Install Ubuntu 17 on Oracle VirtualBox

Ubuntu is an open system  Linux-like operating system runs on Debian architecture. It can be used like Linux Server or a desktop. In this note ; I will show you how you can install the latest version of Ubuntu Desktop ( version 17) to Oracle Virtual Box.

Let’s start with downloading Ubuntu iso from

https://www.ubuntu.com/download/desktop

After downloading Ubuntu iso ; goto Oracle VirtualBox and Press ; New Button

Chosoe Linux as a type of Operating system and choose Ubuntu (64bit) as a type of Version

Capture1

Now choose memory size; The size of memory depend on what you want to with this desktop. If you want to use to learn some programming ( like Python) 1,5 GB will be enough, but if you want to use it like database server ; you should choose 2 GB and more.

Capture2

Now Choose Hard Disk type as shown below;

Capture3

And normally choose VDI  disk file type

Capture4

If you want to save disk on your host machine; Choose dynamically allocated hard disk. Because this kind of  disk fills up when you use it and it will shrink automatically.

Capture5

Now Choose File locatin and size. This completely depends on what you want to do in this computer. For example I chose 50 GB disk size. But Oracle VirtualBox  does not create a file with the size of 50 GB automatically, because I chose  Dynamically allocated Disk Type .

Capture6

Now Choose Storage part of the machine

Capture7

And attach your downloaded Ubuntu iso to CD  like bekow.

Capture8

And the most complicated part of the installation , skip this by choosing NAT ( Network Address Translation). I will explain this part in another note.

Capture9

Now save this configuration and start your virtual machine from Oracle VirtualBox .

And the Ubuntu installation will start

Capture10

I chose Download updates to get the latest updates during installation.

Capture11

If this is your new installation ; choose erase disk and Install Ubuntu

Capture12

Choose your location. As you know I am in the middle of the earth.

Capture13

and choose you language. Turkish is supported in Ubuntu as you know.

Capture14

And choose user name . This part is very important because in Ubuntu you do not need to use root user. Therefore just choose one user and its password. Guess my password 🙂

You will use this user for nearly everything.

Capture15

 

And Welcome to Ubuntu ;  installation will start

Capture16

 

And Ubuntu is ready  to use

 

Capture17

 

Thanks for everyone  for reading this note.

Anil Akduygu

https://www.linkedin.com/in/an%C4%B1l-akduygu-26129b28/

 

 

Advertisements

Applying July 2017 Oracle WebLogic Server Security Patch Part – 2

At this note ; I will show you how you can install July 2017 Oracle WebLogic Server Security Patch. At my first note I showed how you can download this security patch.

Now I assume that; you read the first note you downloaded B25A security patch.Now we can install it. Before your operation starts do not forget to take full backup of your system. This backup depends on your system configuration.

First go to Middleware home and set environments with below commands;

cd /oracle/Middleware/wlserver_10.3/server/bin
. setWLSEnv.sh
cd $MW_HOME/utils/bsu

to check environment variables, look at java version with below commands.
java weblogic.version

 WebLogic Server 10.3.6.0.170418 PSU Patch for BUG25388747 WED MAR 21 18:34:42 IST 2017                                                                                                                                              WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050

As you see;  I  installed April – 2017 security patch , because WebLogic server version is 10.3.6.0.170418 . Before staring upgrade get a detailed information about WebLogic applied patches with below command.

$ ./bsu.sh -prod_dir=/oracle/Middleware/wlserver_10.3  -status=applied -verbose -view

ProductName:       WebLogic Server                                                                             ProductVersion:    10.3 MP6                                                                                         Components:        WebLogic Server/Core Application Server,WebLogic Server/Administration Console,WebLogic Server/Configuration Wizard andUpgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Server,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBCDrivers,WebLogic Server/Third Party JDBC Drivers,WebLogic Server/WebLogic Server Clients,WebLogic Server/WebLogic Web S erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog ic Server/Evaluation Database,WebLogic Server/Workshop CoCompletion Support

BEAHome:           /oracle/Middleware                                                                      ProductHome:       /oracle/Middleware/wlserver_10.3                                          PatchSystemDir:    /oracle/Middleware/utils/bsu                                                          PatchDir:          /oracle/Middleware/patch_wls1036                                                            Profile:           Default                                                                                                  DownloadDir:       /oracle/Middleware/utils/bsu/cache_dir                            JavaVersion:       1.6.0_29                                                                                           JavaVendor:        Sun                                                                                                                        Patch ID:               RVBS                                                                                                    PatchContainer:    RVBS.jar                                                                                              Checksum:          1748595871                                                                                            Severity:          optional                                                                                                      Category:          General                                                                                                        CR/BUG:            25388747                                                                                                    Restart:           true                                                                                                               Description:       WLS PATCH SET UPDATE 10.3.6.0.170418                                                         WLS PATCH SET UPDATE 10.3.6.0.170418

