2.5 Managing the Oracle ORAchk and Oracle EXAchk Daemons
This section explains the procedures to manage Oracle ORAchk and Oracle EXAchk daemons.
- Starting and Stopping the Daemon
Start and stop the daemon and force the daemon to stop a compliance check run. - Configuring the Daemon for Automatic Restart
By default, you must manually restart the daemon if you restart the server or node on which the daemon is running. - Setting and Getting Options for the Daemon
Set the daemon options before you start the daemon. Reset the daemon options anytime after starting the daemon. - Querying the Status and Next Planned Daemon Run
Query the status and next automatic run schedule of the running daemon.
Parent topic: Analyzing Risks and Complying with Best Practices
2.5.1 Starting and Stopping the Daemon
Start and stop the daemon and force the daemon to stop a compliance check run.
To start and stop the daemon:
–d stop
option.
Parent topic: Managing the Oracle ORAchk and Oracle EXAchk Daemons
2.5.2 Configuring the Daemon for Automatic Restart
By default, you must manually restart the daemon if you restart the server or node on which the daemon is running.
However, if you use the automatic restart option, the daemon restarts automatically after the server or node reboot.
Configure the daemons to auto restart as root
.
To configure the daemon to restart automatically:
Parent topic: Managing the Oracle ORAchk and Oracle EXAchk Daemons
2.5.3 Setting and Getting Options for the Daemon
Set the daemon options before you start the daemon. Reset the daemon options anytime after starting the daemon.
To set the daemon options:
- AUTORUN_SCHEDULE
Schedule recurring compliance check runs using theAUTORUN_SCHEDULE
daemon option. - AUTORUN_FLAGS
TheAUTORUN_FLAGS
daemon option determines how compliance checks are run. - NOTIFICATION_EMAIL
Set theNOTIFICATION_EMAIL
daemon option to send email notifications to the recipients you specify. - collection_retention
Set thecollection_retention
daemon option to purge health check collection results that are older than a specified number of days. - PASSWORD_CHECK_INTERVAL
ThePASSWORD_CHECK_INTERVAL
daemon option defines the frequency, in hours, for the daemon to validate the passwords entered when the daemon was started the first time. - Setting Multiple Option Profiles for the Daemon
Use only one daemon process for each server. Do not start a single daemon on multiple databases in a cluster, or multiple daemons on the same database. - Getting Existing Options for the Daemon
Query the values that you set for the daemon options.
Parent topic: Managing the Oracle ORAchk and Oracle EXAchk Daemons
2.5.3.1 AUTORUN_SCHEDULE
Schedule recurring compliance check runs using the
AUTORUN_SCHEDULE
daemon option.
To schedule recurring compliance check runs:
$ orachk –set "AUTORUN_SCHEDULE=3 * * 0"
$ exachk –set "AUTORUN_SCHEDULE=3 * * 0"
Optionally, you can specify the name
of the profile. If you do not specify, then
id
=DEFAULT
.
$ orachk -id dba -set "AUTORUN_SCHEDULE=3 * * 0"
$ exachk -id dba -set "AUTORUN_SCHEDULE=3 * * 0"
Parent topic: Setting and Getting Options for the Daemon
2.5.3.2 AUTORUN_FLAGS
The AUTORUN_FLAGS
daemon option determines how compliance
checks are run.
To configure how compliance checks should run:
$ orachk –set "AUTORUN_FLAGS=-profile sysadmin –tag sysadmin"
$ exachk –set "AUTORUN_FLAGS=-profile sysadmin –tag sysadmin"
Parent topic: Setting and Getting Options for the Daemon
2.5.3.3 NOTIFICATION_EMAIL
Set the NOTIFICATION_EMAIL
daemon option to send email notifications to the recipients you specify.
To configure email notifications:
After the first health check run, the daemon notifies the recipients with report output attached.
For the subsequent health check runs after the first email notification, the daemon emails the summary of differences between the most recent runs to all recipients specified in the NOTIFICATION_EMAIL
list.
Parent topic: Setting and Getting Options for the Daemon
2.5.3.4 collection_retention
Set the collection_retention
daemon option to purge health check collection results that are older than a specified number of days.
