Archive

Archive for June, 2012

securing passwords with Oracle Wallet

June 7, 2012 Leave a comment

To prevent hard coding passwords in any script is not a good idea, specially for rman backup scripts as the account bring used need sysdba privileges

steps to store the password in a wallet

1. create a wallet

Wallets can be copied to different machines, which can represent a security risk. In 11g Release 2, you can prevent the auto login functionality of the wallet from working if it is copied to another machine by creating a local wallet using the “orapki” command, instead of the “mkstore” command.

orapki wallet create -wallet "/u02/wallet" -pwd "mypassword" -auto_login_local

Once the wallet is created , it can be modified using the “mkstore” command

2. Add database connection ( including connection_string, username and password )

mkstore -wrl -createCredential <db_connection_string> <username> <password>

E.g.
mkstore -wrl /u01/app/wallet -createCredential rmancpr  rman rmanpwd

3. Add the following code to your sqlnet.ora


SQLNET.WALLET_OVERRIDE=TRUE
WALLET_LOCATION =
  (SOURCE =
   (METHOD = FILE)
    (METHOD_DATA =
     (DIRECTORY = /u01/app/wallet)
    )
  )

If you are using RAC make sure that the sqlnet.ora is updated on all nodes

WALLET_LOCATION: points to the directory where the wallet resides.
SQLNET.WALLET_OVERRIDE: will force all connections as /@db_connection_string to use the information being stored on the wallet to authenticate to databases.

4. test the connection

we can replace
rman/rmanpwd@rmancpr

by

/@rmancpr

Other options that wallet offer

1.- list the content being stored on the wallet:
mkstore -wrl /u01/app/wallet -listCredential

2.- Add credentials:
mkstore -wrl /u01/app/wallet -createCredential <db_connection_string> <username> <password>

3.- Modify credentials:
mkstore -wrl /u01/app/wallet -modigyCredential <db_connection_string> <username> <password>

4.- Delete credentials:
mkstore -wrl /u01/app/wallet -deleteCredential <db_connection_string>
Advertisements
Categories: Oracle

Add New Post ‹ Mike Desouza’s Blog — WordPress

June 7, 2012 Leave a comment

Add New Post ‹ Mike Desouza's Blog — WordPress.

Categories: Uncategorized

Monitor RMAN backups

June 7, 2012 Leave a comment

To see what RMAN is doing now and how much work its got left to do you can run the following SQL

select
sid,
start_time,
totalwork,
sofar,
(sofar/totalwork) * 100 pct_done
from
v$session_longops
where totalwork > sofar
AND opname NOT LIKE '%aggregate%'
AND opname like 'RMAN%'
/

you got 4 channels running the rman backup

The following query will show you a history of your BACKUP and RESTORE operations

select to_char(start_time, 'dd-mon-yyyy@hh24:mi:ss') "Date",
status,
operation,
mbytes_processed
from v$rman_status vs
where start_time >  sysdate -1
order by start_time
/

By changing the where start_time > sysdate -1 clause you control how much in the past you want to look at

Check status of rman backups 


 col STATUS format a9
col hrs format 999.99
select
SESSION_KEY, INPUT_TYPE, STATUS,
to_char(START_TIME,'mm/dd/yy hh24:mi') start_time,
to_char(END_TIME,'mm/dd/yy hh24:mi')   end_time,
elapsed_seconds/3600                   hrs
from V$RMAN_BACKUP_JOB_DETAILS
order by session_key;

Categories: Oracle