-
加我微信
加我QQ
标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 kfed MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (102)
- 数据库 (1,671)
- DB2 (22)
- MySQL (73)
- Oracle (1,533)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (21)
- ORA-xxxxx (159)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (14)
- ORACLE 21C (3)
- Oracle 23ai (7)
- Oracle ASM (65)
- Oracle Bug (8)
- Oracle RAC (52)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (560)
- Oracle安装升级 (92)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (78)
- PostgreSQL (18)
- PostgreSQL恢复 (6)
- SQL Server (27)
- SQL Server恢复 (8)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- Kylin Linux 安装19c
- ORA-600 krse_arc_complete.4
- Oracle 19c 202410补丁(RUs+OJVM)
- ntfs MFT损坏(ntfs文件系统故障)导致oracle异常恢复
- .mkp扩展名oracle数据文件加密恢复
- 清空redo,导致ORA-27048: skgfifi: file header information is invalid
- A_H_README_TO_RECOVER勒索恢复
- 通过alert日志分析客户自行对一个数据库恢复的来龙去脉和点评
- ORA-12514: TNS: 监听进程不能解析在连接描述符中给出的SERVICE_NAME
- ORA-01092 ORA-00604 ORA-01558故障处理
- ORA-65088: database open should be retried
- Oracle 19c异常恢复—ORA-01209/ORA-65088
- ORA-600 16703故障再现
- 数据库启动报ORA-27102 OSD-00026 O/S-Error: (OS 1455)
- .[metro777@cock.li].Elbie勒索病毒加密数据库恢复
- 应用连接错误,初始化mysql数据库恢复
- RAC默认服务配置优先节点
- Oracle 19c RAC 替换私网操作
- 监听报TNS-12541 TNS-12560 TNS-00511错误
- drop tablespace xxx including contents恢复
分类目录归档:Oracle
.[hudsonL@cock.li].mkp勒索加密数据库完美恢复
有朋友oracle数据库所在机器被加密,扩展名为:.[hudsonL@cock.li].mkp,数据文件类似:
通过专业工具分析,确认这次运气非常好,每个文件就加密破坏前面31个block
通过研发的Oracle数据文件勒索恢复工具进行恢复
顺利数据库并且导出数据
mkp勒索病毒预防建议:
1. 教育和培训:提高用户的网络安全意识非常重要。通过定期的网络安全培训和教育,向用户传达有关勒索病毒及其传播方式的知识,让他们能够警惕潜在的威胁,并学会如何正确应对可疑的电子邮件、链接和附件。
2. 更新和维护:及时更新操作系统、应用程序和安全软件,以修补已知的漏洞,并确保系统能够及时获取最新的安全补丁。此外,定期进行系统维护和检查,确保系统的安全配置和设置。
3. 备份数据:定期备份重要的数据和文件,并将备份存储在安全的离线或云存储中。确保备份是完整的、可靠的,并且能够及时恢复,以便在发生勒索病毒感染或其他数据丢失事件时能够快速恢复数据。
4. 网络安全工具:使用可信赖的网络安全工具,包括防病毒软件、防火墙、入侵检测系统等,以提高系统的安全性和防护能力。定期对系统进行全面的安全扫描和检测,及时发现并清除潜在的威胁。
5. 访问控制:实施严格的访问控制措施,限制用户对系统和文件的访问权限,避免使用管理员权限进行日常操作,以减少恶意软件感染的风险。此外,定期审查和更新访问控制策略,确保系统安全性得到有效维护。
6. 应急响应计划:制定和实施应急响应计划,明确团队成员的责任和任务,建立应对勒索病毒和其他安全事件的应急响应流程,以最大程度地减少损失并快速恢复业务正常运营。
模拟带库实现rman远程备份
rman通过模拟带库备份到远程机器,需要先配置用户ssh到目标机器
linux平台oracle备份
RMAN> RUN {
2> ALLOCATE CHANNEL S1 DEVICE TYPE sbt
3> PARMS='SBT_LIBRARY=/tmp/rman_sync.so,ENV=(
4> OB_SERVER=www.xifenfei.com,
5> OB_USER=root,
6> OB_PORT=22123,
7> OB_PATH=/tmp)';
8> BACKUP CURRENT CONTROLFILE FORMAT 'ctl_%U';
9> }
allocated channel: S1
channel S1: SID=125 device type=SBT_TAPE
channel S1: SBT/SSH2-SFTP
Starting backup at 22-FEB-24
channel S1: starting full datafile backup set
channel S1: specifying datafile(s) in backup set
including current control file in backup set
channel S1: starting piece 1 at 22-FEB-24
channel S1: finished piece 1 at 22-FEB-24
piece handle=ctl_012jq4gg_1_1 tag=TAG20240222T190344 comment=API Version 2.0,MMS Version 1.0.9.0
channel S1: backup set complete, elapsed time: 00:00:25
Finished backup at 22-FEB-24
released channel: S1
RMAN> list backup;
List of Backup Sets
===================
BS Key Type LV Size Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
1 Full 9.50M SBT_TAPE 00:00:24 22-FEB-24
BP Key: 1 Status: AVAILABLE Compressed: NO Tag: TAG20240222T190344
Handle: ctl_012jq4gg_1_1 Media: 0B2B9255
