install wget utility in  linux server where you want to download. Most of the Linux  flavors will have this installed by default.

b.Please install the add-on  export-cookies-txt  in firefox (for chrome ,Please use cookies.txt)








c. After installing the above add-on ,you can login to OTN,edelivery or MOS with your credentials. Please download any one of the file you want to download and cancel immediately .

d. Save the cookies.txt  as instructed  below.

e.Transfer the cookies.txt  to Linux server.(for example to /root)
f..copy the link location of the files which needs to be downloaded.

g. Please execute the below command to download the necessary files.

wget --load-cookies=/root/cookies.txt https://download.oracle.com/otn/linux/oracle12c/121020/linuxamd64_12102_database_1of2.zip

Note:

1. If you are receiving any errors related to certificate ,please use --no-check-certificate option. and to save a  file under a different name, pass the -O option followed by the chosen name.

Ex:
wget --load-cookies=/root/cookies.txt https://download.oracle.com/otn/linux/oracle12c/121020/linuxamd64_12102_database_1of2.zip -O jay.zip


2. Sometimes cookies may expire within 30 mins. In this case, you may have to re-initiate the download in browser (and cancel it immediately)  and copy the cookies.txt once again.

3. Optionally (but highly recommended) you can compare the checksum of downloaded files and checksum value in the site to make sure there is no corruption in the files.

[root@jaysv01 ~]#  cksum linuxamd64_12102_database_1of2.zip
839029806 1673544724 linuxamd64_12102_database_1of2.zip

[root@jaysv01 ~]#  cksum linuxamd64_12102_database_2of2.zip
1187131466 1014530602 linuxamd64_12102_database_2of2.zip

How to prevent ssh timeout in linux?

By sending a “null packet” between the client and the server at a specified interval that is smaller than the timeout value, we can avoid SSH timeout. It doesn’t matter if the packet is sent from the client or the server, as long as there is some communication going on between the two.

Prevent SSH timeout on the server side:

Please  add the following to your SSH daemon config in /etc/ssh/sshd_config on your servers to prevent the clients to time out – so they don’t have to modify their local SSH config:

ClientAliveInterval 120
ClientAliveCountMax 720

This will make the server send the clients a “null packet” every 120 seconds and not disconnect them until the client have been inactive for 720 intervals (120 seconds * 720 = 86400 seconds = 24 hours).

Check the value through command line ...

[root@oam network-scripts]# sshd -T | grep -i client
clientaliveinterval 120
clientalivecountmax 720

Prevent SSH timeout on the client side:

on many commodity firewalls, connections are killed after as little as 300 seconds. To avoid having your SSH sessions become unresponsive after e.g. 5 minutes, do the following:

Linux Client:
If we are on Linux, you can edit your local SSH config file in ~/.ssh/ssh_config  (or) /etc/ssh/ssh_config and add the following line:

ServerAliveInterval 120
This will send a “null packet” every 120 seconds on your SSH connections to keep them alive.


Windows clients:

Putty - On Windows (PuTTY)
In your session properties, go to Connection and under Sending of null packets to keep session active, set Seconds between keepalives (0 to turn off) to e.g. 300 (5 minutes).

Mobaxterm - You can check the "Enable SSH keepalive" box under "Settings" --> "Configuration" --> "SSH" tab.

Alternative for telnet in linux

Ever needed to test firewalls but didn't have netcat, telnet or even FTP? Enter /dev/tcp which is alternate for telnet 

/dev/tcp/(hostname)/(port) is a bash builtin that bash can use to open connections to TCP and UDP ports.

How to open Oracle Forms in linux browser?

a.Download the jre-8u181-linux-i586.tar.gz 
b.cd /root & Extract it in one of the directory (Ex: /root ).
c.cd /usr/lib64/mozilla/plugins
d.ln -s /root/jre1.8.0_181/lib/amd64/libnpjp2.so
e.cd /root/jre1.8.0_181/bin;./jcontrol (Add the security Exception)
f.Now try to relaunch the browser and open forms.

