When deploying Anti-Virus (AV) or Intrusion Detection System (IDS) products on FlashGrid systems, it is recommended to configure them in a way that avoids putting files in quarantine or blocking software from running:
- Automatic quarantine of files creates risk of cluster downtime when a false positive is detected on a critical system file.
- Blocking Oracle or FlashGrid software can result in unexpected cluster behavior, including cluster downtime.
FlashGrid recommends that such software products are configured to run in monitoring-only mode.
Support Considerations
As documented in the Flashgrid Deployment Guide for AWS, Azure & GCP, if an AV/IDS product is deployed and configured to run as a kernel module, FlashGrid may request its removal when troubleshooting cluster issues:
Any proprietary kernel modules installed by third-party software create risks to reliable operation of the system. Such proprietary kernel modules are not tested or supported by FlashGrid, Red Hat, or Oracle Linux. Proprietary kernel modules may consume kernel resources and may create instability, especially under high load. Symptoms may include kernel crashes, network disruptions, storage i/o disruptions, node evictions, and cluster brown-out. If such reliability issue is encountered and no other root cause can be readily identified, FlashGrid support reserves the right to request removal of all proprietary kernel modules before continuing investigation.
Whitelisting
If it is not practical (or possible) to run the AV/IDS product in monitoring-only mode, then FlashGrid recommends whitelisting paths to Oracle and FlashGrid software executable files.
Oracle software by default is installed in the /u01 filesystem on FlashGrid systems.
To generate a list of FlashGrid software executable and library files, run the following as root user. Update this list whenever FlashGrid software is updated.
for rpm in $(rpm -qa flashgrid\*) ; do rpm -ql $rpm ; done | egrep '/bin/|/sbin/|\.service'