Install Ubuntu 17 on Oracle VirtualBox

Ubuntu is an open system  Linux-like operating system runs on Debian architecture. It can be used like Linux Server or a desktop. In this note ; I will show you how you can install the latest version of Ubuntu Desktop ( version 17) to Oracle Virtual Box.

Let’s start with downloading Ubuntu iso from

https://www.ubuntu.com/download/desktop

After downloading Ubuntu iso ; goto Oracle VirtualBox and Press ; New Button

Chosoe Linux as a type of Operating system and choose Ubuntu (64bit) as a type of Version

Capture1

Now choose memory size; The size of memory depend on what you want to with this desktop. If you want to use to learn some programming ( like Python) 1,5 GB will be enough, but if you want to use it like database server ; you should choose 2 GB and more.

Capture2

Now Choose Hard Disk type as shown below;

Capture3

And normally choose VDI  disk file type

Capture4

If you want to save disk on your host machine; Choose dynamically allocated hard disk. Because this kind of  disk fills up when you use it and it will shrink automatically.

Capture5

Now Choose File locatin and size. This completely depends on what you want to do in this computer. For example I chose 50 GB disk size. But Oracle VirtualBox  does not create a file with the size of 50 GB automatically, because I chose  Dynamically allocated Disk Type .

Capture6

Now Choose Storage part of the machine

Capture7

And attach your downloaded Ubuntu iso to CD  like bekow.

Capture8

And the most complicated part of the installation , skip this by choosing NAT ( Network Address Translation). I will explain this part in another note.

Capture9

Now save this configuration and start your virtual machine from Oracle VirtualBox .

And the Ubuntu installation will start

Capture10

I chose Download updates to get the latest updates during installation.

Capture11

If this is your new installation ; choose erase disk and Install Ubuntu

Capture12

Choose your location. As you know I am in the middle of the earth.

Capture13

and choose you language. Turkish is supported in Ubuntu as you know.

Capture14

And choose user name . This part is very important because in Ubuntu you do not need to use root user. Therefore just choose one user and its password. Guess my password 🙂

You will use this user for nearly everything.

Capture15

 

And Welcome to Ubuntu ;  installation will start

Capture16

 

And Ubuntu is ready  to use

 

Capture17

 

Thanks for everyone  for reading this note.

Anil Akduygu

https://www.linkedin.com/in/an%C4%B1l-akduygu-26129b28/

 

 

Advertisements

Oracle Security Alert CVE-2017-10151

Oracle announced a new security Alert CVE-2017-10151 . This is   affecting only Oracle Identity Manager. Nothing to do with Oracle database or any other products. This vulnerability is remotely exploitable without authentication. Ant it is base score is 10.0.

It means it is very critical.

The Patch Availability Document is Doc ID 2322316.1

( Oracle Security Alert CVE-2017-10151 Patch Availability Document for Oracle Identity Manager (Doc ID 2322316.1)

The workaround is very simple; Just change the password for the user OIMINTERNAL.

If you use Oracle Identitiy Manager use this workaround as soon as possible.

Thanks

Anıl Akduygu

https://www.linkedin.com/in/an%C4%B1l-akduygu-26129b28/

 

Oracle Critical Patch Update-October2017

Oracle announced  Critical Patch Update – October 2017 today. More or less this PSU  affects all Oracle Products.The general document that covers all information about October-2017 PSU is found in the Metalink.

Patch Set Update and Critical Patch Update October 2017 Availability Document (Doc ID 2296870.1)

At this note; we will focus on Oracle Database , Oracle WebLogic Server and Mysql products.

Let’s start with Oracle Database;

This PSU contains two important new security fixes for Oracle database. With these vulnerabilities , Oracle database may be exploited over a network without requiring user credentials. The base score of these vulnerabilities is 8.8. If you compare these scores with July-2017 PSU, these scores are low.

Actually , there are 6 new security fixes at this PSU. But I will show only two critical fixes at this note.

Screen Shot 2017-10-18 at 22.15.55

If you want to apply these patches ; you can find them at Metalink

For Oracle Database 12.2.0.1

Patch 26636246: COMBO OF OJVM RU COMPONENT 12.2.0.1.171017 + GIRU 12.2.0.1.171017

For Oracle Database 12.1.0.2

Patch 26636270: COMBO OF OJVM COMPONENT 12.1.0.2.171017 DBPSU + DBPSU 12.1.0.2.171017

For Oracle Database 11.2.0.4

Patch 26636315: COMBO OF OJVM COMPONENT 11.2.0.4.171017 DB PSU + DB SPU 11.2.0.4.171017

Continue with Oracle Fusion Middleware. The Base score for this product starts from 9.8. It is very high if you compare to Oracle Database. Screen Shot 2017-10-18 at 22.26.30

 

If you want to install this PSU. You can find patch from Doc ID 2296870.1

Patch number for Oracle WebLogic Server are given below.

