Monday, May 4, 2015

upgrading to GI 12.1.0.2

Some weeks ago I patched the GI from 11.2.0.4 to 12.1.0.2 I implemented the fix for the listener poisoning issue you can read about it here here is the original listener.ora
#CVE-2012-1675
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1
VALID_NODE_CHECKING_REGISTRATION_LISTENER_DG=1
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN2=(x.y.z.61,x.y.z.64)
 
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN2=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=(x.y.z.61,x.y.z.64)
 
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN3=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN3=(x.y.z.61,x.y.z.64)
REGISTRATION_INVITED_NODES_LISTENER_DG=(172.20.20.72,172.20.20.73)

here the upgraded one
#CVE-2012-1675
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1
VALID_NODE_CHECKING_REGISTRATION_LISTENER_DG=1
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=OFF             # line added by Agent
REGISTRATION_INVITED_NODES_LISTENER_SCAN2=()            # line added by Agent
 
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN2=OFF             # line added by Agent
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=()            # line added by Agent
 
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN3=OFF             # line added by Agent
REGISTRATION_INVITED_NODES_LISTENER_SCAN3=()            # line added by Agent
REGISTRATION_INVITED_NODES_LISTENER_DG=(172.20.20.72,172.20.20.73)
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_CLONE=ON                # line added by Agent
VALID_NODE_CHECKING_REGISTRATION_LISTENER_CLONE=SUBNET          # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_MGMTLSNR=ON              # line added by Agent
VALID_NODE_CHECKING_REGISTRATION_MGMTLSNR=SUBNET                # line added by Agent

The installer / upgrade process removes these entries, I saw similar behaviour with the dbca when you have IFILES in the tnsnames.ora, most annoying these entries get removed .... NOTE : I anNonimized the ip addresses

No comments: