A default install of Oracle Enterprise Linux (OEL) comes with a lot of packages you would not want on a secure production server. So how do you create a minimal install of OEL? Turns out it's pretty easy.
For this example lets assume OEL 5.5 as the OS and that the server will be used to host an Oracle 11gR2 database. The Oracle Database Installation Guide 11g Release 2 (11.2) for Linux was consulted in constructing this example.
- Boot the server from the OEL 5.5 ISO DVD and
choose the GUI installation.
- On the install window that asks which additional
functionality to install (Software Development, Web Server, Clustering and
Storage Clustering), no not select any of the boxes.
- On the same window, select the Customize Now
radio button and select Next.
- Select Base System in the left-hand column and
then deselect everything in the right-hand column, except Base.
- For each of the other entries in the left hand column (Desktop Environments, Applications, etc.) deselect everything in the right-hand column and then click next.
After the install completes and the system reboots, you are left with an extremely minimal Linux install, in fact, even too minimal to install Oracle. The next step is to install the Oracle Validated RPM. There are two ways to do this. If you are not an Unbreakable Linux Network (ULN) customer (i.e., you do not have a ULN support contract), then you can get the Oracle Validated RPM from http://oss.oracle.com/el5/oracle-validated. If you are a ULN customer, take the following steps:
- On your new, rebooted OEL server, install the OEL public key by entering: rpm --import /usr/share/rhn/RPM-GPG-KEY
- Enter: up2date
- Select Next through the privacy statement.
- Enter your ULN credentials and select Next.
- After returning to the prompt, install the required prerequisite RPM, enter: up2date --install kernel-headers --force --verbose
- Then install Oracle Validated by entering: up2date --install oracle-validated --verbose
- Finally, there was one RPM required by the documentation above but not installed as part of Oracle Validated. Install it by entering: up2date
--install numactl-devel --verbose
That's it! Is it secure? Heck no, we have not hardened the OS as yet. It is a good first step however. Stay tuned for the post on hardening OEL.