Securing & Hardening Linux for Oracle Workloads
Oracle Enterprise Linux (OEL) and Red Hat Enterprise Linux (RHEL) are the two most common Linux variants deployed to run Oracle databases and Oracle applications. Oracle Linux can be run with either its proprietary Unbreakable Linux Kernel (UEK) or the Standard Red Hat kernel (SRK).
One key difference between UEK and SRK is the delivery of operating system hardware drivers. UEK drivers are delivered as part of the kernel so changes require kernel upgrades. SRK drivers are delivered as RPMs. Updated drivers are an important component to securing the Linux environment.
Firmware is low level code that run as embedded software at the physical server hardware level. Server firmware play a critical role in the uptime and security of the Oracle workloads they support. Firmware interacts with drivers making their interoperability a key requirement for system stability and security.
Securing & Hardening Linux
Linux servers running Oracle workloads can be secured and hardened following some key principles:
- Keep all server firmware at the latest supported level. CVEs should be identified and remediated in time.
- Maintain and apply kernel security patches on a business determined schedule.
- Use Ksplice to apply kernel security patches to a running system without incurring a downtime. Requires upgraded support subscription and is recommended for Production workloads.
- Directory and files access permissions maintained on a strict requirements basis to safeguard databases and applications.
- Enable Linux Firewall with explicit access rules.
- Only business required applications and services are enabled to run.
- Install a limited set of Linux RPMs to support the application requirements.
- Monitor system performance and key event log files.
- Review Log Watch reports to capture unidentified access attempts and process failures.
InfoSapient specializes in the delivery of Managed Services for Oracle Databases and Oracle E-Business Suite both On-Premise and in the Cloud. When you are ready for an upgrade, migration, or are looking for Managed Services of your Oracle environment, contact us for a no obligation review to get started.
The information contained herein is not legal advice. Any mention of a specific product, individual or company does not constitute an endorsement unless otherwise specified.