Monday, October 21, 2013

Changing the HDD in netapp and assign the same as spare




Some times we used to face HDD failure in netapp and the role of the failed HDD will be taken care by the spare HDD(Raid 4 setup). So the system will throw the error as "Not enough spare disk" So in this case we have to change the failed HDD with a new one ( should be same size and make with the parent one).


If we check the ONTAP gui the failed HDD will show as broken state (0c.00.6)
 





So first we need to remove the faulty HDD using below mentioned command


#Remove –w 0c.00.06


Then identify the physical disk in the netapp mounted rack which have lights off and remove the HDD physically from the controller .


Insert the new HDD in the same location and wait till the light become green.


Then run the below commands through console ( ssh or telnet)


#priv set advanced


# disk assign 0c.00.06 -s unowned -f


So disk will become orphan state , and next we have to assign the same as spare


#disk unfail -s 0c.00.06


So once we check in GUI we can see that the disk which was in orphan state was assigned as spare to the same controller .


(below case it was 0c.00.2)


 







































Posted by at No comments:
Labels:

Tuesday, April 9, 2013

                         MySQL hardening script 


The MySQL database has become the world's most popular open source database because of its
consistent fast performance, high reliability and ease of use.This script gives some of the
best pracise steps to secure your database from attacks and vulnurabilities for improved
performance .
******************************************************************************
#!/bin/bash

#########################Mysqlhardeningscript################################################################Author:ratheeshvasudevan########################################
read -p "Enter mysql root password" mysqlpass

# Setting password for users 
a=`mysql -uroot -p$mysqlpass -Dmysql --execute "select User from mysql.user where length(password) = 0
or password is null;"`

if [ -z "$a" ]; then

echo "Already password is configured for all users" >> /tmp/mysqlhardening.txt

else

for i in $a

do

`mysql -uroot -p$mysqlpass -Dmysql --execute "UPDATE mysql.user SET password=PASSWORD('onmobile')  WHERE user='${i}'and length(password) = 0;"`

`mysql -uroot -p$mysqlpass -Dmysql --execute "flush privileges;"`

echo "password is set to 'onmobile'" >> /tmp/mysqlhardening.txt

done

fi
#Remove Anonymous account

`mysql -uroot -p$mysqlpass -Dmysql --execute "delete from mysql.user where user = '';"`

if [ $? -eq 0 ]; then

echo "Anonymous account is removed" >> /tmp/mysqlhardening.txt

fi
#Remove shutdown privilege for non root users 

b=`mysql -uroot -p$mysqlpass -Dmysql --execute "select user from mysql.user where Shutdown_priv = 'Y';" |grep -v "user" |grep -v "host" |grep -v "root"`

if [ -z "$b" ]; then

echo "No non admin users with shutdown privileges" >> /tmp/mysqlhardening.txt

else

for i in $b

do

mysql -uroot -p$mysqlpass -Dmysql --execute "update mysql.user set Shutdown_priv = 'N' where user='${i}';"

done

echo "removed the shutdown privileges for non admin users" >> /tmp/mysqlhardening.txt

fi

#Remove Create user privilege for non root users

c=`mysql -uroot -p$mysqlpass -Dmysql --execute "select user from mysql.user where Create_user_priv= 'Y';" |grep -v "user" |grep -v "host" |grep -v "root"`

if [ -z "$c" ]; then

echo "No non admin users with create user privileges" >> /tmp/mysqlhardening.txt

else

for i in $c

do

mysql -uroot -p$mysqlpass -Dmysql --execute "update mysql.user set Create_user_priv='N' where user='${i}';"

done
echo "Removed create user priv for non admin users" >> /tmp/mysqlhardening.txt

fi

#Remove Reload privilege for non admin users

d=`mysql -uroot -p$mysqlpass -Dmysql --execute "select user from mysql.user where Reload_priv = 'Y';" |grep -v "user" |grep -v "root"`

