标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 kfed MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (102)
- 数据库 (1,671)
- DB2 (22)
- MySQL (73)
- Oracle (1,533)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (21)
- ORA-xxxxx (159)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (14)
- ORACLE 21C (3)
- Oracle 23ai (7)
- Oracle ASM (65)
- Oracle Bug (8)
- Oracle RAC (52)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (560)
- Oracle安装升级 (92)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (78)
- PostgreSQL (18)
- PostgreSQL恢复 (6)
- SQL Server (27)
- SQL Server恢复 (8)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- Kylin Linux 安装19c
- ORA-600 krse_arc_complete.4
- Oracle 19c 202410补丁(RUs+OJVM)
- ntfs MFT损坏(ntfs文件系统故障)导致oracle异常恢复
- .mkp扩展名oracle数据文件加密恢复
- 清空redo,导致ORA-27048: skgfifi: file header information is invalid
- A_H_README_TO_RECOVER勒索恢复
- 通过alert日志分析客户自行对一个数据库恢复的来龙去脉和点评
- ORA-12514: TNS: 监听进程不能解析在连接描述符中给出的SERVICE_NAME
- ORA-01092 ORA-00604 ORA-01558故障处理
- ORA-65088: database open should be retried
- Oracle 19c异常恢复—ORA-01209/ORA-65088
- ORA-600 16703故障再现
- 数据库启动报ORA-27102 OSD-00026 O/S-Error: (OS 1455)
- .[metro777@cock.li].Elbie勒索病毒加密数据库恢复
- 应用连接错误,初始化mysql数据库恢复
- RAC默认服务配置优先节点
- Oracle 19c RAC 替换私网操作
- 监听报TNS-12541 TNS-12560 TNS-00511错误
- drop tablespace xxx including contents恢复
作者归档:惜分飞
利用flashback快速恢复failover 的备库
客户数据库架构为单机+dataguard,一台生产库跑在物理机,备库跑在虚拟化环境中(当时由于成本原因使用了机械盘),今天物理机突然直接罢工,客户要求紧急切换备库
Thu Aug 08 09:52:13 2024 Media Recovery Waiting for thread 1 sequence 189448 (in transit) Recovery of Online Redo Log: Thread 1 Group 12 Seq 189448 Reading mem 0 Mem# 0: /oradata/xff/std_redo12.log Thu Aug 08 09:52:13 2024 Archived Log entry 187514 added for thread 1 sequence 189447 ID 0x2e6bc37f dest 1: Thu Aug 08 10:54:40 2024 ALTER DATABASE RECOVER MANAGED STANDBY DATABASE FINISH force Terminal Recovery: Stopping real time apply Thu Aug 08 10:54:40 2024 MRP0: Background Media Recovery cancelled with status 16037 Errors in file /u01/app/oracle/diag/rdbms/xffdg/xff/trace/xff_pr00_17876.trc: ORA-16037: user requested cancel of managed recovery operation Managed Standby Recovery not using Real Time Apply Recovery interrupted! Recovered data files to a consistent state at change 34188310512 Thu Aug 08 10:54:43 2024 MRP0: Background Media Recovery process shutdown (xff) Terminal Recovery: Stopped real time apply Thu Aug 08 10:55:14 2024 Stopping background process MMNL Stopping background process MMON Thu Aug 08 10:55:46 2024 Background process MMON not dead after 30 seconds Killing background process MMON All dispatchers and shared servers shutdown CLOSE: killing server sessions. Active process 17691 user 'oracle' program 'oracle@xffDG (MMON)' Active process 15077 user 'oracle' program 'oracle@xffDG' Active process 17691 user 'oracle' program 'oracle@xffDG (MMON)' Active process 11536 user 'oracle' program 'oracle@xffDG (M000)' Active process 17691 user 'oracle' program 'oracle@xffDG (MMON)' Active process 15077 user 'oracle' program 'oracle@xffDG' Active process 11536 user 'oracle' program 'oracle@xffDG (M000)' Active process 11536 user 'oracle' program 'oracle@xffDG (M000)' Active process 11536 user 'oracle' program 'oracle@xffDG (M000)' CLOSE: all sessions shutdown successfully. Thu Aug 08 10:56:11 2024 SMON: disabling cache recovery Attempt to do a Terminal Recovery (xff) Media Recovery Start: Managed Standby Recovery (xff) started logmerger process Thu Aug 08 10:56:13 2024 Managed Standby Recovery not using Real Time Apply Parallel Media Recovery started with 4 slaves Media Recovery Waiting for thread 1 sequence 189448 (in transit) Killing 4 processes with pids 17733,17729,17731,32533 (all RFS, wait for I/O) in order to disallow current and future RFS connections. Requested by OS process 15184 Thu Aug 08 10:56:16 2024 idle dispatcher 'D000' terminated, pid = (16, 1) Begin: Standby Redo Logfile archival End: Standby Redo Logfile archival Terminal Recovery timestamp is '08/08/2024 10:56:17' Terminal Recovery: applying standby redo logs. Terminal Recovery: thread 1 seq# 189448 redo required Terminal Recovery: Recovery of Online Redo Log: Thread 1 Group 12 Seq 189448 Reading mem 0 Mem# 0: /oradata/xff/std_redo12.log Identified End-Of-Redo (failover) for thread 1 sequence 189448 at SCN 0xffff.ffffffff Incomplete Recovery applied until change 34188310513 time 08/08/2024 11:32:41 Thu Aug 08 10:56:18 2024 Media Recovery Complete (xff) Terminal Recovery: successful completion Thu Aug 08 10:56:18 2024 ARCH: Archival stopped, error occurred. Will continue retrying Forcing ARSCN to IRSCN for TR 7:4123539441 ORACLE Instance xff - Archival Error Attempt to set limbo arscn 7:4123539441 irscn 7:4123539441 Resetting standby activation ID 778814335 (0x2e6bc37f) ORA-16014: log 12 sequence# 189448 not archived, no available destinations ORA-00312: online log 12 thread 1: '/oradata/xff/std_redo12.log' Completed: ALTER DATABASE RECOVER MANAGED STANDBY DATABASE FINISH force ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL ORA-16136 signalled during: ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL... Thu Aug 08 10:56:28 2024 ALTER DATABASE ACTIVATE PHYSICAL STANDBY DATABASE ALTER DATABASE ACTIVATE [PHYSICAL] STANDBY DATABASE (xff) Begin: Standby Redo Logfile archival End: Standby Redo Logfile archival Thu Aug 08 10:56:28 2024 Archiver process freed from errors. No longer stopped Standby terminal recovery start SCN: 34188310512 RESETLOGS after incomplete recovery UNTIL CHANGE 34188310513 Online log /oradata/xff/redo01.log: Thread 1 Group 1 was previously cleared Online log /oradata/xff/redo02.log: Thread 1 Group 2 was previously cleared Online log /oradata/xff/redo03.log: Thread 1 Group 3 was previously cleared Online log /oradata/xff/redo04.log: Thread 1 Group 4 was previously cleared Standby became primary SCN: 34188310511 Thu Aug 08 10:56:29 2024 Setting recovery target incarnation to 3 ACTIVATE STANDBY: Complete - Database mounted as primary Completed: ALTER DATABASE ACTIVATE PHYSICAL STANDBY DATABASE ARC1: Becoming the 'no SRL' ARCH alter database open Thu Aug 08 10:56:34 2024 Assigning activation ID 832379854 (0x319d1bce) Thread 1 advanced to log sequence 2 (thread open) Thread 1 opened at log sequence 2 Current log# 2 seq# 2 mem# 0: /oradata/xff/redo02.log Successful open of redo thread 1 MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set Thu Aug 08 10:56:34 2024 SMON: enabling cache recovery Thu Aug 08 10:56:34 2024 ARC0: LGWR is scheduled to archive destination LOG_ARCHIVE_DEST_2 after log switch Thu Aug 08 10:56:34 2024 NSA2 started with pid=14, OS id=15198 [15133] Successfully onlined Undo Tablespace 2. Undo initialization finished serial:0 start:1087824580 end:1087828220 diff:3640 (36 seconds) Dictionary check beginning Dictionary check complete Verifying file header compatibility for 11g tablespace encryption.. Verifying 11g file header compatibility for tablespace encryption completed SMON: enabling tx recovery Thu Aug 08 10:56:38 2024 Database Characterset is ZHS16GBK Starting background process SMCO Thu Aug 08 10:56:39 2024 SMCO started with pid=15, OS id=15200 Thread 1 advanced to log sequence 3 (LGWR switch) Current log# 3 seq# 3 mem# 0: /oradata/xff/redo03.log ****************************************************************** LGWR: Setting 'active' archival for destination LOG_ARCHIVE_DEST_2 ****************************************************************** Thu Aug 08 10:56:40 2024 Archived Log entry 187515 added for thread 1 sequence 2 ID 0x319d1bce dest 1: Starting background process QMNC Thu Aug 08 10:56:43 2024 QMNC started with pid=17, OS id=15204 LOGSTDBY: Validating controlfile with logical metadata LOGSTDBY: Validation complete Completed: alter database open
很不幸由于虚拟机资源io太差,无法接管业务,硬件工程师紧急修复好物理机,启动数据库正常,客户直接把业务又切换到物理机中,现在需要恢复dataguard环境(并且客户把虚拟机迁移到ssd环境中),把虚拟机数据库重启到mount状态
[oracle@xffDG ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.4.0 Production on Thu Aug 8 20:06:30 2024 Copyright (c) 1982, 2013, Oracle. All rights reserved. Connected to an idle instance. SQL> startup mount; ORACLE instance started. Total System Global Area 2.5655E+10 bytes Fixed Size 2265224 bytes Variable Size 3892318072 bytes Database Buffers 2.1743E+10 bytes Redo Buffers 16896000 bytes Database mounted. SQL> select open_mode,database_role from v$database; OPEN_MODE DATABASE_ROLE -------------------- ---------------- MOUNTED PRIMARY
闪回数据库到备库failover之前scn
SQL> flashback database to scn 34188310500; Flashback complete.
Thu Aug 08 20:09:40 2024 flashback database to scn 34188310500 Flashback Restore Start Thu Aug 08 20:10:34 2024 Flashback Restore Complete Flashback Media Recovery Start Thu Aug 08 20:10:34 2024 Setting recovery target incarnation to 2 started logmerger process Parallel Media Recovery started with 4 slaves Flashback Media Recovery Log /oradata/fast_recovery_area/XFF/archivelog/2024_08_08/o1_mf_1_189448_mc8dzjxn_.arc Thu Aug 08 20:10:35 2024 Identified End-Of-Redo (failover) for thread 1 sequence 189448 at SCN 0x7.f5c837f1 Incomplete Recovery applied until change 34188310501 time 08/08/2024 11:32:40 Flashback Media Recovery Complete Setting recovery target incarnation to 3 Completed: flashback database to scn 34188310500
