mortenbra

## centos_basic_utils.sh
#install some basic utils
yum install nano -y
yum install unzip -y
yum install bc -y
yum install wget -y

## tomcat_ssl_connector.xml
   <-- setup SSL connector for Tomcat, and enabling only recommended protocols and ciphers  -->
   <Connector port="8443" protocol="HTTP/1.1" maxHttpHeaderSize="32767" URIEncoding="UTF-8"
              maxThreads="150" connectionTimeout="20000"
              SSLEnabled="true" scheme="https" secure="true"
              sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
              ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
              keystoreFile="/path/to/your_keystore.jks" keystorePass="yourpasswordhere"
              clientAuth="false" />

## tomcat_ssl_keytool.sh
# create a new keystore
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore foobar_com.jks -dname "CN=foobar.com,OU=IT, O=FooBar Inc, L=FooCity, ST=FooState, C=NO"

# create a certificate signing request (CSR) to send to the certificate authority (CA)
keytool -certreq -alias server -file foobar_com.csr -keystore foobar_com.jks

# now go and buy a SSL certificate, using the CSR file
# you should get a certificate file in .crt format back

# install the received certificate (example uses files received from GoDaddy)

## centos_ntp.sh
# setup Network Time Protocol (NTP)
# see http://www.uptimemadeeasy.com/networking/setup-ntp-on-centos-linux/

# check current date/time
date

# setup time zone
mv /etc/localtime /etc/localtime.bkp
cp /usr/share/zoneinfo/Europe/Oslo /etc/localtime

## centos_swapfile.sh
# Oracle XE requires a swap file of at least twice the size of physical memory
# see https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-centos-6

# check current swap file
swapon -s
# check available space
df

# setup 2GB swap file
dd if=/dev/zero of=/swapfile bs=1024 count=2048k

## xe_post_install_verify.sh
# initial test of Oracle XE database after install

# become the "oracle" user
su - oracle

# connect to database
sqlplus /nolog
connect sys as sysdba

-- basic query to see stuff working

## xe_post_install_cleanup.sql
-- do some cleanup after Oracle XE installation
-- run as SYS

-- disable XDB server
-- assumes we will use ORDS or other web listener instead
exec dbms_xdb.sethttpport(0);
exec dbms_xdb.setftpport(0);

-- anonymous user is not needed when we don't use XDB
alter user anonymous account lock;

## apex_install_runtime.sql
-- install Apex (runtime only)
@apxrtins.sql SYSAUX SYSAUX TEMP /i/

## apex_workspace_verify.sql
-- check setup of Apex workspaces
select *
from apex_workspaces;

select *
from apex_workspace_schemas;

## ora_network_acl_verify.sql
-- check/verify network ACL settings
select host, lower_port, upper_port, acl
from dba_network_acls;

select *
from dba_network_acl_privileges;
	#install some basic utils
	yum install nano -y
	yum install unzip -y
	yum install bc -y
	yum install wget -y
	<-- setup SSL connector for Tomcat, and enabling only recommended protocols and ciphers -->
	<Connector port="8443" protocol="HTTP/1.1" maxHttpHeaderSize="32767" URIEncoding="UTF-8"
	maxThreads="150" connectionTimeout="20000"
	SSLEnabled="true" scheme="https" secure="true"
	sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
	ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
	keystoreFile="/path/to/your_keystore.jks" keystorePass="yourpasswordhere"
	clientAuth="false" />
	# create a new keystore
	keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore foobar_com.jks -dname "CN=foobar.com,OU=IT, O=FooBar Inc, L=FooCity, ST=FooState, C=NO"

	# create a certificate signing request (CSR) to send to the certificate authority (CA)
	keytool -certreq -alias server -file foobar_com.csr -keystore foobar_com.jks

	# now go and buy a SSL certificate, using the CSR file
	# you should get a certificate file in .crt format back

	# install the received certificate (example uses files received from GoDaddy)
	# setup Network Time Protocol (NTP)
	# see http://www.uptimemadeeasy.com/networking/setup-ntp-on-centos-linux/

	# check current date/time
	date

	# setup time zone
	mv /etc/localtime /etc/localtime.bkp
	cp /usr/share/zoneinfo/Europe/Oslo /etc/localtime
	# Oracle XE requires a swap file of at least twice the size of physical memory
	# see https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-centos-6

	# check current swap file
	swapon -s
	# check available space
	df

	# setup 2GB swap file
	dd if=/dev/zero of=/swapfile bs=1024 count=2048k
	# initial test of Oracle XE database after install

	# become the "oracle" user
	su - oracle

	# connect to database
	sqlplus /nolog
	connect sys as sysdba

	-- basic query to see stuff working
	-- do some cleanup after Oracle XE installation
	-- run as SYS

	-- disable XDB server
	-- assumes we will use ORDS or other web listener instead
	exec dbms_xdb.sethttpport(0);
	exec dbms_xdb.setftpport(0);

	-- anonymous user is not needed when we don't use XDB
	alter user anonymous account lock;
	-- install Apex (runtime only)
	@apxrtins.sql SYSAUX SYSAUX TEMP /i/
	-- check setup of Apex workspaces
	select *
	from apex_workspaces;

	select *
	from apex_workspace_schemas;
	-- check/verify network ACL settings
	select host, lower_port, upper_port, acl
	from dba_network_acls;

	select *
	from dba_network_acl_privileges;