Policy Violation Details: Background Dump Destination

Oem grid control 10.2.0.1.
I have this policy violation:
Ensures that access to the trace files directory is restricted to the owner of the Oracle software set and the DBA group.
Here is my folder permissions:
[oracle@dbdev juk_dev]$ pwd
/opt/oracle/app/oracle/admin/juk_dev
[oracle@dbdev juk_dev]$ ll
total 32
drwxr-xr-x 2 oracle oinstall 4096 Apr 30 17:26 bdump
drwxr-xr-x 26 oracle oinstall 4096 Apr 23 14:29 cdump
drwxr-xr-x 2 oracle oinstall 4096 Feb 19 16:01 create
drwxr-xr-x 2 oracle oinstall 4096 Apr 18 15:43 dpdump
drwxr-xr-x 2 oracle oinstall 4096 Feb 19 16:01 pfile
drwxr-xr-x 2 oracle oinstall 12288 May 2 17:23 udump
All i did was install oracle using the documentation.
chmod -R 775 /mount_point/app/oracle_sw_owner
Is this the right command to restrict the rights for my traces files so oem stop it's alert?
chmod -R o-rx /opt/oracle/app/oracle/admin/

Yes thats what OEM wants. It unfortunate that out of the box install of Oracle creates a lot of these policy alerts.

Similar Messages

  • Unable to write trace files in Background dump destination in oracle 10g

    Hi All,
    OS version : RHEL 5.7
    DB version : 10.2.0.4
    cluster : 2 node RAC database
    Today I faced a strange behaviour for one of our production database. Its a 2-node rac database. On the first node there is no auto generation of trace files in the BAckground dump destination. I am able to see trace files of second in its background dump dest. But the strange behaviour occurs on the first node. I see only Alert log file in the background dump dest . Inspite of getting an error which shows trace file generated but no file occurs in the bdump. The following is the error but physically there no trace file generated:
    Errors in file /oracle/db/admin/<sid>/bdump/<sid>j0011558.trc:
    ORA-12012: error on auto execute of job 94377
    ORA-12008: error in materialized view refresh pathCan anyone have any idea for this strange behaviour. There are no maintenance script for removal of trace files.
    Regards,
    Imran Khan

    ORA-00980:synonym translation is no longer valid
    Cause:The synonym used is based on a table, view, or synonym that no longer exists.
    Action:Replace the synonym with the name of the object it references or re-create the synonym so that it refers to a valid table, view, or synonym.
    Check the following :
    From User Number 1 : Osama1
    create table osama_table as select empname from scott.emp;
    create public synonym osama_tbl for osama_table ;
    grant select on osama_tbl  to user_b;
    From User Number 2 : Osama2
    select 1 from osama_tbl;
    SMITH
    ALLEN
    JONES
    MARTIN
    From User Number 1 : Osama1
    drop table osama_table;
    From User Number 2  : Osama2
    select 1 from  osama_tbl;
    ORA-00980: synonym translation is no longer valid

  • OEM Security Policy Violation

    Hi,
    There are thousands of policy violation in my OEM page. Some are very old. I would like to clear those violations. Can somebody help me out.
    Also, what is the difference between suppressing the violations and clearing them.
    Can a script be written to clear the violations on a regular basis ??
    Help would be much appreciated.

    I have Grid Control...my oracle version is 10.2.0.4..
    I followed the steps..
    Target home page > Policy violations > Current > Violation Count
    Clicked the link which took me to "policy violation details"
    This is what i have learnt sofar...It seems we can manually clear the policy violation logs which are older enough, rahter than waiting for the Default Evaluation to take place....
    I would like to know how it could be done...