切换虚拟机库到standby 状态
SQL> alter database convert to physical standby; Database altered. SQL> select database_role from v$database; select database_role from v$database * ERROR at line 1: ORA-01507: database not mounted SQL> alter database mount; alter database mount * ERROR at line 1: ORA-00750: database has been previously mounted and dismounted SQL> shutdown immediate; ORA-01507: database not mounted ORACLE instance shut down. SQL> startup mount; ORACLE instance started. Total System Global Area 2.5655E+10 bytes Fixed Size 2265224 bytes Variable Size 3892318072 bytes Database Buffers 2.1743E+10 bytes Redo Buffers 16896000 bytes Database mounted. SQL> select open_mode,database_role from v$database; OPEN_MODE DATABASE_ROLE -------------------- ---------------- MOUNTED PHYSICAL STANDBY
Thu Aug 08 20:10:46 2024 alter database convert to physical standby ALTER DATABASE CONVERT TO PHYSICAL STANDBY (xff) Flush standby redo logfile failed:1649 Clearing standby activation ID 832379854 (0x319d1bce) The primary database controlfile was created using the 'MAXLOGFILES 16' clause. There is space for up to 12 standby redo logfiles Use the following SQL commands on the standby database to create standby redo logfiles that match the primary database: ALTER DATABASE ADD STANDBY LOGFILE 'srl1.f' SIZE 209715200; ALTER DATABASE ADD STANDBY LOGFILE 'srl2.f' SIZE 209715200; ALTER DATABASE ADD STANDBY LOGFILE 'srl3.f' SIZE 209715200; ALTER DATABASE ADD STANDBY LOGFILE 'srl4.f' SIZE 209715200; ALTER DATABASE ADD STANDBY LOGFILE 'srl5.f' SIZE 209715200; Shutting down archive processes Archiving is disabled Completed: alter database convert to physical standby
开启mrp进程
SQL> alter database open read only; Database altered. SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE USING CURRENT LOGFILE DISCONNECT FROM SESSION; Database altered.
[comingback2022@cock.li].eking和[tsai.shen@mailfence.com].faust扩展名勒索病毒数据库可以完美恢复
最近接到两个由于操作系统文件被加密,其中的Oracle数据库文件被勒索病毒加密恢复的请求,通过底层分析,确认这两种勒索病毒加密的数据库能够非常好的恢复(可以通过修复,直接open库,然后导出数据,业务直接使用)
[comingback2022@cock.li].eking扩展名加密病毒
H:\BaiduNetdisk>dir *.[comingback2022@cock.li].eking 驱动器 H 中的卷是 SSD-2T 卷的序列号是 BC99-FC29 H:\BaiduNetdisk 的目录 2024-08-05 21:30 1,395,400,994 O1_MF_SYSAUX_MB6WRFF4_.DBF.id[1A1BEE14-2939].[comingback2022@cock.li].eking 2024-08-05 21:30 860,627,234 O1_MF_SYSTEM_MB6WSTMC_.DBF.id[1A1BEE14-2939].[comingback2022@cock.li].eking
[tsai.shen@mailfence.com].faust扩展名加密病毒
H:\BaiduNetdisk>dir *.[tsai.shen@mailfence.com].faust 驱动器 H 中的卷是 SSD-2T 卷的序列号是 BC99-FC29 H:\BaiduNetdisk 的目录 2024-08-04 22:37 5,589,704,978 SYSTEM01.DBF.id[3A33C1D4-2815].[tsai.shen@mailfence.com].faust 2024-08-04 22:37 21,475,631,378 SYSTEM02.DBF.id[3A33C1D4-2815].[tsai.shen@mailfence.com].faust
这两种病毒加密的破坏都是头部32个block,中间32个block,尾部128个block,可以通过自研的Oracle勒索病毒恢复工具进行恢复直接open库
mkp勒索病毒预防建议:
1. 教育和培训:提高用户的网络安全意识非常重要。通过定期的网络安全培训和教育,向用户传达有关勒索病毒及其传播方式的知识,让他们能够警惕潜在的威胁,并学会如何正确应对可疑的电子邮件、链接和附件。