Control File Included: Ckp SCN: 4438494 Ckp time: 22-FEB-24
win平台oracle备份
RMAN> RUN {
2> ALLOCATE CHANNEL S1 DEVICE TYPE sbt
3> PARMS='SBT_LIBRARY=D:\TEMP\rman_sync.dll,
4> ENV=(
5> OB_SERVER=www.xifenfei.com,
6> OB_USER=root,
7> OB_PORT=22123,
8> OB_PATH=/tmp/,
9> OB_PUBLIC_KEY=C:\Users\XIFENFEI\.ssh\id_rsa.pub,
10> OB_SECRET_KEY=C:\Users\XIFENFEI\.ssh\id_rsa,
11> OB_LOGFILE=d:\xifenfei.log)';
12> BACKUP CURRENT CONTROLFILE FORMAT 'ctl_%U';
13> }
分配的通道: S1
通道 S1: SID=156 设备类型=SBT_TAPE
通道S1: SBT/SSH2-SFTP
启动 backup 于 23-2月 -24
通道 S1: 正在启动全部数据文件备份集
通道 S1: 正在指定备份集内的数据文件
备份集内包括当前控制文件
通道 S1: 正在启动段 1 于 23-2月 -24
通道 S1: 已完成段 1 于 23-2月 -24
段句柄=ctl_012jt7mr_1_1 标记=TAG20240223T231642 注释=API Version 2.0,MMS Version 1.0.9.0
通道 S1: 备份集已完成, 经过时间:00:00:07
完成 backup 于 23-2月 -24
释放的通道: S1
RMAN> list backup;
备份集列表
===================
BS 关键字 类型 LV 大小 设备类型 经过时间 完成时间
------- ---- -- ---------- ----------- ------------ ----------
1 Full 9.50M SBT_TAPE 00:00:05 23-2月 -24
BP 关键字: 1 状态: AVAILABLE 已压缩: NO 标记: TAG20240223T231642
句柄: ctl_012jt7mr_1_1 介质: 0B2B9255
包括的控制文件: Ckp SCN: 14544437 Ckp 时间: 23-2月 -24
又一例:ORA-600 kclchkblk_4和2662故障
有客户恢复请求:由于未知原因导致aix环境的rac两台主机同时重启之后数据库无法正常启动,初步判断是由于写丢失导致故障(ORA-00742 ORA-00353)
Wed Feb 21 09:23:06 2024 ALTER DATABASE OPEN This instance was first to open Abort recovery for domain 0 Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_5767246.trc: ORA-01113: file 32 needs media recovery ORA-01110: data file 32: '+DATA/xff/datafile/x5sys_cs.dbf' ORA-1113 signalled during: ALTER DATABASE OPEN... Wed Feb 21 09:23:27 2024 ALTER DATABASE RECOVER datafile '+DATA/xff/datafile/x5sys_cs.dbf' Media Recovery Start Serial Media Recovery started WARNING! Recovering data file 32 from a fuzzy backup. It might be an online backup taken without entering the begin backup command. Recovery of Online Redo Log: Thread 2 Group 14 Seq 48490 Reading mem 0 Mem# 0: +DATA/xff/onlinelog/group_14.313.1060528521 Recovery of Online Redo Log: Thread 1 Group 7 Seq 64195 Reading mem 0 Mem# 0: +DATA/xff/onlinelog/group_7.306.1060527979 Wed Feb 21 09:24:10 2024 Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_5767246.trc: ORA-00742: Log read detects lost write in thread %d sequence %d block %d ORA-00334: archived log: '+DATA/xff/onlinelog/group_14.313.1060528521' Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_5767246.trc (incident=336478): ORA-00353: log corruption near block 139727 change 26346459680 time 02/20/2024 20:13:50 ORA-00312: online log 14 thread 2: '+DATA/xff/onlinelog/group_14.313.1060528521'
尝试屏蔽一致性强制拉库后数据库报ORA-600 kclchkblk_4
参考:ora-600 2662和ora-600 kclchkblk_4恢复、redo异常 ORA-600 kclchkblk_4 故障恢复
Wed Feb 21 09:55:26 2024 SMON: enabling cache recovery Wed Feb 21 09:55:26 2024 Redo thread 2 internally disabled at seq 5 (CKPT) Archived Log entry 112707 added for thread 2 sequence 4 ID 0xffffffffe144183b dest 1: ARC0: Archiving disabled thread 2 sequence 5 Archived Log entry 112708 added for thread 2 sequence 5 ID 0xffffffffe144183b dest 1: Wed Feb 21 09:55:28 2024 Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_6423264.trc (incident=360479): ORA-00600: internal error code, arguments: [kclchkblk_4], [6], [576721660], [6], [576702892] Incident