Tuesday, September 18, 2012

Rename a Database

Here's a cool tip - how to actually rename a database. You can always change SERVICE_NAMES, but if you want to change the internal name of the db, here's a quick tutorial using the utility NID:



SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup mount --(must be mounted)
ORACLE instance started.

Total System Global Area 1677721600 bytes
Fixed Size                  2066240 bytes
Variable Size             318769344 bytes
Database Buffers         1342177280 bytes
Redo Buffers               14708736 bytes
Database mounted.

 Now, we’re going to change the database name to SBY02. We assume ORACLE_SID=<OLDSID>:

SQL> $nid target=/ DBNAME=SBY02 setname=YES

DBNEWID: Release 10.2.0.4.0 - Production on Thu Jul 29 15:11:25 2010

Copyright (c) 1982, 2007, Oracle.  All rights reserved.

Connected to database LIVE (DBID=551896809)

Connected to server version 10.2.0

Control Files in database:
    +DG1/sby02/controlfile/control01.ctl

Change database name of database LIVE to SBY02? (Y/[N]) => Y

Proceeding with operation
Changing database name from LIVE to SBY02
    Control File +DG1/sby02/controlfile/control01.ctl - modified
    Datafile +DG1/sby02/datafile/system.5391.725630121 - wrote new name
    Datafile +DG1/sby02/datafile/undotbs1.2314.725630121 - wrote new name
    Datafile +DG1/sby02/datafile/sysaux.2311.725630121 - wrote new name
    Datafile +DG1/sby02/datafile/users.2323.725630125 - wrote new name
      Datafile +DG1/sby02/tempfile/temp.2213.725641409 - wrote new name
    Control File +DG1/sby02/controlfile/control01.ctl - wrote new name
    Instance shut down

Database name changed to SBY02.
Modify parameter file and generate a new password file before restarting.
Succesfully changed database name.
DBNEWID - Completed succesfully.


SQL> disconn
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64
bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> conn / as sysdba
Connected to an idle instance.
SQL> startup nomount
ORACLE instance started.

Total System Global Area 1677721600 bytes
Fixed Size                  2066240 bytes
Variable Size             318769344 bytes
Database Buffers         1342177280 bytes
Redo Buffers               14708736 bytes
SQL> alter system set db_name=SBY02 scope=spfile;

System altered.

SQL> shutdown immediate
ORA-01507: database not mounted


ORACLE instance shut down.
SQL> startup

The other cool thing about this is that DB_UNIQUE_NAME is changed automatically; only DB_NAME needs changing. I leave it to you to generate a new password file.

Sunday, September 16, 2012

DDL Detection

Being an Oracle DBA is not always a pleasant task. There are unscrupulous third parties out there who steal your employer's customers, and then try to steal their intellectual property.

Here's one script I wrote after encountering the darker side of DBA-ing. When an untrusted third party starts messing about in your employer's databases, then things "get real".

In this set of scripts, we create a little trap for our third-party friends - if they run DDL, you log it and email it to yourself.

This is a pre-cursor, a backup for another, much more advanced defence against unwanted visitors which I'll post later in another blog entry.

This was written for 10g, YMMV for other versions.

Yes, stuff is written to the SYS schema, which is a no-no; I'll re-write it to use another schema for a later blog entry.

-- clear the previous table
DROP TABLE SYS.ddl_log;


CREATE TABLE SYS.ddl_log
    (audit_id                       NUMBER NOT NULL,
    audit_date                     DATE NOT NULL,
    sessionid                      NUMBER,
    username                       VARCHAR2(30),
    osuser                         VARCHAR2(30),
    terminal                       VARCHAR2(16),
    HOST                           VARCHAR2(64),
    ip                             VARCHAR2(15),
    program                        VARCHAR2(64),
    module                         VARCHAR2(48),
    operation                      VARCHAR2(30),
    obj_owner                      VARCHAR2(30),
    object_name                    VARCHAR2(30),
    sql_text                       VARCHAR2(64)
    )
/

