Saturday, October 1, 2016

Disable Root SSH Login on Red Hat / Oracle Linux 7

Any Linux server should be configured to disable root login via SSH. This is one of many security best practices.

To do so:

1. Login as root to the server.

2. Edit the SSH config file:
[root@soahost1 ~]# vi /etc/ssh/sshd_config
3. Make the following change to the file:
OLD: #PermitRootLogin yes 
NEW: PermitRootLogin no
4. (Linux 5/6) Restart the SSH service:
[root@soahost1 ~]# /etc/init.d/sshd restart
5. (Linux 7) Restart the SSH service:
[root@soahost1 ~]# systemctl restart sshd.service

Applicable Versions:
  • Red Hat / Oracle Linux 5+, 6+
  • Red Hat / Oracle Linux 7+

Friday, September 23, 2016

Getting "error code = -1" when installing Oracle Fusion Middleware 12c R2


When running any of the Oracle Fusion Middleware 12c ( installers, we received the following error:
[oracle@soahost1 ~]# ./fmw_12. 
** Failed to extract files from /u01/temp/fmw_12.; error code = -1.


1. Delete everything in your /tmp folder (as the oracle user) and try again:
[oracle@soahost1 ~]# rm -rf /tmp/*

Applicable Versions:
  • Oracle Fusion Middleware 12c (

Wednesday, September 14, 2016

Mounting a storage volume on an Oracle Compute Cloud Linux instance

If you've provisioned an Oracle Compute Cloud instance (Linux) and have already created a storage volume for it during the wizard-based installation through the My Services Console, then you need to mount your volume on your Linux box:

1. Find out your mounted volumes.
[root@d6c1c9 ~]# df -m
Filesystem     1M-blocks  Used Available Use% Mounted on
/dev/xvdb3         17522  5347     11283  33% /
tmpfs               7392     0      7392   0% /dev/shm

/dev/xvdb1           477   121       327  27% /boot 
You'll notice that on a fresh installation, your 3 main mount points are on the /dev/xvdb device:
  • /boot is on /dev/xvdb1
  • /dev/shm is on /dev/xvdb2 (although not clear here)
  • / is on /dev/xvdb3 

2. View the list of your devices.
[root@d6c1c9 ~]# ls /dev/xvd*
/dev/xvdb  /dev/xvdb1  /dev/xvdb2  /dev/xvdb3  /dev/xvdc
Here you will notice a new device called /dev/xvdc which is not used in your previous step. This is likely your unused storage volume.

3. Create a filesystem. Note that this will trash all data in this device.
[root@d6c1c9 ~]# mkfs -t ext4 /dev/xvdc
mke2fs 1.43-WIP (20-Jun-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
19660800 inodes, 78643200 blocks
3932160 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
2400 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872, 71663616

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
4. Now create a directory, mount it, and change ownership of it.
[root@d6c1c9 ~]# mkdir /u01
[root@d6c1c9 ~]# mount /dev/xvdc /u01
[root@d6c1c9 ~]# chown oracle:oinstall /u01
5. Now you'll see your file system mounted and ready to use.
[root@d6c1c9 ~]# df -m
Filesystem     1M-blocks  Used Available Use% Mounted on
/dev/xvdb3         17522  5347     11283  33% /
tmpfs               7392     0      7392   0% /dev/shm
/dev/xvdb1           477   121       327  27% /boot
/dev/xvdc         302380   191    286830   1% /u01
6. Don't forget to add an entry in /etc/fstab so that your file system is mounted on server reboot.
[root@d6c1c9 ~]# echo "/dev/xvdc /u01 ext4 defaults,nofail 0 2" >> /etc/fstab

Applicable Versions:
  • Oracle Compute Cloud (2016)


Wednesday, September 7, 2016

Git Hooks: Unwanted Code Lines

When working with source control, there are often files that you don't want to commit. This could be for cleanliness sake, for things such as IDE file that get placed into a directory. It could be security related files like keystores or password files. Luckily there's a very simple solution in the form of the .gitignore file. Simply add the file name pattern to it and voila it doesn't appear. However, what if you want to prevent certain lines of a file from being committed?

