tmux vs screen

I was a big fan of screen but against RHEL8 I have to move on tmux. Is is ok, by my finger memory have been adjusting to screen configuration, so there is a .tmux.conf with screen binding.

unbind C-b
### change default prefix to screen prefix C-a
set -g prefix C-a
set -g status-bg black
set -g status-fg white
set-window-option -g window-status-current-bg white
set-window-option -g window-status-current-fg black
set-window-option -g window-status-current-attr bold
set -g status-left '#[fg=colour80](#S) #(whoami) '
set -g status-justify centre
bind-key C-a last-window
bind-key C-c new-window
bind-key space next-window
bind-key bspace previous-window
bind a send-prefix
### set mouse on with prefix+m and off with prefix+M 
bind m \
    set -g mouse on \;\
    display 'Mouse: ON'
bind M \
    set -g mouse off \;\
    display 'Mouse: OFF'

test1

info-kerberos

Table of Contents

• 1 def
• 2 klist
• 3 kdestroy
• 4 create keytab (on AD)
• 5 get kerberos ticket (on service server)
• 6 files

1 def

• The CLIENT and SERVER do not initially share an encryption key.
• Whenever a CLIENT authenticates itself to a new VERIFIER it relies on the AUTHENTICATION SERVER to generate a new encryption key and distribute it securely to both parties (CLIENT and VERIFIER)
• The Kerberos TICKET is a certificate issued by an AUTHENTICATION SERVER, encrypted using the SERVER KEY.
• The TICKET is not sent directly to the VERIFIER, but is instead sent to the CLIENT who forwards it to the VERIFIER as part of the application request. Because the ticket is encrypted in the SERVER KEY, known only by the AUTHENTICATION SERVER and intended VERIFIER, it is not possible for the CLIENT to modify the ticket without detection.
• There are two parts to the application request, a TICKET and an AUTHENTICATOR:
  1. The AUTHENTICATOR includes, among other fields (all encrypted with the SESSION KEY):
     • the current time
     • a checksum
     • an optional encryption key
  2. When a client wishes to create an association with a particular VERIFIER, the client uses the authentication request and response, messages, to obtain a TICKET and SESSION KEY from the AUTHENTICATION SERVER.

2 klist

• klist -k [keytab_file] #sprawdzanie principali w pliku keytab
• klist -k #sprawdzanie principali w defaultowym pliku, można sprawdzić path do pliku
• klist #sprawdzanie principali z plików w /tmp/krb5cc_[nr]

3 kdestroy

4 create keytab (on AD)

1. stworzenie nowego usera w AD trzymającego principal-e
   • opcja dla usera - password never expires
2. dopisanie principala do powyższego usera za pomocą ktpass dostarczonego przez Windows Server 2003 Support Tools http://support.microsoft.com/kb/892777
   • ktpass -princ HTTP/[service_hostname]@[DOMAIN] -mapuser [above_ad_user] -pass [above_ad_user_pass] [/desonly] [-crypto des-cbc-crc] -out [output_file]
3. sprawdzenie
   • AD => user => properties => Account => [User logon name: HTTP/[service_hostname]@[domain]

5 get kerberos ticket (on service server)

• kinit [principal_name as above HTTP/[service_hostname]

6 files

• /etc/krb5.conf - namiary na domenę i server AD
• /etc/krb5.keytab - defaultowy keytab
• /etc/krb5.realms
• /tmp/krb5cc_500 - zapisane credentiale

WINDOWS RUN

Run commands

COMMAND	DESCRIBE
msconfig	system config
compmgmt.msc	computer manager
lusrmgr.msc	local users and groups manager
devmgmt,msc	devices manager
diskmgmt.msc	disc manager
services.msc	services
fsmgmt.msc	share folders manager
eventvwr.msc	show logs
gpedit.msc	group rules
certmgr.msc	cert manager
perfmon.msc	per monitor
dnsmgmt.msc	dns
dhcpmgmt.msc	dhcp
appwiz.cpl	add software
hdwwiz.cpl	add devices
sysdm.cpl	system properties
ncpa.cpl	network settings
inetcpl.cpl	network properties
control admintools	Administrative Tools
control desktop	Display Properties
control printers	Printers and Faxes
control schedtasks	Scheduled Task
control netconnections	Network Connections

Translate error code

1. convert error: dicimal => hex
2. get last 4 digit
3. convert last_4digit: hex => decimal
4. cmd: net helpmsg [last_{4digitdecimal]}

LINUX BASH

Set

set -x	Display commands and their arguments as they are executed. +x turn off
set -v	Display shell input lines as they are read. +v turn off

Params

$?	error code
$#	a number of params
$@	list params
$*	list params
$0	script name
$1	param nr 1
$$	process ID

Keybindings

S-M-$	complete variable
S-<	first command in history
C-p	previous command in history
C-n	next command in history
S->	last command in history
C-e	jump to EOL
C-a	jump to BOL
M-f	jump forward a word
M-b	jump back a world
C-u	delete from BOL to cursor
C-k	delete from cursor to EOL
M-d	delete word forward from cursor
C-w	delete word backward from cursor

Variable manipulation

• (command1; command2;…) #command inside brackeds are lauched in subshell with new process id(childs)
  subshell variables are recognized in subshell only
  
• ${var}
  
• ${#var} #a number of variable var characters
  

command	output	desc
export var=(el1 el2 el3); echo ${var[1]}	val2	the second element var variable, which is a list
export var=(el1 el2 el3); echo ${#var[1]}	4	a number of chars in the second element
export var=(el1 el2 el3); echo ${#var[@]}	3	list size
export var=12345; echo ${var:-text}		if var was set the output is var value, if not the output is text, var is not change
export var=12345; echo ${var:=text}		if var was set the output is var value, if not the output is text, var is changed to text
export var=12345; echo ${var:?text}		if var was set the output is var value, if not the output is text to the error output
export var=12345; echo ${var:+text}		if var was set the output is text, var is not change
export var=12345; echo ${var:1:3}	234	get second element (first is 0) and next 3
export var=12345; echo ${var#12}	345	remove elements based on schema 12 from the begining
export var=12345; echo ${var%45}	123	remove elements based on schema 45 from the end
export var=12345; echo ${var/34/ab}	12ab5	substitute elements by pattern 34 to ab anywhere
export var=12345; echo ${var/#12/ab}	ab123	substitute elements by pattern 12 to ab from the beggining
export var=12345; echo ${var/%45/ab}	123ab	substitute elements by pattern 45 to ab from the end

