Skip navigation

O_Linux_clr_trans.png

Full Article: Running OpenSCAP Compliance Checks on Oracle Linux

 

by Ginny Henningsen

 

Learn how to use the OpenSCAP compliance checker, a standardized way in Oracle Linux to evaluate security configurations and vulnerabilities.

 

Challenges in IT Security Management

 

An IT security breach—an incident of system tampering, intrusion, or data compromise—can have significant consequences. Companies can experience dramatic revenue losses, miss out on strategic business opportunities, and incur expenses associated with recovery and remediation. Government and regulatory agencies may impose legal penalties, mandate restitution, or levy fines. The potential impacts make IT system security a serious business concern.

 

As a part of IT security management, organizations usually define a security policy that standardizes optimal internal practices, processes, and configurations. When a company stores or processes sensitive data (including personal identity, financial data, or healthcare records), the security policy must also reflect relevant government and regulatory standards such as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and the Payment Card Industry Data Security Standard (PCI DSS). Standards often specify hardening guidelines and IT system requirements as well as required security practices. Many standards also mandate formal security reviews that must be performed by certified auditors on a regular schedule. In addition to these formal compliance assessments, IT departments typically conduct informal security reviews to detect and remedy vulnerabilities that might otherwise result in system or data compromise.

 

The diversity of data center systems adds to the challenge of developing effective and efficient strategies for IT security management. To help organizations automate compliance checks and implement security policy more universally across heterogeneous data centers, the US National Institute of Standards and Technology (NIST) developed the Security Content Automation Protocol (SCAP) standard. NIST created SCAP to provide a standardized approach for implementing enterprise system security and baseline profiles for compliance audits. Based on the SCAP standard, the OpenSCAP project supplies open source tools and policies to automate compliance checking and consistently apply security policy across different system types.

 

To automate compliance checking on Oracle Linux servers, the operating system includes packages containing an OpenSCAP framework and an implementation of the OpenSCAP interpreter, oscap. In addition, Oracle makes SCAP content files available to evaluate Oracle Linux system configurations against a defined security policy, industry-accepted hardening guidelines, and known vulnerabilities. This article can help administrators get started using the OpenSCAP functionality in Oracle Linux. It describes the various SCAP content files available to automate compliance checks, as well as how to obtain and use security advisory content that Oracle regularly publishes. It also discusses how to use Spacewalk, a tool for Linux systems management, to run OpenSCAP audits on Spacewalk-managed Oracle Linux client systems. Spacewalk is an open source (GPLv2) project. It officially became an open source, community-driven project in June 2008; it is the upstream project for the Red Hat Satellite product....[click here to read the full article]

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png

Join OTN Systems Community Manager, Logan, as he interviews Juris Trošins, Expert and co-owner at DBA Competence Center, about a recent migration over to Oracle SuperCluster that he managed.

 

For more tech tips and how-tos from Oracle experts, subscribe to the OTN Systems Hub YouTube Channel and be sure to follow the OTN Systems Hub

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png

Basic Network Configuration in Oracle Solaris 11

 

AAEAAQAAAAAAAAaRAAAAJDFkMjUyNTlkLWJiYmEtNDE5My04MWUzLWE4ZmU1MWExM2M3ZQ.jpg

 

This week, I wanted to feature an article written by Oracle ACE Alexandre Borges, Basic Network Configuration in Oracle Solaris 11.

 

This article, which is Part 1 of a two-part series, focuses on Oracle Solaris 11 features that enable administrators to configure basic network functionality.

 

Knowing how to monitor and configure the details of a systems network is an extremely important thing to know how to do for all administrators. Agreed? Okay, cool. For example, you might want to know how many network interfaces exist, what their status is, and what their speed is, and you might also want to configure a network interface. In addition, you might wonder how easy is it to administer the network after configuring it. All of these questions will be answered in this article, by Alexandre, which is a very solid review of the Oracle Solaris 11 network configuration.

