了解Maclean Liu|向Maclean Liu提问 Oracle ALLSTARS 全明星(群内有多位Oracle高级售后support,N位OCM和ACE) QQ群 # QQ群号:23549328 # 已经升级到 2000人群,空位多多。欢迎有一定基础的Oracle骨友加入,现在入群需要经过Maclean的技术面试,欢迎面试,请加QQ号:47079569 为好友参加面试 2群基础群 适合刚入门的同学,会共享最佳入门实践和资料 QQ群 # QQ群号:171092051 # 已经升级到 500人的超级群,空位多多,无需面试

Will Goldengate use Remote Procedure Call (RPC)?

Question: My Customer using Oracle GoldenGate to sync data from 11.2.0.1 RAC (on Solaris 10 SPRAc 64bit) to 9.2.0.8 standalone DB (On solaris Sparc 64bit). My customer recently doing an OS security scan check for node of 11.2.0.1 RAC. The security scan check result saying the RAC node (HK8SP226) has a potential security issue on "rpcstatd: RPC statd remote file creation and removal". My customer suspect that Goldengate is using RPC for file transfer. Would you please help to check if goldengate need to use RPC or not? if goldengate dont need to use RPC, then i will ask my csutomer to close this function in server Supplementory information for security check result. ---------------------------------------------------------------------- hk8sp226 {172.20.104.178} Solaris H rpcstatd: RPC statd remote file creation and removal Remote Procedure Call (RPC) statd maintains state information in cooperation with RPC lockd to provide crash and recovery functionality for file locking across the Network File System (NFS). Statd does not validate information received from a remote lockd. By sending to the statd service an RCP or RDIST request including references to the parent directory (".."), an attacker can provide false information to the rpc.statd file, allowing the creation of a file in an arbitrary directory on the host. This can be used to overwrite pre-existing files or create new files on the host. Answer: Oracle GoldenGate transfers trail files over TCP/IP to the remote host which internally uses RPC for transferring the data to remote. You could let customer know about it and could exclude it from hardening.

posted on 2010-12-24 06:52  Oracle和MySQL  阅读(212)  评论(0编辑  收藏  举报

导航