Oracle database basic maintenance and EM management
Manage 180-day password expiration issues
In Oracle database, password expiration is an important security policy to ensure that users change their passwords regularly. The following are the steps to manage the 180-day password expiration problem in the Oracle database:
1. Check the password policy:
First, you need to understand the password policy settings in the database. You can obtain relevant information by querying the following views:
SELECT * FROM dba_profiles WHERE resource_name = 'PASSWORD_LIFE_TIME';
If the value of PASSWORD_LIFE_TIME is 180, it means that the password expires after 180 days.
2. Modify the password policy:
If you need to change the password policy, you can perform the following steps:
ALTER PROFILE default LIMIT PASSWORD_LIFE_TIME UNLIMITED;
This will prevent the password from expiring. If necessary, you can change UNLIMITED to another value to specify how long the password is valid.
3. Manually modify the user password:
If you need to manually reset the user password, you can use the following statement:
ALTER USER username IDENTIFIED BY new_password;
where username is the user's name and new_password is the new password.
4. Disable the password expiration option:
If you want to disable the password expiration option when creating a user, you can use the following statement:
CREATE USER username IDENTIFIED BY password
PROFILE default PASSWORD_LIFE_TIME UNLIMITED;
This will create a new user and set the password expiration to not expire.
5. Regularly remind users to change their passwords:
You can regularly remind users to change their passwords to ensure they comply with security policies. You can use email or other notification methods to remind them.
Use Oracle Scheduler:
Use Oracle Scheduler to set up a scheduled task to send reminder emails to users to let them know that they need to change their passwords.
BEGIN
DBMS_SCHEDULER.CREATE_JOB (
job_name => 'PASSWORD_EXPIRY_REMINDER',
job_type => 'PLSQL_BLOCK',
job_action => 'BEGIN send_email_proc; END;',
start_date => SYSTIMESTAMP,
repeat_interval => 'FREQ=DAILY;BYHOUR=8',
enabled => TRUE,
comments => 'Send password expiry reminder email');
END;
/
2. Auditing has its specific uses and benefits in Oracle database management:
1. Turn on auditing:
| step | operate | Sample code | Precautions |
|---|---|---|---|
| 1 | Unlock the benefits of auditing | - Improve security and compliance - Provide behavioral tracking - Security audit - Performance tuning Excellent |
|
| 2 | Query the current audit status | SELECT * FROM dba_obj_audit_opts; | none |
| 3 | Execute the command to turn on auditing | AUDIT ALL BY ACCESS; | n- Please proceed with caution and make sure to back up your database to prevent data loss. |
| 4 | Verify that auditing is turned on | SELECT * FROM dba_obj_audit_opts; | - Verify that the audit status has been updated to "BY ACCESS". |
2. Turn off auditing
Generally, auditing is turned on by default. All our operations in the database will be recorded in the log, which will also cause the database table to become larger and larger.
| step | operate | Sample code | Precautions |
|---|---|---|---|
| 1 | Benefits of closing an audit | - Improve performance - Reduce storage requirements - Simplify database management and improve operational efficiency |
|
| 2 | Query the current audit status | SELECT * FROM dba_obj_audit_opts; | none |
| 3 | Execute the command to turn off auditing | show parameter audit; alter system set audit_trail=none scope=scope; (valid after restart) |
n- Please proceed with caution and make sure to back up your database to prevent data loss. |
| 4 | Verify that auditing is turned off | show parameter audit; | - Confirm that the audit status has been updated to the VALUE behind audit_trail: "NONE". |
3. Start and stop the database
cmd:
sqlplus / as sysdba
startup;
–Start
Stop:
shutdown immediate;This is a normal stop
Query related status:
select name,open_mode from v$database;
select instance_name,status from v$instance;
#不使用的情况下就关闭: shutdown immediate;
4. EM monitoring and management operations
After exiting the database; cd /u01/app/oracle/product/11.2.0/dbhome_1
Successfully perfected:
[oracle@fyserp21:/home/oracle]$ emctl start dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.4.0Copyright © 1996, 2013 Oracle Corporation. All rights reserved.https://fyserp21:1158/em/console/aboutApplicationStarting Oracle Enterprise Manager 11g Database Control… started.Logs are generated in directory /oracle/app/oracle/product/11.2.0/db_1/fyserp21_fyserpdb/sysman/log
Error:
Typeemctl status_dbconsole
I reported an error here
The reason is that this error message indicates an environment variable ORACLE_UNQNAME is not defined, and this variable needs to be set to the unique name of the database.
Open a new command line window.
Set the ORACLE_UNQNAME environment variable to the unique name of your database. You can set it with the following command:
In Linux/Unix environment:
export ORACLE_UNQNAME=your_database_unique_name
In Windows:set ORACLE_UNQNAME=your_database_unique_name
Replace your_database_unique_name with the actual unique name of the database you are using.