Array

• Array=(el01 el02 el03)
  
• element at the table is matched by [] symbol and by ${Array[0]}
  
• iteration: for i in ${Array[@]};do echo $i; done
  

Buildin variables and commands

zmienna	desc
BASH_SUBSHELL	subshell nr
SECONDS	amount of time running script
FUNCNAME	fuction name
DIRSTACK	current dir
LINENO	currend row
:	true
PWD	current dir
CDPATH	cd command path
TMOUT	logout after [sec] of inactivity

Debug

bash -n [script]	set -n	check without run
bash -x [script]	set -x	debug

Range variable

• function inherits variables from script
  
• script do not inherit variable from function
  
• script inherit variable from for loop
  

Function

• {} #anonymous function, variables from script
  
• in {} there is the block of code which output might be redirect to file {} > output.file,
  block of code from {} is not placed in subshell like for ()
  

Test

[[

• less suprises, safer to use, but it is not portable, not POSIX only bash,
  regexp matching, it is a keyword, not a program
  
• string comparision:
  
  <, >, =, ==, !=
  
• integer comparison:
  
  -lt, -le, -eq, -ge, -gt, -ne
  
• conditional evaluation:
  &&, ||
  
• expression grouping:
  
  (…)
  

[

• right side must be quote ex. if [ -z "$variable ], is sysnonym for test but
  requires a final ], it is a program /usr/bin/[
  
• string comparision:
  
  \<, \>, =, !=
  
• integer comparison:
  
  -lt, -le, -eq, -ge, -gt, -ne
  

files

-f file	true if file exists and is a regular file
-e file	true if file exists
-d file	true if file exists and is a directory

strings

-z string	true if the length of string is zero
-n string	true if the length of string is non-zero

using

• [ c1 ] ||/&& [ c2 ]
  
• both alternatives are different ex:
  

  	c1	c2
  and	OK	is run
  and	FAIL	is not run
  or	OK	is not run
  or	FAIL	is run

  
  

Getopts

variable	description
OPTIND	Holds the index to the next argument to be processed. This is how getopts "remembers" its own status between invocations. Also usefull to shift the positional parameters after processing with getopts. OPTIND is initially set to 1, and needs to be re-set to 1 if you want to parse anything again with getopts
OPTARG	This variable is set to an argument for an option found by getopts, but if the option is unknown it contains the option flag.
OPTERR	(Values 0 or 1) Indicates if Bash should display error messages generated by the getopts builtin. The value is initialized to 1 on every shell startup - so be sure to always set it to 0 if you don't want to see annoying messages!

• getopts OPTSTRING VARNAME [ARGS…]
  

  OPTSTRING	tells getopts which options to expect and where to expect arguments (see below)
  VARNAME	tells getopts which shell-variable to use for option reporting
  ARGS	tells getopts to parse these optional words instead of the positional parameters

  
  
  
• commands without any args - nothing happened? Right. getopts didn't see any valid or invalid options (letters preceeded by a dash),
  so it wasn't triggered.
  
• commands without any flags - nothing happened? The very same case: getopts didn't see any valid or invalid options
  (letters preceeded by a dash), so it wasn't triggered.
  
• invalid options don't stop the processing: If you want to stop the script, you have to do it yourself (exit in the right place)
  
• multiple identical options are possible: If you want to disallow these, you have to check manually (e.g. by setting a variable or so)
  

OPTSTRING

• When you want getopts to expect an argument for an option, just place a : (colon) after the proper option flag.
  
• If the very first character of the option-string is a : (colon), which normally would be nonsense
  because there's no option letter preceeding it, getopts switches to the mode "silent error reporting".
  In productive scripts, this is usually what you want (handle errors yourself and don't get disturbed by annoying messages).
  

ARGS

• The getopts utility parses the positional parameters of the current shell or function by default (which means it parses "$@").
  You can give your own set of arguments to the utility to parse. Whenever additional arguments are given after the VARNAME parameter,
  getopts doesn't try to parse the positional parameters, but these given words.
  A call to getopts without these additional arguments is equivalent to explicitly calling it with "$@".
  

Calculate

• echo $((2+3))
  

Return status

• last command at function or script determe exit status, thisis bash return value
  
• exit status might be at range 0-255
  

Commands

eval	change string from variable to command ex. i="ls"; eval $i
source	from command line run script, from script working as #include (same as dot-command)
exec	do not create fork but create new shell process, go out from script
true,false	return 0 as exit status of error
help [bash_command]	help for bash commands ex. help eval

Output

ex 1: command > /dev/null 2>&1

1. redirect standard output /dev/stdout to /dev/null
   
2. redirect standard error /dev/stderr to device point at standard output /dev/stdout, so to /dev/null
   

Summarize: all output is redirect to /dev/null

ex 2: command 2>&1 > /dev/null

1. redirect error output /dev/stderr to device point at standard output /dev/stdout
   
2. redirect standard ouptut /dev/stdout to /dev/null but error output /dev/stderr
   is still redirected to /dev/stdout
   

Summarize: /dev/stdout to /dev/null and /dev/stderror to previous /dev/stdout

Printf

• printf "%-30s%s" "hello" $VAR
  

Colors in directory

• dircolors -p ~/.dircolors
  
• eval `/usr/bin/dircolors -b ~/.dircolors`
  
• alias dir="dir –color"
  
• alias ls="ls –color"
  

color symbols

desc	atrybut
none	00
bold	01
underscore	04
blink	05
reverse	07
concealed	08
	font kolor	background color
black	30	40
red	31	41
green	32	42
yellow	33	43
blue	34	44
magenta	35	45
cyan	36	46
white	37	47

ORACLE TRACE

Remember that trace files are in the user_dump_destination, but for jobs and for shared server configurations they are in background_dump_destination.