Screen Shot 2017-10-18 at 22.28.24

Now go on with MySQL; It is base score is lower than Oracle Database and two of them are criticalScreen Shot 2017-10-18 at 22.32.33

As a result; I advice you to apply this PSU as soon as earlier.

Data Redaction Part – 2 Full Redaction

At this note ; we will start to work on Data Redaction by explaining Full Redaction . If you want to get a brief introduction about Data Redaction ; you can read the first  part of this note.

Let’s start with Full Redaction.

Put in a simple ; in Full Redaction ; The table columns are completely masked.
Numeric columns become 0 and character columns become a space character.

Let’s show it with an example. In the example ; we will redact salary column (SAL) column of  SCOTT.EMP table.  First start our application user. We will use this user to check how SAL column  is redacted.

c1

 

Now  check the original table. ( The emp table of Scott user ).  Before redaction all columns are visible as you see.

 

c3

 

Now by using DBMS_REDACT package we will redact SAL column. Simply by using add_policy procedure we can create a policy and add a column to this policy. The parameters of add_policy procedures are self explained. Therefore I am not given any explanation about these parameters. But the only expression parameter is very important.  The expression parameter should contain a logical expression. If the expression is TRUE, column mentioned in the column_name parameter  will be  redacted. If the expression is FALSE , the column will not redacted. In this example I use a simple logical expression which is ‘1=1’. As you know It is always TRUE. This redacts SAL column for all users ( except users who have EXEMPT REDACTION POLICY privilege – I will explain it in the next note)

c4

Now Check redaction polices by querying REDACTION_POLICIES view.

 

c5

If you want to query which column is redacted , you can use REDACTION_COLUMNS view.

 

c6

Lets’s check Data redaction is working on or not. You can check it with  previously created user USERA01. Connect with this user and query; SCOTT.EMPT table

As you see; All SAL column is redacted with 0. As a result ; USERA01 can not see the salary of employees.

c7

I hope that this small example will be a good start for  the Data Redaction. I will explain this subject with examples in the next notes.

You can find all these scripts at github

And one more thing ; If you want to get much more information about Data Redaction; you can read my book . It is written by Turkish language  but the examples will be very beneficial.

Anil Akduygu

 

 

 

 

Introduction to Data Redaction part -1

Data Redaction option is a part of Oracle Advanced Security.  Oracle Advanced Security ( OAS ) can be used after Oracle 11.2.0.4 version and  it is a licensed product. You do not need to make any special installation to use Oracle Advanced Security. Just there are some database codes ( packages) to use OAS options. In this note and the following notes I will show you can use Data Redaction option of OAS .  First let’s me explain what is Data Redaction and where you can use it.

Data Redaction can bu used for  masking sensitive data by using special security policies. Data is masked at the database level and can not be seen on the network as well. The important point is; you do not need to change your applications to mask data. Data is masked for only special logins which are defined by security policies. Applications can reach data as usual. Data can be seen from applications.  Especially ; This product is used to hide the data when connected from ad-hoc query tools ( like SQLPlus or TOAD ).

With the Data Redaction option, we use one of the following methods to hide data.

Full Redaction :  The table columns are completely masked.
numeric columns become 0 and varchar columns become a space character.

Partial Redaction : Only a certain part of the a column is redacted.
For example, a part of the column is masked with ‘*’ character

Regular Expressions:  It is used to mask  a specific part of the data for character columns of different sizes

Random Redaction:  Depending on the type of colon, the data  is redacted randomly.

No Redaction :  In this type of redaction, there is no change in the data. This redaction is used to test the effect of the redaction on the database performance.

Now I gave a brief introduction on the Data Redaction. On the following notes ; we will work on all these redaction types with examples.

Thanks.

Anıl Akduygu.

 

Masking Data according to User roles in Oracle Database with Data Redaction

At this note I will show to you how you can mask data according to the role of users by using Data Redaction. Actually I will not explain Data Redaction in detail , I assume that you already know about Data Redaction. But in the future I will give detailed information about Oracle Advanced Security and Data Redaction.

Now in this note we will use Data Redaction to mask data according to session roles. Virtual Private database can be used instead of Data Redaction. I will show it in the another note.

I will explain this subject with a sample. In the sample we have an user which holds data (rep_user) , application user ( app_user which can see all data ) and inq_user ( data will be masked for this user) . At the example; Only users which have a special role (redact_role) can not be affected by data redaction policy.

Let’s build up the environment and create users.

