Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # This script should examine your EM12c R4 environment, identify the ports
- # each component uses, and check for SSLv2/SSLv3 usage, as well as make
- # sure that weak cipher suites get rejected. It also contains a patch
- # check currently comparing against the latest recommended patches
- # and flags the use of self-signed certificates. Further checks include
- # EM12c Java JDK version.
- #
- # Added in v1.0: Repository database patch check
- # Added in v1.1: EM12c Java JDK version check
- # Change in v1.2: Removed patch 19948000 recommendation for OHS.
- # Change in v1.3: Update for 30 Apr 2015 patches, add EM-OH plugin home
- # restored GDFA/16420963 for WLS
- # added 20114054 for Agent - only applicable for Linux x86-64
- # Change in v1.4: Add datestamp/hostname to output header
- # Update for 31 May 2015 patches, add EM-DB-DISC plugin home
- # Change in v1.5: Add repo DB check for SSL_VERSION and SSL_CIPHER_SUITES
- # Add VERBOSE_CHECKSEC variable:
- # Set to 0 for quiet run.
- # Set to 1 to see failed check summary after run.
- # Set to 2 for failed check summary and patch details.
- # Change in v1.6: Add PSU4 for EM12cR4, complete VERBOSE_CHECKSEC work
- # Add 14 July 2015 patches
- # Change in v1.7: Update for 31 Jul 2015 patches
- # Change in v1.8: Update for 31 Aug 2015 patches
- # Change in v1.9: Add 17714229 for OMS home
- # Add 21068288 CVE-2015-4742 for oracle_common home
- # Add check for usage of demonstration SSL certificates
- # Change in v1.10: Update for 1 Oct 2015 patches, PSU5, CPUOCT2015
- # Added 18502187 for OMS home
- # Change in v1.11: Update for 30 Nov 2015 patches
- #
- # From: @BrianPardy on Twitter
- #
- # Known functional on Linux x86-64, Solaris, AIX.
- #
- # Run this script as the Oracle EM12c software owner, with your environment
- # fully up and running.
- #
- # Thanks to Dave Corsar, who tested on Solaris and let me know the
- # changes needed to make an earlier version work on Solaris.
- #
- # Thanks to opa tropa who confirmed AIX functionality and noted the
- # use of GNU extensions to grep, which I have since removed.
- #
- # Dedicated to our two Lhasa Apsos:
- # Lucy (6/13/1998 - 3/13/2015)
- # Ethel (6/13/1998 - 7/31/2015)
- #
- #
- SCRIPTNAME=`basename $0`
- PATCHDATE="30 Nov 2015"
- OMSHOST=`hostname -f`
- VERSION="1.11"
- FAIL_COUNT=0
- FAIL_TESTS=""
- RUN_DB_CHECK=0
- VERBOSE_CHECKSEC=2
- HOST_OS=`uname -s`
- HOST_ARCH=`uname -m`
- ORAGCHOMELIST="/etc/oragchomelist"
- ORATAB="/etc/oratab"
- if [[ ! -r $ORAGCHOMELIST ]]; then # Solaris
- ORAGCHOMELIST="/var/opt/oracle/oragchomelist"
- fi
- if [[ ! -r $ORATAB ]]; then # Solaris
- ORATAB="/var/opt/oracle/oratab"
- fi
- if [[ -x "/usr/sfw/bin/gegrep" ]]; then
- GREP=/usr/sfw/bin/gegrep
- else
- GREP=`which grep`
- fi
- OMS_HOME=`$GREP -i oms $ORAGCHOMELIST | xargs ls -d 2>/dev/null`
- OPATCH="$OMS_HOME/OPatch/opatch"
- OPATCHAUTO="$OMS_HOME/OPatch/opatchauto"
- OMSORAINST="$OMS_HOME/oraInst.loc"
- ORAINVENTORY=`head -n 1 $OMSORAINST | awk -F= '{print $2}'`
- MW_HOME=`dirname $OMS_HOME`
- BIP_HOME=`$GREP -vi REMOVED $ORAINVENTORY/ContentsXML/inventory.xml | $GREP "HOME NAME=\"Oracle_BI" | awk '{print $3}' | sed -e 's/LOC=\"//' | sed -e 's/"//'`
- COMMON_HOME=`$GREP -vi REMOVED $ORAINVENTORY/ContentsXML/inventory.xml | $GREP "HOME NAME=\"common" | awk '{print $3}' | sed -e 's/LOC=\"//' | sed -e 's/"//'`
- WEBTIER_HOME=`$GREP -vi REMOVED $ORAINVENTORY/ContentsXML/inventory.xml | $GREP "HOME NAME=\"webtier" | awk '{print $3}' | sed -e 's/LOC=\"//' | sed -e 's/"//'`
- AGENT_HOME=`$GREP -vi REMOVED $ORAINVENTORY/ContentsXML/inventory.xml | $GREP "HOME NAME=\"agent12c" | awk '{print $3}' | sed -e 's/LOC=\"//' | sed -e 's/"//'`
- AGENT_DB_PLUGIN_HOME="$AGENT_HOME/../../plugins/oracle.sysman.db.agent.plugin_12.1.0.7.0"
- AGENT_DB_PLUGIN_DISC_HOME="$AGENT_HOME/../../plugins/oracle.sysman.db.discovery.plugin_12.1.0.7.0"
- AGENT_FMW_PLUGIN_HOME="$AGENT_HOME/../../plugins/oracle.sysman.emas.agent.plugin_12.1.0.7.0"
- AGENT_FMW_PLUGIN_DISC_HOME="$AGENT_HOME/../../plugins/oracle.sysman.emas.discovery.plugin_12.1.0.7.0"
- AGENT_BEACON_PLUGIN_HOME="$AGENT_HOME/../../plugins/oracle.sysman.beacon.agent.plugin_12.1.0.4.0"