details in: /oracle/db/diag/rdbms/xff/xff1/incident/incdir_360479/xff1_ora_6423264_i360479.trc Use ADRCI or Support Workbench to package the incident. See Note 411.1 at My Oracle Support for error and packaging details. Thread 1 advanced to log sequence 3 (LGWR switch) Current log# 7 seq# 3 mem# 0: +DATA/xff/onlinelog/group_7.306.1161510375 Archived Log entry 112709 added for thread 1 sequence 2 ID 0xffffffffe144183b dest 1: Wed Feb 21 09:55:31 2024 Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_6423264.trc: ORA-00704: bootstrap process failure ORA-00704: bootstrap process failure ORA-00600: internal error code, arguments: [kclchkblk_4], [6], [576721660], [6], [576702892] Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_6423264.trc: ORA-00704: bootstrap process failure ORA-00704: bootstrap process failure ORA-00600: internal error code, arguments: [kclchkblk_4], [6], [576721660], [6], [576702892]
后续处理中出现和这个错误类似的ORA-600 2662错误
Wed Feb 21 15:37:35 2024 SMON: enabling cache recovery Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_6357664.trc (incident=432423): ORA-00600: internal error code, arguments: [2662], [6], [576742938], [6], [576834283], [12583104] Incident details in: /oracle/db/diag/rdbms/xff/xff1/incident/incdir_432423/xff1_ora_6357664_i432423.trc Use ADRCI or Support Workbench to package the incident. See Note 411.1 at My Oracle Support for error and packaging details. Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_6357664.trc: ORA-00600: internal error code, arguments: [2662], [6], [576742938], [6], [576834283], [12583104], [], [], [], [], [], [] Errors in file /oracle/db/diag/rdbms/xff/xff1/trace/xff1_ora_6357664.trc: ORA-00600: internal error code, arguments: [2662], [6], [576742938], [6], [576834283], [12583104], [], [], [], [], [], [] Error 600 happened during db open, shutting down database USER (ospid: 6357664): terminating the instance due to error 600 Instance terminated by USER, pid = 6357664
通过对oracle scn进行修改,数据库open成功
SQL> recover database; Media recovery complete. SQL> SQL> SQL> SQL> oradebug setmypid Statement processed. SQL> oradebug DUMPvar SGA kcsgscn_ kcslf kcsgscn_ [700000000019B70, 700000000019BA0) = 00000000 00000000 00000000 00000000 SQL> oradebug poke BEFORE: [700000000019B70, 700000000019B78) = 00000000 00000000 AFTER: [700000000019B70, 700000000019B78) = 00000006 22710D2B SQL> oradebug DUMPvar SGA kcsgscn_ kcslf kcsgscn_ [700000000019B70, 700000000019BA0) = 00000006 22710D2B 00000000 00000000 SQL> alter database open; Database altered.
后续检查发现obj$中的index异常(ORA-08102: index key not found, obj# 39)
类似文章:通过bbed修改obj$中dataobj$重现I_OBJ4索引报ORA-08102错误
SQL> truncate CLUSTER "SYS"."SMON_SCN_TO_TIME_AUX";
truncate CLUSTER "SYS"."SMON_SCN_TO_TIME_AUX"
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-08102: index key not found, obj# 39, file 1, block 967206 (2)
SQL> SQL> select object_name,object_type from dba_objects where object_id=39;
OBJECT_NAME OBJECT_TYPE
------------------------------ -------------------
I_OBJ4 INDEX
对于此类问题使用非常规方法把obj$字典表进行重建(需要注意undo需要为自动管理方式,temp不能为空),参考:
bootstrap$核心index(I_OBJ1,I_USER1,I_FILE#_BLOCK#,I_IND1,I_TS#,I_CDEF1等)异常恢复—ORA-00701错误解决