I'm using an Ubuntu server with SQL Server installed and fail2ban for securing my services from brute force with some along securities.
So the problem is this: I created a bash script that takes the arguments from fail2ban IP, jail-name etc and creates a record to SQL Server via sqlcmd. When I'm testing the script it works perfectly.
But when it comes to real values and more it takes a wrong turn.
The bash script is this:
${sqlcmd} = full path of sqlcmd
${CMD_SQL} = "${sqlcmd} -S localhost -U randomuser -P randompassword(reading it from a file using grep) -Q "
#...
#code for checking some stuff and creating variables
#...
${CMD_SQL} <<EOF "INSERT INTO ${DB_TABLE} (ip, ports, protocol, jail,hostname, country, rdns, timestamp,failures, loglines) VALUES ('${_ip}', '${_ports}', '${_protocol}', '${_jail}','${_hostname}', '${_country}', '${_rdns}', CURRENT_TIMESTAMP,'${_failures}', '${_loglines}');"
EOF
When the script run from fail2ban service i saw on the logs the real values which it didnt insert them into sql. I tried to run them by myself.
sudo /opt/mssql-tools/bin/sqlcmd -S localhost -U randomuser -P randomPass -Q INSERT INTO dbo.banned (ip, ports, protocol, jail,hostname, country, rdns, timestamp,failures, loglines) VALUES ('12.12.12.12', 'All-ports', 'tcp', 'mssqld','djasserver', 'SA, Saudi Arabia', '', CURRENT_TIMESTAMP,'5', '2022-03-12 04:17:10.20 Logon Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 12.12.12.12] 2022-03-12 04:17:10.54 Logon Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 12.12.12.12] 2022-03-12 04:17:10.89 Logon Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 12.12.12.12] 2022-03-12 04:17:11.22 Logon Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 12.12.12.12] 2022-03-12 04:17:11.56 Logon Login failed for user 'sa'. Reason: Could not find a login matching the name provided. [CLIENT: 12.12.12.12]');
So at first I got an error:
-bash: syntax error near unexpected token `('
and I thought to myself that the query must be in quotation marks and I added this:
${sqlcmd} = full path of sqlcmd
${CMD_SQL} = "${sqlcmd} -S localhost -U randomuser -P randompassword(reading it from a file using grep) -Q "
#...
#code for checking some stuff and creating variables
#...
${CMD_SQL} <<EOF "\"INSERT INTO ${DB_TABLE} (ip, ports, protocol, jail,hostname, country, rdns, timestamp,failures, loglines) VALUES ('${_ip}', '${_ports}', '${_protocol}', '${_jail}','${_hostname}', '${_country}', '${_rdns}', CURRENT_TIMESTAMP,'${_failures}', '${_loglines}');\""
EOF
I run again the above real values and got this error from SQL:
Msg 102, Level 15, State 1, Server myserver, Line 1
Incorrect syntax near 'sa'.
And I thought okay it probably cannot pass some escape characters it contains.
The question is how do I fix this SQL error? Thanks for any answer.
PS: of course username, password and ips aren't real I changed them for protecting attackers privacy and mine.
Related
Is there a way to modify the column program_name in table master..sysprocesses?
I have found two methods, but both set the name during the creation of the connection:
Using parameter appname when executing an isql command
Adding parameter APP= in a connection string when opening an ODBC connection.
I am looking for a way to modify it AFTER it has been created.
I tried the following example:
sp_configure "allow updates",1
go
UPDATE master..sysprocesses
SET program_name = 'test'
where hostname = 'server'
and hostprocess = '23240'
go
sp_configure "allow updates",0
go
But failed:
Could not execute statement.
Table 'sysprocesses' can't be modified.
Sybase error code=270
Severity Level=16, State=1, Transaction State=0
Line 4
You can continue executing or stop.
Changes to column sysprocesses.program_name are not allowed after its been created. But there are three columns in sysprocesses which can be changed after creation of the connection
sysprocesses.clientname
sysprocesses.clientapplname
sysprocesses.clienthostname
Exerpt from the Sybase Infocenter website:
Changing user session information
The set command includes options
that allow you to assign each client an individual name, host name,
and application name. This is useful for differentiating among clients
in a system where many clients connect to Adaptive Server using the
same name, host name, or application name.
The partial syntax for the set command is:
set [clientname client_name | clienthostname host_name | clientapplname application_name]
where:
client_name – is the name you are assigning the client.
host_name – is the name of the host from which the client is
connecting.
application_name – is the application that is connecting to Adaptive
Server.
These parameters are stored in the clientname, clienthostname, and
clientapplname columns of the sysprocesses table.
For example, if a user logs in to Adaptive Server as "client1", you
can assign them an individual client name, host name, and application
name using commands similar to:
set clientname 'alison'
set clienthostname 'money1'
set clientapplname 'webserver2'
.
.
.