- AGENT_OH_PLUGIN_HOME="$AGENT_HOME/../../plugins/oracle.sysman.oh.agent.plugin_12.1.0.4.0"
- EM_INSTANCE_BASE=`$GREP GCDomain $MW_HOME/domain-registry.xml | sed -e 's/.*=//' | sed -e 's/\/user_projects.*$//' | sed -e 's/"//'`
- WL_HOME=`$GREP wlserver $MW_HOME/domain-registry.xml | sed -e 's/.*=//' | sed -e 's/\/samples.*$//' | sed -e 's/"//' | uniq`
- EMGC_PROPS="$EM_INSTANCE_BASE/em/EMGC_OMS1/emgc.properties"
- EMBIP_PROPS="$EM_INSTANCE_BASE/em/EMGC_OMS1/embip.properties"
- OPMN_PROPS="$EM_INSTANCE_BASE/WebTierIH1/config/OPMN/opmn/ports.prop"
- OHS_ADMIN_CONF="$EM_INSTANCE_BASE/WebTierIH1/config/OHS/ohs1/admin.conf"
- PORT_UPL=`$GREP EM_UPLOAD_HTTPS_PORT $EMGC_PROPS | awk -F= '{print $2}'`
- PORT_OMS=`$GREP EM_CONSOLE_HTTPS_PORT $EMGC_PROPS | awk -F= '{print $2}'`
- PORT_OMS_JAVA=`$GREP MS_HTTPS_PORT $EMGC_PROPS | awk -F= '{print $2}'`
- PORT_NODEMANAGER=`$GREP EM_NODEMGR_PORT $EMGC_PROPS | awk -F= '{print $2}'`
- PORT_BIP=`$GREP BIP_HTTPS_PORT $EMBIP_PROPS | awk -F= '{print $2}'`
- PORT_ADMINSERVER=`$GREP AS_HTTPS_PORT $EMGC_PROPS | awk -F= '{print $2}'`
- PORT_OPMN=`$GREP '/opmn/remote_port' $OPMN_PROPS | awk -F= '{print $2}'`
- PORT_OHS_ADMIN=`$GREP Listen $OHS_ADMIN_CONF | awk '{print $2}'`
- PORT_AGENT=`$AGENT_HOME/bin/emctl status agent | $GREP 'Agent URL' | sed -e 's/\/emd\/main\///' | sed -e 's/^.*://' | uniq`
- REPOS_DB_CONNDESC=`$GREP EM_REPOS_CONNECTDESCRIPTOR $EMGC_PROPS | sed -e 's/EM_REPOS_CONNECTDESCRIPTOR=//' | sed -e 's/\\\\//g'`
- REPOS_DB_HOST=`echo $REPOS_DB_CONNDESC | sed -e 's/^.*HOST=//' | sed -e 's/).*$//'`
- REPOS_DB_SID=`echo $REPOS_DB_CONNDESC | sed -e 's/^.*SID=//' | sed -e 's/).*$//'`
- if [[ "$REPOS_DB_HOST" == "$OMSHOST" ]]; then
- REPOS_DB_HOME=`$GREP "$REPOS_DB_SID:" $ORATAB | awk -F: '{print $2}'`
- REPOS_DB_VERSION=`$REPOS_DB_HOME/OPatch/opatch lsinventory -oh $REPOS_DB_HOME | $GREP 'Oracle Database' | awk '{print $4}'`
- if [[ "$REPOS_DB_VERSION" == "11.2.0.4.0" ]]; then
- RUN_DB_CHECK=1
- fi
- if [[ "$REPOS_DB_VERSION" == "12.1.0.2.0" ]]; then
- RUN_DB_CHECK=1
- fi
- if [[ "$RUN_DB_CHECK" -eq 0 ]]; then
- echo -e "\tSkipping local repository DB patch check, only 11.2.0.4 or 12.1.0.2 supported by this script for now"
- fi
- fi
- sslcheck () {
- OPENSSL_CHECK_COMPONENT=$1
- OPENSSL_CHECK_HOST=$2
- OPENSSL_CHECK_PORT=$3
- OPENSSL_CHECK_PROTO=$4
- OPENSSL_RETURN=`echo Q | openssl s_client -prexit -connect $OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT -$OPENSSL_CHECK_PROTO 2>&1 | $GREP Cipher | $GREP -c 0000`
- if [[ $OPENSSL_CHECK_PROTO == "tls1" ]]; then
- echo -en "\tConfirming $OPENSSL_CHECK_PROTO available for $OPENSSL_CHECK_COMPONENT at $OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT... "
- if [[ $OPENSSL_RETURN -eq "0" ]]; then
- echo OK
- else
- echo FAILED
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$OPENSSL_CHECK_COMPONENT @ $OPENSSL_CHECK_HOST:${OPENSSL_CHECK_PORT}:$OPENSSL_CHECK_PROTO protocol connection failed"
- fi
- fi
- if [[ $OPENSSL_CHECK_PROTO == "ssl2" || $OPENSSL_CHECK_PROTO == "ssl3" ]]; then
- echo -en "\tConfirming $OPENSSL_CHECK_PROTO disabled for $OPENSSL_CHECK_COMPONENT at $OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT... "
- if [[ $OPENSSL_RETURN -ne "0" ]]; then
- echo OK
- else
- echo FAILED
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$OPENSSL_CHECK_COMPONENT @ $OPENSSL_CHECK_HOST:${OPENSSL_CHECK_PORT}:$OPENSSL_CHECK_PROTO protocol connection succeeded"
- fi
- fi
- }
- opatchcheck () {
- OPATCH_CHECK_COMPONENT=$1
- OPATCH_CHECK_OH=$2
- OPATCH_CHECK_PATCH=$3
- if [[ "$OPATCH_CHECK_COMPONENT" == "ReposDBHome" ]]; then
- OPATCH_RET=`$OPATCH_CHECK_OH/OPatch/opatch lsinv -oh $OPATCH_CHECK_OH | $GREP $OPATCH_CHECK_PATCH`
- else
- OPATCH_RET=`$OPATCH lsinv -oh $OPATCH_CHECK_OH | $GREP $OPATCH_CHECK_PATCH`
- fi
- if [[ -z "$OPATCH_RET" ]]; then
- echo FAILED
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$OPATCH_CHECK_COMPONENT @ ${OPATCH_CHECK_OH}:Patch $OPATCH_CHECK_PATCH not found"
- else
- echo OK
- fi
- test $VERBOSE_CHECKSEC -ge 2 && echo $OPATCH_RET
- }
- opatchautocheck () {
- OPATCHAUTO_CHECK_COMPONENT=$1
- OPATCHAUTO_CHECK_OH=$2
- OPATCHAUTO_CHECK_PATCH=$3
- OPATCHAUTO_RET=`$OPATCHAUTO lspatches -oh $OPATCHAUTO_CHECK_OH | $GREP $OPATCHAUTO_CHECK_PATCH`
