AIX IP filtering and Oracle
 
Home Help Login Register
*
Welcome, Guest. Please login or register. July 30, 2010, 12:06:07 PM


Login with username, password and session length


Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: AIX IP filtering and Oracle  (Read 700 times)
0 Members and 1 Guest are viewing this topic.
Michael
Administrator
Hero Member
*****
Posts: 676
« Reply #1 on: March 12, 2010, 05:07:35 PM »
A couple of things that you can do to troubleshoot this is log the ipsec filtering activity.

lsfilt -v4 -O will list all the current rules - logging might be disabled on the rules. If so, you will need to modify the rules using smitty, or the chfilt command.

In /etc/syslogd.conf add a line like:
local4.info            /data/logs/syslog/local4.info     rotate time 1d size 1m

and before refreshing the syslogd touch the file name. Files must exist beforehand or syslogd will not write to them.

then run the command:

mkfilt -g start -v 4

to actiually start the logging.

lsfilt -v4 -a lists the active filters - the dynamic deny filters are the ones created by the SHUN mechanism.
Logged
Popesy
Registered
*
Posts: 1
« on: March 10, 2010, 08:52:15 AM »
Hi

Running AIX6.1 with oracle 10.2g.  I am currently using aixpert to harden the OS.  The high settings have been applied (with all the usual precautions i.e. not locking root), however there is one sticky point - using 'shun' host/port with the IPSec element of the 'high' level configuration.

As I understand it the shun config protects various ports, that is ok - but it seems to stop oracle working.  I am not a DBA, but understand that oracle uses port 1521 (maybe others as an increment on this port) and not any of  the ports that are configured to be protected by the 'shun' setting.

Any thoughts of how I may overcome this?

I guess I could potentially drop the IPSec config altogether, but I would like to understand why Oracle reacts as it does.

Cheers

JP
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM
Page created in 0.511 seconds with 19 queries.



eXTReMe Tracker
Terms of Use and Privacy and Security Policies
Copyright 2001-2010 Michael Felt, John R Peck and ROOTVG.NET