Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Project Lockdown ...

RE: Project Lockdown ...

From: Jesse, Rich <Rich.Jesse_at_qg.com>
Date: Mon, 9 Oct 2006 08:14:19 -0500
Message-ID: <FB5D3CCFCECC2948B5DCF4CABDBE6697A522E7@QTEX1.qg.com>


Interesting reading. I see that Arup recommends to "Change the permission of the redundant files $ORACLE_HOME/bin/oracleO, tnslsnr0, lsnrctl0, extjob0, etc. to 0000." I've always just deleted these immediately after installing and some time after upgrading/patching.

Any reason that I should be keeping these around? Meatlink doesn't seem to have any articles dealing with this.

Rich

Disclaimer: "Metalink" wasn't found in my spell checker.

-----Original Message-----

From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of stv Sent: Friday, October 06, 2006 4:51 PM
To: oracle-l_at_freelists.org
Subject: Project Lockdown ...

Does anyone have opinions of this paper?

http://www.oracle.com/technology/pub/articles/project_lockdown/project-l ockdown.pdf

I found the link via Pete Finnigan, who seems to my newbie eyes an excellent resource. Anway, we're working through this for an Oracle XE instance that will serve a public-facing PHP application.

Section 1.4 talks about setting umask on certain directories. I'm familiar with umask, but I'm unaware of any directory capability. Googling "directory umask" hits a couple of pages where people ask for such a thing and get unsatisfactory answers. man pages don't lead anywhere.

The intent of 1.4 is to ensure that bdumps, rdbms/log, rdbms/audit and some other folders that house dynamically created files will default to -rw-------.

to quote:

Some trace files are generated here as well as the database alert log. Permissions should be
rw------- (Read+Write by Oracle software owner only)

So, aside from the Unix question, I was wondering if others have thoughts on this paper?

--steve smith
--

http://www.freelists.org/webpage/oracle-l
--

http://www.freelists.org/webpage/oracle-l Received on Mon Oct 09 2006 - 08:14:19 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US