Symantec⢠Data Loss Prevention Oracle Installation and Upgrade
Symantec™ Data Loss Prevention Oracle Installation and Upgrade Guide Version 10.0 1-0800-1000-2009-12-01 Symantec Data Loss Prevention Oracle Installation and Upgrade Guide The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: 10.0 Legal Notice Copyright © 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Technical Support Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec’s maintenance offerings include the following: ■ A range of support options that give you the flexibility to select the right amount of service for any size organization ■ Telephone and Web-based support that provides rapid response and up-to-the-minute information ■ Upgrade assurance that delivers automatic software upgrade protection ■ Global support that is available 24 hours a day, 7 days a week ■ Advanced features, including Account Management Services For information about Symantec’s Maintenance Programs, you can visit our Web site at the following URL: www.symantec.com/techsupp/ Contacting Technical Support Customers with a current maintenance agreement may access Technical Support information at the following URL: www.symantec.com/techsupp/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: ■ Product release level ■ Hardware information ■ Available memory, disk space, and NIC information ■ Operating system ■ Version and patch level ■ Network topology ■ Router, gateway, and IP address information ■ Problem description: ■ Error messages and log files ■ Troubleshooting that was performed before contacting Symantec ■ Recent software configuration changes and network changes Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/techsupp/ Customer service Customer service information is available at the following URL: www.symantec.com/techsupp/ Customer Service is available to assist with the following types of issues: ■ Questions regarding product licensing or serialization ■ Product registration updates, such as address or name changes ■ General product information (features, language availability, local dealers) ■ Latest information about product updates and upgrades ■ Information about upgrade assurance and maintenance contracts ■ Information about the Symantec Buying Programs ■ Advice about Symantec's technical support options ■ Nontechnical presales questions ■ Issues that are related to CD-ROMs or manuals Maintenance agreement resources If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows: Asia-Pacific and Japan customercare_apac@symantec.com Europe, Middle-East, and Africa semea@symantec.com North America and Latin America supportsolutions@symantec.com Additional enterprise services Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following: Symantec Early Warning Solutions These solutions provide early warning of cyber attacks, comprehensive threat analysis, and countermeasures to prevent attacks before they occur. Managed Security Services These services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats. Consulting Services Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring, and management capabilities. Each is focused on establishing and maintaining the integrity and availability of your IT resources. Educational Services Educational Services provide a full array of technical training, security education, security certification, and awareness communication programs. To access more information about Enterprise services, please visit our Web site at the following URL: www.symantec.com Select your country or language from the site index. Contents Technical Support ............................................................................................... 4 Chapter 1 Installing Oracle 10g on Windows ..................................... 9 About the Oracle 10g Installation ..................................................... 9 Installing Oracle 10g ..................................................................... 10 Oracle Software to Download ......................................................... 11 Installing Oracle 10g Release 10.2.0.1 .............................................. 12 Installing Oracle 10g Patchset 10.2.0.4 ............................................. 13 Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener ...................................................... 14 Creating the Symantec Data Loss Prevention database .................. 15 Creating the TNS Listener ........................................................ 17 Configuring the TNS Listener ................................................... 18 Verifying tnsnames.ora contents .............................................. 20 Creating the Protect Oracle User Account ................................... 21 Locking the DBSNMP Oracle User Account ................................. 21 Verifying the Symantec Data Loss Prevention Database ................ 22 Installing the Critical Patch Update ................................................. 23 Adding More Data Files ................................................................. 23 Backing Up the Symantec Data Loss Prevention Database .................... 25 Auditing Unsuccessful Logon Attempts ............................................ 26 About the Oracle 10g Client Software ............................................... 28 Chapter 2 Upgrading to Oracle 10g 10.2.0.4 on Windows ............ 29 Upgrading to Oracle 10g 10.2.0.4 for Windows .................................. Backing Up the Symantec Data Loss Prevention Database .................... Oracle 10g 10.2.0.4 Software to Download ........................................ Checking for Invalid Objects ........................................................... Installing the Oracle 10g Patchset 10.2.0.4 ........................................ Upgrading the Symantec Data Loss Prevention Database ..................... Shutting Down Services .......................................................... Running the Oracle Database Upgrade Assistant .......................... Completing the Database Upgrade ............................................. Installing the Critical Patch Update ................................................. 29 30 30 31 31 33 33 33 35 37 8 Contents Chapter 3 Installing Oracle 10g on Linux .......................................... 39 About Oracle 10g Installation ......................................................... Installing Oracle 10g ..................................................................... Oracle Software to Download ......................................................... Installing Oracle 10g Release 10.2.0.1 .............................................. Performing the Preinstallation Steps ......................................... Installing the Oracle 10g Release 10.2.0.1 software ....................... Installing Oracle 10g Patchset 10.2.0.4 ............................................. Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener ...................................................... Creating the Symantec Data Loss Prevention Database ................. Creating the TNS Listener ........................................................ Configuring the TNS Listener ................................................... Verifying tnsnames.ora contents .............................................. Creating the Oracle User Account for Symantec Data Loss Prevention ...................................................................... Locking the DBSNMP Oracle User Account ................................. Configuring Automatic Startup and Shutdown of the Database ........................................................................ Verifying the Symantec Data Loss Prevention Database ................ Installing the Critical Patch Update ................................................. Adding More Data Files ................................................................. Backing Up the Symantec Data Loss Prevention Database .................... Auditing Unsuccessful Logon Attempts ............................................ About the Oracle 10g Client Software ............................................... Chapter 4 51 51 55 56 57 58 58 59 59 61 61 62 64 65 Upgrading to Oracle 10g 10.2.0.4 on Linux .................. 67 Upgrading to Oracle 10g 10.2.0.4 Upgrade for Linux ........................... Backing up the Symantec Data Loss Prevention Database .................... Oracle 10g 10.2.0.4 Software to Download ........................................ Checking for Invalid Objects ........................................................... Installing the Oracle 10g Patchset 10.2.0.4 ........................................ Upgrading the Symantec Data Loss Prevention Database ..................... Installing the Critical Patch Update ................................................. Index 39 40 41 42 42 45 48 67 68 68 69 70 73 76 .................................................................................................................... 77 Chapter 1 Installing Oracle 10g on Windows This chapter includes the following topics: ■ About the Oracle 10g Installation ■ Installing Oracle 10g ■ Oracle Software to Download ■ Installing Oracle 10g Release 10.2.0.1 ■ Installing Oracle 10g Patchset 10.2.0.4 ■ Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener ■ Installing the Critical Patch Update ■ Adding More Data Files ■ Backing Up the Symantec Data Loss Prevention Database ■ Auditing Unsuccessful Logon Attempts ■ About the Oracle 10g Client Software About the Oracle 10g Installation You need to install Oracle 10g and create a database to use Symantec Data Loss Prevention. You can perform a two-tier or single-tier Symantec Data Loss Prevention installation, where the database runs on the same computer as the Enforce Server. Alternatively, you can perform a three-tier Symantec Data Loss Prevention installation, where the database runs on a different computer from 10 Installing Oracle 10g on Windows Installing Oracle 10g the Enforce Server. In a three-tier installation, your organization’s database administration team installs, creates, and maintains the Symantec Data Loss Prevention database. If your organization already has other databases that run on Oracle 10g, you should consider using your organization’s existing Oracle 10g installation. Contact your Symantec representative for information about how to set up the Symantec Data Loss Prevention database in a three-tier environment. If you implement a three-tier installation, you need to install the Oracle Client (SQL*Plus and Database Utilities) on the Enforce Server to enable database communications between the Oracle database server and the Enforce Server. The Symantec Data Loss Prevention installer needs SQL*Plus to create tables and views on the Enforce Server; therefore, the Windows user account that is used to install Symantec Data Loss Prevention needs access to SQL*Plus. See “About the Oracle 10g Client Software” on page 28. Note: After you create the Symantec Data Loss Prevention database and complete the Symantec Data Loss Prevention installation, you can change the database password using the Symantec Data Loss Prevention DBPasswordChanger utility. For more information about the Symantec Data Loss Prevention DBPasswordChanger utility, see the Symantec Data Loss Prevention Utilities Guide. Installing Oracle 10g To install Oracle 10g and then create the Symantec Data Loss Prevention database, you must perform the following steps, in order, on your Enforce Server. Table 1-1 Installing Oracle 10g and creating the Symantec Data Loss Prevention database Step Action Description Step 1 On your Enforce Server, download the Oracle 10g software. See “Oracle Software to Download” on page 11. Step 2 Install Oracle 10g Release 10.2.0.1. See “Installing Oracle 10g Release 10.2.0.1” on page 12. Step 3 Install Oracle Patchset 10.2.0.4. See “Installing Oracle 10g Patchset 10.2.0.4” on page 13. Installing Oracle 10g on Windows Oracle Software to Download Table 1-1 Installing Oracle 10g and creating the Symantec Data Loss Prevention database (continued) Step Action Description Step 4 Create and configure the Symantec Data Loss Prevention database and the TNS listener. See “Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener” on page 14. Step 5 Install the Oracle Critical Patch Update. See “Installing the Critical Patch Update” on page 23. Oracle Software to Download You should have received a Symantec Serial Number Certificate with your order that lists a serial number for each of your products. If you did not receive the certificate, contact Symantec Customer Care as described at http://www.symantec.com/business/support/assistance_care.jsp. If you have multiple Serial Numbers, locate the Serial Number that corresponds to Oracle Standard Edition or Oracle Standard Edition One. Go to https://fileconnect.symantec.com and enter the serial number. Proceed to the list of available downloads and download the following files: ■ Oracle_10.2.0.4_Server_Win.zip This ZIP file contains the Oracle 10g Release 10.2.0.1 (10201_database_win32.zip) and Patchset 10.2.0.4 (p6810189_10204_Win32.zip) software. Extract the 10201_database_win32.zip and p6810189_10204_Win32.zip files from the Oracle_10.2.0.4_Server_Win.zip file; you use these two ZIP files later. ■ Oracle_10.2.0.4_CPU<releasedate>_Win.zip This ZIP file contains the Oracle 10g 10.2.0.4 Critical Patch Update (p<CPUnumber>_10204_Win32.zip) and OPatch (p6880880_102000_WINNT.zip) software. Extract the p<CPUnumber>_10204_Win32.zip and p6880880_102000_WINNT.zip files from the Oracle_10.2.0.4_CPU<releasedate>_Win.zip file; you use these two ZIP files later. Oracle releases a new Critical Patch Update every three months (approximately in January, April, July, and October) each year. Symantec DLP tests each Critical 11 12 Installing Oracle 10g on Windows Installing Oracle 10g Release 10.2.0.1 Patch Update release and then notifies the customers that the Critical Patch Update is safe to install. ■ Oracle_10.2.0.4_Server_Installation_Tools_Win.zip This ZIP file contains the Oracle 10g Installation tools ZIP file (10g_Installation_Tools.zip), which contains the Symantec Data Loss Prevention Oracle database template and SQL scripts. Extract the 10g_Installation_Tools.zip file from Oracle_10.2.0.4_Server_Installation_Tools_Win.zip file; you use this ZIP file later. ■ Oracle_10.2.0.1_Client_Win.zip This ZIP file contains the Oracle 10g Client (10201_client_win32.zip) software. Extract the 10201_client_win32.zip file from the Oracle_10.2.0.1_Client_Win.zip file; you use this ZIP file later. Installing Oracle 10g Release 10.2.0.1 Perform the following procedure to install Oracle 10g 10.2.0.1. Note: The Enforce Server uses the Oracle thin driver and the Oracle Client. Symantec Data Loss Prevention packages the JAR files for the Oracle thin driver with the Symantec Data Loss Prevention software; however, you must also install the Oracle Client. The Symantec Data Loss Prevention installer needs SQL*Plus to create tables and views on the Enforce Server; therefore, the Windows user account that is used to install Symantec Data Loss Prevention needs access to SQL*Plus. See “About the Oracle 10g Client Software” on page 28. To install Oracle 10g Release 10.2.0.1 1 Shut down the following services if they are running in Windows Services: ■ All Oracle services ■ Distributed Transaction Coordinator service Installing Oracle 10g on Windows Installing Oracle 10g Patchset 10.2.0.4 To view the services go to Start > Control Panel > Administrative Tools > Computer Management, and then expand Services and Applications and click Services. 