20 de marzo de 2024

Parche SEguridad CPU Weblogic 12.2.1.4.0

 Buenas tardes, un breve blog para instalar los parches de seguridad en Weblogic ya que que hace un tiempito cambio a lo que estabamos acostumbrados con el famoso bsu.sh.

4 pasos fundamentales.

1. Upgrade Java

2. Upgrade Opach

3. Precheck de instalación

4. Instalación con Java.

Páginas referencia:

Critical Patch Update (CPU) Patch Advisor for Oracle Fusion Middleware - Updated for January 2024 (Doc ID 2806740.2)

How To Apply the July WLS PSU and OPatch on DIPC-C Instances (Doc ID 2803346.1)

How To Apply the October WLS PSU and OPatch on DIPC-C Instances (Doc ID 2821939.1)

After Successful Opatch Upgrade to 13.9.4.2.7 Many Files and Folders are Missing Under OPatch and oui Directory (Doc ID 2814978.1)

Upgrading Opatch to 13.9.4.2.7 Fails with the Error "Invalid Central Inventory location" (Doc ID 2830582.1)


1). JDK:

Esto es un upgrade común, según el aplicativo que usen, por lo gral se baja el último parche del jdk y se reemplaza en el path. (no voy a dar detalle sobre este punto)

2)  Upgrade Opatch

El opatch ahora se actualiza con un .jar (antes solo reemplazabamos el directorio OPatch)

The latest OPatch version can be obtained from the following link:
https://support.oracle.com/rs?type=patch&id=28186730


export ORACLE_HOME=/u01/app/oracle/mwhome/12.2.1.4/oracle_home

$ORACLE_HOME/OPatch/opatch version

./opatch version

OPatch Version: 13.9.4.2.4

OPatch succeeded.


mv $ORACLE_HOME/OPatch $ORACLE_HOME/OPatch_bkp


$JAVA_HOME/bin/java -jar /u01/stage/6880880/opatch_generic.jar -silent oracle_home=/u01/app/oracle/mwhome/12.2.1.4/oracle_home

Launcher log file is /tmp/OraInstall2024-03-20_12-09-23AM/launcher2024-03-20_12-09-23AM.log.

Extracting the installer . . . . Done

Checking if CPU speed is above 300 MHz.   Actual 2245.780 MHz    Passed

Checking swap space: must be greater than 512 MB.   Actual 4095 MB    Passed

Checking if this platform requires a 64-bit JVM.   Actual 64    Passed (-d64 flag is not required)

Checking temp space: must be greater than 300 MB.   Actual 51919 MB    Passed

Preparing to launch the Oracle Universal Installer from /tmp/OraInstall2024-03-20_12-09-23AM

Installation Summary


Disk Space : Required 45 MB, Available 106,206 MB

Feature Sets to Install:

        Next Generation Install Core 13.9.4.0.1

        OPatch 13.9.4.2.14

        OPatch Auto OPlan 13.9.4.2.14

Session log file is /tmp/OraInstall2024-03-20_12-09-23AM/install2024-03-20_12-09-23AM.log


Loading products list. Please wait.

 1%

 40%

Loading products. Please wait.

.

.


The install operation completed successfully.

Logs successfully copied to /u01/app/oraInventory/logs.


*Verify that OPatch was upgraded

[oracle@172.17.211.104]#$ORACLE_HOME/OPatch/opatch version

OPatch Version: 13.9.4.2.14

OPatch succeeded.

3) PreCheck 

Ejecutamos la instalación con el flag - report para validar no tener ningún conflico:

a) Validar Version Weblogic

cd /u01/app/oracle/mwhome/12.2.1.4/oracle_home/wlserver/server/lib

#java -cp weblogic.jar weblogic.version

WebLogic Server 12.2.1.4.0

b) Download parche:

 

Patch 36178511: WLS STACK PATCH BUNDLE 14.1.1.0.240111

 

Ejecución:

Run the SPBAT utility for the precheck phase:

export ORACLE_HOME=/oracle/middleware/13.4.0/omshome/

cd /u01/stage/WLS_SPB_12.2.1.4.240111/binary_patches


$ORACLE_HOME/OPatch/opatch napply -report -oh $ORACLE_HOME -phBaseFile linux64_patchlist.txt



[oracle@demo-demantra binary_patches]$ $ORACLE_HOME/OPatch/opatch napply -report -oh $ORACLE_HOME -phBaseFile linux64_patchlist.txt

Oracle Interim Patch Installer version 13.9.4.2.14

Copyright (c) 2024, Oracle Corporation.  All rights reserved.



