Friday, May 1, 2015

Exadata X4-2 -- Third party Backup Agent connectivity problem

In an Exadata X4-2 migration project, a problem was escalated to me..
It was related with the Data Protector agent..
The agent, which was installed in one of the Exadata db nodes, could not be reached by its Server.
When I used telnet to check the agent's port, I saw the message "Escape character is '^]'." and after that a line which was saying "connection closed by foreign host"..
So , the server agent could not be reached from the outside, but the message "Escape character.." gave me the clue.. Actually the agent could be reached physically, because telnet was saying the "Escape character.. ", but then something else was closing the connection..
Note that : Firewalls and iptables were not running.
So having these in mind; I thought that the problem must be in an additional layer of security after the firewall and the service daemon.

Thus, immediately checked the TCP wrappers/hosts.allow/hosts.deny files and saw the problem..
Please read if you are interested with the idea of TCP wrappers: 
"TCP WRAPPER Network monitoring, access control, and booby traps" by Wietse Venema.. 
I find that doc excellent.. Here is the pdf file : ftp://ftp.porcupine.org/pub/security/tcp_wrapper.pdf

Anyways, inthe hosts.allow file the configuration was as follows;

cat /etc/hosts.allow
sshd : ALL
snmpd : ALL
ALL : localhost

To fix the problem, I added the data protector server 's IP address next to the localhost as follows;

cat /etc/hosts.allow
sshd : ALL
snmpd : ALL
ALL : localhost , 10.255.1.77

Note that: hosts.deny was file as follows;

cat /etc/hosts.deny
ALL:ALL

No comments :

Post a Comment