2 Unzip the 10201_database_win32.zip file and navigate to the database directory. The path and directory to which you extract the ZIP file must not contain spaces; also, it should not have a long pathname as that can cause installation issues. 3 To install the Oracle software, double-click on the Oracle Universal Installer file, which is named setup.exe. 4 At the Installation Method screen, perform the following steps in this order: ■ Select Basic Installation. ■ Verify that the Oracle Home Location is <drive>\oracle\product\10.2.0\db_1. ■ Select the Standard Edition (1.1GB) installation type. Oracle Standard Edition is not the default setting; you must select Oracle Standard Edition. ■ Uncheck Create Starter Database and click Next. 5 At the Product-Specific Prerequisite Checks screen, click Next. 6 At the Summary screen, click Install. The Oracle software then installs. 7 At the End of Installation screen, click Exit then Yes. Installing Oracle 10g Patchset 10.2.0.4 Always complete the installation or uninstallation of one patch before starting another. Review the Oracle 10.2.0.4 README.html file that is included in the Oracle 10g Patchset 10.2.0.4 distribution files. In particular, read the Known Issues section. To install the Oracle 10g Patchset 10.2.0.4 1 If this is the first time you have installed Oracle on the local computer, skip this step. Shut down the following services if they are running in Windows Services: ■ All Oracle services. 13 14 Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener ■ All Symantec Data Loss Prevention services (all services with “Vontu” in the name). ■ Distributed Transaction Coordinator service. 2 Extract the contents of the p6810189_10204_Win32.zip file to a directory with a name that contains no spaces. For example, extract the contents to the c:\p6810189_10204 directory. 3 Go to the Disk1 directory. For example, go to c:\p6810189_10204\Disk1. 4 In the Disk1 directory, double-click on setup.exe to launch the Oracle Universal Installer. 5 At the Welcome screen, click Next. 6 At the Specify Home Details screen, make sure the values in the Name and Path fields match those indicated here, then click Next. Note: You may have to modify the default path value provided by the installer. The path value must be the same as the Oracle Home Location. The default Name and Path values should be: Name: OraDb10g_home1 Path: <drive>\oracle\product\10.2.0\db_1 7 At the Product-Specific Prerequisite Checks screen, click Next. 8 At the Oracle Configuration Manager Registration screen, click Next. 9 At the Summary screen, click Install. The installation may take a couple of minutes. 10 At the End of Installation screen, click Exit and then Yes. Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener Symantec supplies a database template and scripts to create the Symantec Data Loss Prevention database. The database template contains all the default configurations of the Symantec Data Loss Prevention database, including default data files and character set. Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener Note: You must use the Symantec Data Loss Prevention template to create the database. Do not use an alternate template or reuse an existing database instance. If you do not use the supplied template, failures can occur when you use Symantec Data Loss Prevention or when you later attempt to upgrade the product. Creating the Symantec Data Loss Prevention database Perform the following procedure to create the Symantec Data Loss Prevention database. To create the Symantec Data Loss Prevention database 1 Extract the database template file Oracle_10g_Database_for_Vontu_<vontuversion>.dbt from the 10g_Installation_Tools.zip file to the %ORACLE_HOME%\assistants\dbca\templates folder, (for example, c:\oracle\product\10.2.0\db_1\assistants\dbca\templates). Replace <vontuversion> with the Symantec Data Loss Prevention version you plan to install. For example, Oracle_10g_Database_for_Vontu_v9.dbt. 2 Start the Oracle Database Configuration Assistant to create the Symantec Data Loss Prevention database. Choose Start > All Programs > Oracle OraDb10g_Home1 > Configuration and Migration Tools, and then Database Configuration Assistant. 3 In the Welcome screen, click Next. 4 Select Create a Database and click Next. 5 Select Oracle 10g Database for Vontu <version_number> from the list of templates and click Next. Note: You must use the Symantec Data Loss Prevention template to create the database. Do not use an alternate template or reuse an existing database instance. If you do not use the supplied template, failures can occur when you use Symantec Data Loss Prevention or when you later attempt to upgrade the product. 6 Set the database name (Global Database Name) and the Oracle System Identifier (SID) by performing the following steps in this order: ■ Enter protect for the Global Database Name; the SID is automatically set to protect, and is the same as the database name. ■ Click Next. 15 16 Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener ■ Write down the database name and SID as you need them later when you install the Symantec Data Loss Prevention software. 7 Check Configure the Database with Enterprise Manager and select Use Database Control for Database Management, then click Next. 8 Specify a password when prompted to create a password. You can use the same password for all user account types or use different passwords for each user account type. The various user account types are SYS, SYSTEM, DBSNMP, and SYSMAN. Follow these guidelines to create acceptable passwords: ■ Passwords cannot contain quotation marks. ■ Passwords are not case sensitive. ■ Passwords must begin with an alphabetic character. ■ Passwords can contain only alphanumeric characters and the underscore (_), dollar sign ($), and pound sign (#). However, Oracle strongly discourages you from using $ and #. ■ A password cannot be an Oracle reserved word such as SELECT. If you enter a password that does not meet these guidelines, Oracle keeps prompting for a password. You must enter a password. Do not kill the Oracle Database Configuration Assistant. 9 Once you have entered the passwords, click Next. 10 Select File System and click Next. 11 Select Use Database File Locations from Template and click Next. 12 The Recovery Configuration step is optional. Click Next. Enabling archiving enables online database backup and recovery. It also guarantees complete data recoverability; however, it does require more disk space and management. You should discuss your backup and recovery strategy with a Symantec representative to determine if this option is appropriate for your organization. 13 Check Enterprise Manager Repository and click Next. 14 Select Custom and accept the default template values, then click Next. 15 Click Next to skip the Database Storage step. 16 Check Create Database and click Finish. Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 17 When the confirmation screen appears, click OK. When the database creation process is approximately 58% complete, an error message might appear. You should resize the Oracle window so that if the ORA-22973 error message appears it is not blocked from view. Otherwise, you might think the create database process is progressing when it is not. If the “ORA-22973: size of object identifier exceeds maximum size allowed” error message appears, click Ignore. If the “ORA-04043: object XDB_DATASTORE_PROC does not exist” error message appears, click Ignore. 18 The database creation can take up to 20 minutes to complete. If the database creation process fails or hangs, check the Oracle Database Configuration Assistant logs for errors. The logs are located in the %ORACLE_HOME%\cfgtoollogs\dbca\SID folder (for example, c:\oracle\product\10.2.0\db_1\cfgtoollogs\dbca\protect). 19 When the database creation process is complete, another Database Configuration Assistant window opens and displays the database details. Write down the URL for accessing the Oracle Enterprise Manager (OEM). You need this URL later. The URL is: http://<host_name>:<port_number>/em <host_name> is the name or IP address of the computer where OEM is installed, and <port_number> is the port number on which OEM listens for requests. You can find the port number in the file named portlist.ini, located in the %ORACLE_HOME%\install directory (for example, c:\oracle\product\10.2.0\db_1\install). The default port number is 1158. 20 Click Exit. 21 If the database and listener are down, start them up using Windows Services. For example, start the OracleServicePROTECT and OracleOraDB10g_home1TNSListener services. To view the services choose Start > Control Panel > Administrative Tools > Computer Management > Services and Applications, and then click Services. Creating the TNS Listener Perform the following procedure to create a TNS listener. 17 18 Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener To create the TNS Listener 1 If you logged on as a domain user, you need to set the sqlnet.ora file SQLNET.AUTHENTICATION_SERVICES=() value to none; otherwise, go to step 2. To set the sqlnet.ora file SQLNET.AUTHENTICATION_SERVICES=() value, perform the following steps in this order: ■ Open sqlnet.ora located in the %Oracle_Home%\network\admin folder (for example, c:\oracle\product\10.2.0\db_1\NETWORK\ADMIN), using a text editor. ■ Change the SQLNET.AUTHENTICATION_SERVICES=(NTS)value to none. SQLNET.AUTHENTICATION_SERVICES=(none) ■ Save and close the sqlnet.ora file. 2 Start the Oracle Net Configuration Assistant. Choose Start > All Programs > Oracle - OraDb10g_home1 > Configuration and Migration Tools, and then Net Configuration Assistant. 3 Select Listener configuration and click Next. 4 Select Add and click Next. 5 Enter a listener name and click Next. (The default listener name is LISTENER; use this default unless you must use a specific name.) 6 Select the TCP protocol and click Next. 7 Select Use the standard port number of 1521 and click Next. 8 When you are prompted to configure another listener, select No and click Next. 9 When you are prompted that the listener configuration is complete, click Next. 10 Click Finish to exit the Oracle Net Configuration Assistant. Configuring the TNS Listener Perform the following procedure to configure a TNS listener. Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener To configure the TNS Listener 1 Open listener.ora located in the %ORACLE_HOME%\NETWORK\ADMIN folder (for example, C:\oracle\product\10.2.0\db_1\NETWORK\ADMIN), using a text editor (for example, Notepad). 2 Delete the following lines: SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = C:\oracle\product\10.2.0\db_1) (PROGRAM = extproc) ) ) 3 Add the following line anywhere in the file: ADMIN_RESTRICTIONS_listener=on 4 If you selected a non-default port (a port other than 1521) when you created the listener, add the following lines anywhere in listener.ora: SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (GLOBAL_DBNAME=protect) (ORACLE_HOME=C:\oracle\product\10.2.0\db_1) (SID_NAME=protect) ) ) If you used a non-default SID name, replace protect with the correct SID. 5 Save the listener.ora file. 6 If you selected a non-default port (a port other than 1521) when you created the listener, restart the listener using the command: lsnrctl reload This step is not required if you use the default port number. 19 20 Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 7 Start the TNS Listener service, if it is not already running. (For example, start OracleOraDb10g_home1TNSListener. The OraDb10g_home1 portion of the TNS Listener name reflects the Oracle name variable.) In Windows Services, choose Start > Administrative Tools > Computer Management > Services and Applications > Services, and then right-click on OracleOraDb10g_home1TNSListener and choose Start. 