-- Indexes for SYS.ddl_log

CREATE UNIQUE INDEX SYS.pk_ddl_log ON SYS.ddl_log
  (
    audit_id                        ASC
  )
/

-- Comments for SYS.ddl_log

COMMENT ON COLUMN SYS.ddl_log.audit_id IS 'Primary Key'
/
-- End of DDL Script for Table SYS.DDL_LOG

-- We need sequences for the trigger
DROP SEQUENCE SYS.sq_ddl_log;
CREATE SEQUENCE SYS.sq_ddl_log
 START WITH  1
 INCREMENT BY  1
 NOCACHE
/


-- Start of DDL Script for Trigger SYS.DDL_DETECTION

create or replace trigger SYS.DDL_DETECTION
 before
  create or alter or drop
 on database
DECLARE
   v_audit_rec       ddl_log%ROWTYPE;
   oper              ddl_log.operation%TYPE;
   sql_text          ora_name_list_t;
   i                 PLS_INTEGER;
   v_db_instance     VARCHAR2 (8);
   v_email_subject   VARCHAR2 (32);
   v_email_body      VARCHAR2 (4000);
   crlf              VARCHAR2 (2)             := CHR (13) || CHR (10);
   PRAGMA AUTONOMOUS_TRANSACTION; /* only way to commit within a trigger */

BEGIN
/* no checking v$session for detection avoidance
no intention to block - only log and email*/
   SELECT ora_sysevent
     INTO oper
     FROM DUAL;

   BEGIN
      SELECT program
        INTO v_audit_rec.program
        FROM SYS.v_$session
       WHERE audsid = SYS_CONTEXT ('USERENV', 'SESSIONID')
         -- AUDSID is the same for all SYS connections
         AND SID = SYS_CONTEXT ('USERENV', 'SID')
         -- so we use SID to differentiate
         AND ROWNUM = 1;
   EXCEPTION
      WHEN NO_DATA_FOUND
      THEN
         v_audit_rec.program := 'SESSIONID_NOT_FOUND';
   END;

-- get all audit info first
   i := sql_txt (sql_text);

   IF oper IN ('CREATE', 'DROP', 'ALTER')
   THEN
      SELECT ora_sysevent, ora_dict_obj_owner,
             ora_dict_obj_name, sql_text (1)
        INTO v_audit_rec.operation, v_audit_rec.obj_owner,
             v_audit_rec.object_name, v_audit_rec.sql_text
        FROM DUAL;
   END IF;

   SELECT SYS_CONTEXT ('USERENV', 'SESSIONID'),
          SYS_CONTEXT ('USERENV', 'SESSION_USER'),
          SYS_CONTEXT ('USERENV', 'OS_USER'),
          SYS_CONTEXT ('USERENV', 'TERMINAL'),
          SYS_CONTEXT ('USERENV', 'HOST'),
          SYS_CONTEXT ('USERENV', 'IP_ADDRESS'),
          SYS_CONTEXT ('USERENV', 'MODULE'),
          SYS_CONTEXT ('USERENV', 'DB_UNIQUE_NAME')
     INTO v_audit_rec.sessionid,
          v_audit_rec.username,
          v_audit_rec.osuser,
          v_audit_rec.terminal,
          v_audit_rec.HOST,
          v_audit_rec.ip,
          v_audit_rec.module,
          v_db_instance
     FROM DUAL;

--determine if we need to log or filter out stuff we're not interested in
   IF (    (v_audit_rec.sessionid > 0)
       AND (v_audit_rec.object_name NOT LIKE ('SYS_TEMP%'))
       AND (v_audit_rec.terminal NOT IN ('MYWORKSTATION', 'FRIENDLYWORKSTATION'))
      )
   THEN                                                           -- let's log
      SELECT sq_ddl_log.NEXTVAL
        INTO v_audit_rec.audit_id
        FROM DUAL;

      v_audit_rec.audit_date := SYSDATE;

      INSERT INTO SYS.ddl_log
           VALUES v_audit_rec;