Oracle 9i

turn on trace in another session:

EXECUTE dbms_system.set_ev ([sid],[serial#],10046,[level],'');
turn off
EXECUTE dbms_system.set_ev ([sid],[serial#],10046,0,'');

---

Oracle 9i/10g

turn on trace for current session:

ALTER SESSION SET EVENTS '10046 trace name context forever, level [level#]'

• level 0 #off
• level 1 #default
• level 4 #default + bind variable values
• level 8 #default + wait event information
• level 12 #level 4 + level 8

turn off
ALTER SESSION SET EVENTS '10046 trace name context off'

---

Oracle 9i/10g

turn on trace for os process:

ORADEBUG SETOSPID [os process from v$process];
ORADEBUG EVENT 10046 TRACE NAME CONTEXT FOREVER, LEVEL [level#];
ORADEBUG TRACEFILE_NAME; --display current tracefile
turn off
ORADEBUG EVENT 10046 TRACE NAME CONTEXT OFF;

---

Oracle 9i/10g

turn on trace for current session:

dbms_support package in $ORACLE_HOME/rdbms/admin/dbmssupp.sql
EXEC dbms_support.start_trace(waits=>TRUE, binds=>TRUE);
turn off
EXEC dbms_support.stop_trace;

turn on trace for the other session:

EXEC dbms_support.start_trace_in_session(sid=>[sid], serial=>[serial#], waits=>TRUE, binds=>TRUE);
turn off
EXEC dbms_support.stop_trace_in_session(sid=>[sid], serial=>[serial#]);

---

Oracle 10g

turn on trace for current session:

exec DBMS_MONITOR.SESSION_TRACE_ENABLE (session_id => [sid],serial_num => [serial#], waits => TRUE,binds => TRUE);
turn off
exec DBMS_MONITOR.SESSION_TRACE_DISABLE(session_id=> [sid],serial_num=> [serial#]);
check:
SELECT sql_trace,sql_trace_waits,sql_trace_binds FROM v$session;

turn on trace for client:

exec DBMS_MONITOR.CLIENT_ID_TRACE_ENABLE(client_id => '[client_name]',waits => TRUE, binds => TRUE);
turn off
exec DBMS_MONITOR.CLIENT_ID_TRACE_DISABLE(client_id => '[client_name]');

turn on trace at database level:

exec DBMS_MONITOR.DATABASE_TRACE_ENABLE (waits => TRUE,binds => TRUE,instance_name > NULL);
turn off
exec DBMS_MONITOR.DATABASE_TRACE_DISABLE(instance_name > NULL);
check:
SELECT * FROM dba_enabled_traces;

---

Oracle 11g

turn on trace at component level

exec DBMS_MONITOR.SERV_MOD_ACT_TRACE_ENABLE(service_name => '[serv_name]', module_name => '[module]',action_name => '[action]',waits => TRUE,binds => FALSE, instance_name => NULL);
turn off
exec DBMS_MONITOR.SERV_MOD_TRACE_DISABLE(service_name => 'serv_name',module_name => 'module',action_name => '[action]',instance_name => NULL);
check: SELECT * FROM dba_enabled_traces;

LINUX NETWORK

Turn off NetworkManager:

• chkconfig NetworkManager off
• systemclt disable NetworkManager.service

Setting gateway:

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=[hostname]
GATEWAY=[IP]

Bonding module:

/etc/modprobe.d/bond.conf

alias bond0 bonding
options bond0 miimon=100 mode=1

Setting ordinary interfaces:

/etc/sysconfig/network-scripts/ifcfg-[dev_name]

DEVICE=[dev_name]
BOOTPROTO=none
HWADDR=AA:AA:AA:AA:AA:AA
ONBOOT=yes
MASTER=bond0
SLAVE=yes
NM_CONTROLLED=no

Setting bond interfaces

/etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=[IP]
NETMASK=[MASK]
IPV6INIT=no
NM_CONTROLLED=no

iwlist

• iwlist [interface] frequency

WIFI - wpa_supplicant

wpa_passphrase

• wpa_passphrase "[ssid]" "[passphrase]" #generating psk key which is used by wpa_supplicant.conf

wpa_supplicant.conf

/etc/wpa_supplicant/wpa_supplicant.conf

network={
  ssid="leny"
  #psk="[opentext_passphrase]"
  psk=[psk_from_wpa_passphrase]
  scan_ssid=1
  proto=WPA2 #WPA RSN
  priority=1
  scan_ssid=1 #if ssid is hidden
  #key_mgmt=WPA-EAP
  #key_mgmt=WPA-PSK
}

lanunch wifi steps:

1. ip link set [dev_name] up
2. iw [dev_name] scan
3. wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -Dwext -i[dev_name] -B #run as daemon (-B flag)
4. dhclient [dev_name]
5. ip addr show [dev_name]
6. route add default gw [IP]

ORACLE AUDIT

Table of Contents

• 1 Init params
  • 1.1 AUDIT_TRAIL
• 2 Turn on
• 3 VIEWS for SYS.AUD$
• 4 Options
  • 4.1 default audit options
  • 4.2 ALL
  • 4.3 ADDITIONAL
  • 4.4 Objects available to audit
• 5 Truncate audit table
  • 5.1 DBMS_AUDIT_MGMT

1 Init params

initoption	values	desc
AUDIT_TRAIL	NONE/DB/OS/DB,EXTENDED/XML/XML,EXTENDED	turn on audit and set type
AUDIT_FILE_DEST		set directory for audit files when AUDIT_TRAIL=OS, default: $ORACLE_HOME/rdbms/audit
AUDIT_SYS_OPERATIONS	TRUE/FALSE	for sys operations

1.1 AUDIT_TRAIL

• in 11g audyt is set default on DB value

none or false	Auditing is disabled.
db or true	Auditing is enabled, with all audit records stored in the database audit trial (SYS.AUD$).
db,extended	As db, but the SQL_BIND and SQL_TEXT columns are also populated.
xml	Auditing is enabled, with all audit records stored as XML format OS files.
xml,extended	As xml, but the SQL_BIND and SQL_TEXT columns are also populated.
os	Auditing is enabled, with all audit records directed to the operating system's audit trail.