- if [[ -z "$OPATCHAUTO_RET" ]]; then
- echo FAILED
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$OPATCHAUTO_CHECK_COMPONENT @ ${OPATCHAUTO_CHECK_OH}:Patch $OPATCHAUTO_CHECK_PATCH not found"
- else
- echo OK
- fi
- test $VERBOSE_CHECKSEC -ge 2 && echo $OPATCHAUTO_RET
- }
- certcheck () {
- CERTCHECK_CHECK_COMPONENT=$1
- CERTCHECK_CHECK_HOST=$2
- CERTCHECK_CHECK_PORT=$3
- echo -ne "\tChecking certificate at $CERTCHECK_CHECK_COMPONENT ($CERTCHECK_CHECK_HOST:$CERTCHECK_CHECK_PORT)... "
- OPENSSL_SELFSIGNED_COUNT=`echo Q | openssl s_client -prexit -connect $CERTCHECK_CHECK_HOST:$CERTCHECK_CHECK_PORT 2>&1 | $GREP -ci "self signed certificate"`
- if [[ $OPENSSL_SELFSIGNED_COUNT -eq "0" ]]; then
- echo OK
- else
- echo FAILED - Found self-signed certificate
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$CERTCHECK_CHECK_COMPONENT @ ${CERTCHECK_CHECK_HOST}:${CERTCHECK_CHECK_PORT} found self-signed certificate"
- fi
- }
- democertcheck () {
- DEMOCERTCHECK_CHECK_COMPONENT=$1
- DEMOCERTCHECK_CHECK_HOST=$2
- DEMOCERTCHECK_CHECK_PORT=$3
- echo -ne "\tChecking certificate at $DEMOCERTCHECK_CHECK_COMPONENT ($DEMOCERTCHECK_CHECK_HOST:$DEMOCERTCHECK_CHECK_PORT)... "
- OPENSSL_DEMO_COUNT=`echo Q | openssl s_client -prexit -connect $DEMOCERTCHECK_CHECK_HOST:$DEMOCERTCHECK_CHECK_PORT 2>&1 | $GREP -ci "issuer=/C=US/ST=MyState/L=MyTown/O=MyOrganization/OU=FOR TESTING ONLY/CN=CertGenCAB"`
- if [[ $OPENSSL_DEMO_COUNT -eq "0" ]]; then
- echo OK
- else
- echo FAILED - Found demonstration certificate
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$DEMOCERTCHECK_CHECK_COMPONENT @ ${DEMOCERTCHECK_CHECK_HOST}:${DEMOCERTCHECK_CHECK_PORT} found demonstration certificate"
- fi
- }
- ciphercheck () {
- OPENSSL_CHECK_COMPONENT=$1
- OPENSSL_CHECK_HOST=$2
- OPENSSL_CHECK_PORT=$3
- echo -ne "\tChecking LOW strength ciphers on $OPENSSL_CHECK_COMPONENT ($OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT)..."
- OPENSSL_LOW_RETURN=`echo Q | openssl s_client -prexit -connect $OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT -tls1 -cipher LOW 2>&1 | $GREP Cipher | uniq | $GREP -c 0000`
- if [[ $OPENSSL_LOW_RETURN -eq "0" ]]; then
- echo -e "\tFAILED - PERMITS LOW STRENGTH CIPHER CONNECTIONS"
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$OPENSSL_CHECK_COMPONENT @ $OPENSSL_CHECK_HOST:${OPENSSL_CHECK_PORT}:Permits LOW strength ciphers"
- else
- echo -e "\tOK"
- fi
- echo -ne "\tChecking MEDIUM strength ciphers on $OPENSSL_CHECK_COMPONENT ($OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT)..."
- OPENSSL_MEDIUM_RETURN=`echo Q | openssl s_client -prexit -connect $OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT -tls1 -cipher MEDIUM 2>&1 | $GREP Cipher | uniq | $GREP -c 0000`
- if [[ $OPENSSL_MEDIUM_RETURN -eq "0" ]]; then
- echo -e "\tFAILED - PERMITS MEDIUM STRENGTH CIPHER CONNECTIONS"
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$OPENSSL_CHECK_COMPONENT @ $OPENSSL_CHECK_HOST:${OPENSSL_CHECK_PORT}:Permits MEDIUM strength ciphers"
- else
- echo -e "\tOK"
- fi
- echo -ne "\tChecking HIGH strength ciphers on $OPENSSL_CHECK_COMPONENT ($OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT)..."
- OPENSSL_HIGH_RETURN=`echo Q | openssl s_client -prexit -connect $OPENSSL_CHECK_HOST:$OPENSSL_CHECK_PORT -tls1 -cipher HIGH 2>&1 | $GREP Cipher | uniq | $GREP -c 0000`
- if [[ $OPENSSL_HIGH_RETURN -eq "0" ]]; then
- echo -e "\tOK"
- else
- echo -e "\tFAILED - CANNOT CONNECT WITH HIGH STRENGTH CIPHER"
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$OPENSSL_CHECK_COMPONENT @ $OPENSSL_CHECK_HOST:${OPENSSL_CHECK_PORT}:Rejects HIGH strength ciphers"
- fi
- echo
- }
- wlspatchcheck () {
- WLSDIR=$1
- WLSPATCH=$2
- WLSCHECK_RETURN=`( cd $MW_HOME/utils/bsu && $MW_HOME/utils/bsu/bsu.sh -report ) | $GREP $WLSPATCH`
- WLSCHECK_COUNT=`echo $WLSCHECK_RETURN | wc -l`
- if [[ $WLSCHECK_COUNT -ge "1" ]]; then
- echo -e "\tOK"
- else
- echo -e "\tFAILED - PATCH NOT FOUND"
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$WLSDIR:Patch $WLSPATCH not found"
- fi
- test $VERBOSE_CHECKSEC -ge 2 && echo $WLSCHECK_RETURN
- }
- javacheck () {
- WHICH_JAVA=$1
- JAVA_DIR=$2