if [ -z "$d" ]; then

echo "No non admin users with reload privileges" >> /tmp/mysqlhardening.txt

else

for i in $d

do

mysql -uroot -p$mysqlpass -Dmysql --execute "update mysql.user set Reload_priv='N' where user='${i}';"

done

echo "Removed Reload privileges for non admin users" >> /tmp/mysqlhardening.txt

fi

#Remove GRANT Privileges for non admin users

e=`mysql -uroot -p$mysqlpass -Dmysql --execute "select user from mysql.user where Grant_priv = 'Y';" |grep -v "user" |grep -v "root"`

if [ -z "$e" ]; then

echo "No non admin users with GRANT privileges" >> /tmp/mysqlhardening.txt

else 

for i in $e

do

mysql -uroot -p$mysqlpass -Dmysql --execute "update mysql.user set Grant_priv = 'N' where user='${i}';"

done

echo "Removed non admin users with GRANT privileges" >> /tmp/mysqlhardening.txt

fi

#Old password hashing

f=`mysql -uroot -p$mysqlpass -Dmysql --execute "show variables like 'old_passwords';" |grep -v "Variable_name" |grep -v "Value" |awk -F " " '{print $2}'`

if [ `echo "$f" |grep -c "OFF"` -eq 1 ]; then

echo "Old password hashing is disabled already" >> /tmp/mysqlhardening.txt

else

mysql -uroot -p$mysqlpass -Dmysql --execute "set old_passwords = 'OFF';"

echo "old_password is set to OFF" >> /tmp/mysqlhardening.txt

fi

#Remove show database privilege for all non admin users 

g=`mysql -uroot -p$mysqlpass -Dmysql --execute "select user from mysql.user where Show_db_priv='Y';" |grep -v "user" |grep -v "root"`

if [ -z "$g" ]; then

echo "No non admin users with Show_db_priv" >> /tmp/mysqlhardening.txt

else

for i in $g 

do

mysql -uroot -p$mysqlpass -Dmysql --execute "update mysql.user set Show_db_priv='N' where user='${i}';"

done

fi

#Adding Secure auth in myql config

h=`mysql -uroot -p$mysqlpass -Dmysql --execute "show variables like 'secure_auth';" | grep -v "Variable_name" |grep -v "Value" |awk -F " " '{print $2}'`

if [ `echo "$h" |grep -c "OFF"` -eq 1 ]; then

sed -i "/^\[mysqld\]/ a\\secure_auth" /etc/my.cnf

else

echo "secure_auth is already configured in this DB" >> /tmp/mysqlhardening.txt
fi

#Removing grant tables option in mysql config 

j=`mysql -uroot -p$mysqlpass -Dmysql --execute "show variables like 'skip_grant_tables'" |grep -v "Variable_name" |grep "Value" |awk -F " " '{print $2}'`

if [ `echo "$j" |grep -c "OFF"` -eq 1 ]; then

echo "Grant tables option is already disabled in this DB" >> /tmp/mysqlhardening.txt

elif [ `echo "$j" |grep -c "ON"` -eq 1 ]; then

sed -i 's/skip_grant_tables/#skip_grant_tables/g' /etc/my.cnf

else

echo "Grant tables option is not avilable in this DB" >> /tmp/mysqlhardening.txt

fi

#Removing skip merge option from mysql

k=`mysql -uroot -p$mysqlpass -Dmysql --execute "show variables like 'have_merge_engine'" |grep -v "Variable_name" |grep "Value" |awk -F " " '{print $2}'`

