Oracle官方发布了7月份的关键补丁更新 CPU(CriticalPatchUpdate ),其中包含一个高危的 Weblogic 反序列化漏洞 (CVE-2018-2893 ),该漏洞通过JRMP协议利用RMI机制的缺陷达到执行任意反序列化代码的目。 攻击者可以在未授权情况下将 payload 封装在T3协议中,通过对T3协议中的 payload 进行反序列化,从而实现对存在漏洞的 进行反序列化,从而实现对存在漏洞的WebLogic组件进行远程攻击,执行任意代码并可获取目标系统的所有权限。受影响的颁布为Oracle WebLogicServer 10.3.6.0,Oracle WebLogicServer 12.1.3.0,Oracle WebLogicServer 12.2.1.2,Oracle WebLogicServer 12.2.1.3
Oracle目前已经发布了升级补丁可参考链接”Critical Patch Update (CPU) Program July 2018 Patch Availability Document (PAD) (Doc ID 2394520.1)”
我们的生产环境WebLogic主要是两个版本10.3.6.0与12.1.3.0。下面是具体操作
对于10.3.6.0版本需要执行bsh.sh脚本来进行补丁安装
1.首先下载补丁包27919965_1036_Generic.zip
2.将补丁包27919965_1036_Generic.zip上传到{MW_HOME}/utils/bsu/cache_dir 其中MW_HOME是Weblogic的BASE目录,类似于Oracle BASE目录
3.将补丁包27919965_1036_Generic.zip解压
[root@app1 cache_dir]# unzip p27919965_1036_Generic.zip Archive: p27919965_1036_Generic.zip extracting: B47X.jar inflating: patch-catalog_26112.xml inflating: README.txt
4.执行安装命令(bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}) 其中WL_HOME是WebLogic home目录
root@app1 bsu]# ./bsu.sh -install -patch_download_dir=/wls11g/utils/bsu/cache_dir -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3 Checking for conflicts............... No conflict(s) detected Installing Patch ID: B47X.. Result: Success
5.检查补丁包是否安装成功
[root@app1 bsu]# ./bsu.sh -prod_dir=/wls11g/wlserver_10.3 -status=applied -verbose -view ProductName: WebLogic Server ProductVersion: 10.3 MP6 Components: WebLogic Server/Core Application Server,WebLogic Server/Admi nistration Console,WebLogic Server/Configuration Wizard and Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog ic Server/Evaluation Database,WebLogic Server/Workshop Code Completion Support BEAHome: /wls11g ProductHome: /wls11g/wlserver_10.3 PatchSystemDir: /wls11g/utils/bsu PatchDir: /wls11g/patch_wls1036 Profile: Default DownloadDir: /wls11g/utils/bsu/cache_dir JavaVersion: 1.6.0_29 JavaVendor: Sun Patch ID: B47X PatchContainer: B47X.jar Checksum: -345780037 Severity: optional Category: General CR/BUG: 27919965 Restart: true Description: WLS PATCH SET UPDATE 10.3.6.0.180717 WLS PATCH SET UPDATE 10 .3.6.0.180717
6.重启WebLogic
[root@app1 bsu]# service weblogic restart Stopping weblogic: weblogic is not running. Starting weblogic: [root@app1 bsu]# . JAVA Memory arguments: -Xms4096m -Xmx4096m -XX:MaxPermSize=1024m . WLS Start Mode=Production . CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java- 1.6.0-openjdk- 1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant- contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar:.:/weblogic11_64/jdk1.6.0_20/lib/dt.jar:/weblogic11_64/jdk1.6.0_20/lib/tools.jar . PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk- 1.6.0.0.x86_64/bin:/weblogic11_64/jdk1.6.0_20/bin:/usr/lib64/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at http://hostname:port/console * *************************************************** starting weblogic with Java version: java version "1.6.0" OpenJDK Runtime Environment (build 1.6.0-b09) OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode) Starting WLS with line: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server -Xms4096m -Xmx4096m -XX:MaxPermSize=1024m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/wls11g/wlserver_10.3 - Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false - Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath - Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -verbose:gc -XX: +PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false weblogic.Server <Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify - Dweblogic.security.allowCryptoJDefaultJCEVerification=true> <Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify - Dweblogic.security.allowCryptoJDefaultPRNG=true>
执行重启命令后,weblogic进行自动终止,并且没有生成任何日志与错误信息,如是我选择删除该补丁
7.删除补丁
root@app1 bsu]# ./bsu.sh -remove -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3 Checking for conflicts.............. No conflict(s) detected Removing Patch ID: B47X.. Result: Success
8.重启WebLogic恢复正常
