11g配置vault
环境:
OS:Centos 7
DB:11.2.0.4 单节点
1.检查是否已经安装
SQL> connect / as sysdba Connected. SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production PL/SQL Release 11.2.0.4.0 - Production CORE 11.2.0.4.0 Production TNS for Linux: Version 11.2.0.4.0 - Production NLSRTL Version 11.2.0.4.0 - Production SQL> set linesize 1000; SQL> select * from v$option where parameter like '%Vault%'; PARAMETER VALUE ---------------------------------------------------------------- ---------------------------------------------------------------- Oracle Database Vault FALSE SQL>
2.安装em
安装参考如下:
https://www.cnblogs.com/hxlasky/p/15402800.html
3.关闭监听,em和关闭数据库
[oracle@11g ~]$ lsnrctl stop
[oracle@11g ~]$ emctl stop dbconsole
关闭数据库
SQL> shutdown immediate
4.组件编译
Oracle Vault是依赖Label Security,需要在操作系统层面上启动配置。在Linux/Unix环境下,使用make进行配置链接.
[oracle@SimpleLinux lib]$ cd $ORACLE_HOME/rdbms/lib [oracle@SimpleLinux lib]$ make -f ins_rdbms.mk dv_on lbac_on ioracle /usr/bin/ar d /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a kzvndv.o /usr/bin/ar cr /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/kzvidv.o /usr/bin/ar d /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a kzlnlbac.o /usr/bin/ar cr /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/kzlilbac.o chmod 755 /u01/app/oracle/product/11.2.0.4/db_1/bin - Linking Oracle rm -f /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/oracle gcc -o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/oracle -m64 -z noexecstack -L/u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/ -L/u01/app/oracle/product/11.2.0.4/db_1/lib/ -L/u01/app/oracle/product/11.2.0.4/db_1/lib/stubs/ -Wl,-E /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/opimai.o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/ssoraed.o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/ttcsoi.o -Wl,--whole-archive -lperfsrv11 -Wl,--no-whole-archive /u01/app/oracle/product/11.2.0.4/db_1/lib/nautab.o /u01/app/oracle/product/11.2.0.4/db_1/lib/naeet.o /u01/app/oracle/product/11.2.0.4/db_1/lib/naect.o /u01/app/oracle/product/11.2.0.4/db_1/lib/naedhs.o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/config.o -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11 -lrt -lplp11 -lserver11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 `if [ -f /u01/app/oracle/product/11.2.0.4/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /u01/app/oracle/product/11.2.0.4/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11 -lrt -lplp11 -ljavavm11 -lserver11 -lwwg `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/u01/app/oracle/product/11.2.0.4/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged -lippsmerged -lippcore -lippcpemerged -lippcpmerged -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/sysliblist` -Wl,-rpath,/u01/app/oracle/product/11.2.0.4/db_1/lib -lm `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/sysliblist` -ldl -lm -L/u01/app/oracle/product/11.2.0.4/db_1/lib test ! -f /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle ||\ mv -f /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle /u01/app/oracle/product/11.2.0.4/db_1/bin/oracleO mv /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/oracle /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle chmod 6751 /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle
5.重启动监听器,emctl和数据库
[oracle@11g lib]$ lsnrctl start
[oracle@11g lib]$emctl start dbconsole
启动数据库
SQL> connect / as sysdba
SQL> startup
这个时候sys用户是可以操作数据库的,比如创建用户、授权等
SQL> connect / as sysdba Connected. SQL> create user hxl identified by oracle; User created. SQL> grant dba to hxl; Grant succeeded.
6.调用dbca启动配置vault
这里账号dbvowner和dbvmgr密码都是Oracle#123
最后安装成功,结束GUI界面
SQL> connect / as sysdba
Connected.
SQL> create user hxl01 identified by oracle;
create user hxl01 identified by oracle
*
ERROR at line 1:
ORA-01031: insufficient privileges
这个时候发现sys用户无法创建用户了,但是是可以关闭和启动数据库的
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 1837244416 bytes
Fixed Size 2254224 bytes
Variable Size 503319152 bytes
Database Buffers 1325400064 bytes
Redo Buffers 6270976 bytes
Database mounted.
Database opened.
7.启动DBV配置界面
调用dbv的方法,首先是启动emctl。之后调用。端口号和em是一样的.
启动dbv需要进行配置才能登陆,否则出现404的错误
vi /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/http-web-site.xml 添加红色部分
[oracle@11g config]$ more /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/http-web-site.xml <?xml version = '1.0'?> <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" port="1158" displ ay-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" secure="TRUE"> <default-web-app application="default" name="defaultWebApp"/> <web-app application="system" name="dms" root="/dmsoc4j" access-log="false"/> <web-app application="default" name="jmsrouter_web" load-on-startup="true" root="/jmsrouter"/> <web-app application="em" name="em" load-on-startup="true" root="/em" shared="true"/> <access-log path="../log/http-web-access.log" split="day"/> <ssl-config needs-client-auth="false" keystore="/u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/server/ewallet.p12" keystore-passw ord="D8E0EABC5BF046F33D50C1654DE37CCE" cipher-suites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA" /> <web-app application="dva" name="dva_webapp" root="/dva" load-on-startup="true" shared="true"/> </web-site>
vi /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/server.xml 添加红色部分
[oracle@11g config]$ more /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/server.xml <?xml version="1.0"?> <application-server xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/application-server-10_1.x sd" localhostIsAdmin="true" application-directory="../../oc4j_applications/applications" check-for-updates="adminClientOnly" deployment-directory="../application-deployments" connector-directory="../connectors" schema-major-version="10" schema-minor-version="0" > <shared-library name="global.libraries" version="1.0" library-compatible="true"> <code-source path="../applib"/> </shared-library> <shared-library name="global.tag.libraries" version="1.0" library-compatible="true"> <code-source path="../../home/jsp/lib/taglib/"/> <code-source path="../../../j2ee/home/jsp/lib/taglib/"/> <code-source path="../../../lib/dsv2.jar"/> <import-shared-library name="oracle.xml"/> <import-shared-library name="oracle.jdbc"/> <import-shared-library name="oracle.cache"/> <import-shared-library name="soap"/> </shared-library> <shared-library name="global.wsm.libraries" version="1.0" library-compatible="true"> <import-shared-library name="oracle.wsm"/> </shared-library> <rmi-config path="./rmi.xml" /> <j2ee-logging-config path="./j2ee-logging.xml" /> <log> <file path="../log/server.log" /> </log> <java-compiler name="javac" in-process="false" options="-J-Xmx1024m -encoding UTF8" extdirs="%s_jdkExtLib%" /> <global-application name="default" path="application.xml" parent="system" start="true" /> <application name="em" path="../../oc4j_applications/applications/em.ear" parent="default" start="true" /> <application name="dva" path="/u01/app/oracle/product/11.2.0.4/db_1/dv/jlib/dva_webapp.ear" start="true" /> <global-web-app-config path="global-web-application.xml" /> <transaction-manager-config path="transaction-manager.xml" /> <web-site default="true" path="./http-web-site.xml" /> <cluster id="109095528973208" /> </application-server>
重启动em
emctl stop dbconsole
emctl start dbconsole
8.登陆dvb
https://192.168.56.144:1158/dva/login.jsp
好像我这里只能通过sid登录
9.创建新用户
使用dbvmgr创建用户,然后使用sys用户授权
SQL> connect dbvmgr/Oracle#123
Connected.
SQL> create user hxl02 identified by oracle;
User created.
SQL> connect / as sysdba
Connected.
SQL> grant dba to hxl02;
Grant succeeded.
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?