 

About Alexandre

Alexandre Borges has been an instructor for Oracle Solaris, Oracle Linux, Oracle Database, and Symantec security. He is a columnist and author for Linux Magazine Brazil, and just started writing a series of articles about his experience with Oracle Solaris. Alexandre is an enthusiastic technologist, and we're delighted to have him as part of our ACE team. You can find him at http://alexandreborges.org

 

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png

O_University_clr.bmp

Oracle Systems Learning Subscription

 

As products and technologies develop and improve over time, it becomes extremely important for SysAdmins and Developers to stay ahead of the curve. Training should be a regular part of your professional life to keep your skills current, thereby meeting the needs of your organization. One of the best ways to do this is, of course, learning from the experts that make the products you use. However, I'll admit it, as an Oracle employee I am somewhat biased....

 

With the new "Systems Learning Subscription" from Oracle University, you learn how to successfully administer and manage your Engineered Systems, Oracle Solaris, Oracle Linux, Servers and Storage Solutions with this portfolio of digital training for key Oracle product areas. Experts from Oracle will not only provide you with valuable lessons but also provide insight on new releases, product overviews and best practices for this entire range of offerings.

 

Who is this for:

  • Systems Administrators
  • System Analysts
  • System Architects
  • Support Engineers
  • IT Managers
  • Support Consultants
  • Security Administrators
  • Network Administrators

Learn how to:

  • Identify key features and benefits of Oracle Systems
  • Implement and administer Engineered Systems, Operating Systems, Servers and Storage
  • Discover how to optimize and increase performance, scalability and availability utilizing Oracle Systems5
  • Learn how to troubleshoot and maintain Oracle Systems
  • Hear insights about Oracle Systems and technologies, directly from Oracle experts on multiple subjects relating to Oracle Systems; including best practices, new features and how to perform small tasks.

To see a preview of this program, visit: Oracle Learning Subscription

 

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png

O_Sparc_Servers_clr.png

White Paper: EMC NetWorker Performance and Scalability with Oracle’s SPARC T5 - 2 Server Architecture

 

Introduction

This white paper introduces readers to NetWorker, the SPARC T5-2 server, and Data Domain features and functionality relevant to NetWorker backup from the SPARC T5-2 server with Data Domain Boost. This paper discusses how NetWorker takes advantage of the new capabilities of the SPARC T5-2 server and Data Domain Boost 3.0 and how NetWorker scales and performs better compared to when previous SPARC or x64 platforms are used. This paper also highlights the best practices for optimal performance using EMC NetWorker on the SPARC T5-2 server platform.

logo_emc_footer.png

Additional Resources

 

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png

ukoug_logo.gifLast month, right before the holidays, I attended the UK Oracle User Group Tech15 Conference in Birmingham. It was a fantastic event with an enormous amount of sessions and talks about all things Oracle. With my OTN Banners and a rolling suitcase full of camera gear and electronics making every airport security agent from San Francisco to Frankfurt nervous, I made my way to the Birmingham ICC.

 

Having been my first time to this particular event, I wasn't quite sure what to expect when I got there. I was pleasantly surprised! The attendance was impressive and the educational materials were flowing. Experts from every niche of the Oracle world were there to present on everything from mobile cloud tools and app development, to hardware and database  how-tos, best practices, and optimization. If you are in the UK area and want to get more involved with the UKOUG, you can visit their site here: http://www.ukoug.org/home/

 

Today, I wanted to highlight a quick tip from Tammy Bednar, Director of Product Management for the Oracle Database Appliance, on how to improve database performance by utilizing the flash cache option on the X5-2.

 

At the conference, I recorded a ton of video interviews and tech tips across the Oracle spectrum. Be sure to subscribe to the OTN Database YouTube Channel as well as the OTN Architect/Middleware Channel to view other videos like this one from the UKOUG Tech15 Conference.

 

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png

The Oracle Linux team is pleased to announce the general availability of the Unbreakable Enterprise Kernel (UEK) Release 4 for Oracle Linux 6 and Oracle Linux 7.  This release, based on the 4.1 mainline kernel, delivers many important new features and enhancements engineered for modern cloud infrastructure.