Virtual Box: Sharing Folders between Host and Virtual Server:

Install Guest Editions:
Devices-->Install Guest Editions-->Reboot the machine-->right click (Autorun)

If it errors out realted to kernel issue,Please  follow below steps.

yum remove kernel-headers
cd /etc/yum.repos.d/
Please check the linux version and enable yum for that version.
vi public-yum-ol6.repo
enable the latest yum repository [public_ol6_latest] & public_ol6_u7_base]
yum remove kernel-headers
yum -y install kernel-uek-devel-$(uname -r)

Oracle VirtualBox:

Devices-->Shared Folders-->Add New Shared Folder button-->Give  Folder Path & share name(Oracle_Apps_122_Linux64 )-->Click on Make permenent

Linux Guest:
Login as root
mount -t vboxsf  Oracle_Apps_122_Linux64  /shared

Preserving changes in resolv.conf across reboots in OEL/REDHAT6

DNS servers in /etc/resolv.conf change after a reboot or network service restart.We need to shutdown NetworkManager and disable it.

root@rac1 network-scripts]# service NetworkManager stop
Stopping NetworkManager daemon:                            [  OK  ]


[root@rac1 network-scripts]# chkconfig NetworkManager off

Openssl Commands

Openssl Command to test protocol support:

openssl s_client -connect jayuat.domain.com:443 -tls1_2
openssl s_client -connect jayuat.domain.com:443 -tls1_1
openssl s_client -connect jayuat.domain.com:443 -tls1
openssl s_client -connect jayuat.domain.com:443 -ssl2
openssl s_client -connect jayuat.domain.com:443 -ssl3 

How to check JDK bit version (32 or 64 bit)?

Run the commands: java -d64 -version or java -d32 -version and you will get an error for the version that is not supported.

Example :

On 64bit JDK:

$java -d64  -version
$java version "1.7.0_111"Java(TM) SE Runtime Environment (build 1.7.0_111-b13)Java HotSpot(TM) 64-Bit Server VM (build 24.111-b13, mixed mode)

$java -d32 -version 
Error: This Java instance does not support a 32-bit JVM.Please install the desired version.


On 32 bit JDK:
$java -d32 -version
java version "1.6.0_07"Java(TM) SE Runtime Environment (build 1.6.0_07-b06)Java HotSpot(TM) Server VM (build 10.0-b23, mixed mode)

$java -d64  -versionRunning a 64-bit JVM is not supported on this platform.

Create CSR using Openssl

a) cd /app/jaydev/jay/apache/
b) mkdir SHA2_CERTS; cd /app/jaydev/jay/apache/SHA2_CERTS
c) openssl genrsa -des3 -out jaydba_blogspot_com.key 2048 -sha256
d) save the password in .passwd.key
e) mv jaydba_blogspot_com.key jaydba_blogspot_com.key.orig

f)openssl rsa -in jaydba_blogspot_com.key.orig -out jaydba_blogspot_com.key

g)openssl req -sha256 -out jaydba_blogspot_com.csr -key jaydba_blogspot_com.key -new

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:California
Locality Name (eg, city) [Newbury]:XXXXXXX
Organization Name (eg, company) [My Company Ltd]:XXXXXXXX
Organizational Unit Name (eg, section) []:XXXXXXXXXXXX
Common Name (eg, your name or your server's hostname) []:jaydba.blogspot.com
Email Address []:srm.jay@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

To verify Contents of CSR:

h)openssl req -in jaydba_blogspot_com.csr -noout -text

                                [OR]

f) go to https://www.trustico.com/ssltools/decode/csr-pem/decode-csr.php

Access Control List(ACL) in Oracle 11G

With ACL’s, Oracle offers more fine-grained access control for users to access external network resources.

The packages UTL_MAIL, UTL_SMTP, UTL_HTTP, UTL_TCP etc. allow communication beyond the database server to the outside world, but when granted access, all hosts can be accessed. This can be interpreted as a security flaw as no login is required when using UTL_TCP for example. DBA’s are advised to revoke the execute privileges from public on these kind of packages.

Since Oracle 11g, the Access Control List is introduced. You not only can control who has access to these packages by granting, but now you can also control which resources they can call.We can control accessibility based on host and port number.

Create ACL and assign host,port and privileges.

1.

BEGIN

DBMS_NETWORK_ACL_ADMIN.create_acl (

acl => 'jaydba.xml',

description => 'jaydba',

principal => 'APPS',

is_grant => TRUE,

privilege => 'connect',

start_date => SYSTIMESTAMP,

end_date => NULL);

COMMIT;

END;

/

2.

BEGIN

DBMS_NETWORK_ACL_ADMIN.assign_acl (

acl => 'jaydba.xml',

host => 'jaydba.blogspot.com',

lower_port => 443,

upper_port => 443);

END;

/

3.

BEGIN

DBMS_NETWORK_ACL_ADMIN.add_privilege (

acl => 'jaydba.xml',

principal => 'APPS',

is_grant => FALSE,

privilege => 'resolve',

position => NULL,

start_date => NULL,

end_date => NULL);

COMMIT;

END;

/

4.Drop ACL.

begin

DBMS_NETWORK_ACL_ADMIN.drop_acl (acl => 'jaydba.xml');

COMMIT;

END;

/

5.Unassign ACL:

begin

dbms_network_acl_admin.unassign_acl(

acl        => 'jaydba.xml',

host       => 'jaydba.blogspot.com',

lower_port => 443,

upper_port => 443

  );

end;

/

6.Delete Privilege:

begin

dbms_network_acl_admin.delete_privilege('jaydba.xml', 'APPS', NULL, 'connect');

end;

/

In Case ,if we would like to change host name or port ,we just have to unassign and assign(5 & 2),No need to drop acl and recreate.

