Useful stuff for AOLServer
April 25th, 2008 adminWhy does AOLServer 4.5 build fail with
nslibinit.c:(.text+0x0): multiple definition of `_init' ?
http://www.mail-archive.com/aolserver@listserv.aol.com/msg11286.html
Why does AOLServer 4.5 build fail with
nslibinit.c:(.text+0x0): multiple definition of `_init' ?
http://www.mail-archive.com/aolserver@listserv.aol.com/msg11286.html
Connect to system space as sysdba: (su oracle)
sqlplus “system/manager as sysdba”
List oracle running processes:
select pid as ora_pid, spid as nix_pid, serial#, background
from v$process
See which ora session is associated with which OS process:
select sid as session_id, serial#, status, process as nix_pid, sql_hash_value
from v$session;
See what SQL an oracle session is running:
select pid as ora_pid, spid as nix_spid, s.sid as session_id, users_executing, sql_text
from v$process p, v$session s, v$sqlarea a
where p.addr = s.paddr
and s.sql_hash_value = a.hash_value
order by cast(spid as int)
Declare a bind variable in Sql*Plus:
variable my_var number;
begin
:my_var := 123;
end;
/
print my_var
Have Sql*Plus ask you for a value in a query:
select *
from tblFoo
where foo_id = &myVar
Have Sql*Plus output a query as an html table:
sqlplus -s -m “HTML ON TABLE ‘border=0 cellpadding=2 cellspacing=2′” mydbuser/mydbpass @report_query.sql > report_file.html
Show user grants:
(as sysdba) select * from dba_role_privs;
Show used/free space by tablespace (in MB):
SELECT Total.name “Tablespace Name”,
nvl(Free_space, 0) Free_space,
nvl(total_space-Free_space, 0) Used_space,
total_space
FROM
(select tablespace_name, sum(bytes/1024/1024) Free_Space
from sys.dba_free_space
group by tablespace_name
) Free,
(select b.name, sum(bytes/1024/1024) TOTAL_SPACE
from sys.v_$datafile a, sys.v_$tablespace B
where a.ts# = b.ts#
group by b.name
) Total
WHERE Free.Tablespace_name(+) = Total.name
ORDER BY Total.name
Shutting down oracle:
shutdown normal
Starting up oracle:
svrmgrl
connect internal
startup
Modifying lob columns:
ALTER TABLE <table name> ADD (<lobcol> <LOBTYPE> <LOB_clause_same_as_for_create>) | MODIFY LOB (<lobcol>) ( [PCTVERSION <version_number>] [ { CACHE | NO CACHE [{LOGGING | NOLOGGING}] | CACHE READS [{LOGGING | NOLOGGING}] } ] ) | MOVE [ONLINE] [<physical_attributes>] [TABLESPACE <tablespace_name>] [LOGGING | NOLOGGING] [<LOB_clause_same_as_for_create>]
Adding a user:
useradd -d /path/to/home -m -s /path/to/shell -c “First Last” username
-m = make home directory and copy skeleton files
Removing a user:
userdel -r username
-r = remove the home directory
Show user’s group membership:
groups username
Change user’s group membership:
usermod -G group1,group2,group3 username
Customize the command prompt:
PS1=”`whoami`@`hostname`#”
PS1=”[\u@\h \w]#”
\! History number of current command
\# Command number of current command
\d Current date
\h Host name
\n Newline
\s Shell name
\t Current time
\u User name
\W Current working directory
\w Current working directory (full path)
Disk Management:
Slice = a contiguous range of blocks
8 slices per disk (generally)
1 file system per slice
File system cannot span multiple slices (without a LVM)
Slice cannot span multiple disks
Moving files with CPIO:
find . -depth | cpio -p -d -m -v /path/to/dest
See what process is preventing a umount
fuser -u /dev/dsk/c0t2d0s7
What is /var/adm/pacct:
pacct = process accounting file
ckpacct checks the size of the pacct file. If it exceeds 500 blocks (default)
accounting will be turned off
turnacct turns accounting on/off. Use switch arg to move the current pacct file to
/var/adm/pacct[filenum]
calling ckpacct will also rotate the pacct file
Since I am a consumer of online financial services (banking, investment, etc) and also work with financial service providers in that area, I’ve had the opportunity to sample a large number of username/password security schemes. It’s a no-brainer to prevent users from doing the obviously silly, like making their password the same as their login or having a two-character password. Unfortunately, many security scheme designers forget that their website is only one of many that users engage with, and foist schemes on their users that are irritating at best and possibly counterproductive at worst.
Many sites now defeat form autocompletion for username fields as well as password fields. Sorry, no I don’t remember what username I picked when I signed up with you– especially if you wouldn’t let me use my first or second choice.
One credit card company I use disallows special characters in their online account passwords. That means I had to choose a password that is actually weaker than I prefer, and it doesn’t fit the mnemonics I use to remember this stuff. That means I can either go through the password reset process a lot (irritating), guess and hope I don’t get it wrong enough times to lock out the account (also irritating), or write it down somewhere (insecure).
Same problem with sites that force periodic password changes.
Most username/password schemes are clearly meant to deal with brute force or lucky guess attacks, and of course that is a legitimate concern. However, the more complicated these schemes get and the more they vary between sites, the more users will start finding insecure coping strategies– like writing things down on paper. Now your complicated, unguessable password is out there in plaintext for everyone to see. Oops!
The limits of human memory and patience are just as much of an issue as more “obvious” security risks.
One online bank, ING Direct, has an interesting security approach that I have not seen elsewhere. Users log in with a customer number and short ATM-style PIN. The PIN is entered either by clicking numbered buttons or typing letter equivalents that rotate with each visit. The site tracks the user’s IP address and (IIRC) requires further validation if the IP is new. In addition, as an anti-phishing measure the site shows the user a picture and phrase they picked when setting up the account. With this approach, ING maintains account security and a smooth user experience.