Oracle UserID Labelling Oracle Error: Reference source not found V2 Error: Reference source not found0 Author: Data Management SL France Document: document.doc Date: 8:48 AM 07/05/2022 Version: V1.1 Owner: S Verdier Status: Final Subject: Oracle UserId Labelling Page 1 of 31
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Oracle UserID Labelling
Oracle Error: Reference source not found V2
Error: Reference source not found0
Author: Data Management SL France
Customer:IMT FR
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 1 of 23
Oracle UserID Labelling
Document History
Document LocationRefer to the author if you are in any doubt about the currency of this document.
Revision HistoryDate of this revision: 01-21-2011 Date of next revision none setRevision Number
Revision Date
Summary of Changes Changes marked
2.0 Nov 2011
First release V2 N
ApprovalsThis document requires following approvals.
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 3 of 23
Oracle UserID Labelling
1. Oracle Labelling
1.1. Objective
The objective is to perfom userid revalidation
Oracle labelling project need to consolidate all oracle users into a single file.The goal is to validate that each user with specifics permissions are authorized on the system.
This file could be created manually and automatically and need around 15 mn to be deployed.
1) MOSP is Database SID (Databes’s Name for Oracle)2) Database User Name3) PSC Code, 706 for FRANCE FR4) Flags describing the UserID Use type, S for System, Service or daemon etc (see document
Use this repository describe before for Michelin or TR : Notes://D06DBL048/C12574640054918F/4B87A6F6EAEAADD385256A2D006A582C/B4356078B7E790758025790400495D1D
root@miaiba05:/exploit/scripts # cd /exploit/scripts/dba/sql/labellingroot@miaiba05:/exploit/scripts/dba/sql/labelling # sftp fp00386@miaibf02Connecting to miaibf02...fp00386@miaibf02's password:
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 5 of 23
Oracle UserID Labelling
sftp> cd /exploit/scripts/dba/sql/labellingsftp> mget *Fetching /exploit/scripts/dba/sql/labelling/oracle_dbopen.sql to oracle_dbopen.sql/exploit/scripts/dba/sql/labelling/oracle_dbopen.sql 100% 394 0.4KB/s 00:00Fetching /exploit/scripts/dba/sql/labelling/oracle_dbopen.tmp to oracle_dbopen.tmp/exploit/scripts/dba/sql/labelling/oracle_dbopen.tmp 100% 8 0.0KB/s 00:00Fetching /exploit/scripts/dba/sql/labelling/oracle_labels.sql to oracle_labels.sql/exploit/scripts/dba/sql/labelling/oracle_labels.sql 100% 1048 1.0KB/s 00:00Fetching /exploit/scripts/dba/sql/labelling/oracle_labels.tmp to oracle_labels.tmpFetching /exploit/scripts/dba/sql/labelling/oracle_labels.txt to oracle_labels.txt/exploit/scripts/dba/sql/labelling/oracle_labels.txt 100% 393 0.4KB/s 00:00sftp> quitroot@miaiba05:/exploit/scripts/dba/sql/labelling # cd sql ksh/exploit/scripts/dba/ksh/labellingroot@miaiba05:/exploit/scripts/dba/ksh/labelling # sftp fp00386@miaibf02Connecting to miaibf02...fp00386@miaibf02's password:sftp> cd /exploit/scripts/dba/ksh/labellingsftp> mget *Fetching /exploit/scripts/dba/ksh/labelling/oracle_labels.ksh to oracle_labels.ksh/exploit/scripts/dba/ksh/labelling/oracle_labels.ksh 100% 4353 4.3KB/s 00:00Fetching /exploit/scripts/dba/ksh/labelling/oracle_labels.ksh.svg to oracle_labels.ksh.svg/exploit/scripts/dba/ksh/labelling/oracle_labels.ksh.svg 100% 4098 4.0KB/s 00:00Fetching /exploit/scripts/dba/ksh/labelling/oracle_labels.old to oracle_labels.old