8 From the command prompt, set the password for the TNS Listener by performing the following steps in this order: lsnrctl set password <password> Replace <password> with your own password. Store the password in a secure location for future use. exit Verifying tnsnames.ora contents Before you create the required Oracle user accounts, verify that the tnsnames.ora file contains entries for the “protect” database that you created. To verify or update tnsnames.ora file contents 1 Open tnsnames.ora located in the %ORACLE_HOME%\NETWORK\ADMIN folder (for example, C:\oracle\product\10.2.0\db_1\NETWORK\ADMIN), using a text editor (for example, Notepad). 2 Verify that the following lines are present in the file: PROTECT = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = host_name)(PORT = port_number)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = protect) ) ) If the lines do not exist, add them to the file, replacing host_name and port_number with the correct values for your system. 3 Save the tnsnames.ora file and exit the text editor. Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener Creating the Protect Oracle User Account Perform the following procedure to create an Oracle user account and name it protect. To create the new Oracle user account named protect 1 Extract the SQL script file, oracle_create_user.sql, from the 10g_Installation_Tools.zip file to a local directory. 2 Open a command prompt and go to the directory where you extracted the oracle_create_user.sql file. 3 Start SQL*Plus: sqlplus /nolog 4 Run the oracle_create_user.bat script: SQL> @oracle_create_user.sql 5 Enter the password for the SYS user when prompted. 6 Choose a password for the new protect database user account and enter it into SQL*Plus when prompted. Store the password in a secure location for future use. After you complete the Symantec Data Loss Prevention installation, you can change the protect user password. See the Symantec Data Loss Prevention Utilities Guide for details. Locking the DBSNMP Oracle User Account You should lock the Oracle DBSNMP user account. To lock the Oracle DBSNMP user account 1 Open a command prompt and start SQL*Plus. sqlplus /nolog 2 Log on as the SYS user. SQL> connect sys/<password> as sysdba Replace <password> with the SYS password. 21 22 Installing Oracle 10g on Windows Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 3 Lock the DBSNMP user account: SQL> ALTER USER dbsnmp ACCOUNT LOCK; 4 Exit SQL*Plus: SQL> exit Verifying the Symantec Data Loss Prevention Database After creating the Symantec Data Loss Prevention database, you should verify it was created correctly. To verify that the database was created correctly 1 Open a command prompt and start SQL*Plus. sqlplus /nolog 2 Log on as the SYS user. SQL> connect sys/<password> as sysdba Replace <password> with the SYS password. 3 Run the following query. SQL> SELECT * FROM v$version; 4 Ensure that the output from the query contains the following information, identifying the software components as version 10.2.0.4. BANNER --------------------------------------------------Oracle Database 10g Release 10.2.0.4.0 - Production PL/SQL Release 10.2.0.4.0 - Production CORE 10.2.0.4.0 Production TNS for Windows: Version 10.2.0.4.0 - Production NLSRTL Version 10.2.0.4.0 - Production 5 Run the following command to describe the dba_tablespaces view. SQL> describe dba_tablespaces; Installing Oracle 10g on Windows Installing the Critical Patch Update 6 Check that in the many columns of output, the output contains the following information. RETENTION BIGFILE 7 VARCHAR2(11 CHAR) VARCHAR2(3 CHAR) Exit SQL*Plus: SQL> exit Installing the Critical Patch Update Before installing the Oracle Critical Patch Update, you must have already created the database. To install the latest CPU patch for Oracle 10.2.0.4, see the Oracle 10g 10.2.0.4 Critical Patch Update guide (Oracle10g_CPU_10.2.0.4.pdf). This guide is included in the Oracle Critical Patch Update ZIP file that you downloaded. See “Oracle Software to Download” on page 11. Adding More Data Files After creating the Symantec Data Loss Prevention database, you can add more space to the database by adding more data files. To add more data files to the database 1 Check if the OracleDBConsoleprotect Windows service is running. To view the services choose Start > Control Panel > Administrative Tools > Computer Management > Services and Applications, and click Services. 2 If the OracleDBConsoleprotect service is not running, either start it from Windows services or enter the following command using a command prompt window: emctl start dbconsole 23 24 Installing Oracle 10g on Windows Adding More Data Files 3 Start your Internet browser and go to the URL to access OEM. The URL is: http://host_name:port_number/em <host_name> is the name or IP address of the computer where OEM is installed, and <port_number> is the port number on which the OEM listens for requests. You can find the port number in the file named portlist.ini, located in the %ORACLE_HOME%\install directory. The default port number is 1158. 4 Log on to OEM by performing the following steps in this order: ■ In the User Name field, enter the SYS user name. ■ In the Password field, enter the SYS password. ■ For Connect As, select SYSDBA, then click Login. ■ In the license information screen, click I agree. 5 Click on the Administration tab, and then click on Datafiles in the Database Administration Storage section. 6 At the Datafiles screen, select the following options, then click Go. 7 ■ Select the \ORACLE\PRODUCT\10.2.0\ORADATA\PROTECT\USERS01.DBF data file. ■ From the Actions drop-down list , select Create Like. On the Create Datafile screen, select the following options, then click OK. ■ In the File Name field, enter a data file name. ■ In the File Directory field, select a file directory for the new data file. ■ In the File Size field, enter the file size. ■ Deselect the Reuse existing file check box. ■ In the Storage section, check Automatically extend data file when full and check Unlimited for Maximum File Size. Each of these files has a maximum size of 32 GB. ■ Click OK. 8 Create as many data files as needed up to 80% of the drive size. 9 Click Logout. Installing Oracle 10g on Windows Backing Up the Symantec Data Loss Prevention Database Backing Up the Symantec Data Loss Prevention Database You can perform a Symantec Data Loss Prevention Oracle 10g database backup. You should back up the Symantec Data Loss Prevention database before performing any actions that can corrupt the database. For example, back up the database before you perform an upgrade. To back up the database 1 You need to back up all the files that are located in the c:\oracle\product\10.2.0\ORADATA\PROTECT folder. These include the *.DBF, *.LOG, and *.CTL files. 2 Shut down any Symantec Data Loss Prevention services that are running on the database computer. To view the services choose Start > Control Panel > Administrative Tools > Computer Management > Services and Applications, and click Services. 3 This step is optional. With large databases, you need to check the amount of disk space that is required to store copies of the database files. To determine the size of the database files, do the following: sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> SELECT ROUND (SUM (bytes) /1024/1024/1024, 4) GB FROM ( SELECT SUM (bytes) bytes FROM dba_data_files UNION ALL SELECT SUM(bytes) bytes FROM dba_temp_files UNION ALL SELECT SUM(bytes) bytes FROM v$log); SQL> exit Make sure the disk has enough space to store copies of the database files. 4 Shut down all Oracle services. To view the services choose Start > Control Panel > Administrative Tools > Computer Management > Services and Applications, and click Services. 25 26 Installing Oracle 10g on Windows Auditing Unsuccessful Logon Attempts 5 Copy the contents of the <drive>oracle\product\10.2.0\ORADATA\PROTECT directory to a backup location. There might be additional data files or temporary files created, so make sure that all files in this directory are copied to the backup location. When a recovery from a backup is needed, you need to copy the entire contents of the backup directory to the <drive>\oracle\product\10.2.0\ORADATA\PROTECT directory. 6 Copy the password file <drive>\oracle\product\10.2.0\db_1\database\PWDProtect.ora to the backup directory. 7 Restart the Oracle services. 8 If you performed this procedure as part of an upgrade, continue by downloading the Oracle 10g Patchset 10.2.0.4 software. See “Oracle 10g 10.2.0.4 Software to Download” on page 30. Auditing Unsuccessful Logon Attempts You can turn on or off the auditing of unsuccessful logon attempts. You can write the audit trail to a database or to the operating system. To write the audit trail to the database 1 Log on as SYSDBA. sqlplus /nolog SQL> connect sys/<password> as sysdba 2 Set up the audit trail to write to the database. SQL> ALTER SYSTEM SET audit_trail=DB SCOPE=spfile; SQL> audit connect whenever NOT successful; SQL> exit 3 Restart the Oracle server. Installing Oracle 10g on Windows Auditing Unsuccessful Logon Attempts 4 The audit trail is stored in the dba_audit_trail system view. To view the audit trail, as the SYSDBA user run the following query in SQL*Plus. sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> SELECT os_username, username, timestamp, audit_option, action_name FROM 5 dba_audit_trail; Auditing on unsuccessful logon attempts can be turned off using the following command in SQL*Plus: SQL> noaudit connect; 6 The audit trail takes up disk space and should be purged periodically using the following command in SQL*Plus: SQL> TRUNCATE TABLE sys.aud$; To write the audit trail to the operating system You can write the audit trail to a file in the operating system. To maintain accountability, it is recommended that only the system administrator is able to access it. The AUDIT_FILE_DEST parameter should be set to a location that the database administrator cannot access. 1 Log on as the SYSDBA. sqlplus /nolog SQL> connect sys/<password> as sysdba 2 Set the audit trail to write to the operating system. SQL> ALTER SYSTEM SET audit_trail=OS SCOPE=spfile; SQL> ALTER SYSTEM SET audit_file_dest= '<drive>\ORACLE\ADMIN\PROTECT\ADUMP' scope=spfile; SQL> audit connect whenever NOT successful; SQL> exit 27 28 Installing Oracle 10g on Windows About the Oracle 10g Client Software 3 Restart the Oracle server so that the new parameters take effect. 4 Auditing on unsuccessful logon attempts can be turned off using the following command in SQL*Plus: sqlplus /nolog SQL> connect sys/<password> as sysdba noaudit connect; About the Oracle 10g Client Software For full details on how to install the Oracle client software, see the Oracle Database Client Installation Guide 10g Release 2 for Linux x86 from Oracle Corporation. You can view this document by browsing to http://download.oracle.com/docs/cd/B19306_01/install.102/b14313/toc.htm. Chapter 2 Upgrading to Oracle 10g 10.2.0.4 on Windows This chapter includes the following topics: ■ Upgrading to Oracle 10g 10.2.0.4 for Windows ■ Backing Up the Symantec Data Loss Prevention Database ■ Oracle 10g 10.2.0.4 Software to Download ■ Checking for Invalid Objects ■ Installing the Oracle 10g Patchset 10.2.0.4 ■ Upgrading the Symantec Data Loss Prevention Database ■ Installing the Critical Patch Update Upgrading to Oracle 10g 10.2.0.4 for Windows To upgrade the Oracle 10g 10.2.0.3 software to 10.2.0.4 and upgrade the Symantec Data Loss Prevention database, you must perform the following steps, in order, on the database server. Note: It is important to back up your existing Oracle 10g database instance before you perform the upgrade. See “Backing Up the Symantec Data Loss Prevention Database” on page 25. 30 Upgrading to Oracle 10g 10.2.0.4 on Windows Backing Up the Symantec Data Loss Prevention Database Table 2-1 Upgrading to Oracle 10g 10.2.0.4 Step Action Description Step 1 Backup the Oracle 10g database instance. See “Backing Up the Symantec Data Loss Prevention Database” on page 30. Step 2 Download the Oracle 10g Patchset 10.2.0.4 software. See “Oracle 10g 10.2.0.4 Software to Download” on page 30. Step 3 Recompile and check for invalid objects. See “Checking for Invalid Objects” on page 31. Step 4 Install the Oracle 10g Patchset 10.2.0.4 software. See “Installing the Oracle 10g Patchset 10.2.0.4” on page 31. Step 5 Upgrade the Symantec Data See “Upgrading the Loss Prevention database. Symantec Data Loss Prevention Database” on page 33. Step 6 Install the latest Oracle 10g See “Installing the Critical 10.2.0.4 Oracle Critical Patch Patch Update” on page 37. Update. Backing Up the Symantec Data Loss Prevention Database Backup the existing Symantec Data Loss Prevention before you begin any of the upgrade tasks that follow. See “Backing Up the Symantec Data Loss Prevention Database” on page 25. Oracle 10g 10.2.0.4 Software to Download You should have received a Symantec Serial Number Certificate with your order that lists a serial number for each of your products. If you did not receive the certificate, contact Symantec Customer Care as described at http://www.symantec.com/business/support/assistance_care.jsp. If you have multiple Serial Numbers, locate the Serial Number that corresponds to Oracle Standard Edition or Oracle Standard Edition One. Upgrading to Oracle 10g 10.2.0.4 on Windows Checking for Invalid Objects 31 Go to https://fileconnect.symantec.com and enter the serial number. Proceed to the list of available downloads and download Oracle_10.2.0.4_Server_Win.zip file. This ZIP file contains the Oracle 10g Release 10.2.0.1 (10201_database_win32.zip) and Patchset 10.2.0.4 (p6810189_10204_Win32.zip) software. Extract the 10201_database_win32.zip and p6810189_10204_Win32.zip files from the Oracle_10.2.0.4_Server_Win.zip file; you use these two ZIP files later. Checking for Invalid Objects When you install Oracle Patchset 10.2.0.4 as part of an upgrade, first recompile and check for invalid objects. Recompiling now provides a baseline. After you install the new patchset you can perform another recompile. You can compare these two baselines to better understand any invalid objects that might be introduced by installing the new patchset. To check for invalid objects 1 Log on to the database as SYSDBA: set ORACLE_HOME=<drive>\oracle\product\10.2.0\db_1 set ORACLE_SID=<sid_name> sqlplus /nolog SQL> connect sys/<password> as sysdba 2 Run the utlprp.sql script to recompile: SQL> @%ORACLE_HOME%\rdbms\admin\utlprp.sql 0 3 Note the number of invalid objects that were found: SQL> select object_name, object_type, owner from all_objects where status='INVALID'; SQL> exit Installing the Oracle 10g Patchset 10.2.0.4 Before you can upgrade the Symantec Data Loss Prevention database you must first install Oracle 10g 10.2.0.4 Patchset. 