2 Turn on

• set param audit_trail

Commands:

AUDIT	turn on audit
NOAUDIT ALL	turn off all audit operations for current user
NOAUDIT ALL BY [username]
NOAUDIT SELECT TABLE BY [username]
AUDIT ALL BY [username] BY ACCESS/SESSION	ACCESS - log everytime the event heppen, SESSION - log only at first time
NOAUDIT TABLE BY [username]
AUDIT select table, insert table, delete table, update table BY [username] BY ACCESS

Views:

STMT_AUDIT_OPTION_MAP	Contains information about auditing option type codes. Created by the SQL.BSQ script at CREATE DATABASE time.
AUDIT_ACTIONS	Contains descriptions for audit trail action type codes
ALL_DEF_AUDIT_OPTS	Contains default object-auditing options that will be applied when objects are created

3 VIEWS for SYS.AUD$

DBA_STMT_AUDIT_OPTS	show running audits for user
DBA_PRIV_AUDIT_OPTS	Describes current system privileges being audited across the system and by user
DBA_OBJ_AUDIT_OPTS	Describes auditing options on all objects. USER view describes auditing options on all objects owned by the current user.
DBA_AUDIT_TRAIL	Lists all audit trail entries USER view shows audit trail entries relating to current user.
DBA_AUDIT_STATEMENT	Lists audit trail records concerning GRANT, REVOKE, AUDIT, NOAUDIT, and ALTER SYSTEM statements throughout the database, or for the USER view, issued by the user
DBA_AUDIT_EXISTS	Lists audit trail entries produced BY AUDIT NOT EXISTS
DBA_AUDIT_SESSION	Lists all audit trail records concerning CONNECT and DISCONNECT. USER view lists all audit trail records concerning connections and disconnections for the current user.
DBA_AUDIT_OBJECT	Contains audit trail records for all objects in the database. USER view lists audit trail records for statements concerning objects that are accessible to the current user.

• DDL (CREATE, ALTER & DROP of objects)
• DML (INSERT UPDATE, DELETE, SELECT, EXECUTE).
• SYSTEM EVENTS (LOGON, LOGOFF etc.)
• SELECT * FROM dba_stmt_audit_opts ORDER BY 1,3;

col obj_name format a30
col owner format a15
col username format a15
SELECT owner,username,obj_name,action_name,to_char(timestamp,'YYYY-MM-DD HH24:MI:SS') FROM dba_audit_trail 
  WHERE timestamp >= trunc(sysdate-1) and username='CCI' order by timestamp;
prompt ###zajetosc_tabeli_audytu
SELECT sum(bytes)/1024/1024 as MB FROM dba_segments WHERE segment_name='AUD$';

4 Options

4.1 default audit options

• rdbms/admin/secconf.sql
• rdbms/admin/undoaud.sql #wylaczenie

4.2 ALL

Object	SQL Statements and Operations Audited
ALTER SYSTEM	ALTER SYSTEM
CLUSTER	CREATE, ALTER, DROP, TRUNCATE
CONTEXT	CREATE, DROP
DATABASE LINK	CREATE, ALTER, ALTER PUBLIC DATABASE LINK, DROP DATABASE LINK
DIMENSION	CREATE, ALTER, DROP
DIRECTORY	CREATE, DROP
INDEX	CREATE INDEX, ALTER, ANALYZE INDEX, DROP
MATERIALIZED VIEW	CREATE, ALTER, DROP
NOT EXISTS	All SQL statements that fail because a specified object does not exist.
OUTLINE	CREATE, ALTER, DROP
PROCEDURE	CREATE FUNCTION, CREATE LIBRARY, CREATE PACKAGE, CREATE PACKAGE BODY
	CREATE PROCEDURE, DROP FUNCTION, DROP LIBRARY, DROP PACKAGE, DROP PROCEDURE
PROFILE	CREATE, ALTER, DROP
PUBLIC DATABASE LINK	CREATE, DROP
PUBLIC SYNONYM	CREATE, DROP
ROLE	CREATE, ALTER, DROP, SET
ROLLBACK SEGMENT	CREATE, ALTER, DROP
SEQUENCE	CREATE, DROP
SESSION	Logons
SYNONYM	CREATE, DROP
SYSTEM AUDIT	AUDIT sql_statements, NOAUDIT sql_statements
SYSTEM GRANT	GRANT system_privileges_and_roles, REVOKE system_privileges_and_roles
TABLE	CREATE, DROP,TRUNCATE TABLE
TABLESPACE	CREATE, TABLESPACE, ALTER, DROP
TRIGGER	CREATE, ALTER with ENABLE and DISABLE clauses, DROP, ALTER TABLE with ENABLE ALL TRIGGERS clause and DISABLE ALL TRIGGERS clause
TYPE	CREATE, CREATE TYPE BODY,ALTER,DROP,DROP TYPE BODY
USER	CREATE, ALTER, DROP
VIEW	CREATE, DROP

Notes:

• AUDIT USER #audits three SQL statements: CREATE, ALTER, DROP Use AUDIT ALTER USER to audit statements that require the ALTER USER system privilege. An AUDIT ALTER USER statement does not audit a user changing his or her own password, as this activity does not require the ALTER USER system privilege.

4.3 ADDITIONAL

ALTER SEQUENCE	ALTER SEQUENCE
ALTER TABLE	ALTER TABLE
COMMENT TABLE	COMMENT ON TABLE table, view, materialized view,COMMENT ON COLUMN table.column, view.column, materialized view.column
DELETE TABLE	DELETE FROM table, view
EXECUTE PROCEDURE	CALL
	Execution of any procedure or function or access to any variable, library, or cursor inside a package.
GRANT DIRECTORY	GRANT privilege ON directory,REVOKE privilege ON directory
GRANT PROCEDURE	GRANT privilege ON procedure, function, package,REVOKE privilege ON procedure, function, package
GRANT SEQUENCE	GRANT privilege ON sequence,REVOKE privilege ON sequence
GRANT TABLE	GRANT privilege ON table, view, materialized view,REVOKE privilege ON table, view, materialized view
GRANT TYPE	GRANT privilege ON TYPE,REVOKE privilege ON TYPE
INSERT TABLE	INSERT INTO table, view
LOCK TABLE	LOCK TABLE table, view
SELECT SEQUENCE	Any statement containing sequence.CURRVAL or sequence.NEXTVAL
SELECT TABLE	SELECT FROM table, view, materialized view
UPDATE TABLE	UPDATE table, view

