When deploying Anti-Virus (AV) or Intrusion Detection System (IDS) products on FlashGrid systems, it is recommended to configure them in a way that avoids putting files in quarantine or blocking software from running:
- Automatic quarantine of files creates the risk of downtime when a false positive is detected on a critical system file.
- Blocking Oracle or FlashGrid software can result in unexpected behavior, including downtime.
FlashGrid recommends that such software products be configured to run in monitoring-only mode.
Support Considerations
As documented in the FlashGrid Deployment Guide for the cluster (AWS, Azure & GCP) and server (AWS, Azure), if an AV/IDS product is deployed and configured to run as a kernel module, FlashGrid may request its removal when troubleshooting issues:
Any proprietary kernel modules installed by third-party software create risks to the reliable operation of the system. Such proprietary kernel modules are not tested or supported by FlashGrid, Red Hat, or Oracle Linux. Proprietary kernel modules may consume kernel resources and may create instability, especially under high load. Symptoms may include kernel crashes, network disruptions, storage i/o disruptions, node evictions, and brownouts. If such a reliability issue is encountered and no other root cause can be readily identified, FlashGrid support reserves the right to request the removal of all proprietary kernel modules before continuing the investigation.
Whitelisting
If it is not practical (or possible) to run the AV/IDS product in monitoring-only mode, then FlashGrid recommends whitelisting paths to Oracle and FlashGrid software executable files.
Oracle software, by default, is installed in the /u01
filesystem on FlashGrid systems.
To generate a list of FlashGrid software executable and library files, run the following as root user. Update this list whenever FlashGrid software is updated.
for rpm in $(rpm -qa flashgrid\*) ; do rpm -ql $rpm ; done | egrep '/bin/|/sbin/|\.service'