32 Upgrading to Oracle 10g 10.2.0.4 on Windows Installing the Oracle 10g Patchset 10.2.0.4 Always complete the installation or uninstallation of one patch before starting another. Review the Oracle 10.2.0.4 README.html file that is included in the Oracle 10g Patchset 10.2.0.4 distribution files. In particular, read the Known Issues section. To install the Oracle 10g Patchset 10.2.0.4 1 Shut down the following services if they are running in Windows Services: ■ All Oracle services. ■ All Symantec Data Loss Prevention services (all services with “Vontu” in the name). ■ Distributed Transaction Coordinator service. 2 Extract the contents of the p6810189_10204_Win32.zip file to a directory with a name that contains no spaces. For example, extract the contents to the c:\p6810189_10204 directory. 3 Go to the Disk1 directory. For example, go to c:\p6810189_10204\Disk1. 4 In the Disk1 directory, double-click on setup.exe to launch the Oracle Universal Installer. 5 At the Welcome screen, click Next. 6 At the Specify Home Details screen, make sure the values in the Name and Path fields match those indicated here, then click Next. Note: You may have to modify the default path value provided by the installer. The path value must be the same as the Oracle Home Location. The default Name and Path values should be: Name: OraDb10g_home1 Path: <drive>\oracle\product\10.2.0\db_1 7 At the Product-Specific Prerequisite Checks screen, click Next. 8 At the Summary screen, click Install. The installation may take a couple of minutes. 9 At the End of Installation screen, click Exit and then Yes. 10 If you performed this procedure as part of an upgrade, continue by upgrading the Symantec Data Loss Prevention database. See “Upgrading the Symantec Data Loss Prevention Database” on page 33. Upgrading to Oracle 10g 10.2.0.4 on Windows Upgrading the Symantec Data Loss Prevention Database Upgrading the Symantec Data Loss Prevention Database This section describes how to upgrade a database instance from Oracle 10g 10.2.0.3 to 10.2.0.4. To upgrade the Symantec Data Loss Prevention database instance 1 Shut down services. See “Shutting Down Services” on page 33. 2 Run the Oracle Database Upgrade Assistant. See “Running the Oracle Database Upgrade Assistant” on page 33. 3 Complete the database upgrade. See “Completing the Database Upgrade” on page 35. Shutting Down Services This section lists services to shut down before you upgrade the database instance. In Windows Services, shut down the following services: ■ All Symantec Data Loss Prevention services (all services with “Vontu” in the name). ■ The Distributed Transaction Coordinator service. ■ All Oracle services. Note that the Oracle Database Upgrade Assistant brings up the database as needed during the upgrade process. Running the Oracle Database Upgrade Assistant The Database Upgrade Assistant (DBUA) is interactive and configures itself according to what it finds on the database that you upgrade. If a feature is already in place, it may not ask about installing it. Depending on the state of your database, the DBUA may not require you to go through all the steps. Therefore you might see additional steps, which are not described in this document, or you might not see all the steps, which are described in this document. You should accept the DBUA default settings for the additional steps. 33 34 Upgrading to Oracle 10g 10.2.0.4 on Windows Upgrading the Symantec Data Loss Prevention Database To run the Oracle Database Upgrade Assistant 1 Choose Start > All Programs > Oracle-OraDb10g_home1 > Configuration and Migration Tools, and then Database Upgrade Assistant. On the Welcome screen that appears, click Next. 2 At the Step 1 of 12: Databases screen, select the name of your database (for example, protect), enter the SYSDBA password, and click Next. 3 At the Step 2 of 7: Move Database Files screen, select Do Not Move Database Files as Part of Upgrade, and click Next. 4 At the Step 3 of 6: Recompile Invalid Objects screen, accept the default values and click Next. 5 At the Step 4 of 6: Backup screen, select I have already backed up my database, and click Next. The DBUA offers to create a managed backup of your database. The advantage of using the DBUA to do the backup is that it can generate the backup copy using multiple processes (depending on the number of server CPUs), shortening the backup time. The DBUA also generates scripting, if you need to restore the database. 6 At the Step 5 of 6: Recovery Configuration screen, accept the default options and click Next. 7 At the Step 6 of 6: Summary screen, click Finish. Move the DBUA dialog box to the corner of your screen, so you can see any error messages that might appear. 8 At the DBUA progress window, you might see the following non-fatal errors: 9 ■ If you get an ORA-04043 error: object XDB_DATASTORE_PROC does not exist, click Ignore. ■ If you get an ORA-29831 error: operator binding not found, click Ignore. ■ If you get an ORA-06553 error: PLS-306: wrong number or types of arguments in call, click Ignore. ■ If you get an ORA-29844 error: duplicate operator name specified, click Ignore. At the Upgrade Result screen, click Close. The DBUA displays a document summary. In the summary you might see the following errors, depending on your database environment. ■ Error ignored: ORA-04043 error; object XDB_DATASTORE_PROC does not exist. ■ Error ignored: ORA-29831 error: operator binding not found. Upgrading to Oracle 10g 10.2.0.4 on Windows Upgrading the Symantec Data Loss Prevention Database ■ Error ignored: ORA-06553 error: PLS-306: wrong number or types of arguments in call. These errors can be safely ignored. Completing the Database Upgrade Perform the steps in this section to complete the upgrade of your database instance. To complete the database upgrade 1 2 In Windows Services, start the following services: ■ OracleOraDb10g_home1TNSListener ■ Oracleservice<database_name> ■ Distributed Transaction Coordinator Modify the Oracle COMPATIBLE system parameter. To do so, go to the command line and run the following commands in sequence: set ORACLE_HOME=<drive>\oracle\product\10.2.0\db_1 sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> ALTER SYSTEM SET COMPATIBLE = '10.2.0.4.0' SCOPE=SPFILE; 3 Bring up the database if it is not already up. SQL> shutdown immediate SQL> startup 4 Check for invalid objects. To do so, enter the following commands: sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> SELECT owner, object_name, object_type FROM dba_objects WHERE status = 'INVALID' ORDER BY 1, 2, 3; 35 36 Upgrading to Oracle 10g 10.2.0.4 on Windows Upgrading the Symantec Data Loss Prevention Database 5 The package body MDSYS.SDO_3GL is invalid after the database upgrade to 10.2.0.4. To validate the MDSYS.SDO_3GL package, enter the following commands: set ORACLE_HOME=<drive>\oracle\product\10.2.0\db_1 sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> alter user mdsys account unlock; SQL> alter session set current_schema=MDSYS; SQL> @%ORACLE_HOME%\md\admin\sdoutlh.sql SQL> alter user mdsys account lock; 6 During the 10.2.0.4 upgrade, Oracle changes the undo_retention and nls_length_semantics parameters to their default values. Enter the following commands to change these parameters to the Symantec Data Loss Prevention recommended values. SQL> alter system set undo_retention=10800 scope=both; SQL> alter system set nls_length_semantics='CHAR' scope=both; 7 Shut down and restart the database after altering the undo_retention and nls_length_semantics parameters. SQL> shutdown immediate SQL> startup 8 Run the utlprp.sql script to recompile: set ORACLE_HOME=<drive>\oracle\product\10.2.0\db_1 sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> @%ORACLE_HOME%\rdbms\admin\utlprp.sql 0 SQL> select object_name, object_type, owner from all_objects where status='INVALID'; If the number of invalid objects that are found is higher than before upgrading, consult your Oracle DBA. Upgrading to Oracle 10g 10.2.0.4 on Windows Installing the Critical Patch Update Installing the Critical Patch Update Before installing the Oracle Critical Patch Update, you must have already created the database. To install the latest CPU patch for Oracle 10.2.0.4, see the Oracle 10g 10.2.0.4 Critical Patch Update for Windows guide (Oracle10g_CPU_10.2.0.4_Win.pdf). 37 38 Upgrading to Oracle 10g 10.2.0.4 on Windows Installing the Critical Patch Update Chapter 3 Installing Oracle 10g on Linux This chapter includes the following topics: ■ About Oracle 10g Installation ■ Installing Oracle 10g ■ Oracle Software to Download ■ Installing Oracle 10g Release 10.2.0.1 ■ Installing Oracle 10g Patchset 10.2.0.4 ■ Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener ■ Installing the Critical Patch Update ■ Adding More Data Files ■ Backing Up the Symantec Data Loss Prevention Database ■ Auditing Unsuccessful Logon Attempts ■ About the Oracle 10g Client Software About Oracle 10g Installation You need to install Oracle 10g and create a database to use Symantec Data Loss Prevention. You can perform a two-tier or single-tier Symantec Data Loss Prevention installation, where the database runs on the same computer as the Enforce Server. Alternatively, you can perform a three-tier Symantec Data Loss Prevention installation, where the database runs on a different computer from 40 Installing Oracle 10g on Linux Installing Oracle 10g the Enforce Server. In a three-tier installation, your organization’s database administration team installs, creates, and maintains the Symantec Data Loss Prevention database. If your organization already has other databases that run on Oracle 10g, you should consider using your organization’s existing Oracle 10g installation. Contact your Symantec Data Loss Prevention representative for information about how to set up the Symantec Data Loss Prevention database in a three-tier environment. If you implement a three-tier installation, you need to install the Oracle Client (SQL*Plus and Database Utilities) on the Enforce Server to enable database communications between the Oracle database server and the Enforce Server. The Symantec Data Loss Prevention installer needs SQL*Plus to create tables and views on the Enforce Server, therefore the user account that you use to install Symantec Data Loss Prevention needs access to SQL*Plus. See “About the Oracle 10g Client Software” on page 65. Note: After you create the Symantec Data Loss Prevention database and complete the Symantec Data Loss Prevention installation, you can change the database password using the Symantec Data Loss Prevention DBPasswordChanger utility. For more information about the Symantec Data Loss Prevention DBPasswordChanger utility, see the Symantec Data Loss Prevention Utilities Guide. Installing Oracle 10g To install Oracle 10g and then create the Symantec Data Loss Prevention database, you must perform the following steps, in order, on your Enforce Server. Table 3-1 Installing Oracle10g and creating the Symantec Data Loss Prevention database Step Action Description Step 1 On your Enforce Server, download the Oracle software. See “Oracle Software to Download” on page 41. Step 2 Install Oracle 10g Release 10.2.0.1. See “Installing Oracle 10g Release 10.2.0.1” on page 42. Step 3 Install Oracle 10g Patchset 10.2.0.4 See “Installing Oracle 10g Patchset 10.2.0.4” on page 48. Installing Oracle 10g on Linux Oracle Software to Download Table 3-1 Installing Oracle10g and creating the Symantec Data Loss Prevention database (continued) Step Action Description Step 4 Create and configure the Symantec Data Loss Prevention database and the TNS listener. See “ Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener” on page 51. Step 5 Install the Oracle Critical Patch Update. See “Installing the Critical Patch Update” on page 61. Oracle Software to Download You should have received a Symantec Serial Number Certificate with your order that lists a serial number for each of your products. If you did not receive the certificate, contact Symantec Customer Care as described at http://www.symantec.com/business/support/assistance_care.jsp. If you have multiple Serial Numbers, locate the Serial Number that corresponds to Oracle Standard Edition or Oracle Standard Edition One. Go to https://fileconnect.symantec.com and enter your serial number. Proceed to the list of available downloads and download the following files: ■ Oracle_10.2.0.4_Server_Lin.zip This ZIP file contains the Oracle 10g Release 10.2.0.1 (10201_database_linux32.zip) and Patchset 10.2.0.4 (p6810189_10204_Linux-x86.zip) software. Extract the 10201_database_linux32.zip and p6810189_10204_Linux-x86.zip files from the Oracle_10.2.0.4_Server_Linux.zip file; you use these two ZIP files later. ■ Oracle_10.2.0.4_CPU<releasedate>_Lin.zip This ZIP file contains the Oracle 10g 10.2.0.4 Critical Patch Update (p<CPUnumber>_10204_Linux-x86.zip) and OPatch (p6880880_102000_LINUX.zip) software. Extract the p<CPUnumber>_10204_Linux-x86.zip and p6880880_102000_LINUX.zip files from the Oracle_10.2.0.4_CPU<releasedate>_Lin.zip file; you use these two ZIP files later. Oracle releases a new Critical Patch Update every three months (approximately in January, April, July, and October) each year. Symantec Data Loss Prevention 41 42 Installing Oracle 10g on Linux Installing Oracle 10g Release 10.2.0.1 tests each Critical Patch Update release and then notifies the customers that the Critical Patch Update is safe to install. ■ Oracle_10.2.0.4_Server_Installation_Tools_Lin.zip This ZIP file contains the Oracle 10g Installation tools ZIP file (10g_Installation_Tools.tar.gz), which contains the Symantec DLP Oracle database template and SQL scripts. Extract the 10g_Installation_Tools.tar.gz file from the Oracle_10.2.0.4_Server_Installation_Tools_Lin.zip file; you use this ZIP file later. ■ Oracle_10.2.0.1_Client_Lin.zip This ZIP file contains the Oracle 10g Client (10201_client_linux32.zip) software. Extract the 10201_client_linux32.zip file from the Oracle_10.2.0.1_Client_Lin.zip file; you use this ZIP file later. Installing Oracle 10g Release 10.2.0.1 Perform the following procedure to install Oracle 10g 10.2.0.1. To install Oracle 10g Release 10.2.0.1 1 Perform the preinstallation steps. See “Performing the Preinstallation Steps” on page 42. 