      COMMIT;
      -- and email it
      v_email_subject := v_db_instance || ': DDL Notification';
      v_email_body :=
            'Timestamp   : '
         || TO_CHAR (v_audit_rec.audit_date, 'dd/mm/yyyy hh24:mi:ss')
         || crlf
         || 'Session ID  : '
         || v_audit_rec.sessionid
         || crlf
         || 'Username    : '
         || v_audit_rec.username
         || crlf
         || 'OS User     : '
         || v_audit_rec.osuser
         || crlf
         || 'Host        : '
         || v_audit_rec.terminal
         || crlf
         || 'IP Addreses : '
         || v_audit_rec.ip
         || crlf
         || 'Module      : '
         || v_audit_rec.module
         || crlf
         || 'Program     : '
         || v_audit_rec.program
         || crlf
         || 'Operation   : '
         || v_audit_rec.operation
         || crlf
         || 'Schema Owner: '
         || v_audit_rec.obj_owner
         || crlf
         || 'Object      : '
         || v_audit_rec.object_name
         || crlf
         || 'Statement   : '
         || v_audit_rec.sql_text;

      BEGIN
         mailit.mailusers ('kmohammed', '', v_email_subject, v_email_body);
      EXCEPTION
         --silently fail email errors, dont alert our visitors
         WHEN OTHERS
         THEN
            NULL;
      END;
   END IF;
END ddl_trigger;
/


-- End of DDL Script for Trigger SYS.DDL_DETECTION

If you don't require email-ing of the DDL, then that's easily removed from the script.

Let me explain one of the most important parts of this script:


       SELECT program
        INTO v_audit_rec.program
        FROM SYS.v_$session
       WHERE audsid = SYS_CONTEXT ('USERENV', 'SESSIONID')
         -- AUDSID is the same for all SYS connections
         AND SID = SYS_CONTEXT ('USERENV', 'SID')
         -- so we use SID to differentiate
         AND ROWNUM = 1;



This appears convoluted because :
  1. Not all clients populate the MODULE column of V$SESSION. Toad is especially guilty of this, and I suspected the third-party was using Toad. Hence the decision to use the PROGRAM column.
  2. People can mess with V$SESSION. Yes, dear reader, there are unscrupuolous people out there who mess with V$SESSION in an effort to avoid simpler defences against their unauthorised intrusions. 
  3. Detecting accurately the correct SYS session is much harder than your average session.

That's why I take the following steps:
  1. Select from the underlying table i.e.  V_$SESSION
  2. Check the client's SESSIONID (  SYS_CONTEXT ('USERENV', 'SESSIONID') ) against the AUDSID's in V_$SESSION. If the client's SESSIONID does not show up in V_$SESSION, now that's an interesting login.
  3. Have further SYS-specific checks.
One problem with SYS is that if your SQLNET.ORA has:

SQLNET.AUTHENTICATION_SERVICES= (NTS)

And your account is a member of the local group ORA_DBA, then you can connect using OS Authentication (on Windows) without using a password, and "AS SYSDBA". We have to live with that.

In later posts, I'll update the script to use a non-SYS schema, and I'll post my advanced scripts to defend against those unscrupulous people.

Execute ANY Host command

I had a problem at one customer - I couldn't login to the Windows host. Their MS techie had created a local admin user for me, but the account had been locked out or the password had been changed, and now I had no way to use the account - the desk jockey wasn't responding to emails fast enough.

Anyway, I could still login to the Oracle DB as SYS. This little script allowed me to change the password of the host account:


-- run as SYS, and change the command in the 3rd argument
BEGIN
   DBMS_SCHEDULER.create_job ('t1',
                              job_action               => 'C:\WINDOWS\SYSTEM32\CMD.EXE',
                              number_of_arguments      => 3,
                              job_type                 => 'executable',
                              enabled                  => FALSE
                             );
   DBMS_SCHEDULER.set_job_argument_value ('t1', 1, '/q');
   DBMS_SCHEDULER.set_job_argument_value ('t1', 2, '/c');
   DBMS_SCHEDULER.set_job_argument_value ('t1',
                                          3,
                                          'C:\WINDOWS\SYSTEM32\NET.EXE user localadmin password1234'
                                         );
   DBMS_SCHEDULER.ENABLE ('t1');
END;
/

The third argument is the key - with it, you can run any command as the built-in user LocalSystem. In this example, the command resets the localadmin account with the password password1234. It effectively gives you complete control of the host.