2. 更新和维护:及时更新操作系统、应用程序和安全软件,以修补已知的漏洞,并确保系统能够及时获取最新的安全补丁。此外,定期进行系统维护和检查,确保系统的安全配置和设置。
3. 备份数据:定期备份重要的数据和文件,并将备份存储在安全的离线或云存储中。确保备份是完整的、可靠的,并且能够及时恢复,以便在发生勒索病毒感染或其他数据丢失事件时能够快速恢复数据。
4. 网络安全工具:使用可信赖的网络安全工具,包括防病毒软件、防火墙、入侵检测系统等,以提高系统的安全性和防护能力。定期对系统进行全面的安全扫描和检测,及时发现并清除潜在的威胁。
5. 访问控制:实施严格的访问控制措施,限制用户对系统和文件的访问权限,避免使用管理员权限进行日常操作,以减少恶意软件感染的风险。此外,定期审查和更新访问控制策略,确保系统安全性得到有效维护。
6. 应急响应计划:制定和实施应急响应计划,明确团队成员的责任和任务,建立应对勒索病毒和其他安全事件的应急响应流程,以最大程度地减少损失并快速恢复业务正常运营。
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com
opatch auto 出现unable to get oracle owner for 错误
在11.2.0.4环境中使用opatch auto 打psu补丁之时遇到unable to get oracle owner for 错误
[root@rac1 35058300]# opatch auto . Executing /u01/app/11.2.0/grid/perl/bin/perl /u01/app/11.2.0/grid/OPatch/crs/patch11203.pl -patchdir . -patchn . -paramfile /u01/app/11.2.0/grid/crs/install/crsconfig_params This is the main log file: /u01/app/11.2.0/grid/cfgtoollogs/opatchauto2024-08-06_22-25-22.log This file will show your detected configuration and all the steps that opatchauto attempted to do on your system: /u01/app/11.2.0/grid/cfgtoollogs/opatchauto2024-08-06_22-25-22.report.log 2024-08-06 22:25:22: Starting Clusterware Patch Setup Using configuration parameter file: /u01/app/11.2.0/grid/crs/install/crsconfig_params unable to get oracle owner for
根据mos:OPATCH AUTO Fails with “unable to get oracle owner for” in Multi-Byte Language Environment (Doc ID 1325256.1)的描述是由于多字节语言环境导致,检测当前系统环境,确实是中文语言
[root@rac1 35058300]# env|grep LANG LANG=zh_CN.UTF-8
export设置LANG=C,然后打patch成功
[root@rac1 35058300]# export LANG=C [root@rac1 35058300]# opatch auto . Executing /u01/app/11.2.0/grid/perl/bin/perl /u01/app/11.2.0/grid/OPatch/crs/patch11203.pl -patchdir . -patchn . -paramfile /u01/app/11.2.0/grid/crs/install/crsconfig_params This is the main log file: /u01/app/11.2.0/grid/cfgtoollogs/opatchauto2024-08-06_22-27-31.log This file will show your detected configuration and all the steps that opatchauto attempted to do on your system: /u01/app/11.2.0/grid/cfgtoollogs/opatchauto2024-08-06_22-27-31.report.log 2024-08-06 22:27:31: Starting Clusterware Patch Setup Using configuration parameter file: /u01/app/11.2.0/grid/crs/install/crsconfig_params Stopping RAC /u01/app/oracle/product/11.2.0/db_1 ... Stopped RAC /u01/app/oracle/product/11.2.0/db_1 successfully patch ././32758914/custom/server/32758914 apply successful for home /u01/app/oracle/product/11.2.0/db_1 patch ././34998337 apply successful for home /u01/app/oracle/product/11.2.0/db_1 Stopping CRS... Stopped CRS successfully patch ././32758914 apply successful for home /u01/app/11.2.0/grid patch ././34998337 apply successful for home /u01/app/11.2.0/grid patch ././33112794 apply successful for home /u01/app/11.2.0/grid Starting CRS... Installing Trace File Analyzer CRS-4123: Oracle High Availability Services has been started. Starting RAC /u01/app/oracle/product/11.2.0/db_1 ... Started RAC /u01/app/oracle/product/11.2.0/db_1 successfully opatch auto succeeded.
发表在 Oracle安装升级
评论关闭