文章目录
由于绿盟扫描出了机器上安装的weblogic12c存在漏洞,需要进行补丁升级。
weblogic安装的版本是12.1.3,需要使用Generic通用包安装的weblogic才能进行补丁升级,参见Linux命令行安装weblogic12c
1.根据漏洞报告下载补丁
①根据漏洞扫描报告的解决办法,管理员账号登录Oracle,打开链接http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
②找到weblogic对应版本点击Fusion Middleware
③跳转的页面菜单选择Oracle Fusion Middleware
④再选择Oracle WebLogic Server
⑤找到weblogic对应版本点击Patch 26519417
⑥跳转的页面中点击选择下载
⑦弹出的窗口上点击下载p26519417_121300_Generic.zip
2.补丁包上传解压到Linux
将下载的p26519417_121300_Generic.zip补丁包上传到Linux服务器上
将补丁包解压到当前目录下的PATCH_TOP目录下
[cyyun@cyyun ~]$ unzip -d PATCH_TOP p26519417_121300_Generic.zip
3.关于OPatch
OPatch is a Java-based utility that runs on all supported operating systems and requires installation of the Oracle Universal Installer. It is used to apply patches to Oracle software.
OPatch是一个基于java的程序,可以运行在所有支持的操作系统,需要安装Oracle通用安装程序(即OUI)。它用于向Oracle软件应用补丁程序。
需要注意的是OUI和OPatch不是单独安装的,在安装Oracle的产品时会安装OUI和OPatch;如果在安装的Oracle产品中没有找到,说明Oracle产品可能是以开发包方式安装的,即安装的不是生产环境使用的产品。
查看OPatch的版本
[cyyun@cyyun ~]$ cd /usr/local/products/weblogic12c/OPatch
[cyyun@cyyun OPatch]$ ./opatch version
OPatch Version: 13.2.0.0.0
OPatch succeeded.
4.安装补丁
4.1单个补丁安装
cd /home/cyyun/PATCH_TOP/26519417/
/usr/local/products/weblogic12c/OPatch/opatch apply
或者执行命令./opatch apply /home/cyyun/PATCH_TOP/26519417/
[cyyun@cyyun OPatch]$ ./opatch apply /home/cyyun/PATCH_TOP/26519417/
Oracle Interim Patch Installer version 13.2.0.0.0
Copyright (c) 2014, Oracle Corporation. All rights reserved.
Oracle Home : /usr/local/products/weblogic12c
Central Inventory : /usr/local/products/oraInventory
from : /usr/local/products/weblogic12c/oraInst.loc
OPatch version : 13.2.0.0.0
OUI version : 13.2.0.0.0
Log file location : /usr/local/products/weblogic12c/cfgtoollogs/opatch/26519417_Jan_09_2018_23_53_57/apply2018-01-09_23-53-44PM_1.log
OPatch detects the Middleware Home as "/usr/local/products/weblogic12c"
Jan 09, 2018 11:54:04 PM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level 0
Applying interim patch '26519417' to OH '/usr/local/products/weblogic12c'
Verifying environment and performing prerequisite checks...
All checks passed.
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/usr/local/products/weblogic12c')
Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...
Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...
Patching component oracle.css.mod, 12.1.3.0.0...
Patching component oracle.css.mod, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0...
Patching component oracle.wls.common.nodemanager, 12.1.3.0.0...
Patching component oracle.wls.common.nodemanager, 12.1.3.0.0...
Patching component oracle.webservices.base, 12.1.3.0.0...
Patching component oracle.webservices.base, 12.1.3.0.0...
Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...
Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...
Patching component oracle.wls.shared.with.cam, 12.1.3.0.0...
Patching component oracle.wls.shared.with.cam, 12.1.3.0.0...
Patching component oracle.webservices.orawsdl, 12.1.3.0.0...
Patching component oracle.webservices.orawsdl, 12.1.3.0.0...
Patching component oracle.wls.libraries.mod, 12.1.3.0.0...
Patching component oracle.wls.libraries.mod, 12.1.3.0.0...
Patching component oracle.wls.admin.console.en, 12.1.3.0.0...
Patching component oracle.wls.admin.console.en, 12.1.3.0.0...
Patching component oracle.webservices.wls, 12.1.3.0.0...
Patching component oracle.webservices.wls, 12.1.3.0.0...
Patching component oracle.wls.core.app.server, 12.1.3.0.0...
Patching component oracle.wls.core.app.server, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
Patching component oracle.wls.clients, 12.1.3.0.0...
Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0...
Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0...
Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0...
Patching component oracle.wls.libraries, 12.1.3.0.0...
Patching component oracle.wls.libraries, 12.1.3.0.0...
Verifying the update...
Patch 26519417 successfully applied
Log file location: /usr/local/products/weblogic12c/cfgtoollogs/opatch/26519417_Jan_09_2018_23_53_57/apply2018-01-09_23-53-44PM_1.log
OPatch succeeded.
4.2查看已安装的补丁
[cyyun@cyyun OPatch]$ ./opatch lspatches
Jan 10, 2018 12:08:24 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level 0
26519417;WLS PATCH SET UPDATE 12.1.3.0.171017
OPatch succeeded.
