分类目录归档:Oracle

win平台19c 打patch遭遇2个小问题汇总

发表于 2025 年 3 月 17 日 惜分飞

在给19c的库打ru patch的过程中遇到两个错误,进行记录,以供以后遇到类似错误参考:
UtilSession 失败: oracle/cluster/install/InstallException

C:\Users\Administrator>F:\updatecode\WINDOWS.X64_193000_db_home\opatch\opatch apply F:\oracle_patch\37486199
Oracle 临时补丁程序安装程序版本 12.2.0.1.45
版权所有 (c) 2025, Oracle Corporation。保留所有权利。


Oracle 主目录       :F:\updatecode\WINDOWS.X64_193000_db_home
主产品清单:C:\Program Files\Oracle\Inventory
   来自           :
OPatch 版本    :12.2.0.1.45
OUI 版本       :12.2.0.7.0
日志文件位置:F:\updatecode\WINDOWS.X64_193000_db_home\cfgtoollogs\opatch\opatch2025-03-17_18-19-56下午_1.log

Verifying environment and performing prerequisite checks...
UtilSession 失败: oracle/cluster/install/InstallException
Log file location: F:\updatecode\WINDOWS.X64_193000_db_home\cfgtoollogs\opatch\opatch2025-03-17_18-19-56下午_1.log

