Perform OPatch Checks

This option allows the scanning engine to get a list of all installed patches for an Oracle instance.

Important - Oracle authentication and Unix authentication are both required in order to perform OPatch checks on your Unix hosts.

Oracle record

Select "Perform OPatch check" (on the Unix tab in your Oracle record), and provide details about your Oracle installation. All fields are required and have a limit of 255 characters.

These special characters are not allowed: ; & | # % ? ! * ` ( ) [ ] ” ’ > < = ^ \

You can enter the location of the oraInst.loc file for the invPtrLoc parameter if you have a custom inventory of patches.

Unix record

The Unix record must include the same IP addresses as the Oracle record. The user account in the Unix record must have complete access to the "opatch lsinventory" command which includes read/write access to the Oracle Database.

How it works

The scanning engine first detects the OPatch binary and then runs the "opatch lsinventory" command. This command returns a list of installed products and interim patches, which are reported in QID 19614 "Oracle OPatch Inventory Report". Some Oracle detections use the OPatch method and others do not. In all cases, database authentication is required in addition to host authentication for successful Oracle scanning.

When "Perform OPatch check" is NOT selected, the scanning engine checks for patch information in the Oracle database. The information in the database may not return accurate results, since a post-install script must be run in the database after a patch was installed and it's possible this does not occur on a regular basis.


Quick Links

Set Up Oracle Authentication

Set Up Unix Authentication