Accessing https sites:

IF the externeal network we try access is ssl protected,then we need to create the wallet and import the certificate,pls make sure to import the certificate chains properly(main,root,intermediate certs)

orapki wallet create -wallet /home/oracle/wallet -pwd password123 -auto_login

orapki wallet add -wallet /home/oracle/wallet -trusted_cert -cert verisignclass3.cer -pwd password123

orapki wallet add -wallet /home/oracle/wallet -trusted_cert -cert www.verisign.com.cer -pwd password123

orapki wallet add -wallet /home/oracle/wallet -trusted_cert -cert jaydba.cer -pwd password123

orapki wallet display -wallet /home/oracle

To verify:

select   UTL_HTTP.request('url',proxy,'wallet',wallet password) from dual;

proxy            -- (Optional) Specifies a proxy server to use when making the HTTP request

wallet_password  -- (Optional) Specifies the password required to open the wallet. 

ex:

select   UTL_HTTP.request('https://jaydba.blogspot.com',null,'file:/home/oracle/wallet ',null) from dual;

How To Build Apache with local openssl

INSTALL OPENSSL IN CUSTOM LOCATION:

a) mkdir -p /app/webauth_test/jaydev & Copy software folder from raappdev21:/app/webauth_test/jaydev
b) cd /app/webauth_test/jaydev/software/openssl-1.0.1
c) rm -rf openssl-1.0.1s
D) tar -zxvf openssl-1.0.1s.tar.gz
e) cd  /app/webauth_test/jaydev
f) mkdir -p openssl   openssl-1.0.1s_install
g) cd /app/webauth_test/jaydev/software/openssl-1.0.1/openssl-1.0.1s
h)./config --prefix=/app/webauth_test/jaydev/openssl --openssldir=/app/webauth_test/jaydev/openssl-1.0.1s_install shared
i)make depend
j)make test
k)make install
l)Add the below to end of .profile
export PATH=/app/webauth_test/jaydev/openssl/bin:$PATH
export LD_LIBRARY_PATH=/app/webauth_test/jaydev/openssl/lib:$LD_LIBRARY_PATH



APACHE SETUP:

a)cd /app/webauth_test/jaydev/software/Apache
b)tar -xvf httpd-2.2.31.tar
c)mkdir -p /app/webauth_test/jaydev/apache-2.2.31
d)cd /app/webauth_test/jaydev/software/Apache/httpd-2.2.31
e)vi config.nice
"./configure" \
"--prefix=/app/webauth_test/jaydev/apache-2.2.31" \
"--with-ssl=/app/webauth_test/jaydev/openssl" \
"--enable-mods-shared=most" \
"--enable-proxy" \
"--enable-module=ssl" \
"--enable-ssl" \
"--enable-module=so" \
"--with-apxs=/usr/sbin/apxs" \
"--with-included-apr" \
"$@"
f)./config.nice
g)make
h)make install
i)Copy jay.conf,ssl.conf,ldap.conf,webauth.conf from current webauth to /app/webauth_test/jaydev/apache-2.2.31/conf and add below parameter to core-facilities.conf

  SSLProtocol -ALL +TLSv1.2 +TLSv1.1 +TLSv1
  SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
  SSLHonorCipherOrder On



j)Copy the certs directory from current webauth to /app/webauth_test/jaydev/apache-2.2.31
k)Do the path change for certs and webauth key files,but don't change other paths(Ruby,passenger paths).
l) Include the files to httpd.conf
m)Stop the old apache and bring up this new apache.
n)Then go to old apache home and do below steps.

cd /app/jaydev1/webauth/bin
mv apachectl.sh apachectl.sh.do.not.start
vi apachectl.sh and add belwo lines

echo -e  "\nCurrently Apache is running on /app/webauth_test/jaydev/apache-2.2.31/"
echo -e  "\nPlease refer SFI-494 for more details\n"
echo -e "In case if you want to revert back ,Please follow below steps\n\n"
echo -e "\ncd /app/webauth_test/jaydev/apache-2.2.31/"
echo -e "\n ./apachectl stop "
echo -e "\ncd /app/jaydev1/webauth/bin"
echo -e "\nmv  apachectl.sh apachectl.sh.dnu;mv apachectl.sh.do.not.start  apachectl.sh"
echo -e "\n./apachectl.sh  start"