2 Install the Oracle 10g Release 10.2.0.1 software. See “Installing the Oracle 10g Release 10.2.0.1 software” on page 45. Performing the Preinstallation Steps Perform the following steps to prepare your Linux environment for installation. To prepare the Linux environment 1 Log on as the root user. Copy the 10g_Installation_Tools.tar.gz file to the Linux server and extract its contents into the temporary directory (/tmp) using the following command. tar xvfz 10g_Installation_Tools.tar.gz Extracting creates a subdirectory that is called oracle_install in the /tmp directory and extracts the files into that subdirectory. 2 Go to the oracle_install directory and run the verification script to verify the requirements for the database. Installing Oracle 10g on Linux Installing Oracle 10g Release 10.2.0.1 cd oracle_install ./scripts/oracle_verify.sh Note: You must run this script in the oracle_install directory. Do not change directory to the scripts directory. The script displays the following items that you need to verify: ■ Physical memory The system must have at least 1024 MB of physical RAM. ■ Swap space The following list shows the relationship between the available RAM and the required swap space. ■ When the available RAM is between 1024 MB and 2048 MB, Oracle requires swap space 1.5 times the size of RAM. ■ When the available RAM is between 2049 MB and 8192 MB, Oracle requires swap space equal to the size of RAM. ■ When the available RAM is more than 8192 MB. Oracle requires swap space 75% of the size of RAM. If the system does not have the required swap space, you can add temporary swap space to your system. You create a temporary swap file instead of using a raw device. You should create swap space only after you restart the server. If you create the swap space and then restart the server, then the swap space is removed when the server is restarted. 3 Verify that there is at least 400 MB under /tmp. 4 Verify that the Red Hat Enterprise Linux version is the version that Symantec requires for running Symantec Data Loss Prevention. See the Symantec Data Loss Prevention System Requirements Guide. 43 44 Installing Oracle 10g on Linux Installing Oracle 10g Release 10.2.0.1 5 Verify that the following rpm packages with the required version (or higher) have been installed: binutils-2.17.50.0.6-6.el5 compat-db-4.2.52-5.1 compat-libstdc++-296-2.96-138 control-center-2.16.0-16.el5 gcc-4.1.2-42.el5 gcc-c++-4.1.2-42.el5 glibc-2.5-24 glibc-common-2.5-24 glibc-devel-2.5-24 glibc-headers-2.5-24 libstdc++-4.1.2-42.el5 libgomp-4.1.2-42.el5 libstdc++-devel-4.1.2-42.el5 libXp-1.0.0-8.1.el5 make-3.81-3.el5 sysstat-7.0.2-1.el5 libaio-0.3.106-3.2 If any of these packages are not installed, then the script returns a message saying that packet is not installed. For example, package gnome-libs is not installated. Install any missing packages. 6 Run the oracle_prepare.sh script: ./scripts/oracle_prepare.sh If the oracle user does not already exist, you are prompted for the password for the new oracle user. The oracle user is used to install and manage the Oracle database. This script sets proper kernel parameters for the Oracle database. oracle_prepare.sh overwrites certain kernel parameters in the /etc/sysctl.conf file. Oracle recommends the settings for these parameters. However, you may want certain parameters to be set to higher values than those suggested by Oracle. In that case, you can edit /etc/sysctl.conf file after running oracle_prepare.sh. The original values are commented out by the shell script. The new values are those recommended by Oracle. If you choose to manually edit this file, make sure you don’t change the values lower than those recommended by Oracle. 7 Restart the server so that the updated kernel parameters take effect. Installing Oracle 10g on Linux Installing Oracle 10g Release 10.2.0.1 8 If the server does not have the required swap space (as determined in the verification process) you can add temporary swap space to your system. You can create a temporary swap file instead of using a raw device. Follow the steps below and note that the following example creates 4 GB (1K * 4,194,304) of additional swap space. dd if=/dev/zero of=tmpswap bs=1k count=4194304 chmod 600 tmpswap mkswap tmpswap swapon tmpswap After installing the Oracle software, you can remove any temporary swap space you previously created by entering the following commands: swapoff tmpswap rm tmpswap 9 Verify that there is enough space under /var. For a small to medium enterprise, /var should have at least 15 GB. For a large enterprise, /var should have at least 30 GB. For a very large enterprise, /var should have at least 45 GB of free space. As your organization’s traffic expands, these figures will need to increase and you will need to allocate more free space. 10 Verify that the /opt and /boot file systems have the required free space for your Symantec Data Loss Prevention installation. See the Symantec Data Loss Prevention System Requirements and Compatibility Guide for more information. Installing the Oracle 10g Release 10.2.0.1 software Before installing Oracle 10g, make sure you have first performed the preinstallation steps. See “Performing the Preinstallation Steps” on page 42. Although you install Oracle 10g as the oracle user, you also need to perform some tasks as the root user. You might find it easier to switch to a dedicated root xterm window instead of changing users. Open two windows; the first is for the oracle user, the second for the root user. Enter su - oracle in the first window; enter su - root in the second window. Keep these separate windows open throughout the Oracle installation. The instructions in this section assume you are logged on locally to the Linux server and running X Windows. If you connect to the server remotely, you need 45 46 Installing Oracle 10g on Linux Installing Oracle 10g Release 10.2.0.1 a terminal emulator. You also need to set the location where the GUI tools can display their output; you use the export DISPLAY command to do that. For example: export DISPLAY=<your_computer’s_IP_address>:<your_X_server’s_display_number> Note: Refer to the configuration information in the X server management program for the IP address and display number. Typically, the display number is 0. As you run the GUI tools later, you might get a response similar to the following: X connection to localhost:10.0 broken (explicit kill or server shutdown) Run the export DISPLAY command again. Note: The Enforce Server uses the Oracle thin driver and the Oracle Client. Symantec Data Loss Prevention packages the JAR files for the Oracle thin driver with the Symantec Data Loss Prevention software; however, you must also install the Oracle Client. The Symantec Data Loss Prevention installer needs Oracle SQL*Plus to create tables and views on the Enforce Server; therefore the Linux user account that you use to install Symantec Data Loss Prevention needs access to SQL*Plus. See “About the Oracle 10g Client Software” on page 65. To install Oracle 10g Release 10.2.0.1 1 Log on as the oracle user. su - oracle 2 Copy the 10201_database_linux32.zip file to /home/oracle. 3 From /home/oracle run the following command: unzip 10201_database_linux32.zip You must run the unzip command as the oracle user. If you run it as the root user, then the oracle user is not able to view the extracted files unless you change the permissions (this is not advisable from a security standpoint). 4 Go to /home/oracle/database and run the installer: ./runInstaller -ignoresysprereqs 5 At the Welcome screen, click Next. Installing Oracle 10g on Linux Installing Oracle 10g Release 10.2.0.1 6 At the Specify the Inventory directory and credentials screen, use the default values in the following fields, then click Next. ■ Enter the full path of the inventory directory: /opt/oracle/oraInventory ■ Specify operating system group name: oinstall 7 At the Select Installation Method screen, select Standard Edition (1.24 GB), then click Next. 8 At the Specify Home Details screen, enter the database name and path, then click Next. 9 ■ Name: OraDb10g_home1 ■ Path: /opt/oracle/product/10.2.0/db_1 At the Product-Specific Prerequisite Checks screen, you might see that some prerequisite checks failed. These failures occur because the Oracle Installer was not updated to accept the version of Red Hat Linux that Symantec Data Loss Prevention requires. You need to manually click the check boxes in the Status column, then click Next. If you are asked “Do you want to proceed?” click Yes. 10 At the Select Configuration Option screen, select Install Database Software only, then click Next. 11 At the Summary screen, click Install. The Oracle software starts to install. 12 After installation, the Execute Configuration Scripts screen prompts you to run some configuration scripts as the root user. From the root xterm window, run the following two scripts: /opt/oracle/oraInventory/orainstRoot.sh /opt/oracle/product/10.2.0/db_1/root.sh After you run the /opt/oracle/product/10.2.0/db_1/root.sh script, you are asked to enter the full pathname to the local /bin directory. Accept the default local /bin directory and press Enter. 13 The script finds that the dbhome, oraenv, and coraenv files already exist in the /usr/local/bin directory. When you are prompted, overwrite each of these three files by typing y. 14 Go back to the Execute Configuration Scripts screen and click OK. 15 At the End of Installation screen, click Exit, then click Yes. 16 The installation is complete. Restart the server. 47 48 Installing Oracle 10g on Linux Installing Oracle 10g Patchset 10.2.0.4 Installing Oracle 10g Patchset 10.2.0.4 Always complete the installation or uninstallation of one patch before starting another. Review the Oracle 10.2.0.4 README.html file that is included in the Oracle 10g Patchset 10.2.0.4 distribution files. In particular, read the Known Issues section. Although you install Oracle 10g as the oracle user, you also need to perform some tasks as the root user. You might find it easier to switch to a dedicated root xterm window instead of changing users. Open two windows; the first one is for the oracle user, the second one is for the root user. Enter su - oracle in the first window; enter su - root in the second window. Keep these separate windows open throughout the Oracle installation. The instructions in this section assume you are logged on locally to the Linux server and running X Windows. If you connect to the server remotely, you need a terminal emulator. You also need to set the location where the GUI tools can display their output; you use the export DISPLAY command to do that. For example: export DISPLAY=<your_computer’s_IP_address>:<your_X_server’s_display_number> Note: Refer to the configuration information in the X server management program for the IP address and display number. Typically, the display number is 0. When you run the GUI tools later, if you get a response similar to the following: X connection to localhost:10.0 broken (explicit kill or server shutdown) Run the export DISPLAY command again. To install the Oracle 10g Patchset 10.2.0.4 1 If this is the first time you have installed Oracle on the local computer, skip to Step 3. Shut down the following Symantec Data Loss Prevention services if they are running. ■ In the root xterm window, change to the bin directory where the services reside by entering: cd /opt/Vontu/Protect/bin ■ Stop each Symantec Data Loss Prevention service by entering: service VontuUpdate stop Installing Oracle 10g on Linux Installing Oracle 10g Patchset 10.2.0.4 service VontuIncidentPersister stop service VontuManager stop service VontuMonitor stop service VontuMonitorController stop service VontuNotifier stop 2 If this is the first time you have installed Oracle on the local computer, skip to Step 3. Shut down all processes in the Oracle home directory that might access the database. For example, Oracle Enterprise Manager Database Control or iSQL*Plus. From the oracle xterm window, shut down all processes in the Oracle home directory. emctl stop dbconsole isqlplusctl stop lsnrctl stop sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> shutdown immediate SQL> exit 3 Copy the p6810189_10204_LINUX-x86.zip file to your /tmp directory. 4 Change directory to /tmp and unzip the p6810189_10204_LINUX-x86.zip file by entering: unzip p6810189_10204_LINUX-x86.zip This creates a directory called Disk1. If a directory called Disk1 already exists, a prompt to overwrite the existing directory is displayed. Overwrite all of the existing Disk1 files by entering A and pressing Enter. 