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 6 of 23
Oracle UserID Labelling
/exploit/scripts/dba/ksh/labelling/oracle_labels.old 100% 4305 4.2KB/s 00:00Fetching /exploit/scripts/dba/ksh/labelling/oracle_labels2.ksh to oracle_labels2.ksh/exploit/scripts/dba/ksh/labelling/oracle_labels2.ksh 100% 4355 4.3KB/s 00:00Fetching /exploit/scripts/dba/ksh/labelling/oracle_labels_cron.ksh to oracle_labels_cron.ksh/exploit/scripts/dba/ksh/labelling/oracle_labels_cron.ksh 100% 609 0.6KB/s 00:00Fetching /exploit/scripts/dba/ksh/labelling/toto to toto/exploit/scripts/dba/ksh/labelling/toto 100% 229 0.2KB/s 00:00sftp> exit
Permissions
root@miaiba05:/exploit/scripts/dba/ksh/labelling # cd /exploit/scriptsroot@miaiba05:/exploit/scripts # chown -R oracle:dba dba
Launch Labeling generation
root@miaiba05:/exploit/scripts # cd /exploit/scripts/dba/ksh/labelling/root@miaiba05:/exploit/scripts/dba/ksh/labelling # ksh oracle_labels.ksh/opt/IBM/SCM/client/oracle_labels.txt[YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL]
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 7 of 23
Oracle UserID Labelling
[YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL][YOU HAVE NEW MAIL]
Check Labeling generation
root@miaiba05:/exploit/scripts/dba/ksh/labelling # more /opt/IBM/SCM/client/oracle_labels.txtIBDFEUR0,BDF_DBA,706/S/*COCORA//BDF_DBAIBDFEUR0,DBSNMP,706/S/*COCORA//DBSNMPIBDFEUR0,FM00669,706/C/IBDFEUR0//FM00669IBDFEUR0,IBDFEUR0,706/C/IBDFEUR0//IBDFEUR0IBDFEUR0,OUTLN,706/S/*COCORA//OUTLNIBDFEUR0,SYS,706/S/*COCORA//SYSIBDFEUR0,SYSTEM,706/S/*COCORA//SYSTEMIBDFEUR0,U_BDF_1,706/C/IBDFEUR0//U_BDF_1IBDFEUR0,U_BDF_RO,706/C/IBDFEUR0//U_BDF_ROIFYTEUR0,DBSNMP,706/S/*COCORA//DBSNMPIFYTEUR0,FM00669,706/C/IFYTEUR0//FM00669IFYTEUR0,FYT_APP,706/C/IFYTEUR0//FYT_APPIFYTEUR0,FYT_DBA,706/C/IFYTEUR0//FYT_DBAIFYTEUR0,FYT_DBL,706/S/*COCORA//FYT_DBLIFYTEUR0,FYT_SYS,706/S/*COCORA//FYT_SYSIFYTEUR0,IFYTEUR0,706/C/IFYTEUR0//IFYTEUR0IFYTEUR0,OUTLN,706/S/*COCORA//OUTLNIFYTEUR0,SYS,706/S/*COCORA//SYSIFYTEUR0,SYSTEM,706/S/*COCORA//SYSTEMIFYTEUR0,TIVOLI,706/S/*COCORA//TIVOLI
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 8 of 23
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 10 of 23
Oracle UserID Labelling
# @(#)08 1.15.1.3 src/bos/usr/sbin/cron/root, cmdcntl, bos520 2/11/94 17:19:47# IBM_PROLOG_BEGIN_TAG# This is an automatically generated prolog.## bos520 src/bos/usr/sbin/cron/root 1.15.1.3## Licensed Materials - Property of IBM## (C) COPYRIGHT International Business Machines Corp. 1989,1994# All Rights Reserved## US Government Users Restricted Rights - Use, duplication or# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.## IBM_PROLOG_END_TAG## COMPONENT_NAME: (CMDCNTL) commands needed for basic system needs## FUNCTIONS:## ORIGINS: 27## (C) COPYRIGHT International Business Machines Corp. 1989,1994# All Rights Reserved# Licensed Materials - Property of IBM## US Government Users Restricted Rights - Use, duplication or# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.##0 3 * * * /usr/sbin/skulker#45 2 * * 0 /usr/lib/spell/compress
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 11 of 23
Oracle UserID Labelling
