Re: security patches in any views?

From: bdbafh <bdbafh_at_gmail.com>
Date: Sat, 22 Mar 2008 05:15:03 -0700 (PDT)
Message-ID: <ce0bef1b-b381-4840-94b0-be0d55bafd1f@u72g2000hsf.googlegroups.com>

On Mar 22, 5:07 am, Jim Smith <usene..._at_ponder-stibbons.com> wrote:
> In message
> <06bfdbde-2dca-49cf-be1f-69e9eeed4..._at_d62g2000hsf.googlegroups.com>,
> bdbafh <bdb..._at_gmail.com> writes
>
>
>
> >On Mar 18, 1:31 pm, NetComrade <netcomradeNS..._at_bookexchange.net>
> >wrote:
> >> Is there are a way to query all the security patches applied on a db?,
> >> or is that a function of opatch only?
>
> >> Need for '3rd party' auditing purposes.
>
> >> thanks
> >> .......
> >> We run Oracle 9iR2,10gR2, 10g2RAC on RH4/RH5 and Solaris 10 (Sparc)
> >> remove NSPAM to email
>
> >This is a RH 4 box (U5) running 32 bit Oracle, 32 bit Linux.
> >Its current and hasn't had the 10.2.0.4 patchset applied yet (but its
> >sister test box has).
>
> >$ sqlplus / as sysdba
>
> >SQL*Plus: Release 10.2.0.3.0 - Production on Tue Mar 18 14:17:35 2008
>
> >Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
>
> >Connected to:
> >Oracle Database 10g Release 10.2.0.3.0 - Production
>
> >SQL> select * from registry$history;
>
> >ACTION_TIME
> >---------------------------------------------------------------------------
> >ACTION NAMESPACE
> >------------------------------ ------------------------------
> >VERSION ID
> >------------------------------ ----------
> >COMMENTS
> >------------------------------------------------------------------------
> >--------
>
> >17-FEB-08 09.23.10.145133 AM
> >CPU SERVER
> >10.2.0.3.0 6646853
> >CPUJan2008
>
> >17-FEB-08 09.39.24.356214 AM
> >CPU
> > 6452863
> >view recompilation
>
> >hth.
>
> >-bdbafh
>
> v$registry_history is incomplete. I haven't had to time to go into it
> properly, but it looks as if a database created with binaries which have
> had a CPU installed doesn't show up has having the CPU installed in the
> database.
>
> So you need a combination of when the CPU was applied to the binaries
> and when the database was created from those binaries.
> --
> Jim Smith

Jim,

Review the script catcpu.sql included in the installed patch location. This is typically under %ORACLE_HOME%\cpu\cpu<qtr>YYYY\ on MS Win. It is also under %ORACLE_HOME%\bundle\Patch<nn>. The ones that I've examined delete from this table prior to inserting the row for the patch being applied, so previous rows would in fact be removed.

If the post-apply script were not executed against a particular database, or an error occurred such that the insert of the row for the applied patch failed, the corresponding record may be missing from registry$history.

I have seen the insert statement fail (I don't recall why) and manually re-executed it. Yes, I agree that the info is far from complete. Are you saying that if multiple critical patch updates have been applied to the ORACLE_HOME, that only the most recently applied one is listed in registry$history? That would correspond to what I have observed as well. Critical patch updates are cumulative on the MS Windows side. OPatch nappy changed that for the *nixes.

hth.

-bdbafh Received on Sat Mar 22 2008 - 07:15:03 CDT

This message: [ Message body ]
Next message: Mladen Gogala: "Re: How to reduce memory consumption?"
Previous message: Urs Metzger: "Re: sql problem"
In reply to: Jim Smith: "Re: security patches in any views?"
Next in thread: Jim Smith: "Re: security patches in any views?"
Reply: Jim Smith: "Re: security patches in any views?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message