5 After the Disk1 directory is created, go to the Disk1 directory by entering: cd Disk1 49 50 Installing Oracle 10g on Linux Installing Oracle 10g Patchset 10.2.0.4 6 Run the installer by entering: ./runInstaller –ignoresysprereqs Note: If the installer does not run and a message is displayed similar to “X connection to local host:11.0 broken (explicit kill or server shutdown),” you need to export the display before you run the installer. Enter export DISPLAY=<your_computer's_IP_address>:<your_x_server's_display_number>. Often the display number is 0, but consult with your system administrator for further help. 7 At the Welcome screen, click Next. 8 At the Specify Home Details screen, specify the pathname of the directory where the installation files are to be installed. Use the default values unless a different location was specified during the baseline Oracle installation: Name: <OraDb10g_home1> Path: </opt/oracle/product/10.2.0/db_1> 9 Click Next. Note: Make sure the Oracle Home you entered here matches the Oracle Home of the base software. Otherwise, you can end up with two Oracle Homes and the installation is not usable. When you are asked for the Oracle destination directory (for example, /opt/oracle/product/10.2.0/db_1), either enter it or select it using the navigate button that the installer provides. 10 At the Product Specific Prerequisite Checks screen, click Next. 11 At the Oracle Configuration Manager Registration screen, click Next. 12 At the Summary screen that lists the software to be installed, click Install. 13 During installation, an Execute Configuration scripts screen asks you to run a configuration script as the root user. Go to the root xterm window and run the root.sh script by entering: /opt/oracle/product/10.2.0/db_1/root.sh As the /opt/oracle/product/10.2.0/db_1/root.sh script runs, you are prompted to enter the full pathname to the local /bin directory. Accept the default local /bin directory by pressing Enter. Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 51 14 As the script runs, it might find that the dbhome, oraenv, and coraenv files already exist in the /usr/local/bin directory. When you are prompted, overwrite these three files by entering y. 15 After you successfully run the script, go back to the Execute Configuration Scripts screen and click OK. 16 At the End of Installation screen, click Exit and close the Oracle Universal Installer. 17 At the Exit screen, click Yes. Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener Symantec supplies a database template and scripts to create the Symantec Data Loss Prevention database. The database template contains all the default configurations of the Symantec Data Loss Prevention database, including default data files and character set. Note: You must use the Symantec Data Loss Prevention template to create the database. Do not use an alternate template or reuse an existing database instance. If you do not use the supplied template, failures can occur when you use Symantec Data Loss Prevention or when you later attempt to upgrade the product. Creating the Symantec Data Loss Prevention Database Log on locally to the Linux server and run X Windows. If you connect to the server remotely, you need a terminal emulator. You also need to set the location where the GUI tools can display their output; you use the export DISPLAY command to do that. For example: export DISPLAY=<your_computer’s_IP_address>:<your_X_server’s_display_number> Note: Refer to the configuration information in the X server management program for the IP address and display number. Typically, the display number is 0. When you run the GUI tools later, if you get a response similar to the following: X connection to localhost:10.0 broken (explicit kill or server shutdown) run the export DISPLAY command again. 52 Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener Note: Some X Windows sessions only authenticate for the current session. If the Oracle code needs to run a command as root, but you opened the X Windows session as the Oracle or Protect user, the Oracle code may not be able to run as root. There are no indications that this has happened except that the logs are not populated and the Symantec Data Loss Prevention database installation progress bar does not display. Perform the following procedure to create the Symantec Data Loss Prevention database. To create the Symantec Data Loss Prevention database 1 As the oracle user, change directory to the oracle_install directory in the oracle home directory by entering: cd /home/oracle/oracle_install 2 Run the oracle_template_copy.sh script by entering: ./scripts/oracle_template_copy.sh 3 Run the Database Configuration Assistant program by entering: dbca 4 When the Welcome screen appears, click Next. 5 Select Create a database when prompted. 6 Select Oracle 10g Database for Vontu <version_number> from the list of templates and click Next. Note: You must use the Symantec Data Loss Prevention template to create the database. Do not use an alternate template or reuse an existing database instance. If you do not use the supplied template, failures can occur when you use Symantec Data Loss Prevention or when you later attempt to upgrade the product. 7 Enter protect for both the Global Database Name and SID (the SID is filled in automatically). Click Next. 8 Check Configure the Database with Enterprise Manager and select Use Database Control for Database Management. Click Next. 9 Specify a password when prompted to create a password. You can use the same password for all user account types or use different passwords for each Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener user account type. The various user account types are SYS, SYSTEM, DBSNMP, and SYSMAN. Follow these guidelines to create acceptable passwords: ■ Passwords cannot contain quotation marks. ■ Passwords are not case sensitive. ■ Passwords must begin with an alphabetic character. ■ Passwords can contain only alphanumeric characters and the underscore (_), dollar sign ($), and pound sign (#). However, Oracle strongly discourages you from using $ and #. ■ A password cannot be an Oracle reserved word such as SELECT. If you enter a password that does not meet these guidelines, Oracle keeps prompting for a password. You must enter a password. Do not kill the Oracle Database Configuration Assistant. 10 Once you have entered the passwords, click Next. 11 Select File System and click Next. 12 Select Use Database File Locations from Template and click Next. 13 The Recovery Configuration step is optional. Click Next. Enabling archiving enables online database backup and recovery. It also guarantees complete data recoverability; however, it does require more disk space and management. You should discuss your backup and recovery strategy with a Symantec Data Loss Prevention representative to determine if this option is appropriate for your environment. 14 Check Enterprise Manager Repository and click Next. 15 Select Custom and accept the default template values, and then click Next. 16 Click Next to skip the Database Storage step. 17 Check Create Database and click Finish. 53 54 Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 18 When the confirmation screen appears, click OK. When the database creation process is approximately 58% complete, an error message might appear. You should resize the Oracle window so that if the ORA-22973 error message appears it is not blocked from view; otherwise, you might think the create database process has progressed when it has not. If the ORA-22973: size of object identifier exceeds maximum size allowed error message appears, click Ignore. This error message appears about halfway into the database creation process. 19 The database creation can take up to 20 minutes to complete. If the database creation process fails or hangs, check the Oracle Database Configuration Assistant log files for errors. The files are located in the oracle_home/cfgtoollogs/dbca/<SID> directory (for example, /opt/oracle/product/10.2.0/db_1/cfgtoollogs/dbca/protect). 20 When the database creation process is complete, another Database Configuration Assistant window opens and displays the database details. Write down the URL for accessing the Oracle Enterprise Manager (OEM). You need this URL later. The URL is: http://<host_name>:<port_number>/em <host_name> is the name or IP address of the computer where OEM is installed, and <port_number> is the port number on which OEM listens for requests. You can find the port number in the file named portlist.ini, located in the $ORACLE_HOME/install directory (for example, /opt/oracle/product/10.2.0/db_1/install). The default port number is 1158. 21 Click Exit. 22 If the database and listener are down bring them up. > lsnrctl start LISTENER export ORACLE_HOME=/opt/oracle/product/10.2.0/db_1 export ORACLE_SID=protect sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> startup Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 55 Creating the TNS Listener The instructions in the next two sections assume that you are logged on locally to the Linux server and running X Windows. If you connect to the server remotely, you need a terminal emulator. You also need to set the location where the GUI tools can display their output; you use the export DISPLAY command to do that. For example: export DISPLAY=<your_computer’s_IP_address>:<your_X_server’s_display_number Note: Refer to the configuration information in the X server management program for the IP address and display number. Typically, the display number is 0. When you run the GUI tools later, if you get a response similar to the following: X connection to localhost:10.0 broken (explicit kill or server shutdown) run the export DISPLAY command again. Perform the following procedure to create the TNS Listener. To create the TNS Listener 1 Log on as the oracle user. su - oracle 2 Start the Oracle Net Configuration Assistant. netca 3 Select Listener Configuration and click Next. 4 Select Add and click Next. 5 Enter a listener name and click Next. 6 Select the TCP protocol and click Next. 7 Select Use the standard port number of 1521 and click Next. 8 When you are prompted to configure another listener, select No and click Next. 9 When you are prompted that the listener configuration is complete, click Next. 10 Click Finish to exit the Oracle Net Configuration Assistant. 56 Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener Configuring the TNS Listener Perform the following procedure to configure a TNS listener. To configure the TNS Listener 1 Go to the /admin directory where the listener.ora file is located by entering: cd $ORACLE_HOME/network/admin 2 Open the listener.ora file using the gedit program by entering: gedit listener.ora 3 Delete the following lines from the file: SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /opt/oracle/product/10.2.0/db_1) (PROGRAM = extproc) ) ) 4 Add the following line anywhere in the file: ADMIN_RESTRICTIONS_listener=on 5 If you selected a non-default port (a port other than 1521) when you created the listener, add the following lines anywhere in listener.ora: SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (GLOBAL_DBNAME=protect) (ORACLE_HOME=/opt/oracle/product/10.2.0/db_1) (SID_NAME=protect) ) ) If you used a non-default SID name, replace protect with the correct SID. 6 Click Save, then close the gedit program. Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 7 If you selected a non-default port (a port other than 1521) when you created the listener, restart the listener using the command: lsnrctl reload This step is not required if you use the default port number 1521. 8 From the oracle xterm window, start the LSNRCTL program. lsnrctl 9 Set the password for the TNS Listener with the LSNRCTL program. LSNRCTL> set password <password> Replace <password> with your own password. Store the password in a secure location for future use. 10 Exit the LSNRCTL program. exit 11 Restart the server. Verifying tnsnames.ora contents Before you create the required Oracle user accounts, verify that the tnsnames.ora file contains entries for the “protect” database that you created. To verify or update tnsnames.ora file contents 1 Go to the /admin directory where the tnsnames.ora file is located by entering: cd $ORACLE_HOME/network/admin 2 Open the tnsnames.ora file using the gedit program by entering: gedit tnsnames.ora 57 58 Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener 3 Verify that the following lines are present in the file: PROTECT = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = host_name)(PORT = port_number)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = protect) ) ) If the lines do not exist, add them to the file, replacing host_name and port_number with the correct values for your system. 4 Click Save, then close the gedit program. Creating the Oracle User Account for Symantec Data Loss Prevention Perform the following procedure to create the Oracle user account for Symantec Data Loss Prevention (named “protect”). To create the new Oracle user account named “protect” 1 Go to the oracle_install/scripts directory in the Oracle home directory: cd /home/oracle/oracle_install/scripts 2 Run the oracle_create_user.sh script: ./oracle_create_user.sh Make sure you are in the scripts directory when you run this script or it does not work. 3 Enter the password for the SYS user when prompted. 4 Choose a password for the new protect database user account and enter it into SQL*Plus when prompted. Store the password in a secure location for future use. See the Symantec Data Loss Prevention Utilities Guide for instructions to change the Oracle user account password after installing Symantec Data Loss Prevention. Locking the DBSNMP Oracle User Account You should lock the Oracle DBSNMP user account. Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener To lock the Oracle DBSNMP user account 1 As the oracle user, start SQL*Plus. sqlplus /nolog 2 Log on as the SYS user. SQL> connect sys/<password> as sysdba Replace <password> with the SYS password. 