To configure collection retention period:
$ orachk –set "collection_retention=60"
$ exachk –set "collection_retention=60"
Parent topic: Setting and Getting Options for the Daemon
2.5.3.4.1 To Control Collection Retention Using Size
RAT_PURGE_SIZE
. When the
health check collections consume the size
specified, then Oracle ORAchk starts purging the
old collections, and retains the space specified
using RAT_PURGE_SIZE
.
$export RAT_PURGE_SIZE=4096
2.5.3.5 PASSWORD_CHECK_INTERVAL
The PASSWORD_CHECK_INTERVAL
daemon option defines the frequency, in hours, for the daemon to validate the passwords entered when the daemon was started the first time.
If an invalid password is found due to a password change, then the daemon stops, makes an entry in the daemon log, and then sends an email notification message to the recipients specified in the NOTIFICATION_EMAIL
option.
To configure password validation frequency:
$ orachk –set "PASSWORD_CHECK_INTERVAL=1"
$ exachk –set "PASSWORD_CHECK_INTERVAL=1"
Parent topic: Setting and Getting Options for the Daemon
2.5.3.6 Setting Multiple Option Profiles for the Daemon
Use only one daemon process for each server. Do not start a single daemon on multiple databases in a cluster, or multiple daemons on the same database.
The daemon does not start, if the daemon detects another Oracle ORAchk or Oracle EXAchk daemon process running locally.
Define multiple different run profiles using the same daemon. Defining multiple different run profiles enables you to run multiple different health checks with different daemon options, such as different schedules, email notifications, and automatic run flags. The daemon manages all profiles.
To set multiple option profiles for the daemon:
For example, if the database administrator wants to run checks within the dba
profile and the system administrator wants to run checks in the sysadmin
profile, then configure the daemon using the profiles option.
$ ./orachk –id dba –set "NOTIFICATION_EMAIL=dba@example.com;\
AUTORUN_SCHEDULE=4,8,12,16,20 * * *;AUTORUN_FLAGS=-profile dba –tag dba;\
collection_retention=30"
Created notification_email for ID[dba]
Created autorun_schedule for ID[dba]
Created autorun_flags for ID[dba]
Created collection_retention for ID[dba]
$ ./exachk –id dba –set "NOTIFICATION_EMAIL=dba@example.com;\
AUTORUN_SCHEDULE=4,8,12,16,20 * * *; AUTORUN_FLAGS=-profile dba –tag dba;\
collection_retention=30"
Created notification_email for ID[dba]
Created autorun_schedule for ID[dba]
Created autorun_flags for ID[dba]
Created collection_retention for ID[dba]
$ ./orachk –id sysadmin –set "NOTIFICATION_EMAIL=sysadmin@example.com;\
AUTORUN_SCHEDULE=3 * * 1,3,5; AUTORUN_FLAGS=-profile sysadmin –tag sysadmin;\
collection_retention=60"
Created notification_email for ID[sysadmin]
Created autorun_schedule for ID[sysadmin]
Created autorun_flags for ID[sysadmin]
Created collection_retention for ID[sysadmin]
$ ./exachk –id sysadmin –set "NOTIFICATION_EMAIL=sysadmin@example.com;\
AUTORUN_SCHEDULE=3 * * 1,3,5; AUTORUN_FLAGS=-profile sysadmin –tag sysadmin;\
collection_retention=60"
Created notification_email for ID[sysadmin]
Created autorun_schedule for ID[sysadmin]
Created autorun_flags for ID[sysadmin]
Created collection_retention for ID[sysadmin]
Parent topic: Setting and Getting Options for the Daemon
2.5.3.7 Getting Existing Options for the Daemon
Query the values that you set for the daemon options.
[-id ID] -get option | all
where:
-
ID
is a daemon option profile -
option
is a specific daemon option you want to retrieve -
all
returns values of all options
To get existing options for the daemon:
Parent topic: Setting and Getting Options for the Daemon
2.5.4 Querying the Status and Next Planned Daemon Run
Query the status and next automatic run schedule of the running daemon.
-d status|info|nextautorun
-d status
: Checks if the daemon is running.-d info
: Displays information about the running daemon.-d nextautorun [-id ID]
: Displays the next automatic run time.
To query the status and next planned daemon run:
Parent topic: Managing the Oracle ORAchk and Oracle EXAchk Daemons