A simple case may be where you are initially coding something that requires passwords in the code itself. Maybe you're starting an interface that goes out to some remote system, but you don't have in system in place to managed the passwords in a smart way yet. First you want to get the interface built, and then augment it with smarter practices. Additionally, you want the ability to commit your progress along the way, but at the same time you to make sure that these credentials don't make their way into the repo since that could. In your file you have some line that looks like this:

private final String userName = "someusername";

So how do you prevent this? Git Hooks , but more specifically we are going to use the pre-commit hook. Git Hooks can be pretty powerful, but unfortunately on the client side they have to more or less be populated manually, and it's on a per-repo basis. Nonetheless they can still be useful.

After customizing a script that I forked on Github I copied the pre-commit script into my .git/hooks folder and away it goes. Now all I need to do in the future is add the NOCOMMIT keyword to my files and it will prevent them from getting committed.

private final String userName = "someusername"; // NOCOMMIT

Now if the keyword is found a message similar to this will appear:

Checking modified file: path/to/violating/ [NOCOMMIT]
NOCOMMIT found in file: path/to/violating/ 

These errors were found in try-to-commit files: 
private final String userName = "someusername"; // NOCOMMIT

Can't commit, fix errors first.

This is far from a flawless implementation, but for 90% of the time, it reduces the headaches associated with needing to rollback commits, rebase and all that fun to be rid these tainted commits. I figured if it works for me, then it can work for most people.

Happy Committing!

Monday, September 5, 2016

Getting "The SOA debugger is not enabled" when starting up SOA Suite 12c VM


If you've used one of the Oracle SOA Suite 12c pre-built VirtualBox VMs, you may run into this error when starting up the SOA server: 
####<Sep 1, 2016 9:35:44 AM PDT> <Error> <oracle.soa.bpel.system> <> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <BEA1-284BB8C5B2E77D9EAAB8> <a0d52a41-3cf7-42ad-b3d3-ee6757d67af6-00000dca> <1472747744786> <BEA-000000> <cube deliveryCannot activate block.
failure to activate the block "BpPrc0" for the instance "30008"; exception reported is: The SOA debugger is not enabled.
This error contained the exceptions thrown by the underlying routing system.
Contact Oracle Support Services.  Provide the error message, the composite source and the exception trace in the log files (with logging level set to debug mode).
, Cikey=30008, FlowId=30004, InvokeMessageGuid=21272c1b-7062-11e6-9fea-0800277d1b86, ComponentDN=default/InsertEmployee!1.0*soa_6c1bde3c-4ccc-4ab7-9bfe-e172d8e90c97/InsertEmpBPEL
java.lang.IllegalStateException: The SOA debugger is not enabled.
at oracle.integration.fabric.debug.server.SOADebugger.getInstance(
at oracle.integration.fabric.debug.server.DebugAgentImpl.getProxy(
at oracle.integration.fabric.debug.server.DebugAgentImpl.enterFrame(
at com.collaxa.cube.engine.debugger2.DebugService.pushAndStep(
at com.collaxa.cube.engine.debugger2.DebugService.enterFrame(
at com.collaxa.cube.engine.ext.bpel.v2.blocks.BPEL2ProcessBlock.activate(
at com.collaxa.cube.engine.CubeEngine.invokeMethod(
at com.collaxa.cube.engine.CubeEngine._createAndInvoke(
at com.collaxa.cube.engine.CubeEngine.createAndInvoke(
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown Source)
at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(
at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(
at com.collaxa.cube.engine.dispatch.WMExecutor$