4.4 Objects available to audit

Object	SQL Operations
Table	ALTER, AUDIT, COMMENT, DELETE, FLASHBACK, GRANT, INDEX, INSERT, LOCK, RENAME, SELECT, UPDATE
View	AUDIT, COMMENT, DELETE, FLASHBACK, GRANT, INSERT, LOCK, RENAME, SELECT, UPDATE
Sequence	ALTER, AUDIT, GRANT, SELECT
Procedure, Function, Package	AUDIT, EXECUTE,GRANT
Materialized View	ALTER, AUDIT, COMMENT, DELETE, INDEX, INSERT, LOCK, SELECT, UPDATE
Mining Model	AUDIT, COMMENT, GRANT, RENAME, SELECT
Directory	AUDIT, GRANT, READ
Library	EXECUTE, GRANT
Object Type	ALTER, AUDIT, GRANT

5 Truncate audit table

• truncate table SYS.AUD$;

5.1 DBMS_AUDIT_MGMT

• DBA_AUDIT_MGMT_CONFIG_PARAMS;

LINUX INFO

Table of Contents

• 1 Commands

1 Commands

n	next the same level
p	previous
]	next deeper
[	previous
t	top
d	directory
l	last
r	other way of last
L	history
m	menu
tab	positions in menu
f	reference
s	search
i	index
g	go to node
n	move to the "next" node of this node
p	move to the "previous" node of this node
m	pick menu item specified by name (or abbreviation), picking a menu item causes another node to be selected
d	go to the Info directory mode
<	go to the top node of this file
>	go to the final node in this file
[	go backward one node, considering all nodes as forming one sequence
]	go forward one node, considering all nodes as forming one sequence
tab	move cursor to next cross-reference or menu item
M-TAB	move cursor to previous cross-reference or menu item
f	follow a cross reference. Reads name of reference
l	move back in history to the last node you were at/td>
r	move forward in history to the node you returned from after using l
L	go to menu of visited nodes
T	go to table of contents of the current Info file

EMACS PYTHON MODE

C-c >	indent right
C-c <	indent left
M-/	dynamic completion
C-M-i	completion
C-M-h	mark class or function
C-c C-z	python interpreter
C-j	go to next indent line
C-c C-c	run buffer
C-c C-r	run selected code
C-M-x	run current functionsy

EMACS ORG MODE

MANIPULATION
[tab]	expand
[Shift]-[tab]	colapse
M-[left]/[right]	nesting level
M-[up]/[down]	change place on the same level
[Shift]-[left]/[right]	task status | list type
[Shift]-[down]	task priority
EDIT
C-c C-q	add/change tag
C-c C-x p	add property
C-c C-x d	delete property
C-c C-e	export to another format
C-c C-c	edit checkbox
C-c C-e t	instert default template
-----	horizontal line
\\	end of line (during export to html)
LINKS
C-c C-l	edit link
C-c C-o	follow the link
[[link][description]]	link
<<link>>	target
[[target]]	link to target
[[header]]	link to header
DATE and TIME
C-c .	add timestamp
[Shift]-[right]	change timestamp
C-c C-d	add deadline time
C-c C-s	add schedule time
AGENDA
C-c a	open agenda
f	forward week
b	backward week
.	present day
C-c [	add file to agenda
C-c ]	remove from agenda
org-agenda-file variable
[space]	press space in agenda window to go to event
ELEMENTS
[% | /]	lists status
[ ]	checkbox
[fn:1]	footnote
TABLES
C-^	sort table
| col1 | col2 | [tab]	add table row
|-	add horizontal line
M-[left] | [right] | [up] | [down]	move column | row
[Shift]-M-[down]	insert row above
[Shift]-M-[up]	delete current row
[Shift]-M-[right]	insert column
[Shift]-M-[left]	delete column
	insert vertical line at first row if want export to html
#+ATTR_HTML: border="1" rules="all" frame="all"	border between cells during export to html
<nr>	put in empty cell to set column width, you can set #+STARTUP: align parameter
calc
:=	add forumla to the current field
:=vmean(@II..@III)	vertical arythmetic mean from II to III horizontal line
:=vsum(@II..@III)	vertical sum from II to III horizontal line
=	add forumla to the whole column, if the field contains only ‘=’, the previously stored formula for this column is used
C-c ?	find table current field coordinates
C-c }	grid coordinates on/off
$1	first column
@1	first row
$-2	third column from right to left
$+2	third column from left to right
@I	first hline
@I..@II	range from first hline to second hline
@1$2	1nd row, 2rd column
@-1$-3	the field one row up, three columns to the left
@-I$2	field just under hline above current row, column 2
@2$1..@4$3	6 fields between these two fields
@-1$-2..@-1	3 numbers from the column to the left, 2 up to current row
C-u C-c =	install a new formula for the current field
C-c =	edit the formula for the current field
C-c C-c	recompute formula
C-u C-c *	recompute all table
C-u C-c *	recompute all table
#+TBLFM: @10$2=vsum(@II..@III)::@11$2=@2$2+@3$2	compute multi formulas
#+TBLFM: $3=@-1+1::@2$3=1	ordered nubmer list at 3rd col
EXPORT OPTION
#+TITLE: the title to be shown (default is the buffer name) #+AUTHOR: the author (default taken from user-full-name) #+DATE: a date, fixed, of a format string for format-time-string #+EMAIL: his/her email address (default from user-mail-address) #+DESCRIPTION: the page description, e.g. for the XHTML meta tag #+KEYWORDS: the page keywords, e.g. for the XHTML meta tag #+LANGUAGE: language for HTML, e.g. ‘en’ (org-export-default-language) #+TEXT: Some descriptive text to be inserted at the beginning. #+TEXT: Several lines may be given. #+OPTIONS: H:2 num:t toc:t \n:nil @:t ::t |:t ^:t f:t TeX:t ... #+LINK_UP: the ``up'' link of an exported page #+LINK_HOME: the ``home'' link of an exported page #+LATEX_HEADER: extra line(s) for the LaTeX header, like \usepackage{xyz} you can put all above settings to one file and point at by: #+SETUPFILE: ~/[filepath]
EXPORT TIPS
@<b>bold text@</b>	use html tags
#+HTML: Literal HTML code for export	as above
#+BEGIN_HTML All lines between these markers are exported literally #+END_HTML	as above

