Some vulnerability scanner may report Oracle Notification Service (ONS) against its listening port as a weakness. In such situation, you may solve the weakness on the port 6200 used by ONS or just turn it off if no one is using ONS.
In this post, we take the following steps to disable ONS.
Make Sure No One is Using ONS
Is there any application like Enterprise Manager or WebLogic server using and connecting to ONS? Ask your team for sure. If you're not sure or don't have an answer, you may make some tests during business hours.
srvctl config ons
Frist of all, we need to know which port ONS is using.
[grid@primary01 ~]$ srvctl config ons
ONS exists: Local port 6100, remote port 6200, EM port 2016, Uses SSL true
ONS is enabled
ONS is individually enabled on nodes:
ONS is individually disabled on nodes:
Then we monitor the port 6200 on both nodes.
Node 1
[root@primary01 ~]# netstat -nlp | grep ":6200" | grep -v LISTEN
[root@primary01 ~]# echo $?
1
Node 2
[root@primary02 ~]# netstat -nlp | grep ":6200" | grep -v LISTEN
[root@primary02 ~]# echo $?
1
If the result consistently returns nothing, then you're pretty sure that ONS is not in use for anyone.
Stop and Disable ONS
We take 2 steps to disable the resource by grid.
srvctl stop ons
[grid@primary01 ~]$ srvctl stop ons
srvctl disable ons
[grid@primary01 ~]$ srvctl disable ons
Make Sure ONS is Disabled
We should make sure that the above steps are working.
srvctl status ons
We can verify its status like this.
[grid@primary01 ~]$ srvctl status ons
ONS ons is disabled.
ONS ons is not running.
crsctl status resource
To make sure ONS has been detached from the cluster, we can check its attribute like this.
[grid@primary01 ~]$ crsctl status resource ora.ons -p -attr ENABLED
NAME=ora.ons
ENABLED=0
0 means NO.
Please note that, the resource is just disabled, not removed. We can attach it back to Oracle Restart at any time later.