  • Wrong number of policy violations in Home tab

    We deleted manually entries in the mgmt_current_violation table. On the detail tab of policy violations, theses entries are gone. But on the Home tab the number of policy violations is still the old one.
    Would be nice if someone can explain this to mee.
    best regards
    sascha

    Andy,
    thanks for your reply. To answer your questions
    > I'm assuming that read rights have been granted.
    in fact read rights have been granted
    > For the GWChecks, please confirm that it was a Contents check/fix.
    yes, it was
    > Do you have regular GWChecks on Contents?
    Yes, we do process weekly contents checks every Sunday at 1:00 AM on the PO since we introduced GW in 2002.
    Today I found time to check some things out. I retracted the proxy rights on the computer of the affected user and reassigned them. I tried this several times with and without restarting the GW-Client as well as on my computer and on the computer of the affected user.
    The next thing I tried was assigning the proxy rights from another PC. I did not just grant read rights but any rights available and was successful: I saw any item in the mailbox and even the mailbox properties told me the number of items. For testing purpose I retracted the proxy rights and reassigned them again as I exactly did before and surprisingly did not succeed. I tried this several times even with reduced (means just read) rights without any success.
    Next step was to analyze the rules on the account of the affected user. She has a long rule which finally says that mails received from or sent to special addresses should be marked 'private'.
    Finally I reassigned the rights again from another computer I hadn't used before and granted any rights available again. This method again was successful.
    The problem is that I don't know why... :-)
    Anyway - thanks again and a happy new year!
    Regards,
    jgoy

  • Oracle Security : what do you think about the following policy violation ?