- JAVACHECK_RETURN=`$JAVA_DIR/bin/java -version 2>&1 | $GREP version | awk '{print $3}' | sed -e 's/"//g'`
- if [[ "$JAVACHECK_RETURN" == "1.6.0_95" ]]; then
- echo -e "\tOK"
- else
- #echo -e "\tFAILED - Found version $JAVACHECK_RETURN"
- echo -e "\tFAILED"
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$WHICH_JAVA Java in ${JAVA_DIR}:Found incorrect version $JAVACHECK_RETURN"
- fi
- test $VERBOSE_CHECKSEC -ge 2 && echo $JAVACHECK_RETURN
- }
- paramcheck () {
- WHICH_PARAM=$1
- WHICH_ORACLE_HOME=$2
- WHICH_FILE=$3
- PARAMCHECK_RETURN=`$GREP $WHICH_PARAM $WHICH_ORACLE_HOME/network/admin/$WHICH_FILE | awk -F= '{print $2}' | sed -e 's/\s//g'`
- if [[ "$WHICH_PARAM" == "SSL_VERSION" ]]; then
- if [[ "$PARAMCHECK_RETURN" == "1.0" ]]; then
- echo -e "OK"
- else
- echo -e "FAILED - Found $WHICH_PARAM = $PARAMCHECK_RETURN"
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$WHICH_PARAM in $WHICH_FILE for home ${WHICH_ORACLE_HOME}:incorrect parameter value"
- fi
- test $VERBOSE_CHECKSEC -ge 2 && echo $PARAMCHECK_RETURN
- fi
- if [[ "$WHICH_PARAM" == "SSL_CIPHER_SUITES" ]]; then
- if [[ "$PARAMCHECK_RETURN" == "(SSL_RSA_WITH_AES128_CBC_SHA,SSL_RSA_WITH_AES256_CBC_SHA)" ]]; then
- echo -e "OK"
- else
- echo -e "FAILED - Found $WHICH_PARAM = $PARAMCHECK_RETURN"
- FAIL_COUNT=$((FAIL_COUNT+1))
- FAIL_TESTS="${FAIL_TESTS}\\n$FUNCNAME:$WHICH_PARAM in $WHICH_FILE for home ${WHICH_ORACLE_HOME}:incorrect parameter value"
- fi
- test $VERBOSE_CHECKSEC -ge 2 && echo $PARAMCHECK_RETURN
- fi
- }
- ### MAIN SCRIPT HERE
- echo -e "Performing EM12cR4 security checkup version $VERSION on $OMSHOST at `date`.\n"
- echo "Using port definitions from configuration files "
- echo -e "\t/etc/oragchomelist"
- echo -e "\t$EMGC_PROPS"
- echo -e "\t$EMBIP_PROPS"
- echo -e "\t$OPMN_PROPS"
- echo -e "\t$OHS_ADMIN_CONF"
- echo
- echo -e "\tAgent port found at $OMSHOST:$PORT_AGENT"
- echo -e "\tBIPublisher port found at $OMSHOST:$PORT_BIP"
- echo -e "\tNodeManager port found at $OMSHOST:$PORT_NODEMANAGER"
- echo -e "\tOHSadmin port found at $OMSHOST:$PORT_OHS_ADMIN"
- echo -e "\tOMSconsole port found at $OMSHOST:$PORT_OMS"
- echo -e "\tOMSproxy port found at $OMSHOST:$PORT_OMS_JAVA"
- echo -e "\tOMSupload port found at $OMSHOST:$PORT_UPL"
- echo -e "\tOPMN port found at $OMSHOST:$PORT_OPMN"
- echo -e "\tWLSadmin found at $OMSHOST:$PORT_ADMINSERVER"
- echo
- echo -e "\tRepository DB version=$REPOS_DB_VERSION SID=$REPOS_DB_SID host=$REPOS_DB_HOST"
- if [[ $RUN_DB_CHECK -eq "1" ]]; then
- echo -e "\tRepository DB on OMS server, will check patches/parameters in $REPOS_DB_HOME"
- fi
- echo -e "\n(1) Checking SSL/TLS configuration (see notes 1602983.1, 1477287.1, 1905314.1)"
- echo -e "\n\t(1a) Forbid SSLv2 connections"
- sslcheck Agent $OMSHOST $PORT_AGENT ssl2
- sslcheck BIPublisher $OMSHOST $PORT_BIP ssl2
- sslcheck NodeManager $OMSHOST $PORT_NODEMANAGER ssl2
- sslcheck OHSadmin $OMSHOST $PORT_OHS_ADMIN ssl2
- sslcheck OMSconsole $OMSHOST $PORT_OMS ssl2
- sslcheck OMSproxy $OMSHOST $PORT_OMS_JAVA ssl2
- sslcheck OMSupload $OMSHOST $PORT_UPL ssl2
- sslcheck OPMN $OMSHOST $PORT_OPMN ssl2
- sslcheck WLSadmin $OMSHOST $PORT_ADMINSERVER ssl2
- echo -e "\n\t(1b) Forbid SSLv3 connections"
- sslcheck Agent $OMSHOST $PORT_AGENT ssl3
- sslcheck BIPublisher $OMSHOST $PORT_BIP ssl3
- sslcheck NodeManager $OMSHOST $PORT_NODEMANAGER ssl3
- sslcheck OHSadmin $OMSHOST $PORT_OHS_ADMIN ssl3
- sslcheck OMSconsole $OMSHOST $PORT_OMS ssl3
- sslcheck OMSproxy $OMSHOST $PORT_OMS_JAVA ssl3
- sslcheck OMSupload $OMSHOST $PORT_UPL ssl3
- sslcheck OPMN $OMSHOST $PORT_OPMN ssl3
- sslcheck WLSadmin $OMSHOST $PORT_ADMINSERVER ssl3
- echo -e "\n\t(1c) Permit TLSv1 connections"
- sslcheck Agent $OMSHOST $PORT_AGENT tls1
- sslcheck BIPublisher $OMSHOST $PORT_BIP tls1
- sslcheck NodeManager $OMSHOST $PORT_NODEMANAGER tls1
- sslcheck OHSadmin $OMSHOST $PORT_OHS_ADMIN tls1
- sslcheck OMSconsole $OMSHOST $PORT_OMS tls1
- sslcheck OMSproxy $OMSHOST $PORT_OMS_JAVA tls1
- sslcheck OMSupload $OMSHOST $PORT_UPL tls1
- sslcheck OPMN $OMSHOST $PORT_OPMN tls1
- sslcheck WLSadmin $OMSHOST $PORT_ADMINSERVER tls1
- echo -e "\n(2) Checking supported ciphers at SSL/TLS endpoints (see notes 1477287.1, 1905314.1, 1067411.1)"
- ciphercheck Agent $OMSHOST $PORT_AGENT
- ciphercheck BIPublisher $OMSHOST $PORT_BIP
- ciphercheck NodeManager $OMSHOST $PORT_NODEMANAGER
- ciphercheck OHSadmin $OMSHOST $PORT_OHS_ADMIN
- ciphercheck OMSconsole $OMSHOST $PORT_OMS
- ciphercheck OMSproxy $OMSHOST $PORT_OMS_JAVA
- ciphercheck OMSupload $OMSHOST $PORT_UPL
- ciphercheck OPMN $OMSHOST $PORT_OPMN
- ciphercheck WLSadmin $OMSHOST $PORT_ADMINSERVER
- echo -e "\n(3) Checking self-signed and demonstration certificates at SSL/TLS endpoints (see notes 1367988.1, 1399293.1, 1593183.1, 1527874.1, 123033.1, 1937457.1)"
- certcheck Agent $OMSHOST $PORT_AGENT
- democertcheck Agent $OMSHOST $PORT_AGENT
- certcheck BIPublisher $OMSHOST $PORT_BIP
- democertcheck BIPublisher $OMSHOST $PORT_BIP
- certcheck NodeManager $OMSHOST $PORT_NODEMANAGER
- democertcheck NodeManager $OMSHOST $PORT_NODEMANAGER
- certcheck OHSadmin $OMSHOST $PORT_OHS_ADMIN
- democertcheck OHSadmin $OMSHOST $PORT_OHS_ADMIN
- certcheck OMSconsole $OMSHOST $PORT_OMS
- democertcheck OMSconsole $OMSHOST $PORT_OMS
- certcheck OMSproxy $OMSHOST $PORT_OMS_JAVA
- democertcheck OMSproxy $OMSHOST $PORT_OMS_JAVA
- certcheck OMSupload $OMSHOST $PORT_UPL
- democertcheck OMSupload $OMSHOST $PORT_UPL
- certcheck OPMN $OMSHOST $PORT_OPMN
- democertcheck OPMN $OMSHOST $PORT_OPMN
- certcheck WLSadmin $OMSHOST $PORT_ADMINSERVER
- democertcheck WLSadmin $OMSHOST $PORT_ADMINSERVER
- echo -e "\n(4) Checking EM12c Oracle home patch levels against $PATCHDATE baseline (see notes 1664074.1, 1900943.1, 822485.1, 1470197.1, 1967243.1)"
- #echo -ne "\n\t(4a) OMS ($OMS_HOME) PSU2 Patch 19830994... "
- #opatchcheck OMS $OMS_HOME 19830994
- #echo -ne "\n\t(4a) OMS ($OMS_HOME) ENTERPRISE MANAGER BASE PLATFORM - OMS 12.1.0.4.3 PSU Patch (20392036)... "
- #opatchcheck OMS $OMS_HOME 20392036
- #echo -ne "\n\t(4a) OMS ($OMS_HOME) ENTERPRISE MANAGER BASE PLATFORM - OMS 12.1.0.4.4 PSU Patch (20870437)... "
- #opatchcheck OMS $OMS_HOME 20870437
- echo -ne "\n\t(4a) OMS ($OMS_HOME) ENTERPRISE MANAGER BASE PLATFORM - OMS 12.1.0.4.5 PSU Patch (21462217)... "
- opatchcheck OMS $OMS_HOME 21462217
- echo -ne "\n\t(4a) OMS HOME ($AGENT_HOME) JDBC Merge Patch (18502187)... "
- opatchcheck OMS $OMS_HOME 18502187
- #echo -ne "\n\t(4a) OMS ($OMS_HOME) DO NOT CREATE INCIDENT WHEN A COMMAND IS OVER RUN IN JOB WORKER (17714229)... "
- #opatchcheck OMS $OMS_HOME 17714229
- echo -ne "\n\t(4b) BI Publisher ($BIP_HOME) CPUJAN2015 Patch (19822893)... "
- opatchcheck BIP $BIP_HOME 19822893
- echo -ne "\n\t(4b) BI Publisher ($BIP_HOME) Merge Patch (20444447)... "
- opatchcheck BIP $BIP_HOME 20444447
- #echo -ne "\n\t(4b) BI Publisher ($BIP_HOME) ORACLE BI PUBLISHER PATCH BUG FOR PRIVATE EMCC PS3 MANDATORY INSTALL PATCH (17888172)... "
- #opatchcheck BIP $BIP_HOME 17888172
- echo -ne "\n\t(4c) AS Common ($COMMON_HOME) CVE-2015-0426 Oracle Help Patch (20075252)... "
- opatchcheck COMMON $COMMON_HOME 20075252
- #echo -ne "\n\t(4c) AS Common ($COMMON_HOME) ADF MERGE REQUEST ON TOP OF 11.1.1.7.1 FOR BUGS 20465665 18820382 20645397 (20747356)... "
- #opatchcheck COMMON $COMMON_HOME 20747356
- echo -ne "\n\t(4c) AS Common ($COMMON_HOME) WEBCENTER PORTAL BUNDLE PATCH 11.1.1.7.1 (16761779)... "
- opatchcheck COMMON $COMMON_HOME 16761779
- # Replaced 20747356, commented out above
- echo -ne "\n\t(4c) AS Common ($COMMON_HOME) CVE-2015-4742 MERGE REQUEST ON TOP OF 11.1.1.7.1 FOR BUGS 20747356 18274008 (21068288)... "
- opatchcheck COMMON $COMMON_HOME 21068288
- #echo -ne "\n\t(4d) WebLogic Server ($WL_HOME) 10.3.6.0.10 12UV Patch (19637463)... "
- #wlspatchcheck $WL_HOME 19637463
- #echo -ne "\n\t(4d) WebLogic Server ($WL_HOME) 10.3.6.0.11 YUIS Patch (20181997)... "
- #wlspatchcheck $WL_HOME 20181997
- echo -ne "\n\t(4d) WebLogic Server ($WL_HOME) 10.3.6.0.12 EJUW Patch (20780171)... "
- wlspatchcheck $WL_HOME 20780171
- echo -ne "\n\t(4d) WebLogic Server ($WL_HOME) SU Patch [GDFA]: WEBLOGIC.STORE.PERSISTENTSTOREEXCEPTION: [STORE:280040] OCCURS EASILEY (16420963)... "
- wlspatchcheck $WL_HOME 16420963
- # Commented this patch out 4/17/2015, as Oracle no longer recommends it for EM12c installations.
- # This patch still appears in note 1664074.1 for EM12c.
- # Per personal communication w/Oracle I do NOT recommend using it.
- #echo -ne "\n\t(4e) WebTier ($WEBTIER_HOME) CPUJAN2015 Patch (19948000)... "
- #opatchcheck WebTier $WEBTIER_HOME 19948000
- echo -ne "\n\t(4e) WebTier ($WEBTIER_HOME) OHS SECURITY PATCH UPDATE 11.1.1.7.0 CPUOCT2015 Patch (21640624)... "
- opatchcheck WebTier $WEBTIER_HOME 21640624
- echo -ne "\n\t(4e) WebTier ($WEBTIER_HOME) CVE-2014-4212 OPMN Patch (19345576)... "
- opatchcheck WebTier $WEBTIER_HOME 19345576
- #echo -ne "\n\t(4e) WebTier ($WEBTIER_HOME) CVE-2013-3836 PLACEHOLDER FOR SECURITY PATCH FOR WEBCACHE 11.1.1.7.0 WITH OCT2013 CPU (17306880)... "
- #opatchcheck WebTier $WEBTIER_HOME 17306880
- echo -ne "\n\t(4e) WebTier ($WEBTIER_HOME) CVE 2015-2658 MERGE REQUEST ON TOP OF 11.1.1.7.0 FOR BUGS 16370190 20310323 20715657 (20807683)... "
- opatchcheck WebTier $WEBTIER_HOME 20807683
- echo -ne "\n\t(4e) WebTier ($WEBTIER_HOME) CVE-2013-0169,CVE-2011-3389 OSS SECURITY PATCH UPDATE 11.1.1.7.0 CPUOCT2013 (17337741)... "
- opatchcheck WebTier $WEBTIER_HOME 17337741
- echo -ne "\n\t(4e) WebTier ($WEBTIER_HOME) WLSPLUGINS (OHS) SECURITY PATCH UPDATE 11.1.1.7.0 CPUJUL2014 (18423831)... "
- opatchcheck WebTier $WEBTIER_HOME 18423831
- #echo -ne "\n\t(4f) OMS ($OMS_HOME) DB PLUGIN BUNDLE 12.1.0.7.2 (20613714)... "
- #opatchautocheck OMS $OMS_HOME 20613714
- #echo -ne "\n\t(4f) OMS ($OMS_HOME) DB PLUGIN BUNDLE PATCH 12.1.0.7.3 (20804122)... "
- #opatchautocheck OMS $OMS_HOME 20804122
- #echo -ne "\n\t(4f) OMS ($OMS_HOME) DB PLUGIN BUNDLE PATCH 12.1.0.7.4 (20950048)... "
- #opatchautocheck OMS $OMS_HOME 20950048
- #echo -ne "\n\t(4f) OMS ($OMS_HOME) DB PLUGIN BUNDLE PATCH 12.1.0.7.5 (21167937)... "
- #opatchautocheck OMS $OMS_HOME 21167937
- #echo -ne "\n\t(4f) OMS ($OMS_HOME) DB PLUGIN BUNDLE PATCH 12.1.0.7.6 (21324654)... "
- #opatchautocheck OMS $OMS_HOME 21324654
- #echo -ne "\n\t(4f) OMS ($OMS_HOME) DB PLUGIN BUNDLE PATCH 12.1.0.7.7 (21506301)... "
- #opatchautocheck OMS $OMS_HOME 21506301
- #echo -ne "\n\t(4f) OMS ($OMS_HOME) DB PLUGIN BUNDLE PATCH 12.1.0.7.8 (21744938)... "
- #opatchautocheck OMS $OMS_HOME 21744938
- echo -ne "\n\t(4f) *UPDATED* OMS ($OMS_HOME) DB PLUGIN BUNDLE PATCH 12.1.0.7.10 (22062307)... "
- opatchautocheck OMS $OMS_HOME 22062307
- #echo -ne "\n\t(4g) OMS ($OMS_HOME) FMW PLUGIN BUNDLE 12.1.0.7.2 (20613870)... "
- #opatchautocheck OMS $OMS_HOME 20613870
- #echo -ne "\n\t(4g) OMS ($OMS_HOME) FMW PLUGIN BUNDLE PATCH 12.1.0.7.3 (20804213)... "
- #opatchautocheck OMS $OMS_HOME 20804213
- #echo -ne "\n\t(4g) OMS ($OMS_HOME) FMW PLUGIN BUNDLE PATCH 12.1.0.7.4 (20950040)... "
- #opatchautocheck OMS $OMS_HOME 20950040
- #echo -ne "\n\t(4g) OMS ($OMS_HOME) FMW PLUGIN BUNDLE PATCH 12.1.0.7.5 (21167980)... "
- #opatchautocheck OMS $OMS_HOME 21167980
- #echo -ne "\n\t(4g) OMS ($OMS_HOME) FMW PLUGIN BUNDLE PATCH 12.1.0.7.6 (21324861)... "
- #opatchautocheck OMS $OMS_HOME 21324861
- #echo -ne "\n\t(4g) OMS ($OMS_HOME) FMW PLUGIN BUNDLE PATCH 12.1.0.7.7 (21506335)... "
- #opatchautocheck OMS $OMS_HOME 21506335
- #echo -ne "\n\t(4g) OMS ($OMS_HOME) FMW PLUGIN BUNDLE PATCH 12.1.0.7.8 (21744989)... "
- #opatchautocheck OMS $OMS_HOME 21744989
- echo -ne "\n\t(4g) *UPDATED* OMS ($OMS_HOME) FMW PLUGIN BUNDLE PATCH 12.1.0.7.10 (22062375)... "
- opatchautocheck OMS $OMS_HOME 22062375
- #echo -ne "\n\t(4h) OMS ($OMS_HOME) MOS PLUGIN BUNDLE PATCH 12.1.0.6.4 (20613886)... "
- #opatchautocheck OMS $OMS_HOME 20613886
- #echo -ne "\n\t(4h) OMS ($OMS_HOME) MOS PLUGIN BUNDLE PATCH 12.1.0.6.5 (20822914)... "
- #opatchautocheck OMS $OMS_HOME 20822914
- #echo -ne "\n\t(4h) OMS ($OMS_HOME) MOS PLUGIN BUNDLE PATCH 12.1.0.6.6 (21167991)... "
- #opatchautocheck OMS $OMS_HOME 21167991
- #echo -ne "\n\t(4h) OMS ($OMS_HOME) MOS PLUGIN BUNDLE PATCH 12.1.0.6.7 (21506428)... "
- #opatchautocheck OMS $OMS_HOME 21506428
- echo -ne "\n\t(4h) OMS ($OMS_HOME) MOS PLUGIN BUNDLE PATCH 12.1.0.6.8 (21745018)... "
- opatchautocheck OMS $OMS_HOME 21745018
- #echo -ne "\n\t(4i) OMS ($OMS_HOME) EXADATA PLUGIN BUNDLE 12.1.0.6.6 (20613853)... "
- #opatchautocheck OMS $OMS_HOME 20613853
- #echo -ne "\n\t(4i) OMS ($OMS_HOME) EXADATA PLUGIN BUNDLE PATCH 12.1.0.6.7 (20822866)... "
- #opatchautocheck OMS $OMS_HOME 20822866
- #echo -ne "\n\t(4i) OMS ($OMS_HOME) EXADATA PLUGIN BUNDLE PATCH 12.1.0.6.8 (20962507)... "
- #opatchautocheck OMS $OMS_HOME 20962507
- #echo -ne "\n\t(4i) OMS ($OMS_HOME) EXADATA PLUGIN BUNDLE PATCH 12.1.0.6.9 (21167953)... "
- #opatchautocheck OMS $OMS_HOME 21167953
- #echo -ne "\n\t(4i) OMS ($OMS_HOME) EXADATA PLUGIN BUNDLE PATCH 12.1.0.6.10 (21324852)... "
- #opatchautocheck OMS $OMS_HOME 21324852
- echo -ne "\n\t(4i) *UPDATED* OMS ($OMS_HOME) EXADATA PLUGIN BUNDLE PATCH 12.1.0.6.11 (21744966)... "
- opatchautocheck OMS $OMS_HOME 21744966
- #echo -ne "\n\t(4j) OMS CHAINED AGENT HOME ($AGENT_HOME) EM-AGENT BUNDLE 12.1.0.4.7 (20613931)... "
- #opatchcheck Agent $AGENT_HOME 20613931
- #echo -ne "\n\t(4j) OMS ($OMS_HOME) CFW PLUGIN BUNDLE PATCH 12.1.0.2.1 (20385040)... "
- #opatchautocheck OMS $OMS_HOME 20385040
- #echo -ne "\n\t(4j) OMS ($OMS_HOME) CFW PLUGIN BUNDLE PATCH 12.1.0.2.2 (21167573)... "
