Tag: Oracle Blog .

RunLevel Mode In Linux

Posted on by Osama Mustafa in Operating system
As Database administrator you dealing with Different operating system everyday, most of this operating system is Linux/Unix, During the boot up for Linux the init command open files called “/etc/initab”  this file linux start decide which run level the system should booted to. After start the OS you can check “/etc/initab” using Editor (vim command).

there’s different type of run level in linux you should know about them :

  • 0 – halt (Do NOT set initdefault to this).
  • 1 – Single user mode.
  • 2 – Multiuser, without NFS (The same as 3, if you do not have networking).
  • 3 – Full multiuser mode.
  • 4 – unused.
  • 5 – X11.
  • 6 – reboot (Do NOT set initdefault to this).

The Above modes available in /etc/initaband you can check them, when you open the files you will see lines

 id:5:initdefault:

 Which indicate for default level. and you can change it.

Short Description for the RunLevels :

Runlevel 0:

Cause the system shutdown , and you can’t set this as default. no reason to do that.

RunLevel 1:

in this Level System start in something called Single User Mode which mean root user only who can log in to the system.and notice there’s no networking in this mode it will be useful for repair and maintenance.

RunLevel 2:

The System Will log in to mutli user mode which mean you can log in to any users but without networking .

RunLevel 3:

Its same as Runlevel 2 but with networking, This level is common for most linux.

RunLevel 4:

Custom Level, or Custom Boot Level ( Undefined one).

RunLevel 5:

Networking, Multi user Mode With X window Which mean when the OS end of boot the GUI screen will appear to users “Welcome Screen” and can log in, this is what you see in the Linux For example Redhat.

RunLevel 6:

Reboot your Operating System, Sure you don’t want to set this to default.

you can use any runlevel by command –> init ‘run-level-number’

Thank you
Osama Mustafa

The Effect of the Weak Password

Posted on by Osama Mustafa in Others
Default/weak passwords.

There is no need to discuss this point any more one of the most Security breaches happened because weak password, can you guess most popular passwords, I provide list for the most common password all the time is your one of them ?

1. password.
2, 123456.
3. 12345678.
4. abc123.
5. qwerty.
6. monkey.
7. letmein.
8. Dragon.
9. 111111.
10. baseball.

Simple steps keep you away in the safe side, No need for software or third party products to change your password in Database 10g, 11g Oracle provide to new features. Noted that what work on 10g is working on 11g.

Oracle Database 10g

In database 10g Oracle provide an example for password verifications functions you can write you own code and you can use
ORACLE_HOME/rdbms/admin/utlpwdmg.sql
This function must be created in SYS schema, when you run the script you enable the following:
•    alters the default parameters for Password Management this mean all the users on the system have Password Management
•    sets the default password resource parameters
•    Function makes the minimum complexity checks like minimum length of the password.

Sqlplus / as sysdba
SQL> @utlpwdmg.sql
Function created.
Profile altered.

Create new user after run the utlpwdmg.sql script.

SQL> create user test identified by test;
create user test identified by test
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password same as or similar to user

SQL> create user test identified by test_oracle123 ;
User created.

At least we insure that no more easy password, as mention before you can create your own code or trigger.

CREATE OR REPLACE FUNCTION paasword_check (
  Username      VARCHAR2,
  Password      VARCHAR2,
    Old_password VARCHAR2)
  RETURN BOOLEAN AS
BEGIN
  IF LENGTH (password) < 10 THEN
    RETURN FALSE;
  ELSE
    RETURN TRUE;
  END IF;
END password_check;
/

After run the above function under SYS schema you should assign it to specific profile. Let me describe step by step.

1-    Create profile

CREATE PROFILE New_profile LIMIT
  FAILED_LOGIN_ATTEMPTS 5
  PASSWORD_LOCK_TIME 3   
  PASSWORD_LIFE_TIME 15
  PASSWORD_GRACE_TIME 3  
  PASSWORD_REUSE_TIME 60
  PASSWORD_REUSE_MAX 3
/

Check if profile created.

SQL> select profile from dba_profiles where profile = ‘NEW_PROFILE’;

PROFILE
——————————
NEW_PROFILE

2-    Assign verify_function to New_profile

SQL> ALTER PROFILE new_profile LIMIT
  PASSWORD_VERIFY_FUNCTION verify_function; 
Profile altered.

3-    Change User profile
SQL> alter user scott profile NEW_profile ;
User altered.

Now you are creating user with verification password and profile to with password conditions, all this to make sure that user will not be able to choose weak password.

You need to generate strong password and nothing came to your mind one of the most amazing website that help you to do that is
http://www.randpass.com/. Just choose length for the password.

    

Example of Generated password by random password sites:
“eo2toozo”,” gop}geeu”.

Oracle Database 11g

Earlier in 11g Version Oracle Provide new parameter which control case sensitive for Password , I consider this is amazing adding for database , its dose not exists in 10g but you can there’s difference between oracle and ORACLE as Password .

Since this book is concern about oracle security I will post every example I can to prove the best to secure your database.

SQL> show parameter case;

NAME                                 TYPE        VALUE
——————————— ———– ——————————
sec_case_sensitive_logon             boolean     FALSE

By default this parameter is set to TRUE, to ensure securing your password, I include demonstrate to let you understand this parameter as well.

From the above the parameter is set to FALSE

SQL> Create user test identified by test;
User created.

SQL> grant create session to test ;
Grant succeeded.

Let’s try to connect using test user once as “test” and “TEST”

SQL> conn test/test ;
Connected.
SQL> conn test/TEST;
Connected.

There’s no difference Between Sensitivity for the password. But I will set CASE_SENSITIVE Parameter to TRUE and try again After change password for test user.

SQL> alter system set sec_case_sensitive_logon=TRUE scope=memory;
System altered.

SQL> alter user test identified by TEST;
User altered.

Let’s try to connect this time using Test User.

SQL> conn test/test ;
ERROR:
ORA-01017: invalid username/password; logon denied

But Using “TEST”

SQL> conn test/TEST ;
Connected.

This parameter consider as important feature for security, you can create your own complex password to ensure protecting your data, Weak password is one of the most important threats, reduce hacking start with simple basic steps.

Thank you
Osama Mustafa

SQL Injection In Oracle

Posted on by Osama Mustafa in Database
I post earlier about database threats, but today i will go more deeply and start describe these threats.
SQL injection is a type of security exploit in which the attacker injects Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data,Attackers can execute arbitrary SQL commands through the web application.

It enables an attacker to execute unauthorized SQL commands,For example, when a user logs onto a web page by using auser name and password for validation, a SQL query is used. what do you need ? just web browser.

to start using SQL Injection you need to look for  search page, Login page or even comment ( feedback), also you should be familiar with HTML for example Which Way page POST or GET commands, If POST is used, you cannot see the parameters in the URL check the below :

Some Programming language not take any method, most of them new Language such as ASP, PHP and JSP.

check simple example how attackers try to hack the below website, remember that below website doesn’t exists:

http:// http://www.hackme.com /index.asp?id=1

But the attackers change it to be :

http://www.hackme.com/index.asp?id=blah’ or 1=1–

The above is simple example describe how sql injection works, also another way to know if the website is vulnerable to an SQL injection attack if just insert (‘) and press Enter. you will get error regarding to ODBC Access.

There’s lot of way to use SQL Injection i will not mention them all , just few method to know the basic , the purpose of this article is to learn how secure database and code against database threats.

The Simplest way to generate SQL injection attack is by run one of the below :

• “ or 1=1–
• ‘ or ‘a’=‘a
• “ or “a”=“a
• ‘) or (‘a’=‘a)

For Example:

http://www.hackme.com/index.asp?id=blah’ or 1=1–

SQL Injection can be perform On oracle using the below:

  • Insert,Updates and select.
  • Union 
  • Sub Select.

for complex SQL Injection you can use also OS Command Line using stored procedures like master..xp_cmdshell.

For Example :
Ping a server
• blah‘;exec master..xp_cmdshell ping 10.10.1.2” —

to avoid SQL injection :

  • Minimize the privileges of database connections
  • Disable verbose error messages
  • Protect the system account “System Administrator”
  • Reject known bad input
  • Never trust user input
  • Never use dynamic SQL
  • Do not store secrets in plain text

I just Describe Small Section of this topic to avoid SQL injection, read this topic and understand it will avoid attacker to get into your system and start miss around.

Thank you
Osama Mustafa

Database HealthCheck

Posted on by Osama Mustafa in Database
Stable Environment without any problem need to be monitored by DBA, Trying To Check Database With Specific Period or even everyday it’s called HealthCheck All that to avoid any Problem That could occur in the future which will prevent users and customer doing their work.

Therefore any DBA should perform Healthcheck for the database By Check the below :

1- Check Alert Log.

Check alert log is very important step, which its Indicate for any Error occurs in Database level, So the Data is always append, don’t forget to rotate alert log or purge if you are using 11g you can use ADRCI tools.
you can find alert log location :

in 10g

SQL> show parameter background_dump_dest;

NAME                                 TYPE        VALUE
———————————— ———– ——————————
background_dump_dest                 string      /u01/app/oracle/admin/orcl/bdump

in 11g

SQL> show parameter diagnostic_dest

NAME                                 TYPE        VALUE
———————————— ———– ——————————
diagnostic_dest                      string      /u01/app/oracle

2.Check Dump_File_szie

As we know Oracle Generate Trace file On OS level, But how Oracle manage their size, all this happened By Parameter Called “Max_dump_File_size” This Parameter define Max Size for OS Disk Space.

SQL> show parameter max_dump_file_size

NAME                                 TYPE        VALUE
———————————— ———– ——————————
max_dump_file_size                   string      UNLIMITED

3.Audit Files

If you are enable Audit Parameter, Or SYSDBA Operation is Enable Oracle Will Start generate audit files which is take significant amount of space. and if you didn’t monitor this space it will prevent you access to oracle database until you remove them.

4.Check TableSpace (System, SysAux , Temp … )

You should monitor tablespace and check the free space and status for these table space and all the tablespace should be monitored to avoid any problem that could occur in the future since it will prevent users continuous their works, the below script check Size for each table space and Free space

SELECT /* + RULE */  df.tablespace_name "Tablespace",
       df.bytes / (1024 * 1024) "Size (MB)",
       SUM(fs.bytes) / (1024 * 1024) "Free (MB)",
       Nvl(Round(SUM(fs.bytes) * 100 / df.bytes),1) "% Free",
       Round((df.bytes - SUM(fs.bytes)) * 100 / df.bytes) "% Used"
  FROM dba_free_space fs,
       (SELECT tablespace_name,SUM(bytes) bytes
          FROM dba_data_files
         GROUP BY tablespace_name) df
 WHERE fs.tablespace_name (+)  = df.tablespace_name
 GROUP BY df.tablespace_name,df.bytes
UNION ALL
SELECT /* + RULE */ df.tablespace_name tspace,
       fs.bytes / (1024 * 1024),
       SUM(df.bytes_free) / (1024 * 1024),
       Nvl(Round((SUM(fs.bytes) - df.bytes_used) * 100 / fs.bytes), 1),
       Round((SUM(fs.bytes) - df.bytes_free) * 100 / fs.bytes)
  FROM dba_temp_files fs,
       (SELECT tablespace_name,bytes_free,bytes_used
          FROM v$temp_space_header
         GROUP BY tablespace_name,bytes_free,bytes_used) df
 WHERE fs.tablespace_name (+)  = df.tablespace_name
 GROUP BY df.tablespace_name,fs.bytes,df.bytes_free,df.bytes_used
 ORDER BY 4 DESC;