OPatch failed with error code = 73

对应的日志错误部分

[2025-3-17 18:19:57] [INFO]   CAS Dynamic Loading :
[2025-3-17 18:19:57] [INFO]   CUP_LOG: Trying to load HomeOperations object
[2025-3-17 18:19:57] [INFO]   CUP_LOG: HomeOperations object created. CUP1.0 is enabled
[2025-3-17 18:19:57] [INFO]   OPatch invoked as follows: 'apply F:\oracle_patch\37486199 '
[2025-3-17 18:19:57] [INFO]   Runtime args: [-DOPatch.ORACLE_HOME=F:\updatecode\WINDOWS.X64_193000_db_home, -DOPatch.DEBUG=false,
                              -DOPatch.RUNNING_DIR=F:\updatecode\WINDOWS.X64_193000_db_home\OPatch, -DOPatch.MW_HOME=, 
                              -DOPatch.WL_HOME=, -DOPatch.COMMON_COMPONENTS_HOME=, -DOPatch.OUI_LOCATION=, -DOPatch.FMW_COMPONENT_HOME=,
                               -DOPatch.WEBLOGIC_CLASSPATH=, -DOPatch.OPATCH_CLASSPATH=]
[2025-3-17 18:19:57] [INFO]   Heap in use : 120 MB
                              Total memory: 1917 MB
                              Free memory : 1796 MB
                              Max memory  : 27305 MB
[2025-3-17 18:19:57] [INFO]   Oracle 主目录       : F:\updatecode\WINDOWS.X64_193000_db_home
                              主产品清单: C:\Program Files\Oracle\Inventory
                                 从           : 
                              OPatch 版本    : 12.2.0.1.45
                              OUI 版本       : 12.2.0.7.0
                              OUI 位置      : F:\updatecode\WINDOWS.X64_193000_db_home\oui
                              日志文件位置 : F:\updatecode\WINDOWS.X64_193000_db_home\cfgtoollogs\opatch\opatch2025-03-17_18-19-56下午_1.log
[2025-3-17 18:19:57] [INFO]   Patch history file: F:\updatecode\WINDOWS.X64_193000_db_home\cfgtoollogs\opatch\opatch_history.txt
[2025-3-17 18:19:59] [INFO]   [OPSR-TIME] Loading raw inventory
[2025-3-17 18:20:00] [INFO]   [OPSR-MEMORY] Loaded all components from inventory. Heap memory in use: 150 (MB)
[2025-3-17 18:20:00] [INFO]   [OPSR-MEMORY] Loaded all one offs from inventory. Heap memory in use: 160 (MB)
[2025-3-17 18:20:00] [INFO]   [OPSR-TIME] Raw inventory loaded successfully
[2025-3-17 18:20:00] [INFO]   NApply::no CAS enabled, OPatch runs with legacy process.
[2025-3-17 18:20:00] [INFO]   Verifying environment and performing prerequisite checks...
[2025-3-17 18:20:00] [INFO]   [OPSR-TIME] Running prerequisite checks
[2025-3-17 18:20:00] [INFO]   opatch-external.jar is in F:\updatecode\WINDOWS.X64_193000_db_home\OPatch\jlib\opatch-external.jar
[2025-3-17 18:20:00] [SEVERE] OUI-67073:UtilSession 失败: oracle/cluster/install/InstallException
[2025-3-17 18:20:00] [INFO]   Finishing UtilSession at Mon Mar 17 18:20:00 CST 2025
[2025-3-17 18:20:00] [INFO]   堆栈说明: java.lang.RuntimeException: oracle/cluster/install/InstallException
                              	at java.lang.Class.getDeclaredConstructors0(Native Method)
                              	at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671)
                              	at java.lang.Class.getConstructor0(Class.java:3075)
                              	at java.lang.Class.getConstructor(Class.java:1825)
                              	at oracle.opatch.OPatchExternalFactory.getRac(OPatchExternalFactory.java:158)
                              	at oracle.opatch.napplyhelper.EnvValidation.validateConnectStringNodes(EnvValidation.java:104)
                              	at oracle.opatch.napplyhelper.EnvValidation.checkConnectString(EnvValidation.java:92)
                              	at oracle.opatch.napplyhelper.EnvValidation.validate(EnvValidation.java:64)
                              	at oracle.opatch.opatchutil.NApply.legacy_process(NApply.java:530)
                              	at oracle.opatch.opatchutil.NApply.legacy_process(NApply.java:374)
                              	at oracle.opatch.opatchutil.NApply.process(NApply.java:354)
                              	at oracle.opatch.opatchutil.OUSession.napply(OUSession.java:1143)
                              	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                              	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                              	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                              	at java.lang.reflect.Method.invoke(Method.java:498)
                              	at oracle.opatch.UtilSession.process(UtilSession.java:355)
                              	at oracle.opatch.OPatchSession.process(OPatchSession.java:2640)
                              	at oracle.opatch.OPatch.process(OPatch.java:888)
                              	at oracle.opatch.OPatch.main(OPatch.java:945)
                              Caused by: java.lang.NoClassDefFoundError: oracle/cluster/install/InstallException
                              	... 20 more
                              Caused by: java.lang.ClassNotFoundException: oracle.cluster.install.InstallException
                              	at java.net.URLClassLoader.findClass(URLClassLoader.java:387)
                              	at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
                              	at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
                              	... 20 more

通过mos给出来的文档:Windows:opatch file with error: [SEVERE] OUI-67073:UtilSession failed: oracle/cluster/install/InstallException (Doc ID 3020534.1),可能是由于%ORACLE_HOME%\oui\jlib\srvm.jar 文件异常导致该问题,查看打patch机器,发现该文件丢失[丢失原因未知],从37486199的patch文件中拷贝该文件到数据库对应目录,后续没有再报该错误
srvm.jar

然后提示Prerequisite check “CheckActiveFilesAndExecutables” failed.错误
注意参考:win平台 UtilSession 失败: Prerequisite check “CheckActiveFilesAndExecutables” failed. 处理没有解决问题(因为文件本身没有被占用)

F:\oracle_patch\37486199>F:\updatecode\WINDOWS.X64_193000_db_home\opatch\opatch apply
Oracle 临时补丁程序安装程序版本 12.2.0.1.45
版权所有 (c) 2025, Oracle Corporation。保留所有权利。