Use the client’s system process ID to view their connection
information. For example, if the user “alison” described above
connects with a spid of 13, issue the following command to view all
the connection information for this user:
select * from sysprocesses where spid = 13
To view the connection information for the current client connection (for example, if the user “alison” wanted to view her own connection information), enter:
select * from sysprocesses where spid = ##spid
When I run the following az-cli commands (as part of a larger script), it fails with the error:
ValidationError: The 'parameters.properties.sid' segment in the url is invalid.
I couldn't find any info on this error.
What should be done to fix?
# Set Admin Security Group Object ID
export aadObjectId=$(az ad group show --group 'cc_ADMINS' --query 'objectId')
# Set Admin Group as SQL AD Admin
az sql server ad-admin create \
--display-name 'cc_ADMINS' \
--object-id $aadObjectId\
--resource-group $resourceGroup \
--server-name $serverName
Check whether the $aadobjectid contains any Double Quotes (") and remove them if present, to see if the issue is persistent.
There is an issue reported and open at https://github.com/Azure/azure-cli/issues/16620
Ended up finding the answer in the official docs here.
To remove the "" around the returned object, use the --output tsv flag.
I have to insert a very large amount of data in sql, the operation did not work via SQL Management Studio therefore I was investigating the insert via sqlcmd. so what I did was the following:
create a file.sql that contains the following query (multiple times):
IF NOT EXISTS (SELECT * FROM [dbo].[tblAccount]
WHERE [AccountID] = 117242 AND
[TimeStamp] = CAST(N'2013-01-16 05:53:50.490' AS DateTime))
BEGIN
INSERT INTO
[dbo].[tblAccount] ([AccountID]
,[Name]
,[Comment]
,[IsMachine]
,[UserID]
,[Prefix]
,[Action]
,[Initials]
,[Name]
,[TimeStamp]
,[Reason]
,[Iscal])
VALUES (117242
,'blabla'
,'The users project)'
,1
,'val'
,39
,'val'
,'blabla'
,'blabla'
,CAST(N'2013-01-16 05:53:50.490' AS DateTime)
,'NORMAL'
,'0')
END
I saved the file into a folder and then from the command line I do the following:
C:\>sqlcmd -S pc_name\MSSQLEXPRESS -i"C:\Users\name\Desktop\OutPut\Result tblAccount.sql"
I get the following error:
Msg 208, Level 16, State 1, Server pc_name\MSSQLEXPRESS, Line 1
Invalid object name 'dbo.tblAccount'.
I'm not sure if it is related to the syntax of the sql or in the way I write the sqlcmd.
I know it's an over a year ago question, but in case somebody run into the same issue, make sure to provide credentials. I just ran into same issue and without providing credentials, sqlcmd issues that error. I don't know what's happening behind the scene, but seems that it connects to some sort of default db when authentication fails and couldn't find the table as a result.
sqlcmd -S <computer name> -U <username> -P <password> -i <absolute path to your script>
a couple of days ago I installed oracle 12c. I ran it after a days or two but I completely lost my Username, I do remember my password but not username. I there any way by which I can see what username I set
Assuming that you can login as SYS, you can use:
select *
from dba_users
This will give all the users, including the one you defined; here you find something more.
There is new procedure for generating password since Oracle 11g. You can use
create or replace function get_hash_11g(p_password varchar2, p_salt varchar2) return varchar2 is
lv_pwd_raw RAW(128);
lv_enc_raw RAW(2048);
BEGIN
lv_pwd_raw := utl_raw.cast_to_raw(p_password) || hextoraw(p_salt);
lv_enc_raw := sys.dbms_crypto.hash(lv_pwd_raw, 3);
return lv_enc_raw;
end get_hash_11g;
/
Then run select
select w.name from sys.user$ w
where substr(w.spare4, 3, 40) = get_hash_11g(/*your password*/'&pass', substr(spare4, 43, 20));
/
Set up the following environment variables. They are not necessary for the process itself, but will help you navigate. In this case my domain is called "ClassicDomain". Remember to change the value to match your domain.
export MW_HOME=/u01/app/oracle/middleware
export DOMAIN_HOME=$MW_HOME/user_projects/domains/ClassicDomain
Shut down the WebLogic domain.
$ $DOMAIN_HOME/bin/stopWebLogic.sh
Rename the data folder.
$ mv $DOMAIN_HOME/servers/AdminServer/data $DOMAIN_HOME/servers/AdminServer/data-old
Reset the password using the following command. Remember to substitute the appropriate username and password.
$ cd $DOMAIN_HOME/security
$ java weblogic.security.utils.AdminAccount <username> <password> .
If you are able to invoke sqlplus then follow this:
sqlplus:/ as sysdba - this is the command needed to login as sys.
password: - don't give any password. Just hit enter
SQL> select username from dba_users; - this command will give list of users in the database.