Oracle Home       : /u01/app/oracle/mwhome/12.2.1.4/oracle_home

Central Inventory : /u01/app/oracle/oraInventory

   from           : /u01/app/oracle/mwhome/12.2.1.4/oracle_home/oraInst.loc

OPatch version    : 13.9.4.2.14

OUI version       : 13.9.4.0.0

Log file location : /u01/app/oracle/mwhome/12.2.1.4/oracle_home/cfgtoollogs/opatch/opatch2024-03-20_00-14-41AM_1.log



OPatch detects the Middleware Home as "/u01/app/oracle/mwhome/12.2.1.4/oracle_home"


Verifying environment and performing prerequisite checks...

Skip patch 35965629 from list of patches to apply: This patch is not needed.

Skip patch 35474754 from list of patches to apply: This patch is not needed.

OPatch continues with these patches:   1221420  32720458  33093748  35922290  36086980  36155700  36178550


Do you want to proceed? [y|n]

.

. [proceso].....

.


ApplySession skipping inventory update.

Patches 1221420,32720458,33093748,35922290,36086980,36155700,36178550 successfully applied.

Log file location: /u01/app/oracle/mwhome/12.2.1.4/oracle_home/cfgtoollogs/opatch/opatch2024-03-20_00-14-41AM_1.log

OPatch succeeded. (no se asusten, no lo aplica)


4) Instalación Parche  

Por último teniendo se instala el parche de seguridad de Weblogic, en este caso el de Enero 2024


cd /u01/stage/WLS_SPB_12.2.1.4.240111/binary_patches

$ORACLE_HOME/OPatch/opatch napply -oh $ORACLE_HOME -phBaseFile linux64_patchlist.txt


[oracle@demo-demantra binary_patches]$ $ORACLE_HOME/OPatch/opatch napply -oh $ORACLE_HOME -phBaseFile linux64_patchlist.txt

Oracle Interim Patch Installer version 13.9.4.2.14

Copyright (c) 2024, Oracle Corporation.  All rights reserved.



Oracle Home       : /u01/app/oracle/mwhome/12.2.1.4/oracle_home

Central Inventory : /u01/app/oracle/oraInventory

   from           : /u01/app/oracle/mwhome/12.2.1.4/oracle_home/oraInst.loc

OPatch version    : 13.9.4.2.14

OUI version       : 13.9.4.0.0

Log file location : /u01/app/oracle/mwhome/12.2.1.4/oracle_home/cfgtoollogs/opatch/opatch2024-03-20_00-17-43AM_1.log



OPatch detects the Middleware Home as "/u01/app/oracle/mwhome/12.2.1.4/oracle_home"


Verifying environment and performing prerequisite checks...

Skip patch 35965629 from list of patches to apply: This patch is not needed.

Skip patch 35474754 from list of patches to apply: This patch is not needed.

OPatch continues with these patches:   1221420  32720458  33093748  35922290  36086980  36155700  36178550


Do you want to proceed? [y|n]

y

User Responded with: Y

All checks passed.


Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.

(Oracle Home = '/u01/app/oracle/mwhome/12.2.1.4/oracle_home')



Is the local system ready for patching? [y|n]

y

User Responded with: Y

Backing up files...

Applying interim patch '1221420' to OH '/u01/app/oracle/mwhome/12.2.1.4/oracle_home'




.

.


Patching component oracle.wls.core.app.server, 12.2.1.4.0...

Patches 1221420,32720458,33093748,35922290,36086980,36155700,36178550 successfully applied.

Sub-set patch [31960985] has become inactive due to the application of a super-set patch [36155700].

Please refer to Doc ID 2161861.1 for any possible further required actions.

Log file location: /u01/app/oracle/mwhome/12.2.1.4/oracle_home/cfgtoollogs/opatch/opatch2024-03-20_00-17-43AM_1.log


OPatch succeeded.

* Validamos los parches instalados

$ $ORACLE_HOME/OPatch/opatch lspatches

36178550;WLS STACK PATCH BUNDLE 12.2.1.4.240111 (Patch 36178496)

36155700;WLS PATCH SET UPDATE 12.2.1.4.240104

36086980;FMW Thirdparty Bundle Patch 12.2.1.4.231207

35922290;RDA release 24.1-2024116 for OFM 12.2.1.4 SPB

33093748;One-off

32720458;JDBC 19.3.0.0 FOR CPUJAN2022 (WLS 12.2.1.4, WLS 14.1.1)

1221420;Coherence Cumulative Patch 12.2.1.4.20



Con unos pasos muy simples, estamos cubiertos bajo todas las amenazas y vulnerabilidades existentes para Java y Weblogic. Me atrevo a decir que en el 99% de los casos no es necesaria ninguna prueba exaustiva en la aplicación. Si bien en el ciclo se recomienda aplicar en DEV, probar, hacer backups, etc, etc... no es para nada peligroso y nos ahorra un dolor grande de cabeza.

Espero que les sirva!

Saludos


#seguridad #weblogic #fusion #cpu 

Posted by a la/s No hay comentarios.:
Labels: , , ,
Suscribirse a: Entradas (Atom)