.[metro777@cock.li].Elbie勒索病毒加密数据库恢复

Posted on 2024 年 09 月 13 日 by 惜分飞

有可能数据库被勒索加密扩展名为:.[metro777@cock.li].Elbie,以前有过类似恢复.mkp和.Elbie勒索加密数据库可恢复
metro777@cock.li.Elbie

通过工具分析文件损坏情况

对于这种文件损坏较少的oracle数据文件,可以通过自研的Oracle数据文件勒索恢复工具直接进行恢复
oracle

然后直接打开数据库,使用expdp导出数据(由于system文件中损坏的少量block刚好是i_col3这个index,对其进行处理之后,导出成功)
类似勒索病毒预防建议：
1. 教育和培训：提高用户的网络安全意识非常重要。通过定期的网络安全培训和教育，向用户传达有关勒索病毒及其传播方式的知识，让他们能够警惕潜在的威胁，并学会如何正确应对可疑的电子邮件、链接和附件。
2. 更新和维护：及时更新操作系统、应用程序和安全软件，以修补已知的漏洞，并确保系统能够及时获取最新的安全补丁。此外，定期进行系统维护和检查，确保系统的安全配置和设置。
3. 备份数据：定期备份重要的数据和文件，并将备份存储在安全的离线或云存储中。确保备份是完整的、可靠的，并且能够及时恢复，以便在发生勒索病毒感染或其他数据丢失事件时能够快速恢复数据。
4. 网络安全工具：使用可信赖的网络安全工具，包括防病毒软件、防火墙、入侵检测系统等，以提高系统的安全性和防护能力。定期对系统进行全面的安全扫描和检测，及时发现并清除潜在的威胁。
5. 访问控制：实施严格的访问控制措施，限制用户对系统和文件的访问权限，避免使用管理员权限进行日常操作，以减少恶意软件感染的风险。此外，定期审查和更新访问控制策略，确保系统安全性得到有效维护。
6. 应急响应计划：制定和实施应急响应计划，明确团队成员的责任和任务，建立应对勒索病毒和其他安全事件的应急响应流程，以最大程度地减少损失并快速恢复业务正常运营。

如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持，请联系我们:
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com

应用连接错误,初始化mysql数据库恢复

Posted on 2024 年 09 月 09 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：应用连接错误,初始化mysql数据库恢复

有人在部署一个新网站的时候,写错了配置信息,直接导致原有数据库被清掉,并创建了新库和写入了数据(其实本质就是drop table恢复)
mysql

登录操作系统查看,发现数据库文件在根分区,创建了新库,写入了数据之外,还有几个G的binlog.全部恢复不太可能,最后客户决定需要恢复的2个核心表数据,估计也就几十M的数据.通过os层面进行分析,发现操作系统的反删除恢复无法实现这类数据恢复.最后决定从mysql innodb的的碎片级别记性扫描恢复,通过扫描发现较多碎片
page

然后通过一些思路找出来需要恢复的表对应的page文件,然后对其进行解析恢复出来需要的数据

具体技术文章参考:
kettle导致MySQL数据丢失恢复
[MySQL异常恢复]恢复数据字典表讲解
[MySQL异常恢复]mysql drop table 数据恢复
[MySQL异常恢复]使用工具直接抽取MySQL数据字典
MySQL drop database恢复(恢复方法同样适用MySQL drop table,delete,truncate table)

RAC默认服务配置优先节点

Posted on 2024 年 09 月 07 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：RAC默认服务配置优先节点

在某些rac情况下需要,需要对数据库默认的db_name对应的服务名进行修改,实现优先节点访问的效果.分析了下在默认值情况下,db_name影响到db_unique_name,然后决定了数据库的service_names.现有库的db_name无法修改,那就只能在db_unique_name上做手脚(只是修改service_names,对应的db_unique_name还是会创建默认服务,这样该服务依旧可以连接).但是在rac环境中db_unique_name记录到了crs资源之中,无法直接在数据库级别修改(修改会报ORA-32017 ORA-65500错误)

SQL> alter system set db_unique_name='nxifenfei' sid='*' scope=spfile;
alter system set db_unique_name='nxifenfei' sid='*' scope=spfile
*
ERROR at line 1:
ORA-32017: failure in updating SPFILE
ORA-65500: could not modify DB_UNIQUE_NAME, resource exists