    If you install OEM10, you will be able to see if you violate some security guidelines :
    Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...
    Take care about the failed login attempts. If you set it to 10 to the default profile, and if your DBSNMP password is NOT the default password, then Oracle will lock your account after node discovery!
    In Solaris, you can disable execution of the user stack with the system parameters set noexec_user_stack=1
    set noexec_user_stack_log=1. I did not find how to do it on AIX. However, those settings may have side effects.
    About the ports, it complains about open ports, even if this is the port oracle listener is using! Simply ignore most of the violations there.
    About JAccelerator (NCOMP), it is located on the "companion" CD.
    Ok, Waiting for your feedback
    Regards
    Laurent
    [High]      Critical Patch Advisories for Oracle Homes     Configuration     Host     Checks Oracle Homes for missing critical patches          
    [High]      Insufficient Number of Control Files     Configuration     Database     Checks for use of a single control file          
    [High]      Open ports     Security     Host     Check for open ports          
    [High]      Remote OS role     Security     Database     Check for insecure authentication of remote users (remote OS role)          
    [High]      EXECUTE UTL_FILE privileges to PUBLIC     Security     Database     Test for PUBLIC having EXECUTE privilege on the UTIL_FILE package          
    [High]      Listener direct administration     Security     Listener     Ensure that listeners cannot be administered directly          
    [High]      Remote OS authentication     Security     Database     Check for insecure authentication of remote users (remote OS authentication)          
    [High]      Listener password     Security     Listener     Test for password-protected listeners          
    [High]      HTTP Server Access Logging     Security     HTTP Server     Check that HTTP Server access logging is enabled          
    [High]      Web Cache Access Logging     Security     Web Cache     Check that Web Cache access logging is enabled          
    [High]      Web Cache Dummy wallet     Security     Web Cache     Check that dummy wallet is not used for production SSL load.          
    [High]      HTTP Server Dummy wallet     Security     HTTP Server     Check that dummy wallet is not used for production SSL load.          
    [High]      Web Cache owner and setuid bit'     Security     Web Cache     Check that webcached binary is not owned by root and setuid is not set          
    [High]      HTTP Server Owner and setuid bit     Security     HTTP Server     Check the httpd binary is not owned by root and setuid bit is not set.          
    [High]      HTTP Server Directory Indexing     Security     HTTP Server     Check that Directory Indexing is disabled on this HTTP Server          
    [High]      Insufficient Redo Log Size     Storage     Database     Checks for redo log files less than 1 Mb          
    [Medium]      Insufficient Number of Redo Logs     Configuration     Database     Checks for use of less than three redo logs          
    [Medium]      Invalid Objects     Objects     Database     Checks for invalid objects          
    [Medium]      Insecure services     Security     Host     Check for insecure services          
    [Medium]      DBSNMP privileges     Security     Database     Check that DBSNMP account has sufficient privileges to conduct all security tests          
    [Medium]      Remote password file     Security     Database     Check for insecure authentication of remote users (remote password file)          
    [Medium]      Default passwords     Security     Database     Test for known accounts having default passwords          
    [Medium]      Unlimited login attempts     Security     Database     Check for limits on the number of failed logging attempts          
    [Medium]      Web Cache Writable files     Security     Web Cache     Check that there are no group or world writable files in the Document Root directory.          
    [Medium]      HTTP Server Writable files     Security     HTTP Server     Check that there are no group or world writable files in the Document Root directory          
    [Medium]      Excessive PUBLIC EXECUTE privileges     Security     Database     Check for PUBLIC having EXECUTE privileges on powerful packages          
    [Medium]      SYSTEM privileges to PUBLIC     Security     Database     Check for SYSTEM privileges granted to PUBLIC          
    [Medium]      Well-known accounts     Security     Database     Test for accessibility of well-known accounts          
    [Medium]      Execute Stack     Security     Host     Check for OS config parameter which enables execution of code on the user stack          
    [Medium]      Use of Unlimited Autoextension     Storage     Database     Checks for tablespaces with at least one datafile whose size is unlimited          
    [Informational]      Force Logging Disabled     Configuration     Database     When Data Guard Broker is being used, checks primary database for disabled force logging          
    [Informational]      Not Using Spfile     Configuration     Database     Checks for spfile not being used          
    [Informational]      Use of Non-Standard Initialization Parameters     Configuration     Database     Checks for use of non-standard initialization parameters          
    [Informational]      Flash Recovery Area Location Not Set     Configuration     Database     Checks for flash recovery area not set          
    [Informational]      Installation of JAccelerator (NCOMP)     Installation     Database     Checks for installation of JAccelerator (NCOMP) that improves Java Virtual Machine performance by running natively compiled (NCOMP) classes          
    [Informational]      Listener logging status     Security     Listener     Test for logging status of listener instances          
    [Informational]      Non-uniform Default Extent Size     Storage     Database     Checks for tablespaces with non-uniform default extent size          
    [Informational]      Not Using Undo Space Management     Storage     Database     Checks for undo space management not being used          
    [Informational]      Users with Permanent Tablespace as Temporary Tablespace     Storage     Database     Checks for users using a permanent tablespace as the temporary tablespace          
    [Informational]      Rollback in SYSTEM Tablespace     Storage     Database     Checks for rollback segments in SYSTEM tablespace          
    [Informational]      Non-System Data Segments in System Tablespaces     Storage     Database     Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX          
    [Informational]      Users with System Tablespace as Default Tablespace     Storage     Database     Checks for non-system users using SYSTEM or SYSAUX as the default tablespace          
    [Informational]      Dictionary Managed Tablespaces     Storage     Database     Checks for dictionary managed tablespaces (other than SYSTEM and SYSAUX)          
    [Informational]      Tablespaces Containing Rollback and Data Segments     Storage     Database     Checks for tablespaces containing both rollback (other than SYSTEM) and data segments          
    [Informational]      Segments with Extent Growth Policy Violation     Storage     Database     Checks for segments in dictionary managed tablespaces (other than SYSTEM and SYSAUX) having irregular extent sizes and/or non-zero Percent Increase settings

    Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...Okay, as this is (I think) aimed at me, I'll fall for it ;)
    What is the point of revoking UTL_FILE from PUBLIC? Yes I know what you think the point is, but without rights on an Oracle DIRECTORY being able to execute UTL_FILE is useless. Unless of course you're still using the init.ora parameter
    UTL_FILE_DIR=*which I sincerely hope you're not.
    As for UTL_SMTP and UTL_TCP, I think whether a program is allowed to send e-mail to a given SMTP server is really in the remit of the e-mail adminstrator rather than the DBA.
    Look, DBAs are kings of their realm and can set their own rules. The rest of us have to live with them. A couple of years ago I worked a project where I was not allowed access to the USER_DUMP_DEST directory. So every time I generated a TRC file I had to phone up the DBA and a couple of hours later I got an e-mail with an attachment. Secure yes, but not very productive when I was trying to debug a Row Level Security implementation.
    I have worked on both sides of the DBA/Developer fence and I understand both sides of the argument. I think it is important for developers to document all the privileges necessary to make their app run. Maybe you don't have a better way of doing that than revoking privileges from PUBLIC. Or maybe you just want to generate additional communication with developers. That's fine. I know sometimes even DBAs get lonely.
    Cheers, APC