#45 23 * * * ulimit 5000; /usr/lib/smdemon.cleanu > /dev/null0 11 * * * /usr/bin/errclear -d S,O 300 12 * * * /usr/bin/errclear -d H 900 15 * * * /usr/lib/ras/dumpcheck >/dev/null 2>&1# Purge log LUM0 0 * * * /busapps/rexu/100/_lgi/lum/shell/trclum.sh archlog0 0 * * * /busapps/rexu/100/_lgi/lum/shell/trclum_tmp.sh archlog# SSA warning : Deleting the next two lines may cause errors in redundant# SSA warning : hardware to go undetected.01 5 * * * /usr/lpp/diagnostics/bin/run_ssa_ela 1>/dev/null 2>/dev/null0 * * * * /usr/lpp/diagnostics/bin/run_ssa_healthcheck 1>/dev/null 2>/dev/null# SSA warning : Deleting the next line may allow enclosure hardware errors to go undetected30 * * * * /usr/lpp/diagnostics/bin/run_ssa_encl_healthcheck 1>/dev/null 2>/dev/null# SSA warning : Deleting the next line may allow link speed exceptions to go undetected30 4 * * * /usr/lpp/diagnostics/bin/run_ssa_link_speed 1>/dev/null 2>/dev/null0 0 * * * /opt/csm/bin/cfmupdatenode -a 1>/dev/null 2>/dev/null0 0 * * * /opt/csm/csmbin/cleanup.logs.csp 1>>/var/log/csm/csperror.log 2>>/var/log/csm/csperror.log# DUW Configuration check0 23 * * * /busdata/rduw/eur0/_lgi/home/bin/ODS_SERVER_CONFIG.sh >/dev/null 2>&1#----------------------------------------------------------------------------# added for run Do Once Security Tool in modification mode# Run everyday at 07:00 AM# Check parameters in the config file if issues appear with user right# Read /DoOnceAIX/securityTool/Install/SecurityToolUsersGuide.doc# 0 7 * * * /DoOnceAIX/securityTool/Install/startSecurityTool.ksh -f /DoOnceAIX/securityTool/Install/BIB_DoOnce.config# added for cleaning utmp, wtmp# 0 7 * * * /DoOnceAIX/SecTools/prune_logs/prune_logs#BEGIN_NMON_TAG--------------------------------------------------------------# DCE Support UNIX# AIX performance monitoring# Daily reports : Every days 00:00
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 12 of 23
Oracle UserID Labelling
# nmon_collect.sh : Gather information using nmon# nmon_convert.sh : Convert nmon files in csv file format, compress and purge files# Weekly reports : Every monday 00:00# week_nmon_collect.sh : Gather information using nmon for a week# week_nmon_collect.sh : Convert nmon files in csv file format, compress and purge files#----------------------------------------------------------------------------0 0 * * * /bustools/nmon/current/script/nmon_collect.sh >/dev/null 2>&158 23 * * * /bustools/nmon/current/script/nmon_convert.sh >/dev/null 2>&10 0 * * 1 /bustools/nmon/current/script/week_nmon_collect.sh >/dev/null 2>&140 23 * * 0 /bustools/nmon/current/script/week_nmon_convert.sh >/dev/null 2>&1#END_NMON_TAG--------------------------------------------------------------# RAS db2 collect script0 15 * * 3 /bustools/rras/100/_lgi/scripts/collect/collect_aix_db2.pl 2>&1 >> /bustools/rras/100/_lgi/results/log/collect_aix_db2.log00 00 * * 1 find /var/spool/mqueue -type f -mtime +7 -exec rm -f {} ;\# If srmAIX data generation has not terminated, stop before starting new day0 0 * * * /var/adm/perfmgr/bin/terminate.srm ; /var/adm/perfmgr/bin/verify.srm# Verify srmAIX data is still being generated25,55 * * * * /var/adm/perfmgr/bin/verify.srm# Remove srmAIX data files older than 7 days0 1 * * * /var/adm/perfmgr/bin/clean.account# Create srmAIX envstat file50 23 * * * /var/adm/perfmgr/bin/config.srm# Create srmAIX Single File for Data Transfer59 23 * * * /var/adm/perfmgr/bin/package.srm -z# WLM_scan_and_assign : scan every process throughs svmon -P command# and assign them to a WLM class every minute to estimate application consumption# Those result can be exploited through nmon_Analyser* * * * * /busapps/rexu/100/_lgi/rexu_tools/shell/WLM_scan_and_assign.ksh >/dev/null 2>&1# Update motd info0 7 * * * /busapps/rexu/100/_lgi/scripts/AIX/Updt_motd.ksh#
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 13 of 23