! before export to pdf you must install rubber

EMACS DIRED MODE

M-x dired	dired mode
o	open file in split window horizontaly
enter	open file | enter dir
C	copy file
R	rename file
D	delete file
Z	compress file
M	chmod
O	chown
G	chgrp
m	mark
u	unmark
U	unmark all
g	refresh
A	search
^	parent dir
t	new dir
q	close dir

EMACS

HELP:
C-h m	curent mode info
C-h k	key bind info
C-h a	search function
MAIN:
C-x C-c	exit
C-/	undo
[space] C-/	redo
C-x C-b	buffer list
C-g | Esc Esc Esc	keyboard quit
C-x b	switch between buffers
C-x C-w	save buffer as
C-x C-f	open file
C-u [nr] [arg]	repeat argument [nr] times, default 4 times
SEARCH:
C-s	search forward
C-r	search backward
M-%	find and repleace
BUFFERS:
C-x C-s	save all buffers
C-x s	save current buffer
C-x k	kill buffer
C-x C-b	show buffer menu
BUFFER MENU:
d	kill buffer
s	save buffer
x	perform previously requested deletions and saves
u	undo save and kill
%	read only flag
*	modify flag
q	quit buffer menu
o	open buffer in another window
WINDOWS:
C-x 2	horizontal window
C-x 3	vertical window
C-x 0	remove current window
C-x 1	remove all other windows
C-x o	change window
C-x ^	taller window
C-x }	wider window
EDIT:
C-[space]	select
C-[space] [space]	unselect
M-w	copy the previously selected
C-w	cut the previously selected
C-y	paste
C-a C-k	delete line
C-k	delete from cursor to the end of line
C-h b	help key bindings
M-;	comment/uncomment
M-g g	go to line
C-x r t [string]	insert vertical column
C-x k	kill region
Alt ;	insert comment
C-x r t	insert character at every match line
C-x r k	delete first rectangle at match line(match upto next line field to delete)
INDENT:
C-u [num | -num] C-x [tab]	indent previous selected region [num] of lines, minus means indent left
OTHER MODE:
M-x dired	file manager mode
M-x python-mode	python mode

ORACLE SQLNET

sqlnet.ora
trace_level_server=16 #turn on logging for server (4-USER,10-ADMIN,16-SUPPORT)
trace_level_client=16 #turn on logging for client
trace_directory_server=/tmp/oratrace #logfile dir
trace_directory_client=/tmp/oratrace
trace_file_client=cli #logfile name
trace_file_server=srv
trace_unique_client=true

KERBEROS

GIT

git config --list
git config --global user.name "dupa jas"
git config --global user.email fdsf@das.pl
git config --global core.editor vim
git config --global merge.tool diff
git help command
man git-command
git status
git init         #create git structure in .git directory

base commands:
git add .                    #add all files inside current directory to track
git rm file                  #remove file
git mv file1 file2           #move file
git commit -a m "comment"    #commit all without staged
git commit -v                #show changes to commit
git commit --amend

branching:
git branch -a                       #list all branches, present with flag *
git branch [branch_name]            #create new branch
git checkout [branch_name]          #move to branch
git checkout -b [branch_name]       #create and move to new branch
git checkout -- [file]
git branch [branch_name] [hash|tag] #new branch branch_name from hash or tag
git branch -d [branch_name]         #remove branch
git branch --merged
git branch --no-merged

logging:
git log
git log -1       #show last one commit
git log -p -2    #show diff of two last commits
git log --pretty=oneline|short|medium|full|fuller|email
git log --pretty=format:"%h - %an, %ar : %s"
git log --pretty=format:"%h %s" --graph
git log --merged #only merged commits

diffs:
git diff           #differences between tracking (working directory) and staged files
git diff --staged  #differences between staged and last commit
git diff --cached  #as above?

tagging:
git tag                     #show tags
git tag -a v1 -m 'comment'  #add new tag
git show v1
git tag -a v1.1 hash        #tag old commits

other:
git merge [branch_name]  #ex inside master branch merging changes from branch branch_name
git ls-files --stage     #show files with hash in stage
git hash-object [file]   #make SHA1 hash for file
git mergetool            #choose merge tool
.gitignore               #file with list of ignoring files
info/exclude             #as above but for whole project

initialize git project on server without working directory:
mkdir project-01.git 
cd project-01.git
git --bare init

initialize git project in local directory:
git init
git add .
git commit -m "initialize project"

initialize bare git project from current project;
- developer1:
git clone --bare [current_project] [bare_project].git
git remote add [alias] [path_to_bare_project]
git remote set-head [alias] master
- developer2:
git clone [user]@[developer1_hostname]:[path_to_developer1_bare_project]

send to remote server
git remote add [alias] [user]@[server]:/[path on server to git project dir] #add remote alias
git push origin master #push from master branch to origin alias

git remote -v                                       #check remote server
git remote add [alias] user@server:path/project.git #add remote repo
git remote show origin
git remote rename file1 file2
git remote rm file

git clone [url]              #clonning repo, not checkout, with all history files etc.
git clone git://url dir_name #clone with make local directory dir_name,track master on remote
git clone http(s)://
git clone user@server:/path #ssh clone with default alias origin creation etc.
git clone --bare [project_path] [bare_project_path].git #create bare (without working dir) project from project with working dir

git fetch [alias] #fetch data from remote server with alias to local branch (create pointer only), till last fetch or clone,
git diff [alias] #compare differences 
git merge [alias] #merge differences

git pull [alias] [local_branch]   #as above 3 steps in 1

git remote -v #get remote alias

git push [remote_alias] [branch_name]                      #send branch branch_name to remote repo 
git push [remote_alias] [branch_name]:[remote_branch_name] #as above with name change
git push [remote_alias] :[branchname]                      #remove remote branch 

working dir-------staging area--------git dir
.git/objects #all content
.git/refs    #branches
.git/HEAD    #currently checked out
.git/index   #staging area (index)