3 Lock the DBSNMP user account. SQL> ALTER USER dbsnmp ACCOUNT LOCK; 4 Exit SQL*Plus. SQL> exit Configuring Automatic Startup and Shutdown of the Database You can configure automatic startup and shutdown of the database. To configure the automatic startup and shutdown of the database 1 Switch to the root xterm window. 2 Go to the oracle_install directory. cd /home/oracle/oracle_install 3 Run the oracle_post.sh script from the oracle_install directory. ./scripts/oracle_post.sh 4 Verify that the script completed successfully by checking if the very last line of the output is: dbora 0:off 1:off 2:off 3:on 4:on 5:on 6:off You may see errors before the last line (for example, cannot access /var/log/dbora). You can ignore these errors. Verifying the Symantec Data Loss Prevention Database After creating the Symantec Data Loss Prevention database, you should verify it was created correctly. 59 60 Installing Oracle 10g on Linux Creating and Configuring the Symantec Data Loss Prevention Database and TNS Listener To verify the database was created correctly 1 Open a command prompt and start SQL*Plus. sqlplus /nolog 2 Log on as the SYS user. connect sys/<password> as sysdba Replace <password> with the SYS password. 3 Run the following query. SQL> SELECT * FROM v$version; 4 Ensure that the output from the query contains the following information, identifying the software components as version 10.2.0.4: BANNER --------------------------------------------------Oracle Database 10g Release 10.2.0.4.0 - Production PL/SQL Release 10.2.0.4.0 - Production CORE 10.2.0.4.0 Production TNS for Linux: Version 10.2.0.4.0 - Production NLSRTL Version 10.2.0.4.0 - Production 5 Run the following command to describe the dba_tablespaces view. SQL> describe dba_tablespaces 6 7 Check that in the many columns of output, the output contains the following information: RETENTION VARCHAR2(11 CHAR) BIGFILE VARCHAR2(3 CHAR) Exit SQL*Plus. SQL> exit Installing Oracle 10g on Linux Installing the Critical Patch Update Installing the Critical Patch Update Before installing the Oracle Critical Patch Update, you must have already created the database. To install the latest CPU patch for Oracle 10.2.0.4, see the Oracle 10g 10.2.0.4 Critical Patch Update guide (Oracle10g_CPU_10.2.0.4.pdf). This guide is included in the Oracle Critical Patch Update ZIP file that you downloaded. See “Oracle Software to Download” on page 41. Adding More Data Files After you have created the Symantec Data Loss Prevention database, you can add more space to the database by adding more data files. To add more data files to the database 1 As the oracle user, start Oracle Enterprise Manager (OEM). emctl start dbconsole 2 Start your Internet browser and go to: http://<host_name>:<port_number>/em <host_name> is the name or IP address of the computer where OEM is installed, and <port_number> is the port number on which OEM listens for requests. You can find the port number in the file named portlist.ini, located in the $ORACLE_HOME/install directory (for example, /opt/oracle/product/10.2.0/db_1/install). The default port number is 1158. 3 Log on to OEM by performing the following tasks in this order: ■ In the User Name field, enter SYS. ■ In the Password field, enter the SYS password. ■ For Connect As, select SYSDBA, then click Login. ■ In the license information screen, click I agree. 4 Click the Administration tab. 5 In the Database Administration section, click Datafiles. 6 At the Datafiles screen, select the following options, then click Go: ■ Select the USERS01.DBF data file. 61 62 Installing Oracle 10g on Linux Backing Up the Symantec Data Loss Prevention Database ■ 7 From the Action drop-down list, select Create Like . At the Create Datafile screen, do the following: ■ In the File Name field, enter a data file name. ■ In the File Directory field, select a file directory for the new data file. ■ In the File Size field, enter the file size. ■ Deselect the Reuse existing file check box. ■ In the Storage section, check Automatically extend data file when full and check Unlimited for Maximum File Size. Each of the data files has a maximum size of 32 GB. ■ Click OK. 8 Create as many data files as needed up to 80% of the drive size. 9 Click Logout. Backing Up the Symantec Data Loss Prevention Database You should back up the Symantec Data Loss Prevention database before performing any actions that can corrupt the database; for example, performing a database upgrade. To back up the database 1 You need to back up all the files that are located in the /opt/oracle/oradata/protect folder. These include the *.DBF, *.LOG, and *.CTL files. 2 From the root xterm window, shut down all Symantec Data Loss Prevention services: ■ Go to the /opt/Vontu/Protect/bin directory. cd /opt/Vontu/Protect/bin ■ Stop the Symantec Data Loss Prevention services. ./VontuNotifier stop ./VontuIncidentPersister stop ./VontuUpdate.sh stop ./VontuManager.sh stop Installing Oracle 10g on Linux Backing Up the Symantec Data Loss Prevention Database ./VontuMonitor.sh stop ./VontuMonitorController.sh stop 3 This step is optional. For large databases, you need to check the amount of disk space you need to store copies of the database files. To determine the size of the database files, do the following: sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> SELECT ROUND (SUM (bytes) /1024/1024/1024, 4) GB FROM ( SELECT SUM (bytes) bytes FROM dba_data_files UNION ALL SELECT SUM(bytes) bytes FROM dba_temp_files UNION ALL SELECT SUM(bytes) bytes FROM v$log); SQL> exit Make sure the disk has enough space to store copies of the database files. 4 From the root xterm window, shut down all the Oracle services. service dbora stop 5 Go to the directory where the Symantec Data Loss Prevention data files reside. If you used the default directory during installation, enter: cd /opt/oracle/oradata/protect 6 Copy the contents of the /opt/oracle/oradata/protect directory to a backup location. Make sure you copy to the backup location the entire contents of this directory. You might not be aware of some additional data files or temporary files. When a recovery from a backup is needed, you need to copy the entire contents of the backup directory to the /opt/oracle/oradata/protect directory. If you copy the files as the root user, you need to change the file ownership back to the oracle user after you recover the files. 7 Copy the password file to the backup directory. This file is located in the $ORACLE_HOME/dbs directory and the file is named orapwprotect. 63 64 Installing Oracle 10g on Linux Auditing Unsuccessful Logon Attempts 8 Copy the database parameter files to the backup directory. These files are located in the $ORACLE_HOME/dbs directory (for example, /opt/oracle/product/10.2.0/db_1/dbs) and the file names are initprotect.ora and spfileprotect.ora. 9 Restart the Oracle services. service dbora start 10 If you performed this procedure as part of an upgrade, continue by downloading the Oracle 10g Patchset 10.2.0.4 software. See “Oracle 10g 10.2.0.4 Software to Download” on page 68. Auditing Unsuccessful Logon Attempts You can turn on or off the auditing of unsuccessful logon attempts. You can write the audit trail either to a database or to the operating system. To write the audit trail to the database 1 As the oracle user, start SQL*Plus. sqlplus /nolog SQL> connect sys/<password> as sysdba 2 Set the audit trail to write to the database. SQL> ALTER SYSTEM SET audit_trail=DB SCOPE=spfile; SQL> audit connect whenever NOT successful; SQL> exit 3 Reboot the server so that the new parameters take effect. 4 The audit trail is stored in dba_audit_trail system view. You view the audit trail using the following query in SQL*Plus. SQL> SELECT os_username, username, timestamp, audit_option, action_name FROM dba_audit_trail; Installing Oracle 10g on Linux About the Oracle 10g Client Software 5 Auditing unsuccessful logon attempts can be turned off using the following command in SQL*Plus. SQL> noaudit connect; 6 The audit trail consumes disk space and should be periodically purged by running the following command in SQL*Plus. SQL> TRUNCATE TABLE sys.aud$; To write the audit trail to the operating system The audit trail can also be written to a file in the operating system. To maintain accountability, it is recommended that only the system administrator is able to access it. The AUDIT_FILE_DEST parameter should be set to a location that the database administrator cannot access. You can configure the AUDIT_FILE_DEST parameter to any directory in the system. 1 As the oracle user, start SQL*Plus. sqlplus /nolog SQL> connect sys/<password> as sysdba 2 Set the audit trail to write to the operating system. SQL> ALTER SYSTEM SET audit_trail=OS SCOPE=spfile; SQL> ALTER SYSTEM SET audit_file_dest= ‘/opt/oracle/admin/protect/adump’ scope=spfile; SQL> audit connect whenever NOT successful; SQL> exit 3 Restart the server so that the new parameters take effect. 4 Auditing unsuccessful logon attempts can be turned off using the following command in SQL*Plus: SQL> noaudit connect; About the Oracle 10g Client Software For full details on how to install the Oracle client software, see the Oracle® Database Client Installation Guide 10g Release 2 (10.2) for Linux x86 from Oracle Corporation. You can view this document by going to http://download.oracle.com/docs/cd/B19306_01/install.102/b15662/toc.htm. 65 66 Installing Oracle 10g on Linux About the Oracle 10g Client Software Chapter 4 Upgrading to Oracle 10g 10.2.0.4 on Linux This chapter includes the following topics: ■ Upgrading to Oracle 10g 10.2.0.4 Upgrade for Linux ■ Backing up the Symantec Data Loss Prevention Database ■ Oracle 10g 10.2.0.4 Software to Download ■ Checking for Invalid Objects ■ Installing the Oracle 10g Patchset 10.2.0.4 ■ Upgrading the Symantec Data Loss Prevention Database ■ Installing the Critical Patch Update Upgrading to Oracle 10g 10.2.0.4 Upgrade for Linux To upgrade the Oracle 10g 10.2.0.3 software to 10.2.0.4 and upgrade the Symantec Data Loss Prevention database, you must perform the following steps, in order, on the database server. Note: It is important to back up your existing Oracle 10g database instance before you perform the upgrade. See “Backing Up the Symantec Data Loss Prevention Database” on page 62. Note: See “Backing Up the Symantec Data Loss Prevention Database” on page 62. 68 Upgrading to Oracle 10g 10.2.0.4 on Linux Backing up the Symantec Data Loss Prevention Database Table 4-1 Upgrading to Oracle 10g 10.2.0.4 Step Action Description Step 1 Backup the Oracle 10g database instance. See “Backing up the Symantec Data Loss Prevention Database” on page 68. Step 2 Download the Oracle 10g Patchset 10.2.0.4 software. See “Oracle 10g 10.2.0.4 Software to Download” on page 68. Step 3 Recompile and check for invalid objects. See “Checking for Invalid Objects” on page 69. Step 4 Install the Oracle 10g Patchset 10.2.0.4 software. See “Installing the Oracle 10g Patchset 10.2.0.4” on page 70. Step 5 Upgrade the Symantec Data See “Upgrading the Loss Prevention database. Symantec Data Loss Prevention Database” on page 73. Step 6 Install the latest Oracle 10g 10.2.0.4 Critical Patch Update. See “Installing the Critical Patch Update” on page 76. Backing up the Symantec Data Loss Prevention Database Backup the existing Symantec Data Loss Prevention before you begin any of the upgrade tasks that follow. See “Backing Up the Symantec Data Loss Prevention Database” on page 62. Oracle 10g 10.2.0.4 Software to Download You should have received a Symantec Serial Number Certificate with your order that lists a serial number for each of your products. If you did not receive the certificate, contact Symantec Customer Care as described at http://www.symantec.com/business/support/assistance_care.jsp. If you have multiple Serial Numbers, locate the Serial Number that corresponds to Oracle Standard Edition or Oracle Standard Edition One. Upgrading to Oracle 10g 10.2.0.4 on Linux Checking for Invalid Objects 69 Go to https://fileconnect.symantec.com and enter the serial number. Proceed to the list of available downloads and download Oracle_10.2.0.4_Server_Linux.zip. This ZIP file contains the Oracle 10g Release 10.2.0.1 (10201_database_linux32.zip) and Patchset 10.2.0.4 (p6810189_10204_Linux-x86.zip) software. Extract the 10201_database_linux32.zip and p6810189_10204_Linux-x86.zip files from the Oracle_10.2.0.4_Server_Linux.zip file; you use these two ZIP files later. Checking for Invalid Objects When you install Oracle Patchset 10.2.0.4 as part of an upgrade, first recompile and check for invalid objects. Recompiling now provides a baseline. After you install the new patchset you can perform another recompile. You can compare these two baselines to better understand any invalid objects that might be introduced by installing the new patchset. To check for invalid objects 1 Log on to the database as SYSDBA: export ORACLE_HOME=/opt/oracle/product/10.2.0/db_1 export ORACLE_SID=protect cd $ORACLE_HOME sqlplus /nolog SQL> connect sys/<password> as sysdba 2 Run the utlprp.sql script to recompile: SQL> @$ORACLE_HOME/rdbms/admin/utlprp.sql 3 Note the number of invalid objects that were found: SQL> select object_name, object_type, owner from all_objects where status='INVALID'; SQL> exit 70 Upgrading to Oracle 10g 10.2.0.4 on Linux Installing the Oracle 10g Patchset 10.2.0.4 Installing the Oracle 10g Patchset 10.2.0.4 Before you can upgrade the Symantec Data Loss Prevention database you must first install Oracle 10g 10.2.0.4 Patchset. Always complete the installation or uninstallation of one patch before starting another. Review the Oracle 10.2.0.4 README.html file that is included in the Oracle 10g Patchset 10.2.0.4 distribution files. In particular, read the Known Issues section. Although you install Oracle 10g as the oracle user, you also need to perform some tasks as the root user. You might find it easier to switch to a dedicated root xterm window instead of changing users. Open two windows; the first one is for the oracle user, the second one is for the root user. Enter su - oracle in the first window; enter su - root in the second window. Keep these separate windows open throughout the Oracle installation. The instructions in this section assume you are logged on locally to the Linux server and running X Windows. If you connect to the server remotely, you need a terminal emulator. You also need to set the location where the GUI tools can display their output; you use the export DISPLAY command to do that. For example: export DISPLAY=<your_computer’s_IP_address>:<your_X_server’s_display_number> Note: Refer to the configuration information in the X server management program for the IP address and display number. Typically, the display number is 0. When you run the GUI tools later, if you get a response similar to the following: X connection to localhost:10.0 broken (explicit kill or server shutdown) Run the export DISPLAY command again. To install the Oracle 10g Patchset 10.2.0.4 1 If you install Oracle Patchset 10.2.0.4 as part of an upgrade, shut down all Symantec Data Loss Prevention services. ■ In the root xterm window, change to the bin directory where the services reside by entering: cd /opt/Vontu/Protect/bin ■ Stop each Symantec Data Loss Prevention service by entering: service VontuUpdate stop Upgrading to Oracle 10g 10.2.0.4 on Linux Installing the Oracle 10g Patchset 10.2.0.4 service VontuIncidentPersister stop service VontuManager stop service VontuMonitor stop service VontuMonitorController stop service VontuNotifier stop 2 If you install Oracle Patchset 10.2.0.4 as part of an upgrade, shut down all processes in the Oracle home directory that might access the database. For example, Oracle Enterprise Manager Database Control or iSQL*Plus. From the oracle xterm window, shut down all processes in the Oracle home directory. emctl stop dbconsole isqlplusctl stop lsnrctl stop sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> shutdown immediate SQL> exit 3 Copy the p6810189_10204_LINUX-x86.zip file to your /tmp directory. 