Jan 5
Getting error while doing update in ubuntu
E: Could not get lock /var/lib/apt/lists/lock. It is held by process
Solution :
Find the which process is locking
ps aux | grep ‘[a]pt’
Kill the session
sudo kill 158542
sudo apt-get update
We can refer the below oracle document for TDE security.
Configure the Software Keystore Location
Set the WALLET_ROOT and TDE_CONFIGURATION parameters.
SQL> ALTER SYSTEM SET WALLET_ROOT=’C:\app\orauser\admin\testdb\wallet\TDE’ SCOPE=SPFILE SID=’*’;
System altered.
Restart the database for effective the above parameter
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 1073738560 bytes
Fixed Size 9036608 bytes
Variable Size 276824064 bytes
Database Buffers 780140544 bytes
Redo Buffers 7737344 bytes
Database mounted.
Database opened.
SQL> show parameter wallet_root
NAME TYPE VALUE
———————————— ———– ——————————
wallet_root string C:\APP\ORAUSER\ADMIN\TESTDB\WA
LLET\TDE
SQL> ALTER SYSTEM SET TDE_CONFIGURATION=”KEYSTORE_CONFIGURATION=FILE” SCOPE=BOTH SID=’*’;
System altered.
Creating a Password-Protected Software Keystore:
SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY Oracle123Ace;
keystore altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY Oracle123Ace;
keystore altered.
SQL> SELECT STATUS FROM V$ENCRYPTION_WALLET;
STATUS
——————————
OPEN_NO_MASTER_KEY
Set the master encryption key by executing the following command:
SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY Oracle123Ace WITH BACKUP;
keystore altered.
SQL> set linesize 120
SQL> col wrl_parameter format a45
SQL> select * from v$encryption_wallet;
WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE
——————– ——————————————— —————————— ——————–
WALLET_OR KEYSTORE FULLY_BAC CON_ID
——— ——– ——— ———-
FILE C:\APP\ORAUSER\ADMIN\TESTDB\WALLET\TDE\tde\ OPEN PASSWORD
SINGLE NONE NO 0
Wallet files location :
Auto login wallet can able to enable. If its enable, it will automatically open the wallet
Data Column Encryption :
We are going to test encrypt the national_idenfier column in HR.PER_ALL_PEOPLE_F table.
Datatype of column in varchar(2).
Before Encryption,
Note : better to take backup the table before encryption.
SQL> ALTER TABLE HR.PER_ALL_PEOPLE_F MODIFY (national_identifier ENCRYPT);
ALTER TABLE HR.PER_ALL_PEOPLE_F MODIFY (national_identifier ENCRYPT)
*
ERROR at line 1:
ORA-28338: Column(s) cannot be both indexed and encrypted with salt
When we encrypt the column getting above error, because that column has an index. So we have to remove the salt while encrypt the column.
Salt, which is a random string added to data before encryption, is a way to strengthen the security of encrypted data.
SQL> ALTER TABLE HR.PER_ALL_PEOPLE_F MODIFY (national_identifier ENCRYPT NO SALT);
Table altered.
SQL> SELECT * FROM DBA_ENCRYPTED_COLUMNS;
OWNER TABLE_NAME COLUMN_NAME ENCRYPTION_ALG SAL INTEGRITY_AL
—————————— —————————— —————————— —————————– — ————
HR PER_ALL_PEOPLE_F NATIONAL_IDENTIFIER AES 192 bits key NO SHA-1
Note:
TDE will only encrypt the data at storage and TDE will not mask the data in the select command output.
TDE is protecting the data at rest. It is encrypting the data in the datafiles so that in case they are obtained by other parties it will not be possible to access the clear text data. TDE cannot be used to obfuscate the data for the users who have privileges to access the tables. In the databases where TDE is configured any user who has access on an encrypted table will be able to see the data in clear text because Oracle will transparently decrypt the data for any user having the necessary privileges.