  • Facing issue with tRFC (CALL FUNCTION in BACKGROUND TASK DESTINATION

    In transcation CJ20N there is aBADI call ZCL_IM_CL_IM_PROJ_UPDATE in which there is a method
    IF_EX_PROJECTDEF_UPDATE~AT_SAVE.  My requirement is that when the status of the project is changed and saved then after the SAVE some actions are to be performed (BDC for transcation CJ30 & CJ9FS are to be called).
    Since this method is called AT SAVE and i need to call the bdc after the comit (of SAVE) is done. So I have made a RFC FM in which I am calling the bdc. and then calling the FM as
    CALL FUNCTION <FM> in BACKGROUND TASK DESTINATION <sy-sysid>.
    For the txn. CJ9FS bdc this method is working fine and bdc is called after SAVE but for txn. CJ30, at times,the bdc  is not working though if I run the BDC FM seperately using SE37 then its working fine.
    Can any body guide me where I am going wrong.

    The scenario works fine for me. The issue was unable to create a proper test condition in the RFC.
    CALL FUNCTION 'ZMY_RFCASYNC'
       IN BACKGROUND TASK
       EXPORTING...
       TABLES...
       EXCEPTIONS...
    Simulated error condition in 'ZMY_RFCASYNC'
    and got entry in SM58 by simply making an exception. 
    Thank you all.

  • Changing background dump dest , does not work

    Hi,
    i was asked to change the background dump dest location on RAC (10.2.0.5) environment.i just use below command to do this
    alter system set background_dump_dest='/newlocation' scope=both;
    its successfully completed. but now new alerts should be write down on this new location. and all other process files. but still old location is being used for this alert log and other processes files. even i flushed and remove alert log file from old location . but oracle generate alert log automatically in old location. so kinldy can any one tell me how to change this parameter so that it start dumping alert logs in new location ???
    regards,

    I would have tried to change in all instances with:
    alter system set background_dump_dest=<new location> sid='*';But on my 10.2.0.1 RAC test this only works for trace files: to have alert log in new location I need to restart each instance like for rolling patching.

  • Attachment type policy violation Action:deny

    Hi Folks, need some help starting to get a little frustrated. So any input is appreciated. My organization is starting to deal with the goverment and will be sending lg. files via email. We use Exchange\Outlook 2010. I have tested from hotmail and get same
    results. Here's what I see:
    Delivery Notification - file    The mesg or attach. did not reach... Reason: attachment type policy violation (/Analysis.exe)  NOTE: this changes depending on file             
    Action:deny
    I have gone and increased all my mesg size limits to an incredible lg limit in the Send and Receive Connectors, Transport settings, just about any spot that has to do with a size limitation. Also added the site as a trusted site  under Send conn. Still
    no luck. The goverment contact states its our site, works fine with others ones. Any ideas???  Thanks in advance

    1-The error message above still says 'attachment type policy'.  Can you tell what host rejected it from the message headers?
    2-If you truly think there is a size issue, create a file of a specific size using 'fsutil' and try to send it:
    10MB file: fsutil.exe file  createnew C:\temp\testfile2.txt 10000000
    Something else to remember is that conversion from Exchange format to an Internet standard inflates the message up to 30% (i forget what the technical aspects are, it was a while ago.)  The Internet standard appears to be 25MB these days (Google, Yahoo,
    etc.) so setting your Internet-bound Send Connector 25MB may not work.  My testing resulted in using 17MB on the Internet-bound Send Connector.  This is for total message size, not individual attachments.  If a message has three attachments
    of 6MB each it will work fine internally, but is rejected if it is sent to the Internet.