Oracle 主目录       :F:\updatecode\WINDOWS.X64_193000_db_home
主产品清单:C:\Program Files\Oracle\Inventory
   来自           :
OPatch 版本    :12.2.0.1.45
OUI 版本       :12.2.0.7.0
日志文件位置:F:\updatecode\WINDOWS.X64_193000_db_home\cfgtoollogs\opatch\opatch2025-03-17_18-34-40下午_1.log

Verifying environment and performing prerequisite checks...
Prerequisite check "CheckActiveFilesAndExecutables" failed.
The details are:

Following active files/executables/libs are used by ORACLE_HOME :F:\updatecode\WINDOWS.X64_193000_db_home
F:\updatecode\WINDOWS.X64_193000_db_home\bin\oravssmsgus.dll
F:\updatecode\WINDOWS.X64_193000_db_home\bin\ORAEVRUS19.dll


UtilSession 失败: Prerequisite check "CheckActiveFilesAndExecutables" failed.
Log file location: F:\updatecode\WINDOWS.X64_193000_db_home\cfgtoollogs\opatch\opatch2025-03-17_18-34-40下午_1.log

OPatch failed with error code = 73

通过命令分析确认oravssmsgus.ddl和ORAEVRUS19.dll动态库没有被其他程序占用

F:\oracle_patch\37486199>tasklist /M ora*
信息: 没有运行的任务匹配指定标准。

F:\oracle_patch\37486199>tasklist /M ORA*
信息: 没有运行的任务匹配指定标准。

对于这种情况,根据mos文档:Database Release Update Bundle Windows Patch (XXX) Error”UtilSession failed: Prerequisite check “CheckActiveFilesAndExecutables” failed.” (Doc ID 3046640.1)建议,把对一个文件重命名

F:\updatecode\WINDOWS.X64_193000_db_home\bin>dir *bak.dll
 驱动器 F 中的卷是 安全区
 卷的序列号是 4407-E854

 F:\updatecode\WINDOWS.X64_193000_db_home\bin 的目录

2022-07-28  17:35             4,096 ORAEVRUS19-bak.dll
2022-07-28  17:35           100,352 oravssmsgus-bak.dll
               2 个文件        104,448 字节
               0 个目录 680,382,025,728 可用字节

后续打patch操作一切正常,没有再出现其他问题.

发表在 Oracle安装升级 | 标签为 , , , | 留下评论

.[OnlyBuy@cyberfear.com].REVRAC勒索mysql恢复

发表于 2025 年 3 月 13 日 惜分飞

有朋友接到一个mariadb库被加密的case,部分文件被加密为:.[D2BB58C7].[OnlyBuy@cyberfear.com].REVRAC扩展名
revrac

黑客预留的+README-WARNING+.txt内容类似:

YOUR FILES ARE ENCRYPTED

Your files, documents, photos, databases and other important files are encrypted.

You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.

To be sure we have the decryptor and it works you can send an 
    email: TechSupport@cyberfear.com  and decrypt one file for free.

Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb 
(non archived), and files should not contain valuable information. (databases,backups, large excel sheets,sql. etc.) 

Do you really want to restore your files?
Write to email: OnlyBuy@cyberfear.com

Your personal ID is indicated in the names of the files and in the end of this message, before writing a message by email
indicate the name of the ID indicated in the files IN THE SUBJECT OF THE EMAIL

Attention!
 * Do not rename encrypted files.
 * Do not try to decrypt your data using third party software, it may cause permanent data loss.
 * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) 
   or you can become a victim of a scam.

YOUR ID: D2BB58C7

通过分析ibd文件没有被破坏
225026

这种情况恢复相对比较简单,可以直接通过对单独ibd文件会的思路进行处理,类似恢复文章:
frm和ibd文件数据库恢复
MySQL 8.0版本ibd文件恢复
[MySQL异常恢复]mysql ibd文件恢复
InnoDB: Cannot open table db/tab from the internal data dictionary of InnoDB though the .frm file for the table exists
当然前提需要有表创建语句,这个客户有昨天的备份的被的.sql备份,通过技术手段分析,确认只有3个表的创建语句丢失,对于丢失的ddl语句,通过直接对ibdata文件解析获取,基于这些信息结合,实现数据的完美恢复