 As you see; Download directory is

DownloadDir:       /oracle/Middleware/utils/bsu/cache_dir 

 And the latest applied patch is

PatchContainer:    RVBS.jar 

First we will deinstall  this patch and then we will install the latest patch.

cd /oracle/Middleware/utils/bsu

 ./bsu.sh -remove -patchlist=RVBS   -prod_dir=/oracle/Middleware/wlserver_10.3

Now we deinstalled the latest patch and check WebLogic server version.

java weblogic.version

WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050                                         Use ‘weblogic.version -verbose’ to get subsystem information                                                 Use ‘weblogic.utils.Versions’ to get version information for all modules

 Now our version is 10.3.6.0  and this is the base release. Now we can apply July-2017 security patch. Now put the downloaded patch file into

DownloadDir:       /oracle/Middleware/utils/bsu/cache_dir 

And start applying patch with the below command:

./bsu.sh -install -patchlist=B25A -prod_dir=/oracle/Middleware/wlserver_10.3

Checking for conflicts….                                                                                                                     No conflict(s) detected                                                                                                               Installing Patch ID: B25A..                                                                                                             Result: Success

 As you see; Result is success and check WebLogic Server version again.

java weblogic.version

WebLogic Server 10.3.6.0.170718 PSU Patch for BUG25869650 MON JUNE 05 18:34:42 IST 2017                                                                                                                                            WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050

Now our version is 10.3.6.0.170718 this is correct version.

Thanks for reading this note.

Anil.

Oracle July 2017 Critical Patch Update

Oracle July 2017 Critical Patch Update (CPU)  has been released on this page. This CPU includes 308 new security fixes across all Oracle products. A Critical Patch Update (CPU) is a collection of patches for  security vulnerabilities and these are released in cumulative manner.

In  Document ID 2282980.1 ( metalink note ) you can find Executive Summary and Analysis for Oracle 2017 july CPU.

At this note; I will give brief information about the critical vulnerabilities which are solved in this CPU.  I especially will give information about very critical vulnerabilities. The importance of the vulnerabilities are scored by  Common Vulnerability Scoring System v3.0 and according to this classification the CVVS score between 9 and 10 is called critical vulnerabilities.  The important point of these vulnerabilities is you can compromise a  system without authentication on the network.

Let’s start with Database CPUs

In this patch there is a solution for CVE-2017-10202;  Vulnerability in the OJVM component of Oracle Database Server.  This vulnerability remotely exploitable without authentication. It is CVVS score is 9.9 and it is very high if you compare this score with other patches in 2017 . This is the maximum score in 2017.

Capture

And if you look at ; Oracle Fusion Middleware patches you will see; CVE-2017-10137 (JINDI)  CVSS Base Score: 10.0 . By HTTP protocol intruder can easily compromise  Oracle WebLogic Server without authentication.

Capture

And another very important patches for MYSQL database is CVE-2016-4436 (Apache Struts 2). It is score is 9.9. An  attacker can compromise MYSQL database via  HHTP over TLS without authentication

Capture

As you see ; there are very important solutions for security vulnerabilities in July-2017 CPU. Therefor I advice you to  apply this CPU in mean time.

Starting to Pyton – Python Installation on Windows

In this note; I will show you how you can install Python to your Windows system.

If you have any Linux, Unix or Mac machines. You will see that ; Python is already installed. For example at my virtual Linux system Python is already installed as you see on the below picture.

Capture

 

But this is a Python 2 . In this note I will show you how you can install Python 3.

Actually There is no to many differences between Python 2 and Python 3 .  Now the  most widely used libraries have been ported to Python 3 and for new projects I advice you to start with Python 3.

Before starting to install Python 3 , Please check that Python is already installed to your windows. Now  we can download Python 3 from this web site.

https://www.python.org/downloads/

Capture

And run python-3.6.1 from downloaded directory. At my computer I already download Python 3 therefore when I start python-3.6.1.exe below screen will appear.

 

Capture

If your first installation please check Custom installation . Because If you choose default installation ; The installation directory will be under your user directory.  The best way is to choose default installation and install Python 3 to a directory named like c:\Python361

Go on Custom installation; Choose all optional Features

Capture

Then Press Next; At Advanced Options choose a directory to install Python

Capture

wait for a while; and Python is installed and start it with a command “python” in installed directory

Capture

I can  put the python directory in PATH variable. By this way you can call python from any directory at your system

Capture

Now you can play with your python.