  • Error: -26  Detail: no valid destination server available for '!ALL' rc=14

    Hello,
    i can access portal, but when i click on a link i receive the error message bellow:
    500 Dispatching Error
    Error: -26
    Version: 7000
    Component: HTTP_ROUTE
    Date/Time: Thu May 27 11:18:55 2010 
    Module: http_route.c
    Line: 3139
    Server: PCLIWDI1_WDP_01
    Error Tag:
    Detail: no valid destination server available for '!ALL' rc=14
    u00A9 2001-2009, SAP AG 
    the web dispatcher is UP,
    on instance profile on web dispatcher , i have data bellow:
    SAPSYSTEMNAME = WDP
    SAPGLOBALHOST = PCLIWDI1
    SAPSYSTEM = 01
    INSTANCE_NAME = W01
    DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
    DIR_EXECUTABLE = $(DIR_CT_RUN)
    Accesssability of Message Server
    rdisp/mshost = pclieci1.oranginagroup.net
    ms/http_port = 8080
    Configuration for large scenario
    icm/max_conn = 16384
    icm/max_sockets = 16384
    icm/req_queue_len = 6000
    icm/min_threads = 100
    icm/max_threads = 250
    mpi/total_size_MB = 500
    mpi/max_pipes = 21000
    SAP Web Dispatcher Ports
    ##icm/server_port_0 = PROT=HTTP,PORT=1080
    Capgemini - RGC. SSL
    DIR_INSTANCE = G:\usr\sap\secudir
    DIR_HOME = G:\usr\sap\WDP\W01\work
    icm/server_port_0 = PROT=HTTP,PORT=8001
    icm/server_port_1 = PROT=HTTPS,PORT=1080
    icm/HTTPS/verify_client = 0
    wdisp/ssl_encrypt = 0
    wdisp/add_client_protocol_header = true
    wdisp/shm_attach_mode = 6
    ssl/ssl_lib = G:\usr\sap\secudir\sapcrypto.dll
    ssl/server_pse = G:\usr\sap\secudir\SAPSSLS.pse
    is/http/default_root_hdl = abap
    #icm/HTTP/redirect_0 = PREFIX=/sap/bc/gui/sap/its/webgui, HOST=pclieci1.oranginagroup.net, PORT=1080
    i have the same error when i lunch https://WDISERV:1080
    Thank's for help

    Following the check i did, please find out the result:
    C:\Users\wdpadm>sapwebdisp pf=G:\usr\sap\WDP\SYS\profile\WDP_W01_PCLIWDI1 -check
    config
    Checking SAP Web Dispatcher Configuration
    =========================================
    maximum number of sockets supported on this host: 32768
    Server info will be retrieved from host: pclieci1.oranginagroup.net:8080 with pr
    otocol: http
    Checking connection to message server...OK
    Retrieving server info from message server...OK
    Message Server instance list:
    ------++--
    +
    instance name
    hostname
    HTTP port
    HTTPS port
    ------++--
    +
    ------++--
    +
    ERROR: no servers in list
    Check ended with 1 errors, 0 warnings

  • Refreshing Policy Violations

    I have been running 10g with no problem. However, one item has me stumped. On the main page of the OEM is the Diagnostic Summary with All Policy Violations amongst other items. I have taken action on many of the violations days ago, but do not know how to refresh the data. Selecting the Refresh button next to the Page refreshed info does not affect the violations. Can I manually refresh this data? Do I submit a job to do that, and if so, what job? Thanks.
    -Philip

    Look out with those modifications Philip, oracle warns for some privileges granted but when you install some - oracle - tools in the database and those privs are no longer there, the installation will fail because that same oracle relies on their default existence.
    The events are scheduled, some have a more frequent schedule than others. Keep the database & dbconsole running and it will refresh.
    regards,
    Ronald
    http://homepage.mac.com/ik_zelf/oracle

  • How to remove out-of-the-box policy violation from Database Control

    Hi, I just installed a new Oracle 11g box with a new database created using DBCA with all the out-of-box settings.
    Using database control, I can see a lot of "policy violation" warning etcs. For example, one warning is "Control File Permission (Windows)". Apparently, it is complaining about the control file permission bit. So I go in and remove all permission except for systems and the oracle dba group ORA_DBA (in window). Still it is complaining. How do I fix it?
    Thanks for any suggestion

    It should disappear after you have "completely" taken care of it. If you think you have, then you can use "Manage Policy Violations" to ignore and clear them. But do not do this if you have not taken care of it.

  • Fair usage policy violation blocking

    Dear Sir,
    This has reference to your e-mail dated Augut 17th 2014, regarding fair usage policy violation.
    This is to confirm that I am a law abiding citizen and I hereby also confirm that I have been using skype only for my personal, individual and non-commercial usage only.
    Under the circumstances, you are requested to kindly restart the blocked services forthwith and confirm.
    Thanking you,
    Yours faithfully,
    Hari1987

    VINCQ wrote:
    i got a mail about fair usage policy violation blocking. i didn't sharing and use it for commercial. how can i fix this problem.
    Hello and welcome to the Skype Community.
    You received this message because you have exceeded the call limits set out in this document:
    http://www.skype.com/en/legal/fair-usage/  
    please contact Skype customer service 
    TIME ZONE - US EASTERN. LOCATION - PHILADELPHIA, PA, USA.
    I recommend that you always run the latest Skype version: Windows & Mac
    If my advice helped to fix your issue please mark it as a solution to help others.
    Please note that I generally don't respond to unsolicited Private Messages. Thank you.

  • Clear policy Violation

    how to clear policy Violation in grid control??? any ideas?

    in part is ok
    I have Grid Control...my oracle version is 10.2.0.4..
    I followed the steps..
    Target home page > Policy violations > Current > Violation Cou
    but this does not delete the alerts only ignorant.
    and if more than 1, say 100 or more you have to check only every 5 to ignore
    any idea with script???

  • ACE - incomplete 'sh service-policy NAME detail' listing

    Hi guys,
    our customer reported to me problem with incomplete 'sh service-policy CLIENT_VIP detail' listing. this listing is not complete and ends with 'Unexpected header: 0'.
    he reported, that (for example) 25 policy maps in policy-map multi-match working correctly and listing is complete, but more policy maps in the policy-map multi-match cause incomplete listing and this extra policy maps are not working properly.
    I tried copy his config file to my ACE, and service policy listing is complete.
    any ideas? maybe no more resources for this context (I got no 'sh resource usage' from the customer till now).
    ACE SW: 3.0(0)A1(5a)
    config has 39 class maps in the class-map multi-match CLIENT_VIP definition
    thanks,
    martin

    I forgot... customer reported behavior, that is very important:
    Primary problem is, that removed class from policy-class multi-match is still working (!) and new added class is not working. configuration is ok, because without too many classes in policy-map multi-match are this config parts operational.
    is this known defect?
    resources usage is without problem.
    martin

  • Policy violations - SGA

    Hi,
    i must remove all policy violations after a fresh installation of Oracle 10g Database. I have 35 violations to remove and i can remove 30 easily but i don't know how to remove 4 of them.
    I spent a lot of time searching on internet/forums/etc.. but didn't find anything on these 4 policy violations which concern SGA.
    Here is 2 pictures in order to describe the problem.
    http://lapincubefreebox3.free.fr/violation_1.jpg
    http://lapincubefreebox3.free.fr/violation_2.jpg
    SGA configuration is the following :
    http://lapincubefreebox3.free.fr/sga.jpg
    I really don't know how to remove these violations.
    Any help will be appreciated. Thanks.

    It isnt really a violation as such.
    At 10g, SGA_MAX_SIZE and SGA_TARGET were introduced, which group all the individual sga parameters together, like db_cache_size, java_pool_size etc etc. But you can still specify the size of each of the sga pools if you want to.
    So it isn't a really violation, just an older way/fine tuned way of doing it.
    Have a read up the new parameters.

Maybe you are looking for