1. Restart the VM.

Applicable Versions:
  • Oracle SOA Suite 12c ( VM

Tuesday, August 23, 2016

Getting "Couldn't resolve proxy ''" when running yum on Oracle Linux VM


If you're trying to install syslinux on an Oracle Linux VirtualBox VM, you may get the following error:
[root@soa-training ~]# yum install syslinux 
Loaded plugins: refresh-packagekit, ulninfo
Setting up Install Process [Errno 14] PYCURL ERROR 5 - "Couldn't resolve proxy ''"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: public_ol6_UEK_latest. Please verify its path and try again


1. On the Linux VM, navigate to System > Preferences > Network Proxy.

2. Make sure to select "Direct internet connection" and then click on Close.

3. Edit /etc/yum.conf and comment out the following line:
4. Try running yum install syslinux again.

Applicable Versions:
  • Oracle Linux 6+ VM

Wednesday, August 3, 2016

Yum EPEL Issue

When running yum I ran into the following error:
warning: /var/cache/yum/x86_64/7/extras/packages/epel-release-7-6.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for epel-release-7-6.noarch.rpm is not installed
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

To solve, simply run yum install epel-release . This will add the repo to your repo list and you should be able to install the application now.


Saturday, July 23, 2016

Linux commands for the newbie

Many developers become intimidated using the Linux command line for the first time. Below are some introductory commands to help you get started.

pwd                                      Get current directory
ls -l                                    File listing

du -k                                    Get size of all subdirectories in KB
du -m                                    Get size of all subdirectories in MB

Copying Files
cp -r en en.backup                     Copy directory recursively to new one

Symbolic Links
ln -s /u01 newlink                     Create a symbolic link

du -S | sort -n | tail -20             Finding the largest directories
ls -lR | sort +4n | tail -20             Finding the largest files
find . -name filename.txt                Find a file in hard disk
which java                               Locate command, display pathname/alias
find / -perm -2 ! -type l -ls            Find all world writable files
find / -nouser -o -nogroup -print        Find files with no owner and no group
find . -type f | xargs grep -n "text"    Find text in string

Find Files > 20 MB
find . -type f -size +20000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
find . -size +20000k -exec du -h {} \;
find . -size +20000k -exec du -h {} \; | sort -n | more

cat filename.txt                       List contents of file
more filename.txt                      List contents of file, with page pause
tail -f filename.log                   List contents of file, with scrolling
head -10 filename.log                  List first 10 lines of a file
tail -10 filename.log                  List last 10 lines of a file
grep -i text test.log                  Search for "text" in file, case insensitive
grep text test.log                     Search for "text" in file, case sensitive

df -k                                  File system in Kb
df -h                                  File system in MB
df -m                                  File system in MB

ps -ef                                 View all processes on system
kill -9 12345                          Force kill process id 12345
killall a.out                          Kill all processes
free -m                                Check the amount of free memory
ps -efaux                              View all processes hierarchically
top                                    Running processes; cpu & memory usage
pstree -p                              Shows running processes in tree format
ps -aux | sort +5n | tail -20          Find processes that are largest
gzip download.tar                      Compress file to .gz file
gunzip download.tar.gz                 Uncompress
tar -xvf download.tar                  Extract
tar -cvf newfile.tar *.bmp             TAR the files
gtar -xzvf source.tar.gz  Extract only one file
gtar -xzvf webmail*.tar.gz             Extract compressed file
gtar -czvf source.tar.gz directory     GTAR + compress

jar tvf test.jar                       View contents of JAR file
jar xvf test.jar                         Extract contents of JAR file
netstat -nr                            Show routing table
netstat -na | grep 7001 | grep LISTEN  See if exists process on port 7001
traceroute              Traces route & hops to target ip
tcpdump                                Dump traffic on a network