[root@app1 bsu]# service weblogic restart Stopping weblogic: weblogic is not running. Starting weblogic: [root@app1 bsu]# . . JAVA Memory arguments: -Xms4096m -Xmx4096m -XX:MaxPermSize=256m . WLS Start Mode=Production . CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java- 1.6.0-openjdk- 1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant- contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar . PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk- 1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at http://hostname:port/console * *************************************************** starting weblogic with Java version: java version "1.6.0" OpenJDK Runtime Environment (build 1.6.0-b09) OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode) Starting WLS with line: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server -Xms4096m -Xmx4096m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/wls11g/wlserver_10.3 - Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false - Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath - Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -verbose:gc -XX: +PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false weblogic.Server <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify - Dweblogic.security.allowCryptoJDefaultJCEVerification=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify - Dweblogic.security.allowCryptoJDefaultPRNG=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> <Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 > <Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> <Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> <Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.> <Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> <Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at '/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
9.由于安装补丁后不能正常启动weblogic所以选择禁用T3协议
登录控制台后在 bash_domain的配置页面中选择“安全”选项卡页面,再点击”筛选器”并在连接筛选器规则中设置以下规则
127.0.0.1 * * allow t3 t3s 0.0.0.0/0 * * deny t3 t3s
[root@app1 bsu]# service weblogic restart Stopping weblogic: weblogic is not running. Starting weblogic: [root@app1 bsu]# . . JAVA Memory arguments: -Xms4096m -Xmx4096m -XX:MaxPermSize=256m . WLS Start Mode=Production . CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java- 1.6.0-openjdk- 1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant- contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar . PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk- 1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at http://hostname:port/console * *************************************************** starting weblogic with Java version: java version "1.6.0" OpenJDK Runtime Environment (build 1.6.0-b09) OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode) Starting WLS with line: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server -Xms4096m -Xmx4096m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/wls11g/wlserver_10.3 - Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false - Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath - Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -verbose:gc -XX: +PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false weblogic.Server <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify - Dweblogic.security.allowCryptoJDefaultJCEVerification=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify - Dweblogic.security.allowCryptoJDefaultPRNG=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> <Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 > <Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> <Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> <Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.> <Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> <Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at '/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
对于12.1.3.0版本使用OPatch来进行补丁安装
1.将最新的OPatch工具上传到WebLogic所在服务器并解压
[root@ldjc wls12c]# unzip p6880880_132000_Generic.zip Archive: p6880880_132000_Generic.zip replace OPatch/ocm/lib/emocmutl.jar? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: OPatch/ocm/lib/emocmutl.jar replace OPatch/ocm/doc/dummy.txt? [y]es, [n]o, [A]ll, [N]one, [r]ename: A extracting: OPatch/ocm/doc/dummy.txt extracting: OPatch/ocm/bin/dummy inflating: OPatch/ocm/ocm_platforms.txt extracting: OPatch/ocm/generic.zip inflating: OPatch/oplan/README.html inflating: OPatch/oplan/oplan inflating: OPatch/oplan/README.txt inflating: OPatch/oplan/jlib/EMrepoDrivers.jar inflating: OPatch/oplan/jlib/automation.jar inflating: OPatch/oplan/jlib/Validation.jar inflating: OPatch/oplan/jlib/apache-commons/commons-cli-1.0.jar inflating: OPatch/oplan/jlib/CRSProductDriver.jar inflating: OPatch/oplan/jlib/OsysModel.jar inflating: OPatch/oplan/jlib/oplan.jar inflating: OPatch/oplan/jlib/jaxb/activation.jar inflating: OPatch/oplan/jlib/jaxb/jaxb-api.jar inflating: OPatch/oplan/jlib/jaxb/jaxb-impl.jar inflating: OPatch/oplan/jlib/jaxb/jsr173_1.0_api.jar inflating: OPatch/oplan/jlib/ValidationRules.jar inflating: OPatch/oplan/jlib/patchsdk.jar inflating: OPatch/oplan/jlib/osysmodel-utils.jar inflating: OPatch/oplan/jlib/oracle.oplan.classpath.jar inflating: OPatch/operr.bat inflating: OPatch/opatchprereqs/oui/knowledgesrc.xml creating: OPatch/opatchprereqs/opatch/ inflating: OPatch/opatchprereqs/opatch/opatch_prereq.xml inflating: OPatch/opatchprereqs/opatch/rulemap.xml inflating: OPatch/opatchprereqs/opatch/runtime_prereq.xml inflating: OPatch/opatchprereqs/opatch_prereq.sh inflating: OPatch/opatchprereqs/prerequisite.properties inflating: OPatch/opatch inflating: OPatch/emdpatch.pl inflating: OPatch/version.txt inflating: OPatch/opatch.ini inflating: OPatch/operr inflating: OPatch/README.txt inflating: OPatch/opatch.pl inflating: OPatch/scripts/opatch_wls.bat inflating: OPatch/scripts/opatch_jvm_discovery.bat inflating: OPatch/scripts/opatch_wls inflating: OPatch/scripts/opatch_jvm_discovery inflating: OPatch/docs/operr_readme.txt inflating: OPatch/docs/README.txt inflating: OPatch/jlib/oracle.opatch.classpath.windows.jar inflating: OPatch/jlib/opatchsdk.jar inflating: OPatch/jlib/oracle.opatch.classpath.unix.jar inflating: OPatch/jlib/opatch.jar inflating: OPatch/jlib/oracle.opatch.classpath.jar inflating: OPatch/opatch.bat [root@ldjc wls12c]# chown -R xxxx:xxxx /wls12c/OPatch
2.将补丁包上传unzip p27919943_121300_Generic.zip到WebLogic所在服务器并解压
[root@ldjc soft]# unzip p27919943_121300_Generic.zip Archive: p27919943_121300_Generic.zip creating: 27919943/ creating: 27919943/etc/ creating: 27919943/etc/config/ inflating: 27919943/etc/config/actions.xml inflating: 27919943/etc/config/inventory.xml creating: 27919943/files/ creating: 27919943/files/inventory/ creating: 27919943/files/inventory/Components/ creating: 27919943/files/inventory/Components/oracle.css.mod/ creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/ creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/ creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/ inflating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/compDef.xml creating: 27919943/files/inventory/Components/oracle.fmwconfig.common.shared/ ...省略...
3.安装补丁
[weblogic@ldjc OPatch]$ ./opatch apply /soft/27919943/ Oracle Interim Patch Installer version 13.2.0.0.0 Copyright (c) 2014, Oracle Corporation. All rights reserved. Oracle Home : /wls12c Central Inventory : /home/weblogic/oraInventory from : /wls12c/oraInst.loc OPatch version : 13.2.0.0.0 OUI version : 13.2.0.0.0 Log file location : /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log OPatch detects the Middleware Home as "/wls12c" Jul 20, 2018 6:54:41 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl INFO: Install area Control created with access level 0 Applying interim patch '27919943' to OH '/wls12c' Verifying environment and performing prerequisite checks... Interim patch 27919943 is a superset of the patch(es) [ 22250567 21370953 ] in the Oracle Home OPatch will roll back the subset patches and apply the given patch. All checks passed. Please shutdown Oracle instances running out of this ORACLE_HOME on the local system. (Oracle Home = '/wls12c') Is the local system ready for patching? [y|n] y User Responded with: Y Backing up files... Rolling back interim patch '22250567' from OH '/wls12c' Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... RollbackSession removing interim patch '22250567' from inventory Rolling back interim patch '21370953' from OH '/wls12c' Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... RollbackSession removing interim patch '21370953' from inventory OPatch back to application of the patch '27919943' after auto-rollback. Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.css.mod, 12.1.3.0.0... Patching component oracle.css.mod, 12.1.3.0.0... Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0... Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0... Patching component oracle.wls.common.nodemanager, 12.1.3.0.0... Patching component oracle.wls.common.nodemanager, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.webservices.base, 12.1.3.0.0... Patching component oracle.webservices.base, 12.1.3.0.0... Patching component oracle.wls.shared.with.cam, 12.1.3.0.0... Patching component oracle.wls.shared.with.cam, 12.1.3.0.0... Patching component oracle.webservices.orawsdl, 12.1.3.0.0... Patching component oracle.webservices.orawsdl, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0... Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0... Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0... Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Verifying the update... Patch 27919943 successfully applied Log file location: /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log OPatch succeeded.