  • Significant performance improvements through enhancements to features like automatic NUMA balancing and CPU schedulers, and the introduction of new features like zswap, zram, the LZ4 compression algorithm, network batch transmissions and low-latency network polling.
  • More options for boosting the security of systems and the applications they host. UEK Release 4 now includes kernel address space randomization, a new random number system call and updates in key areas like SELinux, nftables, SHA256 and SHA512.
  • Real-time kernel and userspace patching with Ksplice for Oracle Linux to simplify managing cloud infrastructure and improve security.
  • Support for key cloud technologies. Xen host and guest domain feature and performance enhancements, Open vSwitch and VXLAN improvements for networking, cgroups and namespace enhancements for linux containers and Docker.
  • Enhancements to Oracle Linux DTrace for dynamic, real-time system tracing on production systems
  • The production release and support of Ceph Storage for Oracle Linux Release 1.0, based on the upstream Firefly release
  • New real-time kernel features including timerless (tickless) multitasking and the addition of the deadline scheduling class
  • Enhanced infiniband features including improved protocols, drivers and firmware.
  • A number of updates to key areas such as XFS, Btrfs, Ext4, NFS, FUSE and the Overlay file systems.
  • A number of driver updates supporting the latest hardware.

This has been a major engineering effort that can benefit every Oracle Linux customer. For more information on this release, please review the release notes here.

Oracle Linux is available to download from the Oracle Software Delivery Cloud and the Oracle Yum repos.

Original Blog Post: https://blogs.oracle.com/linux/entry/announcing_the_general_availability_of4

 

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png
O_Solaris_clr.bmpO_FM_WebLogicServer_clr.bmp

 

Using Unified Archives to Deploy Oracle WebLogic Server Cluster on Oracle Solaris 11.2

 

For this Throwback Thursday, I found a great Hands On Lab (HOL) where you can investigate Using Unified Archives to Deploy Oracle WebLogic Server Cluster on Oracle Solaris 11.2, by Jie Shen, Lu Wang, and Yu Wang, from back in March of last year. This lab demonstrates how to use Oracle Solaris Unified Archives to speed up the process of setting up an Oracle WebLogic Server Cluster; an important skill since setting up an Oracle WebLogic Server Cluster can be a very time consuming task. Leveraging any tool in your toolbox that can speed it up is a wise thing to do.

 

In this lab, you will clone and deploy a VM (Oracle Solaris non-global zone) from an existing VM with Oracle WebLogic Server installed, and you will add the new virtual machine to the Oracle WebLogic Server cluster.

 

When this lab was made, Unified Archives was a new feature introduced in Oracle Solaris 11.2. Unified Archives unifies the archive requirements for Oracle Solaris virtual and physical environments, and enables moving to or from Oracle Solaris virtual or physical environments.

 

Note: Because of limitations on the length of the lab, they skipped step-by-step instructions for the Oracle Solaris and Oracle WebLogic Server Cluster installation and configuration. Please refer to following resources for more information and detailed instructions.


Hardware and Software Requirementsf2-2492484.gif

  • Memory requirement: 4 GB or more
  • Disk space requirement: 20 GB
  • Operating system: Oracle Solaris 11.2
  • Oracle WebLogic Server 12c (12.1.1)
  • JDK 1.7.0_67

See Also

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png

O_Solaris_11_trans.png

    Oracle Solaris 11 has an enormous amount of safety features that can help you protect your applications and your system. By learning how to properly manage and configure these features, you can figuratively turn your OS into 200 ft tall virtual New York City nightclub bouncers wearing bomb tech suits with tear gas, tasers, and handcuffs in a Pancho Villa style bandolier.

 

In this lab, you will learn about Privileges, RBAC (Rights and Authorizations), and Integration with Service Management Facility.

 

LAB: Protecting Your Applications with Oracle Solaris 11 Security

 

You don't have to be an expert for this lab to be valuable; but having a basic knowledge wouldn't hurt. As a prerequisite, please complete the "Installing Oracle Solaris 11 in Oracle VM VirtualBox" lab.

 

For additional resources, visit:

 

 

Plug Inbound!

Don't forget to follow OTN Systems Hub by clicking the "Follow" button at the top right of the page.

ic-Facebook-red.pngic-Twitter-red.pngic-Youtube-red.pngic-Blog-red.png