- #opatchautocheck OMS $OMS_HOME 21167573
- #echo -ne "\n\t(4j) OMS ($OMS_HOME) CFW PLUGIN BUNDLE PATCH 12.1.0.2.3 (21324632)... "
- #opatchautocheck OMS $OMS_HOME 21324632
- echo -ne "\n\t(4j) *UPDATED* OMS ($OMS_HOME) CFW PLUGIN BUNDLE PATCH 12.1.0.2.4 (21972104)... "
- opatchautocheck OMS $OMS_HOME 21972104
- #echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) EM-AGENT BUNDLE PATCH 12.1.0.4.9 (20950034)... "
- #opatchcheck Agent $AGENT_HOME 20950034
- #echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) EM-AGENT BUNDLE PATCH 12.1.0.4.10 (21168025)... "
- #opatchcheck Agent $AGENT_HOME 21168025
- #echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) EM-AGENT BUNDLE PATCH 12.1.0.4.11 (21325110)... "
- #opatchcheck Agent $AGENT_HOME 21325110
- #echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) EM-AGENT BUNDLE PATCH 12.1.0.4.12 (21506284)... "
- #opatchcheck Agent $AGENT_HOME 21506284
- #echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) EM-AGENT BUNDLE PATCH 12.1.0.4.13 (21759280)... "
- #opatchcheck Agent $AGENT_HOME 21759280
- echo -ne "\n\t(4k) *UPDATED* OMS CHAINED AGENT HOME ($AGENT_HOME) EM-AGENT BUNDLE PATCH 12.1.0.4.14 (21913823)... "
- opatchcheck Agent $AGENT_HOME 21913823
- echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) Merge Patch (18502187)... "
- opatchcheck Agent $AGENT_HOME 18502187
- echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) JDBC Security Patch (18721761)... "
- opatchcheck Agent $AGENT_HOME 18721761
- if [[ "$HOST_OS" == "Linux" && "$HOST_ARCH" == "x86_64" ]]; then
- echo -ne "\n\t(4k) OMS CHAINED AGENT HOME ($AGENT_HOME) CVE 2012-3137 EM Agent only: Instant Client Security Patch (20114054)... "
- opatchcheck Agent $AGENT_HOME 20114054
- fi
- #echo -ne "\n\t(4k) OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_HOME) DB PLUGIN BUNDLE 12.1.0.7.2 AGENT-SIDE 20676926... "
- #opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_HOME 20676926
- #echo -ne "\n\t(4l) OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_HOME) DB PLUGIN BUNDLE 12.1.0.7.4 AGENT-SIDE MONITORING (21065223)... "
- #opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_HOME 21065223
- #echo -ne "\n\t(4l) OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_HOME) DB PLUGIN BUNDLE 12.1.0.7.5 AGENT-SIDE MONITORING (21229731)... "
- #opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_HOME 21229731
- #echo -ne "\n\t(4l) OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_HOME) DB PLUGIN BUNDLE 12.1.0.7.6 AGENT-SIDE MONITORING (21415075)... "
- #opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_HOME 21415075
- #echo -ne "\n\t(4l) OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_HOME) DB PLUGIN BUNDLE 12.1.0.7.7 AGENT-SIDE MONITORING (21603371)... "
- #opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_HOME 21603371
- #echo -ne "\n\t(4l) OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_HOME) DB PLUGIN BUNDLE 12.1.0.7.8 AGENT-SIDE MONITORING (21806804)... "
- #opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_HOME 21806804
- echo -ne "\n\t(4l) *UPDATED* OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_HOME) DB PLUGIN BUNDLE 12.1.0.7.10 AGENT-SIDE MONITORING (22140476)... "
- opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_HOME 22140476
- echo -ne "\n\t(4l) OMS CHAINED AGENT DB PLUGIN ($AGENT_DB_PLUGIN_DISC_HOME) DB PLUGIN BUNDLE 12.1.0.7.4 AGENT-SIDE DISCOVERY (21065239)... "
- opatchcheck AgentDBPlugin $AGENT_DB_PLUGIN_DISC_HOME 21065239
- #echo -ne "\n\t(4l) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.2 AGENT-SIDE MONITORING (20677020)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 20677020
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.4 AGENT-SIDE MONITORING (21065760)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 21065760
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.5 AGENT-SIDE MONITORING (21229821)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 21229821
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.6 AGENT-SIDE MONITORING (21415166)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 21415166
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.7 AGENT-SIDE MONITORING (21603497)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 21603497
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.8 AGENT-SIDE MONITORING (21806984)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 21806984
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.8 AGENT-SIDE MONITORING (21806984)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 21806984
- echo -ne "\n\t(4m) *UPDATED* OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_HOME) FMW PLUGIN BUNDLE 12.1.0.7.9 AGENT-SIDE MONITORING (21941290)... "
- opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_HOME 21941290
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_DISC_HOME) FMW PLUGIN BUNDLE 12.1.0.7.2 AGENT-SIDE DISCOVERY (20677038)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_DISC_HOME 20677038
- #echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_DISC_HOME) FMW PLUGIN BUNDLE 12.1.0.7.5 AGENT-SIDE DISCOVERY (21229841)... "