I am facing a problem with my production database. The password expired and although I changed the password, it still says it is expired. Even stranger, I have a production web application and a development web application. Both of them access the same database. The production web application works perfectly, and with the development web application I always get:
10:25:42,919 WARN [JBossManagedConnectionPool] Throwable while attempting to get a new connection: null
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-28001: the password has expired
)
at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:225)
at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:195)
at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(InternalManagedConnectionPool.java:633)
at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:267)
at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:622)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.getManagedConnection(BaseConnectionManager2.java:404)
at org.jboss.resource.connectionmanager.TxConnectionManager.getManagedConnection(TxConnectionManager.java:381)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:496)
at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:173)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.sql.SQLException: ORA-28001: the password has expired
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:388)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:381)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:564)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:431)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:436)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:186)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:366)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:752)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:359)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:531)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:221)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:503)
at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:207)
... 41 more
I already logged into the server and did this:
bash
cd /opt/oracle/admin/<SID>
. ./setenv.ora
sqlplus / as sysdba
>sql: ALTER USER <user> IDENTIFIED BY <new password>;
Here's the information requested by Jim:
SQL> select * from dba_users where username = 'user';
USERNAME USER_ID PASSWORD ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE
------------------------------ ---------- ------------------------------ -------------------------------- ------------------- -------------------
DEFAULT_TABLESPACE TEMPORARY_TABLESPACE CREATED PROFILE INITIAL_RSRC_CONSUMER_GROUP
------------------------------ ------------------------------ ---------------------- ------------------------------ ------------------------------
EXTERNAL_NAME
------------------------------------------------------------------------------------------------------------------------------------------------------
PASSWORD E AUTHENTI
-------- - --------
<user> 50 OPEN
<userDAT> TEMP 29.07.2010 17:38:32 DEFAULT DEFAULT_CONSUMER_GROUP
10G 11G N PASSWORD
SQL> select p.* from dba_users u, dba_profiles p where u.profile = p.profile and u.userName = 'user';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
16 rows selected.
Assuming the Oracle DB (should work for Oracle-XE's SAMPLE as well) is on Unix, ssh-in and :
sqlplus /nolog
SQL> connect / as SYSDBA
Connected.
SQL> SELECT username, account_status FROM dba_users WHERE ACCOUNT_STATUS LIKE '%EXPIRED%';
# ... your locked account should be listed ...
SQL> ALTER USER sample IDENTIFIED BY sample;
User altered.
SQL> ALTER USER sample ACCOUNT UNLOCK;
User altered.
SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
Profile altered.
SQL> exit
I am 100% sure that my config is correct. I was overwriting all local data with the files from the productive app server. Still no success.
The problem is also this password expiry problem came suddenly while developing, so I am sure that I did not change anything.
However, I logged into the test system and reset the password there. My test system contains like 100 rows, my productive app like 1 million, so I can definitely tell you that I am on the right database.
After resetting the password of the test system, I can log-in again! So this whole story is very strange. Thanks for the support.
Can you post the results of the following? Also, what version of Oracle are you using? I'm assuming 11G?
select *
from dba_users
where username = '<yourUserName>'
select p.*
from dba_users u
, dba_profiles p
where u.profile = p.profile
and u.userName = '<yourUserName>'
I'd be curious to see what profile you're using, and what your settings are.
Even I was facing same problem. Issue got resolved after following these below mentioned steps,
Check to see if any of the accounts are expired
select username, profile, account_status, expiry_date from dba_users;
If no accounts are expired, you can skip to step 7
Dynamically create SQL that will unexpired the expired accounts. You can unexpired the account by resetting the password. NOTE: You will need to substitute {password} for the password you are using for your user.
select 'ALTER USER ' || username || ' identified by {password};' from
dba_users where account_status like 'EXPIRED%' and username !=
'XS$NULL';
Execute the SQL generated in Step 3
Dynamically create SQL that will unlock the locked accounts.
select 'ALTER USER ' || username || ' account unlock;' from dba_users
where account_status like 'LOCKED%' and username != 'XS$NULL';
Execute the SQL generated in Step 5
Modify the profile assigned to the accounts that you don’t want to expire so the PASSWORD_LIFE_TIME is set to UNLIMITED. This will keep them from expiring again. In my case, I needed to update the DEFAULT profile.
alter profile DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED ;
Reference:
http://jaredsoablogaz.blogspot.in/2013/04/weblogic-server-not-starting-due-to.html
-Sandeep
1.go to your command line interface.
2. then type sqlplus.
Just connect with SQLPlus and the affected user to your DB. SQLPlus will prompt you to change your password.
I did faced similar issue with Oracle of password expiry, to resolve this issue when I tried launching PLSQL, it's prompted me with user name /password and I entered the correct one but system throws me with password expiry error along with password reset input . After I reset my password I was able to connect to oracle database.
just execute this query:
ALTER USER user_name IDENTIFIED BY new_user_name ;
ALTER USER user_name IDENTIFIED BY user_name ;
commit;
The easy way, just do it :)
C:\>sqlplus /nolog
SQL> connect / as SYSDBA
SQL> select * from dba_profiles;
SQL> alter profile default limit password_life_time unlimited;
SQL> alter user hse identified by oracle;
SQL> commit;
SQL> exit;