LINUX PASSWORD POLICY

Table of Contents

• 1 Password strength:
• 2 Password duration:
  • 2.1 chage
• 3 Password repeat history:
• 4 Login attempts:
  • 4.1 pam_tally2

1 Password strength:

1. check pam module pam_cracklib.so in /lib/security
2. edit /etc/pam.d/system-auth
   • password requisite pam_cracklib.so try_first_pass retry=3 minlen=8 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1

     retry	attempts to pick new password
     minlen	min password length
     ucredit	upper case -1 means at least 1
     lcredit	lower case
     ocredit	special character
     dcredit	digit

2 Password duration:

• For new accounts default settings are in /etc/login.defs
• Settings for current accounts are in /etc/shadow but we edit by command chage

2.1 chage

chage -l [user]	check settings for user
chage -E "YYYY-MM-DD" [user]	set date when account expire, -1 means never
chage -M [nr] [user]	set maximum number of days between password change from last password change, -1 means never expire
chage -d "YYYY-MM-DD" [user]	set last password change
chage -W [nr] [user]	number of days of warning before password expires
chage -i [nr] [user]	set password inactive, when account is blocked after password expire

3 Password repeat history:

• edit /etc/pam.d/system-auth
  • password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=2

    remember

    number of password in history file /etc/security/opasswd

  
  

4 Login attempts:

• check pam module pam_tally2.so in /lib/security
• edit /etc/pam.d/system-auth
  • auth required pam_tally2.so deny=3 unlock_time=60 lock_time=5

    deny	number of attempts to log without deny
    unlock_time	time in sec when next login attempt perform
    lock_time	time in sec when delay every failed login attempt

  • all logs about login attempts are in /var/log/tallylog but we edit by command pam_tally2

4.1 pam_tally2

pam_tally2 -u [user]	check failed login attempts
pam_tally2 -r -u [user]	reset failed login attempts

ORACLE AS

OPMNCTL (Oracle Process Management and Notification Server)
$ORACLE_AS_HOME/opmn/bin/opmnctl help
$ORACLE_AS_HOME/opmn/bin/opmnctl status help
$ORACLE_AS_HOME/opmn/bin/opmnctl status -l
$ORACLE_AS_HOME/opmn/bin/opmnctl stopall
$ORACLE_AS_HOME/opmn/bin/opmnctl startall

check AS version:
cat $ORACLE_AS_HOME/config/ias.properties | grep Version
$ORACLE_AS_HOME/OPatch/opatch lsinventory -detail

ORACLE AWR

Table of Contents

• 1 EM
• 2 DescAWR (Automatic Workload Repository)
• 3 Prerequisities
• 4 Views
  • 4.1 Memory:
  • 4.2 Sql:
  • 4.3 Other:
• 5 Snapshots
  • 5.1 Check snapshots time collection
  • 5.2 Set snapshot retention
  • 5.3 Run manual snapshot:
  • 5.4 Drop snapshot:
• 6 Reports
  • 6.1 Generate AWR report:

1 EM

• Oracle Enterprise Manager => Advisor Central

2 DescAWR (Automatic Workload Repository)

• Stats which are stored in tables WRH$ in SYSAUX tablespace

3 Prerequisities

• STATISTICS_LEVEL = TYPICAL | ALL

4 Views

4.1 Memory:

• DBA_HIST_SGA
• DBA_HIST_PGASTAT
• DBA_HIST_PGA_TARGET_DEVICE
• DBA_HIST_SGASTAT
• DBA_HIST_BUFFER_POOL_STAT
• DBA_HIST_DB_CACHE_ADVICE
• DBA_HIST_SHARED_POOL_ADVICE

4.2 Sql:

• DBA_HIST_SQL_SUMMARY
• DBA_HIST_SQLSTAT
• DBA_HIST_SQL_PLAN

4.3 Other:

• DBA_HIST_SYSSTAT
• DBA_HIST_FILESTATXS
• DBA_HIST_WR_CONTROL
• DBA_HIST_SNAPSHOT
• DBA_HIST_DATABASE_INSTANCE
• DBA_HIST_ACTIVE_SESS_HISTORY

5 Snapshots

5.1 Check snapshots time collection

• SELECT * FROM DBA_HIST_WR_CONTROL

5.2 Set snapshot retention

• DBMS_WORKLOAD_REPOSITORY.MODIFY_SNAPSHOT_SETTINGS ([retention - min],[interwal - min])

5.3 Run manual snapshot:

• DBMS_WORKLOAD_REPOSITORY.CREATE_SNAPSHOT();

5.4 Drop snapshot:

• DBMS_WORKLOAD_REPOSITORY.DROP_SNAPSHOT_RANGE([low_id],[end_id]);

6 Reports

6.1 Generate AWR report:

• $oracle_home/rdbms/admin/awrrpt.sql
• $oracle_home/rdbms/admin/awrrpti.sql # with instance
• ADDM reports (Automatic Database Diagnostic Monitor:
• $oracle_home/rdbms/admin/addmrpt.sql

ORACLE CREATE

create database manualy:


* create PFILE
main changes:
- db_name
- control_files
- audit_file_dest
- background_dump_dest
- user_dump_dest
- core_dump_dest

example init[dbname].ora

*.__db_cache_size=939524096
*.__java_pool_size=16777216
*.__large_pool_size=16777216
*.__shared_pool_size=587202560
*.__streams_pool_size=33554432
*.control_files='[path]/control1.ora','[path]/control2.ora','[path]/control3.ora'
*.audit_file_dest='[path]/admin/adump'
*.core_dump_dest='[path]/admin/cdump'
*.user_dump_dest='[path]/admin/udump'
*.background_dump_dest='[path]/admin/bdump'
*.compatible='10.2.0.1'
*.db_block_size=8192
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_files=1500
*.db_name='[dbname]'
*.global_names=FALSE
*.job_queue_processes=10
*.log_archive_format='[dbname]%t%s%r.arc'
*.log_checkpoint_interval=10000
*.max_dump_file_size='10240'
*.open_cursors=1000
*.optimizer_mode='CHOOSE'
*.pga_aggregate_target=629145600
*.processes=400
*.query_rewrite_enabled='true'
*.remote_login_passwordfile='EXCLUSIVE'
*.service_names='[dbname]'
*.session_max_open_files=40
*.sga_target=1610612736
*.shared_pool_reserved_size=0
*.undo_management='AUTO'
*.undo_retention=100000
*.undo_tablespace='UNDO_TS'

