We are being audited by our internal security group and I have to prove that I have installed Oracle security patches from Alert #68. How do I prove that these patches were installed on Unix and Windows servers?

    Requires Free Membership to View

If the Alert #68 patch was installed against a set of Oracle8i binaries, it may be difficult to prove that the patch was, in fact, installed. What I typically like to do is copy the patch into a patches subdirectory under the relevant $ORACLE_HOME. This way, when I need to go back and verify that a patch was applied, I can tell right away.

If a patch's subdirectory was created under the 8i ORACLE_HOME and the patch was installed from there, you should see a file called undo_pre3821967_8.1.7.4.0.sh which is created by the patch for backout purposes (on UNIX). If, on the other hand, the patch was applied from a central location across all servers, it might be more difficult to prove that the patch was applied.

With Oracle9i, however, the patch would have been installed with the opatch utility. You can use the opatch utility to list the installed patches. Set your environment to a 9i database on the server, navigate to where the opatch utility is installed (or include it in your path) and type:

opatch lsinventory

This will read the inventory and list any patches that were installed. If security alert #68 was installed, you should see lines similar to this in the output (this example is from Solaris):

Installed Patch List:  
=====================  
1) Patch 3811887 applied on Thu Oct 14 12:43:51 MDT 2004      
[ Base Bug(s): 3828166 3811887  ]

Also, with Oracle9i, you can look in $ORACLE_HOME/.patch_storage for log files. If this hidden directory (.patch_storage) was created prior to applying the patch, opatch would have sent all log files to this subdirectory by default.

This was first published in July 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: