11g配置vault
环境:
OS:Centos 7
DB:11.2.0.4 单节点
1.检查是否已经安装
SQL> connect / as sysdba Connected. SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production PL/SQL Release 11.2.0.4.0 - Production CORE 11.2.0.4.0 Production TNS for Linux: Version 11.2.0.4.0 - Production NLSRTL Version 11.2.0.4.0 - Production SQL> set linesize 1000; SQL> select * from v$option where parameter like '%Vault%'; PARAMETER VALUE ---------------------------------------------------------------- ---------------------------------------------------------------- Oracle Database Vault FALSE SQL>
2.安装em
安装参考如下:
https://www.cnblogs.com/hxlasky/p/15402800.html
3.关闭监听,em和关闭数据库
[oracle@11g ~]$ lsnrctl stop
[oracle@11g ~]$ emctl stop dbconsole
关闭数据库
SQL> shutdown immediate
4.组件编译
Oracle Vault是依赖Label Security,需要在操作系统层面上启动配置。在Linux/Unix环境下,使用make进行配置链接.
[oracle@SimpleLinux lib]$ cd $ORACLE_HOME/rdbms/lib [oracle@SimpleLinux lib]$ make -f ins_rdbms.mk dv_on lbac_on ioracle /usr/bin/ar d /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a kzvndv.o /usr/bin/ar cr /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/kzvidv.o /usr/bin/ar d /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a kzlnlbac.o /usr/bin/ar cr /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/kzlilbac.o chmod 755 /u01/app/oracle/product/11.2.0.4/db_1/bin - Linking Oracle rm -f /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/oracle gcc -o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/oracle -m64 -z noexecstack -L/u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/ -L/u01/app/oracle/product/11.2.0.4/db_1/lib/ -L/u01/app/oracle/product/11.2.0.4/db_1/lib/stubs/ -Wl,-E /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/opimai.o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/ssoraed.o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/ttcsoi.o -Wl,--whole-archive -lperfsrv11 -Wl,--no-whole-archive /u01/app/oracle/product/11.2.0.4/db_1/lib/nautab.o /u01/app/oracle/product/11.2.0.4/db_1/lib/naeet.o /u01/app/oracle/product/11.2.0.4/db_1/lib/naect.o /u01/app/oracle/product/11.2.0.4/db_1/lib/naedhs.o /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/config.o -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11 -lrt -lplp11 -lserver11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 `if [ -f /u01/app/oracle/product/11.2.0.4/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /u01/app/oracle/product/11.2.0.4/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11 -lrt -lplp11 -ljavavm11 -lserver11 -lwwg `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/u01/app/oracle/product/11.2.0.4/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged -lippsmerged -lippcore -lippcpemerged -lippcpmerged -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/sysliblist` -Wl,-rpath,/u01/app/oracle/product/11.2.0.4/db_1/lib -lm `cat /u01/app/oracle/product/11.2.0.4/db_1/lib/sysliblist` -ldl -lm -L/u01/app/oracle/product/11.2.0.4/db_1/lib test ! -f /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle ||\ mv -f /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle /u01/app/oracle/product/11.2.0.4/db_1/bin/oracleO mv /u01/app/oracle/product/11.2.0.4/db_1/rdbms/lib/oracle /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle chmod 6751 /u01/app/oracle/product/11.2.0.4/db_1/bin/oracle
5.重启动监听器,emctl和数据库
[oracle@11g lib]$ lsnrctl start
[oracle@11g lib]$emctl start dbconsole
启动数据库
SQL> connect / as sysdba
SQL> startup
这个时候sys用户是可以操作数据库的,比如创建用户、授权等
SQL> connect / as sysdba Connected. SQL> create user hxl identified by oracle; User created. SQL> grant dba to hxl; Grant succeeded.
6.调用dbca启动配置vault
这里账号dbvowner和dbvmgr密码都是Oracle#123
最后安装成功,结束GUI界面
SQL> connect / as sysdba
Connected.
