inetd_port_knock.sh

Port knocking script implemented at the TCP level. Includes the remoteip.c source code in case your (x)inetd does not define the REMOTE_IP environment variable. Best used with the fire alarm script below. Email me if you are implementing this and you have questions.

inetd_fire_alarm.sh

Emergency alarm for hostile network probes. Includes the localport.c source code. If you are using with port knocking, then uncomment the blacklist. Email me if you are implementing this and you have questions.

tarx.conf

Encrypted file transfer server - wrap network tar in TLS with stunnel, launched from inetd. A two minute delay will be imposed by s_client after your upload file transfer is complete. A statically-linked tar binary must be placed in /home/tarjail/sbin - the busybox version works well, but compiling a tar with -static is likely safer. Access control is set with the verify=3/CAfile options - remove these and control with tcpd/hosts.deny for simpler address filtering if safety can be relaxed. The example illustrates the receiving server on port 5000, and the sending server on port 5001. Do not enable any compression options on tar, due to the CRIME attack on TLS.

rmangler

RMAN backups for Oracle databases, with options for several related activities (stats, logminer dictionary, control file trace, etc.).

awkback

Oracle7-style backups with awk. Lately, this script seems to work better with Brian Kernighan's "One True Awk" than it does with the GNU version.

otop

Joins the Linux "top" report with Oracle's v$session and v$process tables, providing visibility of remote users of your machine.

barebackup.sql

Oracle7-style backups, generated directly from sqlplus (pl/sql). Resulting script must be under a megabyte.

orastrong.sql

Force new database passwords to be at least 8 characters, and include letters, numbers, and allowed symbols (#$_).

orapw.sh

Print a random, 8-character password, guaranteed to include a letter, a number, and the underscore symbol (_). Does not contain zero or the letter "O" for clarity. This is useful for account creation and password resets.

crypter.sh

Flat file public-key cryptography with the OpenSSL command line tool. Hard link the script to the relevant names, then call to encrypt or decrypt a bundle. Requires a relevant key and password. For older openssl, change -sha256 to -sha1.

RSA-gnfs.bc RSA-NIST.bc

Compare RSA key sizes to equivalent symmetric algorithms using a General Number Field Sieve as previously used by NIST. Examples in the commentary.

dbcontrol-orcl

Linux startup/shutdown script for your Oracle database(s). In the filename of the script, replace "orcl" with the name of the SID that you would like to control. Make hard/soft links with different names to control different SIDs, all using the same physical script. Assumes that your database SIDs and home directories are documented in /etc/oratab. When shutting down a database, the script will kill all database connections that are marked with LOCAL=NO, so the PMON does not cause shutdown delays. Should be run as root.

ADDLE

DDL extractor (Korn shell script). Useful for moving tables with LONG columns (or moving any tables at all in v7, which lacks "ALTER TABLE MOVE"). Uses import/export to get table and index definitions, then SQL to get grants, triggers, and comments. It will not extract views (as they are not dropped when the table is dropped), and it will not disable any foreign key constraints. Best if the script is saved as "ADDLE" (for clarity of directory listings).

sftp_coprocess.ksh

File transfer via sftp where the remote file size is checked against local and resent on any difference. Assumes ssh login without a password is in place, either with an agent or an open key. A limit of 500 transfers is enforced to prevent runaway cron jobs. Uses "coprocesses" from the Korn shell.

checkrowcounts.awk

Convert the log-output from the Oracle export utility into SELECT statements to check that rowcounts match in newly-imported tables. Rowcounts from the export utility should be captured with "2>&1 | tee exp.log" - afterwards, run "checkrowcounts.awk exp.log" and pipe the output into sqlplus. Check for the @ character in the output ("fgrep @") to see problem tables.

cloak.ksh

Utility (requires ksh93) for concealing passwords from ps -ef reports.

oracheckpw.sh

Extracts the list of Oracle users from DBA_USERS, and attempts to login to each account using a password specified at runtime. If no password is specified, it attempts to login with a password that is the same as the username.