只能先删除crs中关于db的资源,然后再进行修改服务名,再增加db资源

[oracle@xffdb1 ~]$ srvctl remove database -d xifenfei  -f

SQL> alter system set db_unique_name='nxifenfei' sid='*' scope=spfile;

[oracle@xffdb1 ~]$ srvctl add database -d nxifenfei -o /u01/app/oracle/product/19c/db_1 -p \
  +DATADG/XIFENFEI/PARAMETERFILE/spfile.271.1174153165 -pwfile +DATADG/XIFENFEI/PASSWORD/pwdxifenfei.256.1174152463
[oracle@xffdb1 ~]$ srvctl add instance -d nxifenfei -i xifenfei1 -n xffdb1
[oracle@xffdb1 ~]$ srvctl add instance -d nxifenfei -i xifenfei2 -n xffdb2
[oracle@xffdb1 ~]$ srvctl add instance -d nxifenfei -i xifenfei3 -n xffdb3

创建新服务(和db_name同名,和现在的db_unique_name不同名)

[oracle@xffdb1 ~]$ srvctl add service -db nxifenfei -service xifenfei -r xifenfei2 -a xifenfei1,xifenfei3 \
  -failovertype SESSION -failovermethod BASIC -failoverdelay 10 -failoverretry 3 -failback YES
[oracle@xffdb1 ~]$ srvctl start service -db nxifenfei -service xifenfei

[oracle@xffdb1 ~]$ srvctl config service -d nxifenfei -service xifenfei
Service name: xifenfei
Server pool:
Cardinality: 1
Service role: PRIMARY
Management policy: AUTOMATIC
DTP transaction: false
AQ HA notifications: false
Global: false
Commit Outcome: false
Failover type: SESSION
Failover method: BASIC
Failover retries: 3
Failover delay: 10
Failover restore: NONE
Connection Load Balancing Goal: LONG
Runtime Load Balancing Goal: NONE
TAF policy specification: NONE
Edition:
Pluggable database name:
Hub service:
Maximum lag time: ANY
SQL Translation Profile:
Retention: 86400 seconds
Failback :  yes
Replay Initiation Time: 300 seconds
Drain timeout:
Stop option:
Session State Consistency: DYNAMIC
GSM Flags: 0
Service is enabled
Preferred instances: xifenfei2
Available instances: xifenfei1,xifenfei3
CSS critical: no
Service uses Java: false
[grid@xffdb1 ~]$

服务的其他操作

--调整服务的优先节点
srvctl modify service -db nxifenfei -service xifenfei -modifyconfig -preferred "xifenfei1" -available "xifenfei2,xifenfei3"
srvctl stop service -db nxifenfei -service xifenfei 
srvctl start service -db nxifenfei -service xifenfei 

--切换服务所在节点
srvctl relocate service -db nxifenfei -service xifenfei -oldinst xifenfei2 -newinst xifenfei1

--删除服务
srvctl stop service -db nxifenfei -service xifenfei
srvctl remove service -db nxifenfei -service xifenfei

Oracle 19c RAC 替换私网操作

Posted on 2024 年 09 月 06 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：Oracle 19c RAC 替换私网操作

19c的三节点集群,需要替换一个私网网卡(如果有足够的停机窗口有一个更加简单的方法,直接通过修改网卡名称实现替换,不过需要主机重启一次,参考:Linux 8 修改网卡名称)
1. 先在主机层面确认新配置网络能够相互ping通,在hosts文件加入私网信息,并且确认ssh 可以相互访问

ssh xffdb1-priv3 date;ssh xffdb2-priv3 date;ssh xffdb3-priv3 date;

2. 删除掉需要删除的网络上的asm监听和该network信息

[grid@xffdb1 ~]$ srvctl config listener -asmlistener
Name: ASMNET1LSNR_ASM
Type: ASM Listener
Owner: grid
Subnet: 172.16.16.0
Home: <CRS home>
End points: TCP:1525
Listener is enabled.
Listener is individually enabled on nodes:
Listener is individually disabled on nodes:
Name: ASMNET2LSNR_ASM
Type: ASM Listener
Owner: grid
Subnet: 172.17.17.0
Home: <CRS home>
End points: TCP:1526
Listener is enabled.
Listener is individually enabled on nodes:
Listener is individually disabled on nodes:
[grid@xffdb1 ~]$ srvctl config asmnetwork
ASM network 1 exists
Subnet IPv4: 172.16.16.0//
Subnet IPv6:
Network is enabled
Network is individually enabled on nodes:
Network is individually disabled on nodes:
ASM network 2 exists
Subnet IPv4: 172.17.17.0//
Subnet IPv6:
Network is enabled
Network is individually enabled on nodes:
Network is individually disabled on nodes:
[grid@xffdb1 ~]$