SQL> create user hxl01 identified by oracle;
create user hxl01 identified by oracle
*
ERROR at line 1:
ORA-01031: insufficient privileges
这个时候发现sys用户无法创建用户了,但是是可以关闭和启动数据库的
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 1837244416 bytes
Fixed Size 2254224 bytes
Variable Size 503319152 bytes
Database Buffers 1325400064 bytes
Redo Buffers 6270976 bytes
Database mounted.
Database opened.
7.启动DBV配置界面
调用dbv的方法,首先是启动emctl。之后调用。端口号和em是一样的.
启动dbv需要进行配置才能登陆,否则出现404的错误
vi /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/http-web-site.xml 添加红色部分
[oracle@11g config]$ more /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/http-web-site.xml <?xml version = '1.0'?> <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" port="1158" displ ay-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" secure="TRUE"> <default-web-app application="default" name="defaultWebApp"/> <web-app application="system" name="dms" root="/dmsoc4j" access-log="false"/> <web-app application="default" name="jmsrouter_web" load-on-startup="true" root="/jmsrouter"/> <web-app application="em" name="em" load-on-startup="true" root="/em" shared="true"/> <access-log path="../log/http-web-access.log" split="day"/> <ssl-config needs-client-auth="false" keystore="/u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/server/ewallet.p12" keystore-passw ord="D8E0EABC5BF046F33D50C1654DE37CCE" cipher-suites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA" /> <web-app application="dva" name="dva_webapp" root="/dva" load-on-startup="true" shared="true"/> </web-site>
vi /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/server.xml 添加红色部分
[oracle@11g config]$ more /u01/app/oracle/product/11.2.0.4/db_1/oc4j/j2ee/OC4J_DBConsole_11g_slnngk/config/server.xml <?xml version="1.0"?> <application-server xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/application-server-10_1.x sd" localhostIsAdmin="true" application-directory="../../oc4j_applications/applications" check-for-updates="adminClientOnly" deployment-directory="../application-deployments" connector-directory="../connectors" schema-major-version="10" schema-minor-version="0" > <shared-library name="global.libraries" version="1.0" library-compatible="true"> <code-source path="../applib"/> </shared-library> <shared-library name="global.tag.libraries" version="1.0" library-compatible="true"> <code-source path="../../home/jsp/lib/taglib/"/> <code-source path="../../../j2ee/home/jsp/lib/taglib/"/> <code-source path="../../../lib/dsv2.jar"/> <import-shared-library name="oracle.xml"/> <import-shared-library name="oracle.jdbc"/> <import-shared-library name="oracle.cache"/> <import-shared-library name="soap"/> </shared-library> <shared-library name="global.wsm.libraries" version="1.0" library-compatible="true"> <import-shared-library name="oracle.wsm"/> </shared-library> <rmi-config path="./rmi.xml" /> <j2ee-logging-config path="./j2ee-logging.xml" /> <log> <file path="../log/server.log" /> </log> <java-compiler name="javac" in-process="false" options="-J-Xmx1024m -encoding UTF8" extdirs="%s_jdkExtLib%" /> <global-application name="default" path="application.xml" parent="system" start="true" /> <application name="em" path="../../oc4j_applications/applications/em.ear" parent="default" start="true" /> <application name="dva" path="/u01/app/oracle/product/11.2.0.4/db_1/dv/jlib/dva_webapp.ear" start="true" /> <global-web-app-config path="global-web-application.xml" /> <transaction-manager-config path="transaction-manager.xml" /> <web-site default="true" path="./http-web-site.xml" /> <cluster id="109095528973208" /> </application-server>
重启动em
emctl stop dbconsole
emctl start dbconsole
8.登陆dvb
https://192.168.56.144:1158/dva/login.jsp
好像我这里只能通过sid登录
9.创建新用户
使用dbvmgr创建用户,然后使用sys用户授权
SQL> connect dbvmgr/Oracle#123
Connected.
SQL> create user hxl02 identified by oracle;
User created.
SQL> connect / as sysdba
Connected.
SQL> grant dba to hxl02;
Grant succeeded.