Then try running the emctl status dbconsole command again.
Successful interface:
You can access https://ip:1158/em/console
either locally or on the server. 2. Modify the initialization parameter job_queue_processes
job_queue_processes It is a parameter of Oracle database that controls the number of concurrent jobs scheduled. Specifically, it specifies the number of jobs that can run simultaneously.
When there are a large number of jobs that need to be run in the Oracle database, setting job_queue_processes appropriately can ensure that system resources are effectively utilized, thereby improving job execution efficiency.
Control the number of concurrent jobs: the default value is 100, now changed to 800
Determines the number of jobs that can be run simultaneously. If set too low, it may cause jobs to be queued for execution; if set too high, it may consume too many system resources.
Enter: show parameter proc on the server, the value has been modified to 800
2. What is commonly used is the content in the server
For example, the memory modification of the table space (except for 5g-10g in USERS, at least 20G in the production environment for each other name)
Among them, UNDOTBS1 can add a file and change it to UNDOTBS2.DBF and change its value to 20G
5. Create simple users and table spaces
Create the table space first and then create the user
Create table space: fuyuesheng
Create user: itpux
Tip: Put this user's data into the fuyuesheng table space.
Open the table space to create
Enter the table space - give it a name: fuyuesheng, and then click Add in the lower right corner: fuyuesheng.dbf() Normally in a production environment It is 10 g
Next, create a new user: itpux
Open the user-click Create-named itpux
l temporary table space You can choose FUYUESHENG or TEMP.
After the user is created, he is actually a normal user by default: grant connect,resource to itpux;
We have to authorize him as a dba user: grant dba to itpux ;
On the server side:
Then you can create the relevant table here: create table itpux(id number); You will find that there is no permission here:
So we have to grant relevant permissions to this user: grant dba to itpux;
You can see the picture. The permissions have been granted successfully and related tables can be created.
We can insert a piece of data to verify:
insert into itpux values(1);
Commit; #用于提交数据库事务的 SQL 命令
```bash
```SQL> select * from itpux;
ID
----------
1
SQL> delete from itpux;
1 row deleted.
SQL> commit;
Commit complete.
SQL> select * from itpux;
no rows selected
SQL> drop table itpux;
Table dropped.
Then if you want to delete this user, exit and re-type: conn / as sysdba;
and then delete: drop user itpux;
OK Enter select name from v$datafile; to view the related files, it is found that itpux has been deleted.
4.Alarm log
How to view the log??
show parameter dump;
SQL> show parameter dump;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
background_core_dump string partial
background_dump_dest string d:\app\Administrator\diag\rdbm
s\fuyuesheng\fuyuesheng\trace
core_dump_dest string d:\app\Administrator\diag\rdbm
s\fuyuesheng\fuyuesheng\cdump
max_dump_file_size string unlimited
shadow_core_dump string none
user_dump_dest string d:\app\Administrator\diag\rdbm
s\fuyuesheng\fuyuesheng\trace
The alert_ file under the trace folder is very important. All alarms and error messages in the database are recorded in it.
The next step is to check the cluster log (the path under Oracle 11gRAC)
[grid@fgerp61:/oracle/app/grid/diag/asm/+asm/+ASM1/trace]$cd$ORACLE_HOME/
[grid@fgerp61:/oracle/app/11.2.0/grid]$ls
[grid@fgerp61:/oracle/app/11.2.0/grid]$cd log
If it is Oracle12cRAC, the path is this
[root@fgerp62 ~]#su - grid
Last login: Sun Dec 2 19:03:18 CST 2018
[gridefgerp62:/home/grid]$cd /oracle/app/grid/diag
Oracle11gR2/12C RAC daily maintenance and operation commands
–13.1 Starting and stopping RAC?
How to shut down or shut down the RAC system
Take 11g as an example, 12 and 11g are almost the same
su - oracle
salplus “/as sysdba”
shutaown immediate,
su - root
crsctl stop crs
shutdown -h 0 /reboot
About backup (two machines) after shutdown to avoid errors
It is recommended to stop all services after the installation and configuration are completed, and then back up the entire Oracle directory
su root:
cd /backuptar zevf oracle.tar /backup
How to start RAC
13.2 After startup, check the GRID and DB logs to see if there are any abnormalities.
l--crsctl 集群管理工具
You can enter crsctl --help to check for help
You can help for each command to know the usage of each command.
l--srvctl 集群服务管理工具
Commonly used
srvctl --help
crs_stop
crs start
crs_stat
Attachment: RAC basic management and daily maintenance-related commands
206pdf document