[grid@xffdb3 ~]$ srvctl config asm
ASM home: <CRS home>
Password file: +DATA/orapwASM
Backup of Password file: +DATA/orapwASM_backup
ASM listener: LISTENER
ASM instance count: 3
Cluster ASM listener: ASMNET1LSNR_ASM,ASMNET2LSNR_ASM
[grid@xffdb3 ~]$ crsctl status res -t
--------------------------------------------------------------------------------
Name           Target  State        Server                   State details
--------------------------------------------------------------------------------
Local Resources
--------------------------------------------------------------------------------
ora.LISTENER.lsnr
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.chad
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.net1.network
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.ons
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.proxy_advm
               OFFLINE OFFLINE      xffdb1                   STABLE
               OFFLINE OFFLINE      xffdb2                   STABLE
               OFFLINE OFFLINE      xffdb3                   STABLE
--------------------------------------------------------------------------------
Cluster Resources
--------------------------------------------------------------------------------
ora.ASMNET1LSNR_ASM.lsnr(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.ASMNET2LSNR_ASM.lsnr(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.OCR.dg(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.DATADG.dg(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.FRADG.dg(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.LISTENER_SCAN1.lsnr
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.asm(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   Started,STABLE
ora.asmnet1.asmnetwork(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.asmnet2.asmnetwork(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.cvu
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.xffdb1.vip
      1        ONLINE  ONLINE       xffdb1                   STABLE
ora.xffdb2.vip
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.xffdb3.vip
      1        ONLINE  ONLINE       xffdb3                   STABLE
ora.xifenfei.db
      1        ONLINE  ONLINE       xffdb1                   Open,HOME=/u01/app/o
                                                             racle/product/19c/db
                                                             _1,STABLE
      2        ONLINE  ONLINE       xffdb2                   Open,HOME=/u01/app/o
                                                             racle/product/19c/db
                                                             _1,STABLE
      3        ONLINE  ONLINE       xffdb3                   Open,HOME=/u01/app/o
                                                             racle/product/19c/db
                                                             _1,STABLE
ora.qosmserver
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.scan1.vip
      1        ONLINE  ONLINE       xffdb2                   STABLE
--------------------------------------------------------------------------------

[grid@xffdb1 peer]$ srvctl update listener -listener ASMNET2LSNR_ASM -asm -remove -force
[grid@xffdb1 peer]$ srvctl remove asmnetwork -netnum 2 -force
PRCR-1028 : Failed to remove resource ora.asmnet2.asmnetwork
PRCR-1072 : Failed to unregister resource ora.asmnet2.asmnetwork
CRS-0245:  User doesn't have enough privilege to perform the operation
[root@xffdb1 ~]# source /home/grid/.bash_profile
[root@xffdb1 ~]# srvctl remove asmnetwork -netnum 2 -force
[root@xffdb1 ~]#
[root@xffdb1 ~]#
[root@xffdb1 ~]# crsctl status res -t
--------------------------------------------------------------------------------
Name           Target  State        Server                   State details
--------------------------------------------------------------------------------
Local Resources
--------------------------------------------------------------------------------
ora.LISTENER.lsnr
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.chad
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.net1.network
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.ons
               ONLINE  ONLINE       xffdb1                   STABLE
               ONLINE  ONLINE       xffdb2                   STABLE
               ONLINE  ONLINE       xffdb3                   STABLE
ora.proxy_advm
               OFFLINE OFFLINE      xffdb1                   STABLE
               OFFLINE OFFLINE      xffdb2                   STABLE
               OFFLINE OFFLINE      xffdb3                   STABLE
--------------------------------------------------------------------------------
Cluster Resources
--------------------------------------------------------------------------------
ora.ASMNET1LSNR_ASM.lsnr(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.OCR.dg(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.DATADG.dg(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.FRADG.dg(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.LISTENER_SCAN1.lsnr
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.asm(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   Started,STABLE
ora.asmnet1.asmnetwork(ora.asmgroup)
      1        ONLINE  ONLINE       xffdb1                   STABLE
      2        ONLINE  ONLINE       xffdb2                   STABLE
      3        ONLINE  ONLINE       xffdb3                   STABLE
ora.cvu
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.xffdb1.vip
      1        ONLINE  ONLINE       xffdb1                   STABLE
ora.xffdb2.vip
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.xffdb3.vip
      1        ONLINE  ONLINE       xffdb3                   STABLE
ora.xifenfei.db
      1        ONLINE  ONLINE       xffdb1                   Open,HOME=/u01/app/o
                                                             racle/product/19c/db
                                                             _1,STABLE
      2        ONLINE  ONLINE       xffdb2                   Open,HOME=/u01/app/o
                                                             racle/product/19c/db
                                                             _1,STABLE
      3        ONLINE  ONLINE       xffdb3                   Open,HOME=/u01/app/o
                                                             racle/product/19c/db
                                                             _1,STABLE
ora.qosmserver
      1        ONLINE  ONLINE       xffdb2                   STABLE
ora.scan1.vip
      1        ONLINE  ONLINE       xffdb2                   STABLE
--------------------------------------------------------------------------------
[grid@xffdb2 peer]$ srvctl config listener -asmlistener
Name: ASMNET1LSNR_ASM
Type: ASM Listener
Owner: grid
Subnet: 172.16.16.0
Home: <CRS home>
End points: TCP:1525
Listener is enabled.
Listener is individually enabled on nodes:
Listener is individually disabled on nodes:
[grid@xffdb2 peer]$ srvctl config asmnetwork
ASM network 1 exists
Subnet IPv4: 172.16.16.0//
Subnet IPv6:
Network is enabled
Network is individually enabled on nodes:
Network is individually disabled on nodes:

