After installing the 20170531 plugin bundle patches for the 13.2.2 plugin line of EM13c R2, I noticed that the “Metrics and Collection Settings” page on all of my database instance targets suddenly changed, and only showed about 10 metrics, compared to the dozens usually displayed. I also noticed a related symptom, that various metric collections resulting in a warning status that appeared as events suddenly lost the “Reevaluate metric alert” option on the Incident Manager page, which I use to clear alerts when, for example, OS audit files take up enough space to flag an alert.
To recover the “reevaluate metric alert” link and the full list of metrics on the settings page, I re-applied my database monitoring template to my database targets. That brought everything back to working the way it did before. I have not investigated the root cause of this issue, and I don’t know what an admin should do if they encounter this problem but do not use monitoring templates. I assume that some kind of metadata refresh occurs when applying templates which allows the OMS to process them correctly after the version upgrade with the plugin bundle patches.
[EDIT 20170420: Upgraded script to version 1.1. No functionality changes, but added instructions to download+install unlimited strength policy .jar files to allow the use of even stronger ciphersuites such as TLS_RSA_WITH_AES_256_CBC_SHA256.]
This post releases a new script, secure_agent_ciphersuites.sh, which uses EMCLI to set the SSLCipherSuites agent property on all EM13c R2 agents to the value “SSL_RSA_WITH_3DES_EDE_CBC_SHA”, in order to lock agent endpoints down to HIGH strength ciphersuites. By default, EM13c R2 agents allow two MEDIUM strength ciphersuites in addition to the one HIGH strength: SSL_RSA_WITH_RC4_128_MD5:SSL_RSA_WITH_RC4_128_SHA. If you login to EMCLI as SYSMAN and have preferred host credentials configured, then run this script, it will identify all of your agents, set SSLCipherSuites as needed, and restart agents to bring them into compliance.
This script supplements my existing script to lock down EM13c agents to TLSv1.2 and configured your agents in a way that passes the security checks implemented in my EM13c R2 security checkup script.
A Friday afternoon on April Fool’s Day seems like a good time to return to my earlier plan to write about liquor as the Data Driven Drinker. So I give you the elderflower vanilla fizz, or the Madonna. This cocktail uses local Vermont ingredients from St Johnsbury and Warren.
The elderflower rum gives a light semisweet flavor up front that compares favorably to a liqueur (e.g. St Germain) . The vanilla rum balances it out and shows on the finish. Vary the amount of ice and club soda according to taste.
1 ounce Dunc’s Mill Elderflower Rum
1 ounce Mad River Distillers’ Vanilla Rum
1/2 ounce lemon juice
1/2 ounce simple syrup
4 ounces club soda
Shake rum, lemon juice and simple syrup with ice and strain into a long glass over ice. Top with club soda and garnish with lemon slice.
Elderflower Vanilla Fizz
I have not blogged much recently. My database work has been distracted by Java programming and a crash course in DevOps, leaving me with little worth posting that a tweet couldn’t exhaustively cover.
That changes now. Time for a new blog series that I will call The Data Driven Drinker. I will acquire, imbibe and comment on alcoholic beverages and I hope you will join me. Expect a focus on scotch whisky, on local (Vermont, USA) products and on everything else interesting I taste.