Reference:
How To Verify a Table Is Encrypted Using Transparent Data Encryption (TDE) and How To Test With the Table? (Doc ID 2132982.1)
Quick TDE Setup and FAQ (Doc ID 1251597.1)
trying to restore from higher version pg_dump directory files to lower version pg_restore in another server
Solution :
Install pgadmin 4 with newer version and then change the binary path, it will restore schemas
check compatible version of both servers before take backup
try to open the wallet thorugh wallet manger, its says password is incorrect try again but password is correct
Solution :
try to open through orapki
C:\Users\mazar>orapki wallet display -wallet D:\app\oracle\admin\EZYPROD\wallet\TDE
Oracle PKI Tool Release 19.0.0.0.0 – Production
Version 19.4.0.0.0
Copyright (c) 2004, 2023, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Failed to lock…
attempt 1: java.io.FileNotFoundException: D:\app\oracle\admin\EZYPROD\wallet\TDE\ewallet.p12.lck (Access is denied)
attempt 2: java.io.FileNotFoundException: C:\Users\mazar\AppData\Local\Temp\11\pki_data719736930.lck (The system cannot find the file specified)
this is windows permission issues
we may get the errors while taking backup after installed PostgreSQL 17
pg_dump: detail: server version: 17.0; pg_dump version: 16.4
Solution :
change the binary paths from pgadmin
File –> Preferences
while configure cpanm DBD::Oracle facing below issue
Installing on a MSWin32, Ver#10.0
Using Oracle in C:/instantclient_21_15
DEFINE _SQLPLUS_RELEASE = “1920000000” (CHAR)
Oracle Version 19.20.0.0 (19.20)
OCI directory not found, please install OCI in C:/instantclient_21_15 at Makefile.PL line 315.
-> N/A
-> FAIL Configure failed for DBD-Oracle-1.90. See C:\Users\mazar\.cpanm\work\1729752523.30896\build.log for details.
Solution :
set oracle_home instant client path
still you’re facing error, you have to download complete oracle instant client basic with sqlplus,tools,sdk,jdbc and odbc
openssl s_client -connect sbp.enterprisedb.com:443 -showcerts > E:\certification\postgresqlcertification.cer
wallet not open after restart the database
Causes:
Certificates uploaded in TDE wallet
Solution :
delete the certificates and open the wallet and then again import the certificates
Wallet cannot be open after restart the Database – ORA-28365: wallet is not open (Doc ID 2903167.1)
Feb 9
Getting below error while doing to apply a cpu database patch which is running on windows server 2019
E:\app\WINDOWS.X64_193000_db_home\bin\ORAEVRUS19.dll
E:\app\WINDOWS.X64_193000_db_home\oui\jlib\srvm.jar
[Feb 8, 2023 7:32:51 PM] [INFO] Prerequisite check “CheckActiveFilesAndExecutables” failed.
Solution :
Stop : Windows Management Instrumentation & Event log services
while doing adconfig.sh in database, getting below error
WARNING: [CVM Error Report]
The following report lists errors encountered during CVM Phase
/u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.sh 1
No. of scripts failed in CVM phase: 1
Solution :
Check adconfig.log file
ERROR DESCRIPTION:
(FATAL ERROR
PROGRAM : (/u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.pl)
TIME : Thu Apr 21 13:00:39 2022
FUNCTION: main::checkUtlFileDir [ Level 1 ]
ERRORMSG: Directory /u01/BAHPROD/temp/BAHIFRS does not exist.
)
ERRORCODE = 1 ERRORCODE_END
.end std out.
.end err out.
Create directory /u01/BAHPROD/temp/BAHIFRS
run below script to add this directory in utl_file_dir
perl /u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.pl -contextfile=/u01/app/oracle/product/19c/orahome_1/appsutil/BAHIFRS_bahdevifrdb01.xml -oraclehome=/u01/app/oracle/product/19c/orahome_1 -outdir=/u01/app/oracle/product/19c/orahome_1/appsutil/log -mode=addUtlFileDir
Enter the APPS Password:
Enter the SYSTEM Password:
Enter the new OS path to be added to UTL_FILE_DIR: /u01/BAHPROD/temp/BAHIFRS
Script Name : txkCfgUtlfileDir.pl
Script Version : 120.0.12020000.11
Started : Thu Apr 21 13:08:30 +03 2022
Log File : /u01/app/oracle/product/19c/orahome_1/appsutil/log/TXK_UTIL_DIR_Thu_Apr_21_13_08_14_2022/txkCfgUtlfileDir.log
Context file: /u01/app/oracle/product/19c/orahome_1/appsutil/BAHIFRS_bahdevifrdb01.xml exists.
Completed : Thu Apr 21 13:08:43 +03 2022
Successfully Completed the script
ERRORCODE = 0 ERRORCODE_END
perl /u01/app/oracle/product/19c/orahome_1/appsutil/bin/txkCfgUtlfileDir.pl -contextfile=/u01/app/oracle/product/19c/orahome_1/appsutil/BAHIFRS_bahdevifrdb01.xml -oraclehome=/u01/app/oracle/product/19c/orahome_1 -outdir=/u01/app/oracle/product/19c/orahome_1/appsutil/log -mode=syncUtlFileDir
rerun adconfig.sh , its working fine
Database Administrator, Blogger, Contributor
DBA 