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 14 of 23
Oracle UserID Labelling
SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 11 23:33:02 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
SQL> set verify onSQL> set trimspool offSQL> set heading onSQL> set feedback onSQL> set pagesize 14SQL> set linesize 80SQL> exitDisconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
SQL*Plus: Release 11.2.0.1.0 Production on Wed Jan 11 23:33:12 2012 Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
SQL> set verify onSQL> set trimspool offSQL> set heading onSQL> set feedback onSQL> set pagesize 14SQL> set linesize 80SQL> exit
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 15 of 23
Create a windows schedule task to plan the perl execution daily
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 21 of 23
Oracle UserID Labelling
4. Annexe
URT Error Level (Status Level)
The table below contains the ‘Error Level’ (or ‘Status Level’) assigned to each account when performing revalidation:
Error level DescriptionSTATUS_TOFOUND 100 User ID convention syntax correct, not yet revalidated (revalidation pending)STATUS_FOUND 0 User ID convention syntax correct and found in BluePagesSTATUS_MISMATCH_NAME 1 User ID convention syntax correct but cannot match first nameSTATUS_FOUND_E 2 User ID convention syntax correct, external (E) flag usedSTATUS_FOUND_UID0 50 User ID convention syntax correct; accounts with UID0STATUS_NOTFOUND 200 User ID convention syntax correct but serial number not found in BluePagesSTATUS_W_COUNTRY 300 User ID convention syntax error: wrong country codeSTATUS_W_STATUS 301 User ID convention syntax error: wrong statusSTATUS_W_SERIAL 302 User ID convention syntax error: serial number incorrect formatSTATUS_NOUSERID 303 User ID convention syntax error: field emptySTATUS_WFUSERID 304 User ID convention syntax error: wrong formatWGROUP 305 User ID convention syntax error: intermediate code does not exist
STATUS_SERIAL_MANAGER 306User ID convention syntax error: using an existing serial number but person is not a manager
STATUS_I_FLAG 308 User ID convention syntax error: invalid use of I flag (e.g. used with an intermediate code)STATUS_SF_FLAG 309 User ID convention syntax error: S, F, or V flag used with a non-intermediate codeSTATUS_N_FLAG 310 User ID convention syntax error: N flag used without a standard serial numberSTATUS_E_FLAG 311 User ID convention syntax error: E or T flag used with an intermediate codeSTATUS_SKIP 400 User ID convention syntax correct; account skipped because flagged as customer/vendorSTATUS_SKIP2 401 User ID convention syntax missing customer account assumedSTATUS_SKIPDOMAIN 403 Domain (non-local) users skippedSTATUS_DONOTTREAT 500 User ID convention syntax correct; validated by intermediate codeSTATUS_USER_DISABLED 501 User account disabled
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 22 of 23
Oracle UserID Labelling
STATUS_WGROUP_KOTBD 600 KOTBD (To be defined) flag foundSTATUS_BP_ERROR 706 BluePages service server not responseSTATUS_BP_AMBIGOUS 707 BluePages service send more than one result
Document: document.doc Date: 10:36 AM 21/04/2023Version: V1.1
Owner: S Verdier Status: FinalSubject: Oracle UserId Labelling Page 23 of 23