It's not a backdoor. You must know the SYS password, and it works this way because the Oracle services run as LocalSystem (by default) on a Windows host.

This also works for Windows 2008, but I had to specify the full path to the NET.EXE file. You can troubleshoot any failed commands by looking at the output of DBMS_SCHEDULER.

RMAN Restore by Command-Line


Overview: I will explain RMAN fundamentals and work through an example to demonstrate an RMAN restore.

Fundamentals


An RMAN restore is really just two commands:

  1. RESTORE DATABASE. This command instructs RMAN to search the controlfile for a list of valid database backups, select the most recent and issue a restore. A restore is simply the placing of database files on disk.

  1. RECOVER DATABASE. This command tells RMAN: make the database consistent. Before a database can be opened, it must be consistent. Unless directed by Oracle Support, this rule can not be overturned, and is always enforced by the database.
In Oracle terms, consistency means all database files must be at the same System Change Number(SCN). SCN is the way Oracle keeps internal time – every change to the database is assigned a unique SCN. Every change – INSERT, UPDATE, DELETE, ALTER, COMMIT or System Checkpoints – is assigned a unique SCN.

Now, a consistent restore is not necessarily complete. In Oracle terms, if a backup was taken while the database was open (hence using archivelog mode), any recovery from such a backup will be incomplete.

A backup taken from an open database in archivelog mode can not backup the online REDO logs. So any changes recorded in a Redo log will not be backed up, hence the reason why the restore is referred to as incomplete. This is not a problem, since for most intents & purposes, a restore to the last available archivelog is expected.

Example


We will use RMAN to restore a database called LIVE as the example process. We assume:
·         The database was in archivelog mode
·         Autobackup turned on
·         The backup & autobackup are available on disk

In this example, commands to be typed are shown in bold - in the context of the command output. Steps should be followed in the order given since later steps depend on successful completion of previous steps.


  1. This step may be optional. If the restore is to be done on a new server, then this step is necessary, otherwise the instance may already exist. Create a new Oracle instance called LIVE using these commands in a new Command Prompt window:

CD /D C:\oracle\product\10.2.0\db_1\BIN

oradim -NEW -SID LIVE -SYSPWD password_live

  1. In this step, we will use RMAN to restore the latest spfile and controlfile using what is known as an Autobackup. An autobackup contains the controlfile and spfile of the LIVE database.

HUMAN INTERVENTION NECESSARY: You need to identify the appropriate autobackup file. It is usually located in the latest-dated sub-folder with an Oracle-generated name. When typing the commands below, substitute the appropriate file names.

You will need to determine the appropriate controlfile path & name for this step. Note that the entire file name is enclosed by single quotes.

  1. Perform the restore:
    1. Open a Command prompt and type:

set oracle_sid=LIVE

   rman target /

Recovery Manager: Release 10.2.0.1.0 - Production on Thu Oct 27 16:18:41 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

connected to target database (not started)

RMAN> startup nomount;

startup failed: ORA-01078: failure in processing system parameters
LRM-00109: could not open parameter file 'C:\ORACLEXE\APP\ORACLE\PRODUCT\10.2.0\
SERVER\DATABASE\INITXE.ORA'

starting Oracle instance without parameter file for retrival of spfile
Oracle instance started

Total System Global Area     159383552 bytes

Fixed Size                     1286292 bytes
Variable Size                 58724204 bytes
Database Buffers              96468992 bytes
Redo Buffers                   2904064 bytes