 

Connect Oracle from Python in Windows

Python is a  very popular programming language that can be used for general purposes. It is an interpreted language with object-oriented features. At my blog I will give some information about Python how you can use it for database security subjects. at this note I will explain how you can connect Oracle from Python . I assume that you already installed Python to your PC. In the future at another note I will explain how you can install and run Python at your Windows Client.

In order to connect Oracle from Python in Windows  ; you need to downloads and install Python interface to Oracle from this website

https://pypi.python.org/pypi/cx_Oracle

According to your installation choose 32 bit or 64 bit module.

Capture

Put this interface into Scripts directory  ( C:\Python361\Scripts )  and run pip program with install option

pip install cx_Oracle-6.0rc1-cp36-cp36m-win32.whl

Now you installed Oracle interface for Python. The second operation is to make reachable oci.dll from Python to call Oracle libraries.

For this reason you need to install Oracle instant client. You can download Oracle instant client from below websites.

http://www.oracle.com/technetwork/topics/winx64soft-089540.html  ( 64 bit )

or

http://www.oracle.com/technetwork/topics/winsoft-085727.html  ( 32 bit)

At this website you can see many packages to download but only Oracle Instant Client package is enough for Python.

I download both of them and I put them in different directories. You have to just unzip these packages like below.

Capture

 

Capture

 

Now you have to add the directory of the instant package into PATH environment variable like below. To change PATH variable follow below steps

In Control  Panels choose System;

Capture

From this page choose Advanced system settings

Capture

choose Environment Variables;

In Environment Variables; choose PATH and add Oracle Instant Client path.

Capture

After changing PATH variable I advice to restart your client.

Now you can use Python module cx_Oracle to connect  Oracle database. I wrote below program to check cx_Oracle module. This program connects to an Oracle database and shows its version. At the same time It executes a small query to get database name

 

Capture

you can get the source of this code from github

https://github.com/yusufanilakduygu/Wordpress-Posts/blob/master/connect-oracle-from-python-in-windows

Check the program. Simply run it. You should get below result.

Capture

Now you installed and configured Oracle package in Python. You can use it your projects.

 

Oracle DB Vault New Features in Oracle 12c R1 – Part 2 : Enabling DB Vault

In this article I will continue to describe the changes in Oracle DB Vault in  Oracle 12c version.

At the below note I explained the changes at DB Vault installation . At this note I will show you what has been changed to enable and disable DB Vault in Oracle 12c version.

https://yusufanilakduygu.wordpress.com/2017/04/16/oracle-db-vault-new-features-in-oracle-12c-changes-at-db-vault-installation/

The major changes is you have to connect to database as DB vault owner to disable and enable DB Vault in Oracle 12c. But in Oracle 11g version ,  oracle operating system user can enable and disable Oracle DB Vault. It means that ;  Oracle DBA can change DB vault status in Oracle 11g . But in version Oracle 12c only DB Vault owner can do this.

This is a big change and It makes DB Vault much more secure in Oracle 12c.

In Oracle 11g version

In Oracle 11g , you can disable and enable DB Vault bu only chopt command. Only oracle user ( operation system user ) can run this command from operating system. DBAs can disable Oracle DB Vault in Oracle 11g version and then after making changes at the Database DBAs can enable Oracle DB Vault without asking the Database Security officer. This is an insecure situation and Oracle changed it in Oracle 12c version.

Enable DB Vault in Oracle 11g

Shutdown the database
CONNECT SYS AS SYSOPER
Enter password: password

SHUTDOWN IMMEDIATE

Enable Oracle DB Vault

$ chopt enable lbac

$ chopt enable dv

And then startup the database

CONNECT SYS AS SYSOPER
Enter password: password

STARTUP

DISABLE DB Vault in Oracle 11g

Shutdown the database
CONNECT SYS AS SYSOPER
Enter password: password

SHUTDOWN IMMEDIATE

Disable  Oracle DB Vault

$ chopt disable dv

$ chopt disable lbac

And then startup the database

CONNECT SYS AS SYSOPER
Enter password: password

STARTUP

In Oracle 12c version

In Oracle 12c version you have to connect the database with an account which is a database owner. Simple; database owner can enable and disable Oracle DB vault in Oracle 12c version. And this is much more secure if you compare it with Oracle 11g version.

Enable DB Vault in Oracle 12c

connect as the Oracle Database Owner (DV_OWNER) account, and then enable Oracle Database Vault.

SQL> CONNECT dvowner
Enter password:
Connected.
SQL> EXEC DBMS_MACADM.ENABLE_DV;
PL/SQL procedure successfully completed.
SQL> commit;
Commit complete.