if [ `echo "$k" |grep -c "DISABLED"` -eq 1 ]; then

echo "merge option is already disabled in this DB" >> /tmp/mysqlhardening.txt

elif [ `echo "$k" |grep -c "ENABLED"` -eq 1 ]; then

sed -i 's/skip_merge/#skip_merge/g' /etc/my.cnf

else

echo "merge option is not avilable in this DB" >> /tmp/mysqlhardening.txt

fi

#Removing client password from mysql config

r=`cat /etc/my.cnf |grep -A 4 "\[client\]"|grep "#password"`

cl_en=1


if [ `echo "$r" |grep -c "#password"` -eq 1 ]; then

echo "Client password is not enabled in this DB" >> /tmp/mysqlhardening.txt

else

sed -i 's/password/#password/' /etc/my.cnf

fi


#Disable interactive login

l=`cat /etc/passwd |grep mysql | awk -F ":" '{print $7}'`

if [ `echo "$l" |grep -c "/bin/bash"` -eq 1 ]; then 

usermod -s /sbin/nologin mysql

echo "interactive login is disabled for mysql user" >> /tmp/mysqlhardening.txt

else

echo "interactive login is already disabled" >> /tmp/mysqlhardening.txt

fi

#Check file system permissions 

m=`mysql -uroot -p$mysqlpass -Dmysql --execute "show variables like 'datadir';" |grep -v "variable_name" |grep -v "Value" |awk -F " " '{print $2}'`

n=`stat --format '%a' $m`

if [ `echo "$n" |grep -c "755"` -eq 1 ]; then 

echo "permission is already set for datadir" >> /tmp/mysqlhardening.txt

else 

chmod 755 $m

echo "permission is reseted for datadir" >> /tmp/mysqlhardening.txt

fi

#Configuration file permission 

o=`stat --format '%a' /etc/my.cnf`

if [ `echo "$o" |grep -c "644"` -eq 1 ]; then

echo "configuration file permission is already set for this DB" >> /tmp/mysqlhardening.txt

else

chmod 644 /etc/my.cnf

echo "Configuration file permisison is set to 644" >> /tmp/mysqlhardening.txt

fi
#Removing test database
p=`mysql -uroot -p$mysqlpass --execute "show databases;" |grep "test"`

if [ -z "$p" ]; then

echo "test database is not available in this DB" >> /tmp/mysqlhardening.txt

else

mysql -uroot -p$mysqlpass --execute "drop database test;"

echo "test database is succesfully removed" >> /tmp/mysqlhardening.txt

fi

echo "Hardening of MysqlDB is completed for this server. Please check /tmp/mysqlhardening.txt for details"


Posted by at No comments:
Labels:

Thursday, January 17, 2013

                               Oracle Start up script 


Usually oracle database can be started or stopped by  logging in to the DB as sysdba and applying "startup" and "shutdown immediate" commands. Here i am providing you a script to configure the same in /etc/init.d/ and we can start, stop and check the status of the oracle with PID details .

Sample script 
*********************************************************************************
#!/bin/bash
# chkconfig: 35 95 1
# description: init script to start/stop oracle database 10g, TNS listener
#
#
# match these values to your environment:
export ORACLE_BASE=/oracle
export ORACLE_HOME=/oracle/product/11.2.0/dbhome_1
export OH=$ORACLE_HOME
export JAVA_HOME=$OH/jdk
export PATH=$OH/bin:$JAVA_HOME/bin:$PATH
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
export ORACLE_SID=MBDB
export ORACLE_USER=oracle
# see how we are called:
case $1 in
    start)
    echo "Starting Oracle database ..."
    su - "$ORACLE_USER" <<EOO
    lsnrctl start
    sqlplus /nolog <<EOS
    connect / as sysdba
    startup
EOS
    emctl start dbconsole
EOO
    ;;
        
   stop)
    echo "Stopping Oracle database ..."
    su - "$ORACLE_USER" <<EOO
    emctl stop dbconsole
    sqlplus /nolog <<EOS 
    connect / as sysdba
    shutdown immediate
EOS 
    lsnrctl stop
EOO
;;


    restart){
 $0 stop
 $0 start
}
    ;;

   status)
  a=`ps -ef |grep oracle |grep LISTENER |awk -F " " '{print $2}'|head -1`
  if [ "$a" > 0 ];then
  echo "Oracle is working fine with pid $a"
  else
  echo "Oracle is not working"
  fi
   ;;

    *)
    echo "Usage: $0 {start|stop|restart|status}"
    ;;
esac
*********************************************************************************

Startup output 














stop output














status 




This script will be useful while configuring oracle in HA ( High Availability ) setups 
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)