- #opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_DISC_HOME 21229841
- echo -ne "\n\t(4m) OMS CHAINED AGENT FMW PLUGIN ($AGENT_FMW_PLUGIN_DISC_HOME) FMW PLUGIN BUNDLE 12.1.0.7.7 AGENT-SIDE DISCOVERY (21611921)... "
- opatchcheck AgentFMWPlugin $AGENT_FMW_PLUGIN_DISC_HOME 21611921
- #echo -ne "\n\t(4n) OMS CHAINED AGENT BEACON PLUGIN ($AGENT_BEACON_PLUGIN_HOME) EM-BEACON BUNDLE PATCH 12.1.0.4.1 (20466772)... "
- #opatchcheck AgentBeaconPlugin $AGENT_BEACON_PLUGIN_HOME 20466772
- echo -ne "\n\t(4n) *UPDATED* OMS CHAINED AGENT BEACON PLUGIN ($AGENT_BEACON_PLUGIN_HOME) EM-BEACON BUNDLE PATCH 12.1.0.4.2 (21928148)... "
- opatchcheck AgentBeaconPlugin $AGENT_BEACON_PLUGIN_HOME 21928148
- echo -ne "\n\t(4o) OMS CHAINED AGENT EM-OH BUNDLE PATCH 12.1.0.4.1 (20855134)... "
- opatchcheck AgentOHPlugin $AGENT_OH_PLUGIN_HOME 20855134
- if [[ $RUN_DB_CHECK -eq 1 ]]; then
- # if [[ "$REPOS_DB_VERSION" == "11.2.0.4.0" ]]; then
- # echo -ne "\n\t(4m) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) PSU 11.2.0.4.5 19769489... "
- # opatchcheck ReposDBHome $REPOS_DB_HOME 19769489
- #
- # echo -ne "\n\t(4m) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) ORACLE JAVAVM COMPONENT 11.2.0.4.2 DATABASE PSU (JAN2015) 19877440... "
- # opatchcheck ReposDBHome $REPOS_DB_HOME 19877440
- # fi
- if [[ "$REPOS_DB_VERSION" == "11.2.0.4.0" ]]; then
- #echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) PSU 11.2.0.4.6 (APR2015) (20299013)... "
- #opatchcheck ReposDBHome $REPOS_DB_HOME 20299013
- echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) PSU 11.2.0.4.8 (OCT2015) (21352635)... "
- opatchcheck ReposDBHome $REPOS_DB_HOME 21352635
- #echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) ORACLE JAVAVM COMPONENT 11.2.0.4.3 DATABASE PSU (APR2015) (20406239)... "
- #opatchcheck ReposDBHome $REPOS_DB_HOME 20406239
- echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) ORACLE JAVAVM COMPONENT 11.2.0.4.5 DATABASE PSU (OCT2015) (21555791)... "
- opatchcheck ReposDBHome $REPOS_DB_HOME 21555791
- fi
- # if [[ "$REPOS_DB_VERSION" == "12.1.0.2.0" ]]; then
- # echo -ne "\n\t(4m) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) Required Patch 20243268... "
- # opatchcheck ReposDBHome $REPOS_DB_HOME 20243268
- #
- # echo -ne "\n\t(4m) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) PSU 12.1.0.2.2 19769480... "
- # opatchcheck ReposDBHome $REPOS_DB_HOME 19769480
- #
- # echo -ne "\n\t(4m) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) ORACLE JAVAVM COMPONENT 12.1.0.2.2 ORACLE JAVAVM COMPONENT 12.1.0.2.2 DATABASE PSU (JAN2015) 19877336... "
- # opatchcheck ReposDBHome $REPOS_DB_HOME 19877336
- # fi
- if [[ "$REPOS_DB_VERSION" == "12.1.0.2.0" ]]; then
- echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) Required Patch (20243268)... "
- opatchcheck ReposDBHome $REPOS_DB_HOME 20243268
- #echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) PSU 12.1.0.2.3 (APR2015) (20299023)... "
- #opatchcheck ReposDBHome $REPOS_DB_HOME 20299023
- echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) PSU 12.1.0.2.5 (OCT2015) (21359755)... "
- opatchcheck ReposDBHome $REPOS_DB_HOME 21359755
- #echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) ORACLE JAVAVM COMPONENT 12.1.0.2.3 DATABASE PSU (APR2015) (20415564)... "
- #opatchcheck ReposDBHome $REPOS_DB_HOME 20415564
- echo -ne "\n\t(4p) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) ORACLE JAVAVM COMPONENT 12.1.0.2.5 DATABASE PSU (OCT2015) (21555660)... "
- opatchcheck ReposDBHome $REPOS_DB_HOME 21555660
- fi
- echo -ne "\n\t(4q) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) sqlnet.ora SSL_VERSION parameter (1545816.1)... "
- paramcheck SSL_VERSION $REPOS_DB_HOME sqlnet.ora
- echo -ne "\n\t(4q) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) sqlnet.ora SSL_CIPHER_SUITES parameter (1545816.1)... "
- paramcheck SSL_CIPHER_SUITES $REPOS_DB_HOME sqlnet.ora
- echo -ne "\n\t(4q) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) listener.ora SSL_VERSION parameter (1545816.1)... "
- paramcheck SSL_VERSION $REPOS_DB_HOME listener.ora
- echo -ne "\n\t(4q) OMS REPOSITORY DATABASE HOME ($REPOS_DB_HOME) listener.ora SSL_CIPHER_SUITES parameter (1545816.1)... "
- paramcheck SSL_CIPHER_SUITES $REPOS_DB_HOME listener.ora
- fi
- echo
- echo -e "\n(5) Checking EM12c Java versions against baseline (see notes 1506916.1, 1492980.1)"
- echo -ne "\n\t(5a) MW ($MW_HOME/jdk16/jdk) Java version 1.6.0_95 (9553040)... "
- javacheck MW $MW_HOME/jdk16/jdk 1.6.0_95
- echo -ne "\n\t(5b) WebTier ($WEBTIER_HOME/jdk) Java version 1.6.0_95 (9553040)... "
- javacheck WebTier $WEBTIER_HOME/jdk 1.6.0_95
- echo
- if [[ $FAIL_COUNT -gt "0" ]]; then
- echo "Failed test count: $FAIL_COUNT - Review output"
- test $VERBOSE_CHECKSEC -ge 1 && echo -e $FAIL_TESTS
- else
- echo "All tests succeeded."
- fi
- echo
- echo "Visit https://pardydba.wordpress.com/2015/03/09/em12c-r4-ssl-security-checkup-script/ for the latest version."
- echo
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement