Tag: Osama mustafa

what is oracle inventory

Posted on by Osama Mustafa in Others
While installing Oracle software new folder Directory created in ORACLE_BASE called oinventory  what is it ? and what the benefits of using this folder ? What kind of information will be stored ?

The inventory is created once you install Database or used for upgrades and patches. two kind of oracle inventory  one called central inventory per server and another one called local inventory for each ORACLE_HOME, the difference between each of them central inventory basically contains a high-level list of components installed on the server. It is updated each time components are installed or uninstalled but it does not have detailed information such as the patch level of each ORACLE_HOME. on another hand  local inventory  contains some component information included with patch-level information.

another different is The Central Inventory contains the information related to all Oracle products installed on a host. and consists of a file called inventory.xml, which lists all the Oracle Homes installed on the node.

for local inventory ( $ORACLE_HOME/inventory ) that contains the detail of the patch level for that ORACLE_HOME. The Local Inventory gets updated whenever a patch is applied to the ORACLE_HOME, using OUI. If the Local Inventory becomes corrupt or is lost, this is very difficult to recover, and may result in having to reinstall the ORACLE_HOME and re-apply all patchsets and patches.
For More Information about this topic refer to MOS : 
 Global and Local Inventory explained [ID 360079.1]
FAQs on Central Inventory and Oracle Home Inventory (Local Inventory) in Oracle RDBMS [ID 564192.1]
Thank you 
Osama mustafa

ORA-1461 encountered when generating server alert SMG-3500

Posted on by Osama Mustafa in Database
Two bug could be related to this error  Bug 6085625 and unpublished bug 6452485.

to fix the above bug you need to apply  Patch 6602742 or Patch 6602482 Depend on your case

as workaround you have to optiosn :

A. Flushing the shared pool can help remove the problem cursor from the shared pool.
B. Or set SESSION_CACHED_CURSORS = 0

Thank you
Osama mustafa

Describe Oracle Patches

Posted on by Osama Mustafa in Others
Regarding to Oracle Documentation patch is program (set of instructions) to fix a particular problem or enhance/ add a particular feature in existing program/product/software. And There’s Four kind of Oracle Patches :

  • One-off patches (bug fix)
  • CPU (security patches)
  • Upgrade patches (bug fixes)
  • PSU (bug fixes are security patches)

There’s another kind called Bundle Patched for windows and exadata.
The most two kind of patch that people get little confused about them is CPU and PSU what are they ? when should i use them ?  is there any different between them ?

First Thing you need to know about them since they have different name then sure it’s have different.

CPU:  security fixes each quarter rather than the cumulative database.

PSU : same as CPU  patches but include both the security fixes and priority fixes.Note Once a PSU is applied, only PSUs can be applied in future quarters until the database is upgraded to a new base version.
Which mean you can’t Apply CPU and PSU and same database.

Some MOS note that could be Useful :

Introduction to Oracle Patch Set Updates (PSU) 854428.1
Quick Reference to Patchset Patch Numbers [ID 753736.1]
Quick Reference to Patch Numbers for Database PSU, SPU(CPU), Bundle Patches and Patchsets [ID 1454618.1]
New Patch Nomenclature for Oracle Products [ID 1430923.1]

PSU  contain fix for bugs that cause Instance crash,Wrong results and Data Corruption on the other hand Dictionary changes , Major Algorithm changes ,and Optimizer plan changes not fixed by PSU.

to check Applied PSU patched you need to run :

opatch lsinventory -bugs_fixed | grep -i ‘DATABASE PSU’

 and if you need to check CPU :

 Select * from registry$history;

Thank you
Osama mustafa

Hack Sys Password With Simple Way

Posted on by Osama Mustafa in Others
Sometimes you want to know the SYS password with simplest way, well check the below if you have any User with DBA role then you can do that :

SQL>  select utl_inaddr.get_host_name((select username||’=’||password from dba_users where rownum=1)) from dual;

 select utl_inaddr.get_host_name((
        *
ERROR at line 1:
ORA-29257: host SYS=8A8F025737A9097A unknown
ORA-06512: at “SYS.UTL_INADDR”, line 4
ORA-06512: at “SYS.UTL_INADDR”, line 35
ORA-06512: at line 1

Now You can use any Software or Online Site to Hack This Password

Thank you
Osama Mustafa

Basic Database Securiy GuideLines

Posted on by Osama Mustafa in Others
Implementing any Database Security is not easy process which it’s Complex since the security has to be looked at OS Layer, Database, Network , application code, and backup lot of things you need to check if you need secure database you can’t ignore one part of this components.

You need to know even experts/Guru dose not have complete understanding for this list, maybe they have knowledge about it but not that much, But the most important things in securing database ( new one ) or securing application is early understanding security model very early in the development process  and how to develop it. you can read the this book  “Oracle security: Step-by-step” by Pete Finnigan he mentioned lot of basic steps to secure oracle database.

From a high level perspective, security is always about risk. If you think that your system is impenetrable, think again. Someone else will always be building a better mousetrap.

For example if we asked ourself as DBA About SQL injection one of the TOP ten Threats in Database
it happens because somebody is writing a Web application that accesses your database which mean if this code writes incorrectly, what happened if the hacker get access to your database thru this code.because of this DBA needs to understand who is access to database  and make sure the developers are accessing in a secure way.

Internal/External hacker going to search for Holes in your application to get in,as we know there’s one of attack type used called Buffer Overflow because of this you need to keep you system is up to date patched like usual people most of them not doing that since they worried about if that patch will broke their system or application.

Today a lot of people are ignoring the security side of the job. Many companies don’t have the resources. Until you get hacked, and until you lose data, then you think you can get by with minimal security.

I mention before the in my article about Basic steps to secure Oracle Database some of this article provided with examples i will advise today to bookmark this to keep updated with Oracle Security patches lot of tips to talk about and need to share it here as soon as i can.

Thank you
Osama Mustafa

Hack Root Password With Protected Grub

Posted on by Osama Mustafa in Operating system
I post before Article talking about “Hack Root Password With Protected Grub” Here .

But what if GRUB was Locked By password and you forget Root Password, There’s always away to do it but you need the same media for Operating system ( Never tried to use different distribution ) after boot :

In the above screen Type ” linux rescue ” and then Press enter

After follow the instruction and Enter Bash

chroot /mnt/sysimage [Enter]
cd /boot/grub [Enter]
vi menu.lst

Now In that file you see word “Password”  Remove Line, This will remove Grub password after save it the OS will Reboot but this time Grub will be UN-Protected , Remove CD and follow the normal instruction in Article Number one Here.

Thank you
Osama Mustafa

Reset/Hack Linux Root Password ( Unprocted GRUB )

Posted on by Osama Mustafa in Operating system
Do you want to learn something New ? Hack/Reset Root Linux Password Then Continue Reading.

Root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.

What If I Forget Root Password? Check The below

Restart The Server and you must see this screen Pause it click arrow :

Second Press “a” then add “1” like the below screen after finish Press enter :

Now Black Screen :

Print “Runlevel”

and Reset Root Password like the below by type “passwd” command :

Note : This Way works with Redhat , Fedora and CentOs i didn’t try it on Ubuntu

Thank you
Osama mustafa




Oracle Database vs Sql Server Security

Posted on by Osama Mustafa in Others
Which one is the more secure ?

the above question asked before and will be asked today and in the future but what is the answer !! Before start asnwering this question you need to discuss somepoints.

as introduction Sql server is database solution product from Microsoft corporation with the following Version list :

  • SQL Server 2012
  • SQL Server 2008 R2
  • SQL Server 2008
  • SQL Server 2005
  • SQL Server 2000
  • SQL Server 7.0
 On the other hand we have oracle Database which RDMS ( Relation Database Managment System ) with the following version list :
 
  • Oracle7
  • Oracle8 Database
  • Oracle8i Database
  • Oracle9i Database
  • Oracle Database 10g
  • Oracle Database 11g
each of database include new features, this features could be related to high availability, database features and secuirty features, I try to be fair in my judgment, Let’s Back to Question Which is More Secure Oracle Database vs Microsoft Sql Server ? and why ?
I read lot of research regarding to this question and most of them caliming that sql server is more secure than Oracle database but why ?  oracle is the best database for large organization and can store more date with a great security when i mean great Security  there’s lot of solution products from Oracle such as Database vault , Audit Vault , and Data masking. But for small solutions and Orginization most of them use Sql server .
I red this Reports for David Litchfield here. and published in November 2006 and calims hat sql server is more secure than oracle database. also you need to know while you are compare this two database the main difference between them :
Microsoft Sql server is only working on One Platform ( Windows ), easy to manage, Most of the administration thru GUI (very friendly ) ,  simple to install  , Sql server is cost less than oracle ( Cost much more than less )  Licensing fees. all this indicate me to the following :
  • since sql server is easy to install and administration then the performance is usually fine.
  •  The only way to scale a system built on sql server technology is to add more memory and CPU to the single server hosting the database.
  • as mention before Sql server Suport Only One Platform.
On the other hand Oracle is Support all plaforms ( Linux , Unix , Windows , HP , AIX and Sun .. and sorry i forgot to mention others ), i will not say it’s easy to install but document are available for free if you follow them you will not be lost, Oracle database is enterprise solutions which mean if you need database that store huge data and support high availability cluster ( sql server dose not support it ) and introduce lot of backup recovery solution, data guard on of them becuase of this it’s expensive and costing the company don’t forget the main reason Oracle DBA salary is more than Sql server which mean the compaines will study this case before looking for solutions.
also to be fair Oracle support talking some time to answering you and solve the issue or database vulnerability , however in sql server support it’s amazing and solve the issue or vulnerability database in 24 hours or less.
since oracle database working for large organization business such as finical and insurance company the aim for any hackers ( i would like to mention here hacker not looking for small company to hack it’s need something will be worth if he getting caught ) it will make it under attack for any hacker in my articles i mentioned there’s no secure system 100% but you can make it harder for any hacker to access to your data and oracle provide with products to do that : Data Valut , Audit Vault , Database firewall and encryption.
Another point i would like to mention here ( take it also as point when you compare ) oracle working on more than platforms.so Focusing on one  platform Security  will be the same as five/six/… platforms Security ? you should answer on this question not me !!!
 Oracle’s capacity to run on large databases, its have many performance improvement features,the performance can include Hardware or database ( sql server only hardware ) which is more secure ?
it’s completely up to you but don’t miss or ignore the point i mentioned before in this article
Thank you
Osama Mustafa

Sys Password and Alter User Privileges

Posted on by Osama Mustafa in Database
While I am browsing i found this topic which is really amazing and Useful if you are interested securing your database, I mentioned before in my topics to secure database you need to start with simple steps first the below is one of them :

SQL> CREATE or REPLACE TRIGGER prohibit_alter_SYSTEM_SYS_pass
AFTER ALTER on SCOTT.schema
BEGIN
IF ora_sysevent=’ALTER’ and ora_dict_obj_type = ‘USER’ and
(ora_dict_obj_name = ‘SYSTEM’ or ora_dict_obj_name = ‘SYS’)
THEN
RAISE_APPLICATION_ERROR(-20003,
‘You are not allowed to alter SYSTEM/SYS user.’);
END IF;
END;
/

Trigger created.

SQL> conn scott/tiger
Connected.

SQL>alter user system identified by new_password;
alter user system identified by new_password
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20003: You are not allowed to alter SYSTEM/SYS user.
ORA-06512: at line 5

SQL> alter user sys identified by new_password;
alter user sys identified by new_password
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20003: You are not allowed to alter SYSTEM/SYS user.
ORA-06512: at line 5

Future Of Oracle DBA

Posted on by Osama Mustafa in News
What is the Future of DBA ? One Question but it’s been asked lot , and no one knows what is this future could be !! The technology going fast and everything become easy to use, well is this mean all DBA will sit in the future without any work ? the traditional task role of the DBA is dead which mean  Most tasks assigned to the DBA staff can either be automated or eliminated with new features of the software.

Let’s Start with CNN Article that mention DBA as one of the Top Ten Promising jobs with solid job growth outlook over the next several years.The DBA will need to understand the business and craft solutions with off the shelf components to satisfy the needs of the business.which mean it will be different depending on the company for example companies will hire DBA to work with development, Other companies will hire DBA to monitor databases and enure high availability.

You can’t ensure that your systems and Application working fine without experts and you can’t hire someone to do all the tasks, Which mean DBA will be exists in the future but for concern will be on other products such Cloud, Big data, Exadata, oracle appliance.So DBA OF all Sort that needed now will be needed in the future but the main change as i see is the career path and daily task for DBA.

if you want more accurate answer check the Database version 9i,10g and 11g and now we are waiting for 12c, with every version  it’s automated new more mundane tasks, But with simple way for example enterprise manager is controlling all database backup, Monitor and recovery so this indicate the DBA will have much time to architect database systems, monitor security, and many other things.

DBA is very important Job and will be found now or later check the discussion for tom Kyte about that Click here

Thank you
Osama mustafa