Showing posts with label ORACLE-R12.2. Show all posts
Showing posts with label ORACLE-R12.2. Show all posts

JARSIGN -ORACLE APPS

 1.###KEY CREATION####adjkey -initialize -keysize 2048 -alias LUPIN-ora01


2.####CSR CREATION#####keytool -sigalg SHA256withRSA -certreq -keystore adkeystore.dat -file adkeystore.csr -alias LUPIN-ora01


3.######CSR VALIDATION#####openssl req -text -noout -verify -in adkeystore.csr


***BEFORE THAT REMOVE .dat file and adsign.txt file*****NE_BASE LOCATION**


3.###IMPORT###adjkey -keystore adkeystore.dat -storepass myxuan -import -alias LUPIN-ora01 -trustcacerts -file adkeystore64.cer


4.###KEY VIEW###keytool -list -v -keystore adkeystore.dat


5.###INCASE OF USING KEYTOOL###


keytool -import -file adkeystore64.cer -trustcacerts -alias LUPIN-ora01 -keystore adkeystore.dat -storepass puneet -keypass myxuan -v


   (or)


keytool -import -trustcacerts -alias LUPINcorp -file LUPIN*Corporation.p7b -keystore adkeystore.dat -storepass puneet -keypass myxuan -v


   


6.###KEY VIEW###keytool -list -v -keystore adkeystore.dat




7.REGEN PRODUCT JAR USING ADADMIN


##############################################################################




The most current version of this document can be obtained through My Oracle Support Knowledge Document 1591073.1.




############VALIDATION#####




[appltest@SERVER scripts]$ cd $COMMON_TOP/java/classes/oracle/apps/fnd/jar


[appltest@SERVER jar]$ jarsigner -verify -verbose -certs fndall.jar|head -10


By - No comments:

ADOP PHASES

 Prepare Phase:


  • Prepares the system for patching cycle.
  • Creates the Database Patch Edition
  • Validates system configuration
  • Check & Submit Concurrent Request 'Online Patching In Progress'(ADZDPATCH)
  • Prepare is run on all nodes in a mute-node configuration
  • Synchronizes the Run and Patch File System
  • If cleanup was not executed in previous adop cycle it will also run Cleanup.


Syntax:
adop phase=prepare

Apply Phase:

  • Patches are applied in this phase.
  • Adop internally calls adpatch to apply the patches, but we cannot run adpatch utility as standalone in R12.2 .
  • Patches are applied in the Patch Edition.
  • Application user are connected to RUN edition and they are not impacted by patching cycle.
  • We can apply multiple patches in a patching cycle.



Syntax:
adop phase=apply

Finalize Phase:

  • Ready the system for Cutover.
  • Compile Invalid objects.
  • If we don't run finalize, then the cutover phase will call finalize automatically before doing the actual cutover. But that will increase the downtime window for the cutover.
  • Computes any DDL to be executed before the cutover.


Synatx:
adop phase=finalize

Cutover Phase:

  • Switches to the patch edition of database and file system.
  • In the phase, the system actually goes down.
  • All application tier services are stopped and starts after the cutover.


Syntax:
adop phase=cutover

Cleanup Phase:


  • Cleans up old edition and objects.
  • Recovers space.


Syntax:
adop phase=cleanup



Adop opttions:

https://docs.oracle.com/cd/E26401_01/doc.122/e22954/T202991T531062.htm

{ echo systempasswd; echo appspasswd ; echo weblogicpaswd ; }|adop phase=apply  patches=31883479_D:u31883479.drv,31883479_ESA:u31883479.drv,31883479_HR:u31883479.drv,31883479_PL:u31883479.drv,31883479_RU:u31883479.drv,31883479_SK:u31883479.drv apply_mode=downtime merge=yes prompt=no 

By - No comments:

SERVER HARDENING

 

Secops team will use some third party tools and when they run they will get risk level of CVE’s in 3 types.

 

Depending on CVSS score level of software,they will be divied in below catagiroies. As per the below link , for Oracle E-Business Suite:
https://www.inoapps.com/insights/news/oracle-has-released-their-third-cpu-of-2020-heres-your-guide-to-the-latest-updatesA maximum reported CVSS Base Score of 9.1, indicating critical vulnerability anything below that is non critical.

Critical

High

Medium

Low

Provide CVE CODE as provided below




 

 

We need to validate each CVE with the below oracle note id/read me of PSU

 




 


Also we get list from the below

https://www.rapid7.com/db/vulnerabilities/oracle-weblogic-cve-2020-5398



 



 

Also When you validate need to check BASE SCORE

 

Validated  CVE with PSU noteid

 

CVE-2017-5645 JAN-2018

CVE-2018-11058 JUL-2019

CVE-2020-2966 JUL-2020

CVE-2020-2967 JUL-2020

CVE-2020-5398 JUL-2020

CVE-2020-5398 JUL-2020

CVE-2020-9546 JUL-2020

CVE-2020-9546 JUL-2020

CVE-2020-14557 JUL-2020 SUpported version after 12.1

CVE-2020-14572,JUL-2020

CVE-2020-14588 JUL-2020

CVE-2020-14589 JUL-2020

CVE-2020-14622 JUL-2020

CVE-2020-14625 JUL-2020

CVE-2020-14644 JUL-2020

CVE-2020-14645 JUL-2020

CVE-2020-14652,JUL-2020

CVE-2020-14687 JUL-2020

 

 

EBS: CPU NOTEID

https://updates.oracle.com/Orion/Services/download?type=readme&aru=23587565

 

Notes: https://www.oracle.com/security-alerts/cpujul2020.html

1.       Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower.

 

By - No comments:

CPU -PATCH ANALSYS

By - No comments:

How to run AUTOCONFIG OR FNDLOAD COMMAND PATCH FILE SYSTEM IN R12.2

 1.      To run Autoconfig from the patch file system you must disable trigger ebs_login prior to running autoconfig.

SQL> show user;
USER is "SYSTEM"
SQL> alter trigger ebs_logon disable;

Trigger altered.

2.      Now run autoconfig with the patch env sourced

[appltest@test001]$ echo $FILE_EDITION
[appltest@test001]$patch
[appltest@test001]$ adautocfg.sh
Make sure Autoconfig completes ok
     3. Enable the login trigger “alter trigger ebs_logon enable”
                 SQL> conn system/Oracle4u
                 Connected.
               SQL> SQL> alter trigger ebs_logon enable;

                Trigger altered.

In the below case also you can use ebs_login triggger disable and try FNDLOAD FOR PATCH FS

FNDLOAD apps/********* 0 Y UPLOAD $FND_TOP/patch/115/import/afcpprog.lct $XBOL_TOP/fndload/CCP.ldt - WARNING=YES UPLOAD_MODE=REPLACE CUSTOM_MODE=FORCE
APP-FND-01564: ORACLE error 604 in AFPCOA
Cause: AFPCOA failed due to ORA-00604: error occurred at recursive SQL level 1
ORA-20099: E-Business Suite Patch Edition does not exist.
ORA-06512: at line 29
.The SQL statement being executed at the time of the error was:  and was executed from the file .


By - No comments:
Subscribe to: Posts (Atom)