对于类似这种被加密的勒索的数据文件,我们可以实现比较好的恢复效果,如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com
系统安全防护措施建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
9.保存良好的备份习惯,尽量做到每日备份,异地备份。

发表在 MySQL恢复, 勒索恢复 | 标签为 , , , | 留下评论

表dml操作权限授权给public,导致只读用户失效

发表于 2025 年 3 月 12 日 惜分飞

最近一个客户和我反馈,他们创建了一个只读用户(之时给了create session和select表权限),但是其中有部分表可以执行dml操作,我登录系统进行确认

SQL> SELECT PRIVILEGE, ADMIN_OPTION
  2    FROM DBA_SYS_PRIVS
  3   WHERE GRANTEE =  'ALL_READONLY'
  4  UNION
  5  SELECT PRIVILEGE, ADMIN_OPTION
  6    FROM ROLE_SYS_PRIVS
  7   WHERE ROLE IN
  8         (SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE =  'ALL_READONLY')
  9  UNION
 10  SELECT PRIVILEGE, ADMIN_OPTION
 11    FROM ROLE_SYS_PRIVS
 12   WHERE ROLE IN (SELECT GRANTED_ROLE
 13                    FROM ROLE_ROLE_PRIVS
 14                   WHERE ROLE IN (SELECT GRANTED_ROLE
 15                                    FROM DBA_ROLE_PRIVS
 16                                   WHERE GRANTEE = 'ALL_READONLY'));

PRIVILEGE                                ADM
---------------------------------------- ---
CREATE SESSION                           NO

尝试对一个表做dml操作,确实可以对u1.t1表进行dml操作

SQL> conn all_readonly/PASSWORD
Connected.
SQL> update U1.T1 set SNAME='111_test' where sid='www.xifenfei.com';

1 row updated.

SQL> rollback;

Rollback complete.

查看这个表的相关授权,关于all_readonly(只读用户)的授权,也确实只是授权了查询权限

SQL>  SELECT GRANTEE,PRIVILEGE,OWNER,TABLE_NAME  FROM dba_TAB_PRIVS WHERE TABLE_NAME ='T1' and GRANTEE='ALL_READONLY'

GRANTEE              PRIVILEGE                                OWNER                TABLE_NAME
-------------------- ---------------------------------------- -------------------- --------------------
ALL_READONLY         SELECT                                   U1                    T1

既然t1这个表可以被dml操作,那是这个表是否还有其他授权,进一步查询该表授权(不限于ALL_REAONLY用户)

SQL> SELECT GRANTEE,PRIVILEGE,OWNER,TABLE_NAME  FROM dba_TAB_PRIVS WHERE TABLE_NAME ='T1';

GRANTEE              PRIVILEGE                                OWNER                TABLE_NAME
-------------------- ---------------------------------------- -------------------- --------------------
PUBLIC               ALTER                                    U1                    T1
PUBLIC               DELETE                                   U1                    T1
PUBLIC               INDEX                                    U1                    T1
PUBLIC               INSERT                                   U1                    T1
PUBLIC               SELECT                                   U1                    T1
PUBLIC               UPDATE                                   U1                    T1
PUBLIC               REFERENCES                               U1                    T1
PUBLIC               ON COMMIT REFRESH                        U1                    T1
PUBLIC               QUERY REWRITE                            U1                    T1
PUBLIC               DEBUG                                    U1                    T1
PUBLIC               FLASHBACK                                U1                    T1
ALL_READONLY         SELECT                                   U1                    T1

14 rows selected.

这下明确了,由于授权了u1.t1表的(insert,delete,update等)权限给public,导致其他用户也可以对这些表进行授权给public的所有操作.
不管任何原因,都不建议授权表/对象的操作给public,这样会导致登录该数据库的所有用户都具有这个权限,风险不可控

发表在 Oracle | 标签为 , | 留下评论