gensmtp.gawk

Generic script for sending electronic mail with gawk. Reads input file with email addresses in the first field. Several parameters in the script should be changed (SMTP server, local host name, FROM: address, message subject, message body, etc.). Requires (working) gawk network extensions.

alertscan.awk

Oracle alert log scanner. Brute force approach, written in awk. Requires the gnu date utility. Details in the script.

alertscan.gawk

Revised alert log scanner, using GNU AWK's time extensions. Slightly different syntax.

rbshrink

Shrink all your rollback segments.

tsfull

List all datafiles for tablespaces that are over 90% full.

sqltune.php

Web interface for dbms_sqltune - pass it a sql_id and get Oracle's report.

sha256micro.c

Minimal SHA256 digest reporting, for older OS environments that do not include it. Requires library code specified in the source.

bannerscan.bash

Get the banner messages for telnet, mail, ftp, and ssh for a collection of hosts, which can be useful for a cursory network security scan. In general, banner messages should be modified to remove version number information. OS "fingerprinting" under the nmap utility might also be useful for network OS profiles. An interesting list of hosts in an Oracle environment can be obtained from an "Onames" server with:
namesctl dump_tnsnames list.txt
Remove the hostnames from the output and call the script thus (STDERR is noisy and is ignored below):
/path/to/bannerscan.bash < hostlist.txt 2>/dev/null

createdb8i.sql

Create an 8i database using LMTs for everything (including rollback). This script must be edited (change SID, datafile locations). The init.ora must also have "compatible = 8.1.0" to use these features.

createdb9i.sql

Create a 9i database. This script must be edited (change SID, datafile locations). The init.ora must also have UNDO settings in place (undo_management=auto, undo_tablespace=undo, undo_retention=86400), and the "compatible" parameter must be set to at least "9.0.0" ("9.2.0" may be a better choice).

createdb10g.sql

This has all the features of the 9i creation script above, plus it creates the new, mandatory SYSAUX tablespace.

standby-delay.ksh

This script applies archived logs to a standby server only after they are 12 hours old, then moves the used log to a separate directory. Allows you to "alter standby database open read only" and examine your data from 12 hours in the past (which is useful if you cannot flashback because you aren't using UNDO). The logs must be in chronological order - if a log is transfered without preserving the file modification time, the script will not apply it properly, requiring manual intervention.

security.sql

Helpful security steps, gained from past exposure to audits and automated security scanners.

to_number_force.sql

Oracle's to_number function returns ORA-01722: invalid number upon finding non-numeric characters in a string. This function will return NULL when such characters are found, and otherwise will perform the to_number.

LinuxUserReset.sh

Script for root to set a user's account to a random password and force a password change at first login (similar to /usr/lbin/modprpw -x from HP-UX).

CAMAC (inetd)

Reporting for MAC and IP address from xinetd on a Linux system. Useful in a server farm or large Linux thin client deployment to identify systems.

spliceORACLEwithSQLSERVER.gawk

Script to combine data from MS SQL Server and Oracle. Requires a login shell capable of "here documents" in the Bourne style (tricky on Windows). Uses separate delimiter styles, and reads all contents into memory for gawk-style sorting (not appropriate for large result sets).

excel-tsv.sed

Excel spreadsheets, when pasted into a text editor, become tabbed-separated-value files. This script for GNU sed will convert them into HTML tables, in a format that is compatible with tablestyler.com.

SQLSERVERgettab.php

Script to extract and cleanly display a table from a CTLIB server, such as Microsoft SQL Server or Sybase Adaptive Server/Enterprise. The table needs at least one row of data to display properly.

flac2mp3.awk

Convert FLAC files to mp3 format. This assumes that you have all album tracks with no gaps. For DOS/Windows users, make sure the paths to the flac and lame binaries are correct, then pipe a sorted list of the FLAC files to the script, like so:
dir /b *.flac | gawk -f flac2mp3.awk "Name of Artist" "Title of Album"