OR

SELECT d.STATUS "Status",
d.tablespace_name "Name",
d.contents "Type",
d.extent_management "Extent Management",
d.initial_extent "Initial Extent",
TO_CHAR(NVL(a.bytes / 1024 / 1024, 0),'99,999,990.900') "Size (M)",
TO_CHAR(NVL(a.bytes - NVL(f.bytes, 0), 0)/1024/1024,'99,999,999.999') "Used (M)",
TO_CHAR(NVL((a.bytes - NVL(f.bytes, 0)) / a.bytes * 100, 0), '990.00') "Used %",
TO_CHAR(NVL(a.maxbytes / 1024 / 1024, 0),'99,999,990.900') "MaxSize (M)",
TO_CHAR(NVL((a.bytes - NVL(f.bytes, 0)) / a.maxbytes * 100, 0), '990.00') "Used % of Max"
FROM sys.dba_tablespaces d,
(SELECT tablespace_name, 
SUM(bytes) bytes, 
SUM(decode(autoextensible,'NO',bytes,'YES',maxbytes))
maxbytes FROM dba_data_files GROUP BY tablespace_name) a,
(SELECT tablespace_name, SUM(bytes) bytes FROM dba_free_space 
GROUP BY tablespace_name) f
WHERE d.tablespace_name = a.tablespace_name(+)
AND d.tablespace_name = f.tablespace_name(+)
ORDER BY 10 DESC;

5. Data Files Locations

you should check the location for datafiles to make sure there’s no misunderstanding and check autoextened

SQL> select * from v$dbfile;

to Check if the auto extend is on

SQL> select file_id, tablespace_name, bytes, maxbytes, maxblocks, increment_by, file_name
from dba_data_files where autoextensible = ‘YES’;

6. Redo Log

Redo log is very important components in database since its minimize loss of data in the database Redo log files are used in a situation such as instance failure to recover commited data that has not yet been written to the data file.

SQL> select * from v$logfile;

7. Parameter files

Check Spfile, Or pfile in database to Ensure startup and database parameters

SQL> show parameter pfile ;

NAME                                 TYPE        VALUE
———————————— ———– ——————————
spfile                               string      /u01/app/oracle/product/10.2.0/db_1/dbs/spfileorcl.ora

 8. Backup

You have to Check if the backup Script Run successfully without any problems

RMAN > list backup summary

This is how health check database there’s others things you can do such as indexes,and memory

Thank you
Osama Mustafa

Check TimeZone Before Upgrades

Posted on by Osama Mustafa in Application
Lot of question Regarding to TimeZone While Upgrade Oracle Database, You have to Check TimeZone When you have Data Or Schedule Job With Timezone info.

There are three Cases I will Describe them later In this article , but First You need to check Timezone

SQL> select version from v$timezone_file;

After Doing That you will Have Number As Output , This Number Should Compare to 4 ( value ) with Three below Cases :
1- Output =  4

You could Contuine with Upgrade without Do anything

2- Output >  4
Actions for the DSTv4 update in the 10.2.0.4 patchset [ID 553812.1]
Updated DST transitions and new Time Zones in Oracle Time Zone File patches [ID 412160.1]

3 – Output < 4 
You have to download utltzpv4.sqlfrom MOS (https://support.oracle.com)
With This Script also you have two case
if script returns no rows, there is nothing that needs to be done. Just proceed with the upgrade.

If script retunrs the detail of columns that contain TZ data which may be affected by the upgrade, then follow document Actions for the DSTv4 update in the 10.2.0.4 patchset [ID 553812.1]

Thank you
Osama Mustafa

privileges Scripts

Posted on by Osama Mustafa in Scripts
These script made by René Nyffenegger and shared here for knowledge

List user role and privileges :

select
  lpad(' ', 2*level) || granted_role "User, his roles and privileges"
from
  (
  /* THE USERS */
    select 
      null     grantee, 
      username granted_role
    from 
      dba_users
    where
      username like upper('%&enter_username%')
  /* THE ROLES TO ROLES RELATIONS */ 
  union
    select 
      grantee,
      granted_role
    from
      dba_role_privs
  /* THE ROLES TO PRIVILEGE RELATIONS */ 
  union
    select
      grantee,
      privilege
    from
      dba_sys_privs
  )
start with grantee is null
connect by grantee = prior granted_role;

Check System privileges: 

select
  lpad(' ', 2*level) || c "Privilege, Roles and Users"
from
  (
  /* THE PRIVILEGES */
    select 
      null   p, 
      name   c
    from 
      system_privilege_map
    where
      name like upper('%&enter_privliege%')
  /* THE ROLES TO ROLES RELATIONS */ 
  union
    select 
      granted_role  p,
      grantee       c
    from
      dba_role_privs
  /* THE ROLES TO PRIVILEGE RELATIONS */ 
  union
    select
      privilege     p,
      grantee       c
    from
      dba_sys_privs
  )
start with p is null
connect by p = prior c;

