By default, network access to the compute nodes associated with Oracle OCI DB System is provided by Secure Shell (SSH) connections on port 22.
To access network protocols and services on a compute node by using a port other than port 22, you must do one of the following:
- Enable network access to the port
- Create an SSH tunnel to the port
To access network protocols and services on a compute node by using a port other than port 22, you must do one of the following:
Enable network access to the port: You can use the Oracle OCI DB System console to enable access to a port on a compute node. For more information, see Enabling Access to a Compute Node Port at http://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/enable-access-port.html.
Create an SSH tunnel to the port: Creating an SSH tunnel enables you to access a specific compute node port by using an SSH connection as the transport mechanism. To create the tunnel, you must have the SSH private key file that matches the public key that was specified during the database deployment creation process.
For more information, see Creating an SSH Tunnel to a Compute Node Port at http://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/create-ssh-tunnel.html
Physical security of the compute node is secured by Oracle.
Operating system users and credentials:
- oracle: Minimal privileged Linux user (normal shell access, not allowed to log in using SSH)
- opc: Privileged Linux user (root commands access)
Operating system security:
- SSH access
- OS commands
- Directory access for log files
- Directory access for database files
- Directory access for external files
- Access to binaries such as sqlplus, sqlldr, rman, expdp, impdp, and dbca
- Access to utilities such as dbaascli, bkup_cli
Physical Security of the Compute Node
The physical security of the server that hosts the database deployment compute node and database allocated to the customer is handled by Oracle. Customers have no access to the physical server.
Operating System Credentials to Access the Compute Node
The following users are created when the database deployment is created:
- oracle: Minimal privileged Linux user (normal shell access, owner of the oracle software)
- opc: Privileged Linux user (root commands access, only user with login permissions)
Logging in to the database deployment compute node requires secure access from remote hosts by using a secure Linux shell. When a database deployment is created, network access to the database deployment’s compute node is limited by default to SSH connections on port 22. This restricted access ensures that the instance is secure by default. To be able to log in to the compute node, the OS user authenticates by using an SSH key pair.
Operating System Security
On the database deployment compute node, the user can perform the following operations:
Load and run software in the compute node environment
View log files from the instance creation stored in subdirectories of /var/opt/oracle/log
User is responsible for OS security patches available through yum as root.
On the database deployment database instance, the oracle OS user has full administrative privileges.
Recent Comments