Note ; If Oracle Label security is not enabled before , You should enable it

CONNECT SYS AS SYSDBA
Enter password: password

EXEC LBACSYS.CONFIGURE_OLS;
EXEC LBACSYS.OLS_ENFORCEMENT.ENABLE_OLS;

and then restart the database;

CONNECT SYS AS SYSOPER
Enter password: password

SHUTDOWN IMMEDIATE

STARTUP 

Disable  DB Vault in Oracle 12c

connect as the Oracle Database Owner (DV_OWNER) account, and then disable Oracle Database Vault.

SQL> CONNECT dvowner
Enter password:
Connected.
SQL> EXEC DBMS_MACADM.DISABLE_DV;
PL/SQL procedure successfully completed.
SQL> commit;
Commit complete.

and then restart the database;

CONNECT SYS AS SYSOPER
Enter password: password

SHUTDOWN IMMEDIATE

STARTUP 

 

Finding Oracle Users with Import – Export Privileges – 2

Oracle Users with  IMPORT/EXPORT  role -2  DATAPUMP_IMP_FULL_DATABASE

Export utilities are used for extracting database objects and data from database to a file, and Import utilities are used for importing these extracted files into databases. In order to run IMPORT/EXPORT utilities you would have to have system roles which are given below.

  • IMP_FULL_DATABASE
  • DATAPUMP_IMP_FULL_DATABASE
  • EXP_FULL_DATABASE
  • DATAPUMP_EXP_FULL_DATABASE

These privileges should only be granted to authorized users. Normally database administrators should perform export and import operations. Therefore during our database assessment; we should find that these grants would only be given to DBA users.

If you want to list Oracle users  ( or roles ) which have DATAPUMP_IMP_FULL_DATABASE system role,  we could use the below query.  This query is developed by hierarchical query technique. Same query can be used on Oracle 11g and Oracle 12c versions.

Capture

The text version of the SQL are given below
SELECT
DISTINCT A.GRANTEE,
A.GRANTED_ROLE,
‘DATAPUMP_IMP_FULL_DATABASE’ GRANTED_CRITIC_ROLE
FROM
(
SELECT
DISTINCT LEVEL LEVEL_DEEP,
GRANTEE,
GRANTED_ROLE
FROM
DBA_ROLE_PRIVS
START WITH GRANTED_ROLE = ‘DATAPUMP_IMP_FULL_DATABASE’
CONNECT BY PRIOR GRANTEE = GRANTED_ROLE
) A,
DBA_USERS B
WHERE
A.GRANTEE = B.USERNAME
AND B.USERNAME NOT IN(
‘SYSTEM’,
‘SYS’
)
AND B.ACCOUNT_STATUS = ‘OPEN’;

 

In order to list users with DATAPUMP_IMP_FULL_DATABASE   in the multitenant architecture, we use the below query.

 

Capture

The text version of this query is given below.

SELECT
DISTINCT A.GRANTEE,
A.GRANTED_ROLE,
B.COMMON,
C.NAME,
‘DATAPUMP_IMP_FULL_DATABASE’ GRANTED_CRITIC_ROLE
FROM
(
SELECT
DISTINCT LEVEL LEVEL_DEEP,
GRANTEE,
GRANTED_ROLE,
CON_ID
FROM
CDB_ROLE_PRIVS
START WITH GRANTED_ROLE = ‘DATAPUMP_IMP_FULL_DATABASE’
CONNECT BY PRIOR GRANTEE = GRANTED_ROLE
AND PRIOR CON_ID = CON_ID
) A,
CDB_USERS B,
V$CONTAINERS C
WHERE
A.GRANTEE = B.USERNAME
AND B.USERNAME NOT IN(
‘SYSTEM’,
‘SYS’
)
AND B.ACCOUNT_STATUS = ‘OPEN’
AND A.CON_ID = C.CON_ID
AND B.CON_ID = C.CON_ID ;

 

Finding  users with  EXP_FULL_DATABASE Role;

Capture

And the last one DATAPUMP_EXP_FULL_DATABASE ;

Capture.JPG

 

Now look the the same SQLs in Multitenant Architecture ;

EXP_FULL_DATABASE Role for Multitenant Architecture

Capture

 

And the last one DATAPUMP_EXP_FULL_DATABASE for Multitenant Architecture

Capture

 

If we want to revoke IMPORT/EXPORT privileges from a user;  we could use below commands

 

REVOKE IMP_FULL_DATABASE FROM UserName;

REVOKE DATAPUMP_ FULL_DATABASE FROM UserName;

REVOKE EXP_FULL_DATABASE FROM UserName;

REVOKE DATAPUMP_EXP_FULL_DATABASE FROM UserName;