Object Privileges : 

select
  case when level = 1 then own || '.' || obj || ' (' || typ || ')' else
  lpad (' ', 2*(level-1)) || obj || nvl2 (typ, ' (' || typ || ')', null)
  end
from
  (
  /* THE OBJECTS */
    select 
      null          p1, 
      null          p2,
      object_name   obj,
      owner         own,
      object_type   typ
    from 
      dba_objects
    where
       owner not in 
        ('SYS', 'SYSTEM', 'WMSYS', 'SYSMAN','MDSYS','ORDSYS','XDB', 'WKSYS', 'EXFSYS', 
         'OLAPSYS', 'DBSNMP', 'DMSYS','CTXSYS','WK_TEST', 'ORDPLUGINS', 'OUTLN')
      and object_type not in ('SYNONYM', 'INDEX')
  /* THE OBJECT TO PRIVILEGE RELATIONS */ 
  union
    select
      table_name p1,
      owner      p2,
      grantee,
      grantee,
      privilege
    from
      dba_tab_privs
  /* THE ROLES TO ROLES/USERS RELATIONS */ 
  union
    select 
      granted_role  p1,
      granted_role  p2,
      grantee,
      grantee,
      null
    from
      dba_role_privs
  )
start with p1 is null and p2 is null
connect by p1 = prior obj and p2 = prior own;
 
 Thank you 
Osama Mustafa

Zombie process

Posted on by Osama Mustafa in Operating system
Zombie process is an inactive computer process,according to wikipedia article, “…On Unix operating systems, a zombie process or defunct process is a process that has completed execution but still has an entry in the process table, allowing the process that started it to read its exit status. In the term’s colorful metaphor, the child process has died but has not yet been reaped…”

Find zombie by :

# ps aux | awk '{ print $8 " " $2 }' | grep -w Z

 after that use kill -9  PID

Thank you
osama mustafa

Useful Linux Commands For DBA

Posted on by Osama Mustafa in Operating system 
Show Routing Table :
 
netstat -r

Check ORA errors in the Logs:

grep ^ORA- *log |cut -f2 -d"-"|cut -f1 -d:|awk '{print "ORA-" $1}'|sort -u
Inzip CPIO Files :
 
cpio -idmv <

 Sort Files By Size :

ls -l |sort -k 5

Find Command archive and move to another Folder :

find ./ -name "*.arch" -mtime +1 -exec mv {} /u01/;

Find Command archive and Remove it:

find ./ -name "*.ARC" -mtime +1 -exec rm {} \;

Find Command with Zip :

find ./ -name "*.ARC" -mtime +1 -exec gzip {} \;

 Find Command With List :





 find ./ -name “*.ARC” -mtime +1 -ls  


Thank you
Osama Mustafa



	

	

	




	
	

		
ORA-01210: data file header is media corrupt
				

					Posted on  by Osama Mustafa in Database				


				

	

		


ORA-00283: recovery session canceled due to errors
ORA-01110: data file 24: ‘/ora/data/gamesds/system02.DBF’
ORA-01122: database file 24 failed verification check
ORA-01110: data file 24: ‘/ora/data/gamesds/system02.DBF’
ORA-01210: data file header is media corrupt




Error Cause:


The file header block is internally  inconsistent. The beginning of the block has a header with a checksum  and other data for insuring the consistancy of the block. It is possible  that the last disk write did not operate correctly. The most likely  problem is that this is not a datafile for any database. 


 


 


Solution : 




Have operating system make correct file available to database. If the  trace file dump indicates that only the checksum is wrong, restore from a  backup and do media recovery.


 Or The Below Solution , You Must Be Sure that you have Valid Backup to restore it .




SQL> shutdown immediate
SQL > Startup mount 
SQL> ALTER DATABASE DATAFILE '/ora/data/gamesds/system02.DBF' OFFLINE ;
SQL > ALTER database Open ;




Thank you
Osama Mustafa