RPM Packages
rpm -e --test anonftp-3.0-9            Not real uninstall
rpm -i anonftp-3.0-9.i386.rpm          Install RPM package
rpm -q kernel                          Short kernel version
rpm -qa                                Query the RPM database
rpm -qa | grep perl                    Query the RPM for anything 'perl'
rpm -qai                               Query + information
rpm -qia                               Query all detail
rpm -e anonftp-3.0-9                   Uninstall RPM package

hostname                               Display hostname of server
uptime                                 Uptime of server
uname -a                               Show kernel version
uname -r                               Short kernel version
dmesg                                  Find out information
rpm -q kernel                          Short kernel version
rpm -qi kernel                         Detailed kernel version
nmap localhost                         Check open ports

alias bdf='df -h'                      Create alias
alias bdf                              Query alias
set -o vi                              Set command thing to vi
env                                    Show environment
export ORACLE_SID=demo                 Set an environment variable (Bash shell)
setenv ORACLE_SID demo                 Set an environment variable (C shell)
echo $CLASSPATH                        Query classpath environment
history                                Show history
umask 027                              Default create permissions of 750
echo $SHELL                            See what shell you are running
export PS1='\u:$PWD> '                 Set prompt

shutdown -h 10                         Shutdown and halt in 10 seconds
shutdown -r 10                         Shutdown and reboot in 10 seconds
poweroff                               Power off
halt                                   Halt

id                                     Information on current user
id webuser                             Information on user 'webuser'
groups                                 Groups of current user
groups webuser                         Groups of user 'webuser'
gpasswd                                Administer the /etc/group file
last -20                               Show last 20 logged in users
useradd, usermod, userdel              User admin commands
groupadd, groupmod, groupdel           Group admin commands

top                                      Realtime
iostat 2                                 CPU and IO stats every 2 seconds
vmstat 5                                 System statistics every 5 seconds

ll ; ll                                Run multiple commands using ;
ulimit                                 Set or get limits on system resources
ulimit -Sa                             Check if shell has limits on file size
ulimit -Ha                             Check if shell has limits on file size
chkconfig --list                       Query runlevels

Wednesday, July 6, 2016

Manifest property won't write to MANIFEST.MF during packaging

I was working along happily when I realized I wanted to make some additions to the MANIFEST.MF. I had something that looked similar to this:


Thinking that this should work. I use mvn clean package and I went to verify it's presence in my manifest only to be disappointed.

Sometimes the solution is right in front of you, and you just don't see it. Very often I am working with JAR files, however this time I was making a WAR file.


These two files use different archivers during the packaging process, so while the above <plugin> section would have been find with jar, we simply need to change a single letter, and this works just fine.


Happy coding!

Saturday, July 2, 2016

You must first create an Oracle Database Cloud Service with a backup destination before creating a SOA Cloud Service instance


When creating an Oracle SOA Cloud Service, you receive the following error:
You must first create an Oracle Database Cloud Service before creating a SOA Cloud Service instance. Oracle Database Cloud Service - Virtual Image instances can not be used.
This error appears even when you have an Oracle Database Cloud Service instance created.


1. When creating the Oracle Database Cloud Service instance, you must configure a Backup Destination option (e.g., Cloud and Local Storage or Cloud Storage). This cannot be set to "None".

Applicable Versions:
  • Oracle SOA Cloud Service (2016)
  • Oracle Database Cloud Service (2016)

Friday, July 1, 2016

OSB authentication error message with oracle/wss_username_token_service_policy

You can attach the oracle/wss_username_token_service_policy OWSM policy to an OSB proxy service to enforce authentication.

If authentication fails, the caller will receive the following exception:
<soapenv:Envelope xmlns:soapenv="">
         <faultstring>BEA-386200: General web service security error</faultstring>
            <con:fault xmlns:con="">
               <con:reason>General web service security error</con:reason>