3. 替换集群私网操作

[grid@xffdb1 ~]$ oifcfg getif
bond0  192.168.20.0  global  public
ens9f0  172.16.16.0  global  cluster_interconnect,asm
ens9f1  172.17.17.0  global  cluster_interconnect,asm
[grid@xffdb1 ~]$ oifcfg setif -global ens6f0np0/172.18.18.0:cluster_interconnect,asm
[grid@xffdb1 ~]$ oifcfg getif
bond0  192.168.20.0  global  public
ens9f0  172.16.16.0  global  cluster_interconnect,asm
ens9f1  172.17.17.0  global  cluster_interconnect,asm
ens6f0np0  172.18.18.0  global  cluster_interconnect,asm
[grid@xffdb1 ~]$ oifcfg delif -global ens9f1/172.17.17.0
[grid@xffdb1 ~]$  oifcfg getif
bond0  192.168.20.0  global  public
ens9f0  172.16.16.0  global  cluster_interconnect,asm
ens6f0np0  172.18.18.0  global  cluster_interconnect,asm
[grid@xffdb1 ~]$ oifcfg delif -global ens9f1/172.17.17.0
[grid@xffdb1 ~]$  oifcfg getif
bond0  192.168.20.0  global  public
ens9f0  172.16.16.0  global  cluster_interconnect,asm
ens6f0np0  172.18.18.0  global  cluster_interconnect,asm

4. 依次重启集群三个节点(ASMNET2LSNR_ASM监听需要人工kill),集群网络替换完成(因为asm listener已经有一个,另外一个私网不准备给他们加上asm listener),如果要增加可以进行如下操作

# srvctl add asmnetwork -netnum 2 -subnet 172.18.18.0
% srvctl add listener -asmlistener -l ASMNET1LSNR_ASM -subnet 172.18.18.0

监听报TNS-12541 TNS-12560 TNS-00511错误

Posted on 2024 年 09 月 05 日 by 惜分飞

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：监听报TNS-12541 TNS-12560 TNS-00511错误

有客户运行在win平台上的oracle 11.2.0.1,监听无法正常工作,使用status查看,卡很长时间然后出现如下TNS-12541 TNS-12560 TNS-00511 64-bit Windows Error: 2: No such file or directory错误

LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-12541: TNS:no listener
 TNS-12560: TNS:protocol adapter error
  TNS-00511: No listener
   64-bit Windows Error: 2: No such file or directory
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=LOCALHOST)(PORT=1521)))
TNS-12541: TNS:no listener
 TNS-12560: TNS:protocol adapter error
  TNS-00511: No listener
   64-bit Windows Error: 61: Unknown error

根据以往经验,监听服务本身启动成功,运行status hang很久,有可能和监听日志有关系,通过查看确认监听日志达到4G,关闭服务,重命名监听日志,再次启动监听,状态正常
listener