4.3多个补丁安装
例:/opt/patches/
目录下有两个补丁
/opt/patches/15941858
/opt/patches/15955138
cd /opt/patches/
/usr/local/products/weblogic12c/OPatch/opatch napply -id 15941858,15955138
4.4单个补丁回滚
cd /home/cyyun/PATCH_TOP/
/usr/local/products/weblogic12c/OPatch/opatch rollback -id 26519417
4.5多个补丁回滚
cd /opt/patches/
/usr/local/products/weblogic12c/OPatch/opatch nrollback -id 15941858,15955138
4.6验证补丁是否应用到Oracle Home
To verify what patches have been applied to an Oracle home, or to find out additional information about the Oracle home, use the
opatch lsinventory
command.
验证什么补丁已经应用到Oracle Home,或了解Oracle Home附加的信息,使用opatch lsinventory
命令。
[cyyun@cyyun OPatch]$ ./opatch lsinventory
Oracle Interim Patch Installer version 13.2.0.0.0
Copyright (c) 2014, Oracle Corporation. All rights reserved.
Oracle Home : /usr/local/products/weblogic12c
Central Inventory : /usr/local/products/oraInventory
from : /usr/local/products/weblogic12c/oraInst.loc
OPatch version : 13.2.0.0.0
OUI version : 13.2.0.0.0
Log file location : /usr/local/products/weblogic12c/cfgtoollogs/opatch/opatch2018-01-11_21-49-31PM_1.log
OPatch detects the Middleware Home as "/usr/local/products/weblogic12c"
Jan 11, 2018 9:49:47 PM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level 0
Lsinventory Output file location : /usr/local/products/weblogic12c/cfgtoollogs/opatch/lsinv/lsinventory2018-01-11_21-49-31PM.txt
--------------------------------------------------------------------------------
Interim patches (1) :
Patch 26519417 : applied on Tue Jan 09 23:57:38 CST 2018
Unique Patch ID: 21550701
Patch description: "WLS PATCH SET UPDATE 12.1.3.0.171017"
Created on 4 Oct 2017, 11:34:16 hrs PST8PDT
Bugs fixed:
18538501, 18376812, 21746415, 18746515, 17394051, 19668883, 20333386
14236278, 22498352, 21522926, 20720853, 20585084, 22910817, 23063611
19472793, 20692185, 25029531, 22749253, 22107941, 21081720, 23099318
24802574, 19175526, 25720769, 25695948, 21347054, 25801353, 18854885
24469063, 22690676, 19730967, 18727635, 18305935, 19556868, 19080525
20266379, 21069524, 18722098, 19917893, 19705162, 19973098, 18082758
20613957, 18428696, 22175246, 18945422, 20229977, 18559995, 19467894
20226151, 23099223, 18144979, 23640078, 22900750, 22836462, 20430490
25590885, 23342794, 25955347, 25439226, 22746640, 26144830, 18276961
19942900, 19533331, 18922324, 19339238, 20906638, 19500276, 20169972
19917991, 19585666, 19879223, 22200449, 22200491, 22200594, 22247869
19212729, 20758488, 21964759, 20246732, 19463153, 22249331, 24750930
22486599, 22860104, 19150123, 24305841, 23103220, 20205647, 19234430
20717353, 18485034, 18597348, 18387934, 19828316, 21549018, 21562338
19287842, 18589879, 19907066, 18753794, 19988824, 19265688, 18289179
19576633, 21107126, 21169554, 18718889, 20323632, 19351700, 19874466
19703527, 21252292, 19883023, 21516492, 21615827, 22339918, 21519519
20786128, 20672949, 20907322, 22574362, 21836275, 18123824, 22550116
19775778, 21647599, 22987229, 20157787, 21119215, 23326877, 25059150
25164167, 24341200, 22586217, 24837293, 26596622, 26044754, 26632886
20774032, 25205507, 25917709, 19033547, 19459949, 18671042, 18729264
19852007, 19268444, 19299358, 19425078, 21039390, 21083766, 20062321
19689036, 21545042, 21294990, 22829635, 22850769, 19150684, 21189073
18974055, 19170125, 23555480, 22383225, 22261241, 19549507, 21225816
20197139, 20207088, 21562704, 25577947, 24399682, 20162146, 21270142
19763916, 24376591, 18746053, 24618043, 19066738, 20206879, 20814890
20080751, 18836900, 19953516, 22200523, 20721340, 19477196, 20080046
20128089, 21129379, 16815912, 21603584, 23107300, 22378134, 20739167
23223461, 20419243, 20736912, 22541225, 23735210, 24522430, 22836557
23004029, 23733891, 20311530, 19565095, 21158132, 20193085, 22901740
22950801, 25192229, 25497443, 20969389, 25988919, 16956849, 25118289
21902034, 20952475, 26861216, 24818026, 26797049, 18968900, 18859387
19287874, 18912482, 20523619, 18432174, 18481239, 18466848, 19001915
20758863, 17702917, 19928803, 20044804, 20087183, 22097019, 21561271
19986568, 19263075, 22599178, 17889922, 21834255, 18438079, 23732201
25317743, 24297731, 26144926, 25534314, 24533963, 20629733, 22540656
25743005, 21652727, 21241854, 25174732, 20047315, 19926398, 18691894
17012341, 18964349, 17721032, 20985893, 19936917, 16562029, 20798352
20471785, 19422493, 19297004, 21756751, 21495475, 19790693, 17968606
22248079, 22100830, 22049932, 21947902, 20220959, 19947189, 20783846
20551651, 22666897, 18806464, 22999996, 20671165, 19865550, 22759067
20432957, 20256190, 25375968, 25522149, 24817968, 25743025, 25823774
19721047, 24828619, 26563889, 25355394, 22083678, 21748022
--------------------------------------------------------------------------------
OPatch succeeded.