The osb_server1-diagnostic.log file show the following entries:
[2016-06-22T11:18:37.668-04:00] [gateway_server1] [ERROR] [WSM-00069] [] [tid: [ACTIVE].ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 01d0797cabcbcd11:74991fef:15399c6a040:-8000-000000000004b0d9,0] [APP: XBus Kernel] [WSM_POLICY_NAME: oracle/wss_username_token_service_policy] The security header is missing. Ensure that there is a valid security policy attached at the client side, and the policy is enabled. 
[2016-06-22T11:18:37.669-04:00] [gateway_server1] [ERROR] [WSM-00006] [] [tid: [ACTIVE].ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 01d0797cabcbcd11:74991fef:15399c6a040:-8000-000000000004b0d9,0] [APP: XBus Kernel] [WSM_POLICY_NAME: oracle/wss_username_token_service_policy] Error in receiving the request: WSM-00069 : The security header is missing. Ensure that there is a valid security policy attached at the client side, and the policy is enabled.. 
[2016-06-22T11:18:37.669-04:00] [gateway_server1] [ERROR] [WSM-07607] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 01d0797cabcbcd11:74991fef:15399c6a040:-8000-000000000004b0d9,0] [APP: XBus Kernel] [WSM_POLICY_NAME: oracle/wss_username_token_service_policy] Failure in execution of assertion {}wss-username-token executor class 
[2016-06-22T11:18:37.669-04:00] [gateway_server1] [ERROR] [WSM-07602] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 01d0797cabcbcd11:74991fef:15399c6a040:-8000-000000000004b0d9,0] [APP: XBus Kernel] [WSM_POLICY_NAME: oracle/wss_username_token_service_policy] Failure in WS-Policy Execution due to exception. 
[2016-06-22T11:18:37.669-04:00] [gateway_server1] [ERROR] [WSM-07501] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 01d0797cabcbcd11:74991fef:15399c6a040:-8000-000000000004b0d9,0] [APP: XBus Kernel] [WSM_POLICY_NAME: oracle/wss_username_token_service_policy] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=XBus Kernel, composite=null, modelObj=bpelprocess1_client_ep, policy=oracle/wss_username_token_service_policy, policyVersion=null, assertionName={}wss-username-token.

Applicable Versions:
  • Oracle Service Bus (OSB) 11g

Wednesday, June 29, 2016

Unable to request an Authentication Token when calling the Oracle Storage Cloud Service REST API


You are attempting to request an authorization token using curl. Curl is used to invoke the REST API of the Oracle Storage Cloud Service to do so.

For example, you invoke it as follows:

root@demo:/root> curl -v -s -X GET -H "X-Storage-User:" -H "X-Storage-Pass: Welcome_1"

The output shows an error as highlighted:

* About to connect() to port 443 (#0)
*   Trying connected
* Connected to ( port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
*       subject: CN=*,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US
*       start date: Aug 07 00:00:00 2015 GMT
*       expire date: Oct 05 23:59:59 2016 GMT
*       common name: *
*       issuer: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host:
> Accept: */*
> X-Storage-User:
> X-Storage-Pass: Welcome_1
< HTTP/1.1 401 Unauthorized
< X-Trans-Id: tx2cdb525f54cc420989925-00576ee463ga
< WWW-Authenticate: Token
< Content-Type: text/plain;charset=UTF-8
< Content-Length: 27
< Date: Sat, 25 Jun 2016 20:06:59 GMT
< Server: Oracle-Storage-Cloud-Service
* Connection #0 to host left intact
* Closing connection #0
Invalid user id or password


1. The format of the curl command is:

curl -v -s -X GET -H "X-Storage-User: Storage-<Identity Domain>:<Oracle Account>" -H "X-Storage-Pass: <Oracle Account Password>" https://<Identity Domain>

2. Keep in mind the following:
  • Enter your identity domain in two locations in the command above.
  • The username is your Oracle Account username.
  • The password is your Oracle Account password, not your My Services password.

root@demo:/root> curl -v -s -X GET -H "X-Storage-User:" -H "X-Storage-Pass: Welcome_1" 
root@demo:/root> curl -v -s -X GET -H "X-Storage-User:" -H "X-Storage-Pass: mypassword"

Applicable Versions:
  • Oracle Storage Cloud Service (2016)