某客户的数据库系统由于受到绿盟软件的监控,会定期扫出数据库的安全漏洞,我们需要定期去进行一些修复。我们使用oracle
Opatch工具将对应的补丁打上去来应付客户的安全漏洞检查。
Opatch工具在oracle9I版本中已初见雏形,从10g(10.1和10.2)版本后,opatch成为Oracle自带的一个标准工具,在软件安装时自动安装。(安装路径为$ORACLE_HOME/OPatch下。)需要说明的是,有可能一些最新的补丁不能使用原先的Opatch版本来进行安装,需要下载新的Opatch版本来覆盖原先老的版本。
Opatch命令格式为:
opatch <
command > [< command_options >] [ -h[elp] ]
命令有:apply(安装个别补丁)、
rollback(卸载个别补丁)、
lsinventory(对inventory进行列表)、
query(显示某一个别补丁的详细信息)、
version(显示opatch版本信息)。
在opatch目录下,可以使用指南文件(Users_Guide.txt),其中有详细的命令格式和使用示例,读者可以参考。Opatch执行操作时,除在屏幕输出结果外,还生成日志文件。日志文件的路径和文件名格式如下:
$ORACLE_HOME/.patch_storage/< patch_id
>/< action >-< patch_id >_<
mm-dd-yyyy_hh-mi-ss>.log
其中“patch_id”是Oracle技术支持部门为个别补丁分配的编号。
下面介绍下具体的操作步骤:
准备工作:
1: MOS上下载对应的补丁(support.oracle.com);
2: 在打补丁前,有条件的情况下对数据库进行一次全备份;
检查数据库环境:
每个补丁的应用都有一定的环境,包含数据库版本,Opatch版本,我们通过命令opatch Isinventory来进行检查,操作如下:
进入补丁文件目录(以6544463为例)
[oracle@even]$ cd 6544463/
使用opatch
Isinventory检查环境
[oracle@even 6544463]$ opatch lsinventory
Invoking OPatch 10.2.0.4.2
Oracle
Interim Patch Installer version 10.2.0.4.2
Copyright
(c) 2007, Oracle Corporation. All rights
reserved.
Oracle
Home : /u01/app/oracle/product/10.2.0/db_1
Central
Inventory : /u01/app/oracle/oraInventory
from : /etc/oraInst.loc
OPatch
version :
10.2.0.4.2
OUI
version : 10.2.0.4.0
OUI
location : /u01/app/oracle/product/10.2.0/db_1/oui
Log file location :
/u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/opatch/opatch2014-02-24_16-32-18PM.log
Lsinventory Output file location :
/u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/opatch/lsinv/lsinventory2014-02-24_16-32-18PM.txt
--------------------------------------------------------------------------------
Installed Top-level Products (2):
Oracle Database
10g 10.2.0.1.0
Oracle Database 10g Release 2 Patch Set
3 10.2.0.4.0
There are 2 products installed in
this Oracle Home.
There are no Interim patches installed in this Oracle Home.
--------------------------------------------------------------------------------
OPatch succeeded.
安装补丁:
补丁的安装非常简单,直接运行下opatch
apply即可。
[oracle@even 6544463]$ opatch
apply Invoking OPatch 10.2.0.4.2
Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation. All
rights reserved.
Oracle Home : /u01/app/oracle/product/10.2.0/db_1
Central Inventory : /u01/app/oracle/oraInventory
from : /etc/oraInst.loc
OPatch
version :
10.2.0.4.2
OUI
version : 10.2.0.4.0
OUI
location : /u01/app/oracle/product/10.2.0/db_1/oui
Log file location :
/u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/opatch/opatch2014-02-24_16-34-26PM.log
ApplySession applying interim
patch 6544463to OH /u01/app/oracle/product/10.2.0/db_1
Running prerequisite checks...
OPatch detected non-cluster Oracle Home from the inventory and will
patch the local system only.
Please shutdown Oracle instances running out of this ORACLE_HOME on
the local system.
(Oracle Home = /u01/app/oracle/product/10.2.0/db_1)
Is the local system ready for patching?
[y|n] #输入Y
y
User Responded with: Y
Backing up files and inventory (not for auto-rollback) for the
Oracle Home
Backing up files affected by the patch 6544463 for restore. This
might take a while...
Backing up files affected by the patch 6544463 for rollback. This
might take a while...
Patching component oracle.rdbms, 10.2.0.4.0...
Updating archive file
"/u01/app/oracle/product/10.2.0/db_1/lib/libn10.a" with "lib/libn10.a/nsev.o"
Updating archive file
"/u01/app/oracle/product/10.2.0/db_1/lib32/libn10.a" with "lib32/libn10.a/nsev.o"
Running make for target client_sharedlib
Running make for target ioracle
ApplySession adding interim patch 6544463 to inventory
Verifying the update...
Inventory check OK: Patch ID 6544463 is registered in Oracle Home
inventory with proper meta-data.
Files check OK: Files from Patch ID 6544463 are present in Oracle
Home.
The local system has been patched and can be restarted.
OPatch
succeeded.
核实是否安装成功
[oracle@even 6544463]$ opatch lsinventory
Invoking OPatch 10.2.0.4.2
Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation. All rights reserved.
Oracle Home : /u01/app/oracle/product/10.2.0/db_1
Central Inventory : /u01/app/oracle/oraInventory
from : /etc/oraInst.loc
OPatch version : 10.2.0.4.2
OUI version : 10.2.0.4.0
OUI location : /u01/app/oracle/product/10.2.0/db_1/oui
Log file location :
/u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/opatch/opatch2014-02-24_16-32-18PM.log
Lsinventory Output file location :
/u01/app/oracle/product/10.2.0/db_1/cfgtoollogs/opatch/lsinv/lsinventory2014-02-24_16-32-18PM.txt
--------------------------------------------------------------------------------
Installed Top-level Products (2):
Oracle Database
10g 10.2.0.1.0
Oracle Database 10g Release 2 Patch Set
3 10.2.0.4.0
There are 2 products installed in this Oracle Home.
Interim patches (1) :
Patch 6544463 : applied on 16:32:18 CST 2014
OPatch
succeeded.
最后,有些补丁在安装完成后,需要将数据库重启下。