* create password file for new database:
orapwd file=orapw[dbname] password=[pass]

* add new database to listener.ora and tnsnames.ora,

* create dirs for new database file,

* create dirs for trace logs as admin with subdirectories: adump, udump, cdump, bdump,

* set $ORACLE_HOME,$ORACLE_SID

* startup nomount

* run script:

spool crt_db.spool
startup nomount
create database [dbname]
user sys identified by [pass]
user system identified by [pass]
maxinstances 5
maxloghistory 5
maxlogfiles 10
maxlogmembers 5
maxdatafiles 1000
character set EE8ISO8859P2
national character set AL16UTF16
datafile '[path]/system01.dbf' size 512M autoextend on next 10M maxsize unlimited
sysaux datafile '[path]/sysaux01.dbf' SIZE 1024M
logfile group 1 ('[path]/redo01.log') size 100m,
group 2 ('[path]/redo02.log') size 100m,
group 3 ('[path]/redo03.log') size 100m
default temporary tablespace TEMP tempfile '[path]/temp01.dbf' size 2048M
undo tablespace UNDO_TS datafile '[path]/undotbs01.dbf' size 3000M autoextend off,
'[path]/undotbs02.dbf' size 512M autoextend on next 10M maxsize unlimited;
spool off

* run script:

spool catalog.spool
@$ORACLE_HOME/rdbms/admin/catalog.sql
spool off
spool catproc.spool
@$ORACLE_HOME/rdbms/admin/catproc.sql
spool off
spool catrep.spool
@$ORACLE_HOME/rdbms/admin/catrep.sql
spool off
spool initjvm.spool
@$ORACLE_HOME/javavm/install/initjvm.sql
spool off
spool dbmsrand.spool
@$ORACLE_HOME/rdbms/admin/dbmsrand.sql
spool off
spool utlrp.spool
@$ORACLE_HOME/rdbms/admin/utlrp.sql
spool off

POSTGRESQL

all informations are inside great documentation

psql
psql [option] -d [dbname] -h [hostname] -U [username]
psql -l	db list
psql syntax:
\timing	set show sql execution time
\q	quit
\password	set password
\pset	change psql settings
\l	show databases
\d [table]	table desc
\c [database]	connect to db
\da	agregation functions
\db+	tablespaces
\dc	conversions
\df+	functions
\dg+ \du+	roles
\di+	indexes
\ds+	sequences
\dt+	tables
\dv+	views
\dSvtis+	system views,tables,indexes,sequences
\dn+	schemas
\do	operators
\dp	privileges
\encoding	db encoding
\l+	db description
\z	objects with privileges
\o [file]	spool file
\![command]	run OS command
help commands:
\?	info about commands with backslash
\h	sql help
parameters:
show all;	db parameters
show [parametr];	show search_path
show search_path	current schama
set search_path to [other_schema]	now you can see objects from other schema

administrating:

variable PGDATA point to cluster catalog
pg_ctl status #db state
pg_ctl -D [directory] [action]
pg_ctl start | stop |restart #db start,stop you can add -l [logfile]
pg_ctl stop -m [smart | fast | immediate] #db stop smart(default), fast(with rolleback transactions, immediate(shutdown abort)
pg_controldata [cluser_dir] #cluster info
SELECT pg_database_size('[dbname]'); #show db size SELECT pg_size_pretty(pg_database_size('[dbname]')); #show db size SELECT pg_size_pretty(pg_total_relation_size('[table]')); #show table size with index SELECT pg_size_pretty(pg_relation_size('[table]')); #show table without index

DUMP:

-- export:
pg_dump [db_name] > [file] #dump in plaintext format
pg_dump -t '[table]' [db_name] > [file]
pg_dump -Fc #dump in pg_restore format
pg_dumpall > [file] #dump all databases
-- import:
psql [db] < [plik] #import from plaintext format
psql -f [file] postgres #import from plaintext format
pg_restore -d [baza] [plik] #import from pg_restore format
pg_restore -l [plik] #content of dumpfile

CREATE:

initdb --pgdata | -D [cluster_dir] [-E encoding] #cluster initialization,create template1 and postgres database
createdb [dbname] [-D tablespace] [-E encoding] [-O owner] [-T template to create new database]

change host database IP:

change in $PG_DATA/postgresql.conf
change in $PG_DATA/pg_hba.conf (according manual - chapter 20: Client Authentication)

misc:

ALTER TABLE [table] ALTER COLUMN [column] TYPE int USING [column]::int; #change column type from char to int

MANAGE ROLES:

--check
\dg #check system privs
SELECT * FROM pg_roles;
create role [role_name]; #create role
--change
ALTER ROLE [role_name] SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB | CREATEROLE | NOCREATEROLE | CREATEUSER | NOCREATEUSER | INHERIT | NOINHERIT | LOGIN | NOLOGIN | CONNECTION LIMIT [connlimit] | PASSWORD [password] | ENCRYPTED | UNENCRYPTED | VALID UNTIL [timestamp]
--change password
ALTER ROLE [role] PASSWORD '[pass]';

change object privs:

\z #check privs
=xxxx #privileges granted to PUBLIC
uname=xxxx #privileges granted to a user
group gname=xxxx #privileges granted to a group
r -- SELECT ("read")
w -- UPDATE ("write")
a -- INSERT ("append")
d -- DELETE
R -- RULE
x -- REFERENCES
t -- TRIGGER
X -- EXECUTE
U -- USAGE
C -- CREATE
T -- TEMPORARY
arwdRxt -- ALL PRIVILEGES (for tables)
* -- grant option for preceding privilege

GRANT [privs] ON [object] TO [role];