RMAN> restore spfile from 'C:\ORACLEXE\APP\ORACLE\FLASH_RECOVERY_AREA\XE\AUTOBAC
KUP\2011_10_27\O1_MF_S_765644418_7BLS3FWT_.BKP';

Starting restore at 27-OCT-11
using channel ORA_DISK_1

channel ORA_DISK_1: autobackup found: C:\ORACLEXE\APP\ORACLE\FLASH_RECOVERY_AREA
\XE\AUTOBACKUP\2011_10_27\O1_MF_S_765644418_7BLS3FWT_.BKP
channel ORA_DISK_1: SPFILE restore from autobackup complete
Finished restore at 27-OCT-11

RMAN>

RMAN> shutdown abort;

ORACLE instance shut down.

RMAN> startup nomount;

ORACLE instance started.

Total System Global Area 1677721600 bytes
Fixed Size                  2066240 bytes
Variable Size             318769344 bytes
Database Buffers         1342177280 bytes
Redo Buffers               14708736 bytes


RMAN> restore controlfile from 'E:\DSLD01\FRA\LIVE\AUTOBACKUP\2010_07_28\O1_MF_S
_725565668_650RLONZ_.BKP';

Starting restore at 29-JUL-10
using channel ORA_DISK_1

channel ORA_DISK_1: restoring control file
channel ORA_DISK_1: restore complete, elapsed time: 00:00:16
output filename=+DG1/sby02/controlfile/control01.ctl
Finished restore at 29-JUL-10


RMAN> shutdown immediate
ORA-01507: database not mounted


ORACLE instance shut down.
RMAN> startup mount
ORACLE instance started.

Total System Global Area 1677721600 bytes
Fixed Size                  2066240 bytes
Variable Size             318769344 bytes
Database Buffers         1342177280 bytes
Redo Buffers               14708736 bytes
Database mounted.

HUMAN INTERVENTION NECESSARY: Note the following command requires the correct folder/date to be substituted (similar to commands above).

RMAN> catalog start with ‘E:\FRA\LIVE\BACKUPSET\2010_07_28\' noprompt;

Starting implicit crosscheck backup at 29-JUL-10
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=479 devtype=DISK
Crosschecked 8 objects
Finished implicit crosscheck backup at 29-JUL-10

Starting implicit crosscheck copy at 29-JUL-10
using channel ORA_DISK_1
Finished implicit crosscheck copy at 29-JUL-10

searching for all files in the recovery area
cataloging files...
no files cataloged

[Not all output shown, ignore any errors]

  1. Here we perform the restore and recover. The Recover command may produce some errors – ignore.

RMAN> RUN
{ allocate channel disk1 type disk;

  RESTORE DATABASE;
  RECOVER DATABASE;
}


allocated channel: disk1
channel disk1: sid=479 devtype=DISK

Starting restore at 29-JUL-10

channel disk1: starting datafile backupset restore
channel disk1: specifying datafile(s) to restore from backup set
restoring datafile 00001 to +DG1/live/datafile/system.256.619109535
restoring datafile 00002 to +DG1/live/datafile/undotbs1.258.619109535
restoring datafile 00003 to +DG1/live/datafile/sysaux.257.619109535
restoring datafile 00004 to +DG1/live/datafile/users.259.619109535
...
channel disk1: reading from backup piece E:\FRA\LIVE\BACKUPSET\2010_07_23
\O1_MF_NNNDF_TAG20100723T180022_64MLO798_.BKP

Make a cup of tea or two. This will take some time.


  1. At this point, we should have an incompletely recovered database. RMAN should say:
...
archive log filename=E:\FRA\LIVE\ARCHIVELOG\2010_07_28\O1_MF_1_4607_651BY
17T_.ARC thread=1 sequence=4607
media recovery complete, elapsed time: 00:01:23
Finished recover at 29-JUL-10
released channel: disk1

Continue with the process:

SQL> alter database set standby database to maximize performance;

Database altered.

SQL> alter database open resetlogs;

Database altered.

SQL> QUIT;


That’s the end of the RMAN restore process.