First ;  Create rep_user

Capture

Create app_user

Capture

Create inq_user and redact_role

Capture

Capture

 

We simple create a table with one  column and we mask this column with data redaction.

Capture

Insert some data to this table and grant this table to app_user and inq_user

Capture

Now app_user and inq_user can select this table as below

Capture

Now create Data Redaction policy to hide data

Capture

And according to our policy only users with redact_role can not be affected by this policy.

To do this grant redact_role to app_user;

Capture

 

And now app_user can see the masked data but other users( inq_user)  can not reach this data.

Lets’s test it

Capture

Masked numeric data can be seen as 0  in Data Redaction ( on default).

As you see we can hide data according to user’s role by using SYS_CONTEXT function. You can change this case according to your needs.

you can reach all scripts from github

Thanks.

Anıl Akduygu

Applying July 2017 Oracle WebLogic Server Security Patch Part – 2

At this note ; I will show you how you can install July 2017 Oracle WebLogic Server Security Patch. At my first note I showed how you can download this security patch.

Now I assume that; you read the first note you downloaded B25A security patch.Now we can install it. Before your operation starts do not forget to take full backup of your system. This backup depends on your system configuration.

First go to Middleware home and set environments with below commands;

cd /oracle/Middleware/wlserver_10.3/server/bin
. setWLSEnv.sh
cd $MW_HOME/utils/bsu

to check environment variables, look at java version with below commands.
java weblogic.version

 WebLogic Server 10.3.6.0.170418 PSU Patch for BUG25388747 WED MAR 21 18:34:42 IST 2017                                                                                                                                              WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050

As you see;  I  installed April – 2017 security patch , because WebLogic server version is 10.3.6.0.170418 . Before staring upgrade get a detailed information about WebLogic applied patches with below command.

$ ./bsu.sh -prod_dir=/oracle/Middleware/wlserver_10.3  -status=applied -verbose -view

ProductName:       WebLogic Server                                                                             ProductVersion:    10.3 MP6                                                                                         Components:        WebLogic Server/Core Application Server,WebLogic Server/Administration Console,WebLogic Server/Configuration Wizard andUpgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Server,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBCDrivers,WebLogic Server/Third Party JDBC Drivers,WebLogic Server/WebLogic Server Clients,WebLogic Server/WebLogic Web S erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog ic Server/Evaluation Database,WebLogic Server/Workshop CoCompletion Support

BEAHome:           /oracle/Middleware                                                                      ProductHome:       /oracle/Middleware/wlserver_10.3                                          PatchSystemDir:    /oracle/Middleware/utils/bsu                                                          PatchDir:          /oracle/Middleware/patch_wls1036                                                            Profile:           Default                                                                                                  DownloadDir:       /oracle/Middleware/utils/bsu/cache_dir                            JavaVersion:       1.6.0_29                                                                                           JavaVendor:        Sun                                                                                                                        Patch ID:               RVBS                                                                                                    PatchContainer:    RVBS.jar                                                                                              Checksum:          1748595871                                                                                            Severity:          optional                                                                                                      Category:          General                                                                                                        CR/BUG:            25388747                                                                                                    Restart:           true                                                                                                               Description:       WLS PATCH SET UPDATE 10.3.6.0.170418                                                         WLS PATCH SET UPDATE 10.3.6.0.170418

 As you see; Download directory is

DownloadDir:       /oracle/Middleware/utils/bsu/cache_dir 

 And the latest applied patch is

PatchContainer:    RVBS.jar 

First we will deinstall  this patch and then we will install the latest patch.

cd /oracle/Middleware/utils/bsu

 ./bsu.sh -remove -patchlist=RVBS   -prod_dir=/oracle/Middleware/wlserver_10.3

Now we deinstalled the latest patch and check WebLogic server version.

java weblogic.version

WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050                                         Use ‘weblogic.version -verbose’ to get subsystem information                                                 Use ‘weblogic.utils.Versions’ to get version information for all modules

 Now our version is 10.3.6.0  and this is the base release. Now we can apply July-2017 security patch. Now put the downloaded patch file into

DownloadDir:       /oracle/Middleware/utils/bsu/cache_dir 

And start applying patch with the below command:

./bsu.sh -install -patchlist=B25A -prod_dir=/oracle/Middleware/wlserver_10.3

Checking for conflicts….                                                                                                                     No conflict(s) detected                                                                                                               Installing Patch ID: B25A..                                                                                                             Result: Success

 As you see; Result is success and check WebLogic Server version again.

java weblogic.version

WebLogic Server 10.3.6.0.170718 PSU Patch for BUG25869650 MON JUNE 05 18:34:42 IST 2017                                                                                                                                            WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050

Now our version is 10.3.6.0.170718 this is correct version.

Thanks for reading this note.

Anil.