4 Change directory to /tmp and unzip the p6810189_10204_LINUX-x86.zip file by entering: unzip p6810189_10204_LINUX-x86.zip This creates a directory called Disk1. If a directory called Disk1 already exists, a prompt to overwrite the existing directory is displayed. Overwrite all of the existing Disk1 files by entering A and pressing Enter. 5 After the Disk1 directory is created, go to the Disk1 directory by entering cd Disk1 . 71 72 Upgrading to Oracle 10g 10.2.0.4 on Linux Installing the Oracle 10g Patchset 10.2.0.4 6 Run the installer by entering: ./runInstaller –ignoresysprereqs Note: If the installer does not run and a message is displayed similar to “X connection to local host:11.0 broken (explicit kill or server shutdown)” you need to export the display before you run the installer. Enter export DISPLAY=<your_computer's_IP_address>:<your_x_server's_display_number>. Often the display number is 0 but consult with your system administrator for further help. 7 At the Welcome screen, click Next. 8 At the Specify Home Details screen, specify the pathname of the directory where the installation files are to be installed. Use the default values unless a different location was specified during the baseline Oracle installation: Name: <OraDb10g_home1> Path: </opt/oracle/product/10.2.0/db_1> 9 Click Next. Note: Make sure the Oracle Home you entered here matches the Oracle Home of the base software. Otherwise, you can end up with two Oracle Homes and the installation is not usable. When you are asked for the Oracle destination directory (for example, /opt/oracle/product/10.2.0/db_1), either enter it or select it using the navigate button that the installer provides. 10 At the Product Specific Prerequisite Checks screen, click Next. 11 At the Oracle Configuration Manager Registration screen, click Next. 12 At the Summary screen that lists the software to be installed, click Install. 13 During installation, an Execute Configuration scripts screen asks you to run a configuration script as the root user. Go to the root xterm window and run the root.sh script by entering: /opt/oracle/product/10.2.0/db_1/root.sh As the /opt/oracle/product/10.2.0/db_1/root.sh script runs, you are prompted to enter the full pathname to the local /bin directory. Accept the default local /bin directory by pressing Enter. Upgrading to Oracle 10g 10.2.0.4 on Linux Upgrading the Symantec Data Loss Prevention Database 14 As the script runs, it might find that the dbhome, oraenv, and coraenv files already exist in the /usr/local/bin directory. When you are prompted, overwrite these three files by entering y. 15 After you successfully run the script, go back to the Execute Configuration Scripts screen and click OK. 16 At the End of Installation screen, click Exit and close the Oracle Universal Installer. 17 At the Exit screen, click Yes. 18 If you performed this procedure as part of an upgrade, continue by upgrading the Symantec Data Loss Prevention database. See “Upgrading the Symantec Data Loss Prevention Database” on page 73. Upgrading the Symantec Data Loss Prevention Database This section describes how to upgrade a database instance from Oracle 10g 10.2.0.3 to 10.2.0.4. You must first install Oracle 10g 10.2.0.4 Patchset. See “Installing Oracle 10g Patchset 10.2.0.4” on page 48. The Oracle Database Upgrade Assistant (DBUA) is interactive and configures itself according to what it finds on the database to be upgraded. If a feature is already in place, it may not ask about installing it. Depending on the state of your database, DBUA may not require you to go through all the steps. You might see additional steps that are not described in this document or you might not see all the steps that are described in this document. You should accept the DBUA default settings for the additional steps. You need to open both a root xterm window and an oracle xterm window during the following update procedure. To upgrade the Symantec Data Loss Prevention database 1 Start the Oracle listener: lsnrctl start 2 In the oracle xterm window, set Oracle Home to /opt/oracle/product/10.2.0/db_1/ and change directory to the Oracle Home directory. export ORACLE_HOME=/opt/oracle/product/10.2.0/db_1 cd $ORACLE_HOME 73 74 Upgrading to Oracle 10g 10.2.0.4 on Linux Upgrading the Symantec Data Loss Prevention Database 3 Run the Oracle Database Upgrade Assistant program by entering dbua. 4 At the Welcome screen, click Next. 5 At the Step 1 of 12: Databases screen, ensure that the protect database is selected and click Next. 6 At the Step 2 of 7: Move Database Files screen, select Do Not Move Database Files as Part of Upgrade, and click Next. 7 At the SYSAUX Tablespace screen, accept the default values by clicking Next. 8 At the Step 3 of 6: Recompile Invalid Objects screen, accept the default values by clicking Next. 9 At the Backup screen, select I have already backed up my database and click Next. 10 At the Step 5 of 6: Recovery Configuration screen, click Next. 11 At the Management Options screen, ensure that the options Configure the Database with Enterprise Manager and Use Database Control for Database Management are selected and click Next. 12 At the Database Credentials screen, enter the passwords that are requested for the accounts, confirm the passwords, and click Next. 13 At the Summary screen, the changes to the database are listed. Click Finish to begin the upgrade. Drag the Database Upgrade Assistant program window to the side of your computer screen so the progress meter does not hid any error messages. You might see the following Oracle error messages, which you can safely ignore: ■ ORA-04043 error: object XDB_DATABASE_PROC does not exist. ■ ORA-29831 error: operator binding not found. ■ ORA-06553 error: PLS-306: wrong number or types of arguments in call. ■ ORA-29844 error: duplicate operator name specified. 14 When the Upgrade Progress screen shows 100% complete, click OK. 15 At the Upgrade Results screen, click Close. Upgrading to Oracle 10g 10.2.0.4 on Linux Upgrading the Symantec Data Loss Prevention Database 16 Logon to the database through SQL*PLUS and enter the following commands: sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> ALTER SYSTEM SET COMPATIBLE = "10.2.0.4.0" SCOPE=SPFILE; SQL> exit 17 Check for invalid objects by entering the following: sqlplus /nolog SQL> connect sys/<password> as sysdba SQL> SELECT owner, object_name, object_Type FROM dba_objects WHERE status = "INVALID" ORDER BY 1, 2, 3; 18 The MDSYS.SDO_3GL package body is invalid after the database upgrade to 10.2.0.4. To validate the MDSYS.SDO_3GL package, enter the following: SQL> alter user mdsys account unlock; SQL> alter session set current_schema=MDSYS; SQL> @$ORACLE_HOME/md/admin/sdoutlh.sql SQL> alter user mdsys account lock; 19 During the 10.2.0.4 upgrade, Oracle changes the undo_retention and nls_length_semantics parameters to their default values. Enter the following commands to change these parameters to the Symantec Data Loss Prevention recommended values. SQL> alter system set undo_retention=10800 scope=both; SQL> alter system set nls_length_semantics='CHAR' scope=both; 75 76 Upgrading to Oracle 10g 10.2.0.4 on Linux Installing the Critical Patch Update 20 Shut down and restart the database after altering the undo_retention and nls_length_semantics parameters. SQL> shutdown immediate SQL> startup 21 Connect to the database as the SYSDBA user. sqlplus /nolog SQL> connect sys/<password> as sysdba 22 Run the utlrp.sql script. SQL> @$ORACLE_HOME/rdbms/admin/utlrp.sql 23 In the root xterm window, shut down the Oracle services. service dbora stop 24 Restart the Oracle services. service dbora start 25 Start all Symantec Data Loss Prevention services. service VontuNotifier start service VontuManager start service VontuMonitor start service VontuIncidentPersister start service VontuUpdate start service VontuMonitorController start Installing the Critical Patch Update Before installing the Oracle Critical Patch Update, you must have already created the database. To install the latest CPU patch for Oracle 10.2.0.4, see the Oracle 10g 10.2.0.4 Critical Patch Update for Linux guide (Oracle10g_CPU_10.2.0.4_Lin.pdf). Index A audits 26, 64 B backups 25, 30, 62, 68 basic installation 13 bin directory 70 boot file system 45 emctl command 23 Enforce Server accessing oracle from 10, 40 errors 34, 74 F fileconnect.symantec.com 11, 30, 41, 68 G C client software 28, 65 CPU. See Critical Patch Update Critical Patch Update installing 23, 37, 61, 76 support for 12, 42 D data files adding 23, 61 database 15, 51 See also protect database creating 15, 51 verifying 22, 59 database templates 12, 42 Database Upgrade Assistant 33 Database Utilities three-tier requirement for 10, 40 databases backing up 25, 62 DBPasswordChanger utility 10, 40 DBSNMP account 16, 53 locking 21, 58 DBUA. See Database Upgrade Assistant default port 18, 55 Disk1 directory 49, 71 DISPLAY environment variable 46 Distributed Transaction Coordinator service 33 E editions 11, 41 Global Database Name 15, 52 I initprotect.ora file 64 invalid objects 31, 36, 69 L Linux 39 See also Oracle 10g for Linux configuring 42 listener. See TNS listener listener.ora file 19, 56 logon auditing 26, 64 lsnrctl command 19, 57 M Microsoft Windows stopping services in 12 user account requirements for 10, 12 N netca utility 55 non-default port numbers 19, 56 O opt file system 45 ORA errors 34, 74 Oracle 10g. See Oracle 10g for Linux. See Oracle 10g for Windows 78 Index Oracle 10g for Linux. See backing up database with adding database files to 61 auditing logins to 64 changing password of 40 checking for invalid objects with 69 configuring automatic startup and shutdown of 59 configuring database with 51 configuring TNS listener with 51, 56 database template required for 42, 51 downloading 41, 68 editions of 41 installing 39, 40, 42, 45 installing patchset for 48, 70 preinstallation steps for 42 requirements for 43 upgrading 67, 68, 69, 70, 72, 73, 75, 76 verifying database with 59 Oracle 10g for Windows. See backing up database with adding database files to 23 auditing logins to 26 changing password of 10 checking for invalid objects with 31 configuring database with 14 configuring TNS listener with 14, 18 database template required for 12, 15 downloading 11, 30 editions of 11 installing 9, 10, 12 installing patchset for 13, 31 prerequisites for 13 thin driver requirement for 12 upgrading 29, 30, 31, 33, 35, 36 verifying database with 22 Oracle Client 12 three-tier requirement for 10, 40 Oracle Enterprise Manager 17 Oracle Net Configuration Assistant 55 oracle user 46 oracle_create_user.sh script 58 oracle_create_user.sql script 21 oracle_post.sh script 59 oracle_verify.sh script 42 orainstRoot.sh script 47 P passwords requirements for 16, 53 patchset 13, 31, 48, 70 port 1521 18, 19, 55, 56 processes stopping 49 protect database 15, 52 protect user account creating 21, 58 R root account 45, 48, 70 root.sh script 47, 50, 72 rpm packages 44 runInstaller command 46, 50 S serial numbers 11, 41 services 12 starting 35, 76 stopping 33, 48, 70 SID 15, 52 single-tier installations 10, 40 spfileprotect.ora file 64 SQL scripts 12, 21, 42, 58 SQL*Plus three-tier requirement for 10, 40 sqlnet.ora file 18 sqlplus 21, 25, 59, 63 Standard Edition 11, 13, 41, 47 Standard Edition One 11, 41 SYS account 16, 53 sysctl.conf file 44 SYSDBA account 24, 26, 61, 64, 69 SYSMAN account 16, 53 SYSTEM account 16, 53 T thin driver 12 three-tier installations 10, 40 TNS listener configuring 18, 56 creating 14, 17, 51, 55 starting 73 tnsnames.ora file verifying 20, 57 two-tier installations 10, 40 Index U user accounts 12, 21, 58 three-tier requirement for 10, 40 USERS01.DBF file 61 utlprp.sql 31, 69 utlprp.sql script 36 utlrp.sql script 76 V var file system 45 W Windows. See Microsoft Windows X X server 46 79
© Copyright 2026