Skip to Main Content

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

oratab populated, but 11G database doesn't start

user596857Jul 21 2009 — edited Jul 23 2009
I've installed Oracle 11g on Redhat 5.
And created a database with dbca.
And set the oratab for it to start on boot.

But the database does not start on boot.

I noticed that there is more than one oratab file:



find / -type f -iname "oratab"

/etc/oratab
/oracle/oracle11/product/11.1.0/db_1/install/oratab


cat /etc/oratab

test:/oracle/oracle11/product/11.1.0/db_1:Y

The other file was empty:

ls -l /oracle/oracle11/product/11.1.0/db_1/install/oratab
-rwxr-xr-x 1 oracle11 dba 0 Jul 20 19:45 /oracle/oracle11/product/11.1.0/db_1/install/oratab

But I added the lines from the one file to the other.
And it still didn't come up when I rebooted.


Is 11G different from the previous versions?

What is the secret to getting the database to come up
automatically after rebooting the machine?

Thanks

Comments

Joerg.Sobottka

Well, you need an open port to establish the communication to the database. 1521 is default, you can change that to something else, but then you will find the new port "open".

If the port is closed, no application would be able to connect to the database.

If you do have an Enterprise Edition database, you could hide your database behind a connection manager proxy and close the ports from all other hosts at your firewall.

Pablo Escalera

Good afternoon,

As you told before, I have the same issue changing the port.

We don`t have enterprise and each customer has its own server with their databases, so I need a general workaround. In that scenario, customer manages his firewall, proxy... so I would like find out an Oracle solution.

I will wait and see if anyone can help.

Thanks a lot for your help.

Best regards.

Joerg.Sobottka

As I said, you need open ports, otherwise the applications can't connect.

What do you want to see? That nmap tolds you, the port is closed? That will not happen - or the applications are "death"....

Pablo Escalera

My fear is that through this kind of application (nmap shows port, Oracle version...), someone shows our version and knows its vulnerabilities, which could put the information at risk.

I want to avoid get this kind of information outside the server.

pmdba

Connection Manager is distributed with the Oracle Client; it does not require Enterprise Edition to my knowledge. There's a paper here on how to configure it (written for 11g, but still works with 12c).

That said, from what perspective was nmap run? From a trusted host on the local network with the server, or from an external host outside of the server's "circle of trust"? In other words, what is an attacker most likely to see? This is about managing risk, so if the server's ports are generally protected by firewalls from outside access, then I wouldn't worry as much about nmap output from a trusted client. If the server is going to be exposed completely (BAD IDEA!), then I would configure the local OS firewall to block all traffic to that port except from trusted clients, like known application servers. In the end I think the only way to manage this is with a networking solution; I don't believe there's an option available in the Listener configuration to suppress that information from being returned.

One other thing: nmap and other scanners often leave distinctive traces in the listener logs. You should be monitoring for those in real-time as a counter-measure.

pmdba

The specific vulnerability that you mentioned - CVE-2012-1675 - is mitigated through the use of Oracle's Valid Node Checking for Registration (VNCR), which is a configuration option in listener.ora. If you haven't already, you should check that out here:

Oracle Net 12c: Valid Node Checking For Registration (VNCR) (Doc ID 1600630.1)

Just note that this solution doesn't suppress the listener response to nmap, as you were asking about.

Joerg.Sobottka

pmdba: From the 19c manual: "Oracle Connection Manager is available for installation with Oracle Database 12c Enterprise Edition. It is a custom installation option on the Client disk."

Sorry, but I do a lot of licensing things also

I think the OP does try to reach something that isn't possible without installing firewalls (even locally) and/or Connection Manager in addition.

1 - 7
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Aug 20 2009
Added on Jul 21 2009
11 comments
6,701 views