详说Oracle Vault——Vault卸载

Oracle Vault是安全三个技术策略的重要组成部分。相对于其他两种,Label Security和VPD(Virtual Private Database),Oracle Vault更加体现运维体系管理建设和安全规则配置。安装配置Vault之后,Oracle原有的sys超级用户安全角色被剥离,数据、操作和资源以规则的方式进行安全限制。应该说,使用Vault之后,才能真正实现对于数据管理员行为的管制。
 
本篇主要介绍如何对Vault进行卸载操作,依据的版本是11gR2。注意:Oracle Vault不同版本下进行卸载的方法有一定差异,特别是在relink的过程。
 
 

1、卸载前准备

 

Oracle Vault在数据库中涉及几个部分:dva组件以Web App的方式绑定在OEM中、内部的dbowner和manager管理对象和角色权限调整。在正式的卸载操作之前,我们需要将数据库和各种组件进行关闭。
 
数据库完全关闭。

 

SQL> conn / as sysdba

Connected.

SQL> shutdown immediate;

Database closed.

Database dismounted.

ORACLE instance shut down.

 

监听程序关闭。

 

[oracle@SimpleLinux ~]$ lsnrctl stop

 

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 28-APR-2014 13:56:27

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

 

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=SimpleLinux)(PORT=1521)))
 
The command completed successfully

 

DB Console Web应用关闭。

 

[oracle@SimpleLinux ~]$ emctl stop dbconsole

Oracle Enterprise Manager 11g Database Control Release 11.2.0.4.0

Copyright (c) 1996, 2013 Oracle Corporation.  All rights reserved.

https://SimpleLinux:1158/em/console/aboutApplication

Stopping Oracle Enterprise Manager 11g Database Control ...

 ...  Stopped.

[oracle@SimpleLinux ~]$ emctl status dbconsole

Oracle Enterprise Manager 11g Database Control Release 11.2.0.4.0

Copyright (c) 1996, 2013 Oracle Corporation.  All rights reserved.

https://SimpleLinux:1158/em/console/aboutApplication

Oracle Enterprise Manager 11g is not running.

 

2、Disable Vault

 

Vault是一个默认情况下未激活的组件。我们进行安装Vault的过程,实际上就是将其重新打包如Oracle执行程序。进行卸载的过程,也需要重新relink Oracle应用程序。
 
首先进行Disable过程。

 

[oracle@SimpleLinux ~]$ cd $ORACLE_HOME/rdbms/lib

[oracle@SimpleLinux lib]$ make -f ins_rdbms.mk dv_off ioracle

/usr/bin/ar d /u01/app/oracle/rdbms/lib/libknlopt.a kzvidv.o

/usr/bin/ar cr /u01/app/oracle/rdbms/lib/libknlopt.a /u01/app/oracle/rdbms/lib/kzvndv.o

chmod 755 /u01/app/oracle/bin

 

(篇幅原因,有省略……)

 - Linking Oracle

rm -f /u01/app/oracle/rdbms/lib/oracle

gcc  -o /u01/app/oracle/rdbms/lib/oracle -m32 -z noexecstack -L/u01/app/oracle/rdbms/lib/ -L/u01/app/oracle/lib/ -L/u01/app/oracle/lib/stubs/ -L/u01/app/oracle/lib/ -lirc

mv /u01/app/oracle/rdbms/lib/oracle /u01/app/oracle/bin/oracle

chmod 6751 /u01/app/oracle/bin/oracle

 

注意:如果是在11gR2中,可以选择chopt方式进行dv的卸载。

 

[oracle@SimpleLinux lib]$ chopt disable dv

 

Writing to /u01/app/oracle/install/disable_dv.log...

/usr/bin/make -f /u01/app/oracle/rdbms/lib/ins_rdbms.mk dv_off ORACLE_HOME=/u01/app/oracle
 
/usr/bin/make -f /u01/app/oracle/rdbms/lib/ins_rdbms.mk ioracle ORACLE_HOME=/u01/app/oracle
 
 

启动监听器,此时Oracle通常已经自动启动。

 

[oracle@SimpleLinux lib]$ lsnrctl start

 

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 28-APR-2014 14:04:34

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

 

(篇幅原因,有省略……)

  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))

The listener supports no services

The command completed successfully

 

 

[oracle@SimpleLinux lib]$ sqlplus /nolog

 

SQL*Plus: Release 11.2.0.4.0 Production on Mon Apr 28 14:04:41 2014

 

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

 

SQL> conn / as sysdba

Connected.

SQL> startup

ORA-01081: cannot start already-running ORACLE - shut it down first

 

 

相关推荐