4.查看补丁是否安装成功从输出结果可以看到已经安装成功
[weblogic@ldjc OPatch]$ ./opatch lspatches Jul 20, 2018 7:00:17 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl INFO: Install area Control created with access level 0 27919943;WLS PATCH SET UPDATE 12.1.3.0.180717 20741228;JDBC 12.1.3.1 BP1 OPatch succeeded.
5.重启weblogic
[root@ldjc base_domain]# service weblogic restart Stopping weblogic: Starting weblogic: . JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m . CLASSPATH=/opt/jdk1.7.0_75/lib/tools.jar:/wls12c/wlserver/server/lib/weblogic_sp.jar:/wls12c/wlserver/server/lib/weblogic.jar:/wls12c/wlserver/../oracle_common/modules/net.sf.antcontrib_1.1 .0.0_1-0b3/lib/ant-contrib.jar:/wls12c/wlserver/modules/features/oracle.wls.common.nodemanager_2.0.0.0.jar:/wls12c/wlserver/../oracle_common/modules/com.oracle.cie.config-wls- online_8.1.0.0.jar:/wls12c/wlserver/common/derby/lib/derbyclient.jar:/wls12c/wlserver/common/derby/lib/derby.jar:/wls12c/wlserver/server/lib/xqrl.jar . PATH=/wls12c/wlserver/server/bin:/wls12c/wlserver/../oracle_common/modules/org.apache.ant_1.9.2/bin:/opt/jdk1.7.0_75/jre/bin:/opt/jdk1.7.0_75/bin:/sbin:/usr/sbin:/bin:/usr/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at http://hostname:port/console * *************************************************** starting weblogic with Java version: java version "1.7.0_75" Java(TM) SE Runtime Environment (build 1.7.0_75-b13) Java HotSpot(TM) 64-Bit Server VM (build 24.75-b04, mixed mode) Starting WLS with line: /opt/jdk1.7.0_75/bin/java -server -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls12c/wlserver/server/lib/weblogic.policy -Xverify:none -Djava.endorsed.dirs=/opt/jdk1.7.0_75/jre/lib/endorsed:/wls12c/wlserver/../oracle_common/modules/endorsed -da -Dwls.home=/wls12c/wlserver/server -Dweblogic.home=/wls12c/wlserver/server -Dweblogic.utils.cmm.lowertier.ServiceDisabled=true weblogic.Server <Jul 20, 2018 7:20:33 AM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls12c/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.> <Jul 20, 2018 7:20:35 AM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> <Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.runtime.> <Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.domainruntime.> <Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://12.18.1.249:7001/jndi/weblogic.management.mbeanservers.edit.> <Jul 20, 2018 7:20:36 AM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3 was not deployed. Error: [Deployer:149158]No application files exist at "/wls12c/wlserver/server/lib/../../../oracle_common/modules/com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3.war".> <Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY.> <Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.>
到此补丁升级完成
谢谢你的文章,我打了补丁一直无法启动,各种找原因,看到你文章 才考虑卸载补丁,结果wls可以启动了
不客气,是遇到坑了