本文共 10376 字,大约阅读时间需要 34 分钟。
[20180614]删除bootstrap$记录无法启动2.txt
--//前几天看链接http://www.xifenfei.com/2018/05/willfully-delete-bootstrap.html.
--//按照介绍: 有人在数据库中注入了恶意脚本,导致数据库删除了bootstrap$中数据,关闭之后无法正常启动delete from bootstrap$;--//我更多的思考如果我遇到这个问题如何解决:
1.如果有备份只要恢复到delete bootstrap$之前,但是这里有问题,因为删除后数据库还继续运行.不能继续应用日志,这样有恢复到 删除bootstrap$后状态.2.如果有备份很好解决,因为bootstrap$的相关块的信息不会变动,只要覆盖对应块就ok了.
而且实际上只要oracle版本相同,OS平台一样,使用别的数据库的system表空间文件中对应的块替换应该一点问题都没有.3.当然最笨的方法就是恢复删除的记录.因为执行删除记录多,手工恢复感觉还是比较麻烦.
--//我自己也测试看看,演示后2种恢复方法:千万不要再生产系统做这样的测试!!
--//今天测试使用bbed的修改方法,前面的参考链接:1.环境:
SCOTT@book> @ ver1 PORT_STRING VERSION BANNER ------------------------------ -------------- -------------------------------------------------------------------------------- x86_64/Linux 2.4.xx 11.2.0.4.0 Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production--//最好备份数据库略.首先看看bootstrap$占用那些块.
SCOTT@book> select HEADER_FILE,HEADER_BLOCK,BLOCKS,EXTENTS from dba_segments where owner='SYS' and segment_name='BOOTSTRAP$'; HEADER_FILE HEADER_BLOCK BLOCKS EXTENTS ----------- ------------ ---------- ---------- 1 520 8 1SCOTT@book> column PARTITION_NAME noprint
SCOTT@book> select * from dba_extents where owner='SYS' and segment_name='BOOTSTRAP$'; OWNER SEGMENT_NAME SEGMENT_TYPE TABLESPACE_NAME EXTENT_ID FILE_ID BLOCK_ID BYTES BLOCKS RELATIVE_FNO ------ -------------------- ------------------ ------------------------------ ---------- ---------- ---------- ---------- ---------- ------------ SYS BOOTSTRAP$ TABLE SYSTEM 0 1 520 65536 8 1--//在system数据文件头部也记录这个位置.通过bbed观察:
BBED> p dba 1,1 kcvfh.kcvfhrdb ub4 kcvfhrdb @96 0x00400208BBED> set dba 0x00400208
DBA 0x00400208 (4194824 1,520) --//dba= 0x00400208指向的位置就是1,520,也就是sys.BOOTSTRAP$的段头.--//做一个sys.bootstrap$的备份:
SCOTT@book> create table bootstrap$bak as select * from sys.bootstrap$; Table created.SCOTT@book> select HEADER_FILE,HEADER_BLOCK,BLOCKS,EXTENTS from dba_segments where owner=OWNER and segment_name='BOOTSTRAP$BAK';
HEADER_FILE HEADER_BLOCK BLOCKS EXTENTS ----------- ------------ ---------- ---------- 4 858 8 1 --//开始破坏.... SYS@book> delete from sys.bootstrap$; 60 rows deleted.SYS@book> commit ;
Commit complete.--//实际上这个问题最严重的是如果你一直不重启,根本不知道这个问题的存在,知道下次重启才发现问题,
--//也就是可能备份的文件一直存在问题的.^_^.2.重启数据库:
SYS@book> shutdown immediate ; Database closed. Database dismounted. ORACLE instance shut down. SYS@book> startup ORACLE instance started.Total System Global Area 634732544 bytes
Fixed Size 2255792 bytes Variable Size 197133392 bytes Database Buffers 427819008 bytes Redo Buffers 7524352 bytes Database mounted. ORA-03113: end-of-file on communication channel Process ID: 54149 Session ID: 274 Serial number: 3--//这里略去分析,参考链接http://blog.itpub.net/267265/viewspace-2156144/
3.通过bbed修复方法一:
--//一种方法就是如果有system文件备份,并且这部分信息是ok的,可以借助bbed的copy命令修改就可以很快修复. --//仅仅简单介绍: --//编辑文件filelist.txt加入: 301 /u01/backup/20170301B/system91.dbf--//我的bbed参数文件如下:
$ cat bbed.par blocksize=8192 listfile=$HOME/bbed/filelist.txt mode=edit PASSWORD=blockedit SPOOL=Y$ cat cmd.par
set count 64 set width 160--//执行bbed如下:
$ rlwrap -s 9999 -c -r -i $ORACLE_HOME/bin/bbed parfile=bbed.par cmdfile=cmd.parBBED> info
File# Name Size(blks) ----- ---- ---------- 1 /mnt/ramdisk/book/system01.dbf 0 2 /mnt/ramdisk/book/sysaux01.dbf 0 3 /mnt/ramdisk/book/undotbs01.dbf 0 4 /mnt/ramdisk/book/users01.dbf 0 5 /mnt/ramdisk/book/example01.dbf 0 6 /mnt/ramdisk/book/tea01.dbf 0 7 /mnt/ramdisk/book/sugar01.dbf 0 101 /mnt/ramdisk/book/control01.ctl 0 102 /mnt/ramdisk/book/control02.ctl 0 201 /mnt/ramdisk/book/temp01.dbf 0 206 /home/oracle/backup/tea01.dbf 0 301 /u01/backup/20170301B/system01.dbf 0BBED> help copy
COPY [ DBA | FILE | FILENAME | BLOCK ] TO [ DBA | FILE | FILENAME | BLOCK ]BBED> set offset 0
OFFSET 0 --//注意最好执行offset 设置,不然copy命令实际上从偏移处开始拷贝.BBED> copy dba 301,521 to dba 1,521
Warning: contents of previous BIFILE will be lost. Proceed? (Y/N) y File: /mnt/ramdisk/book/system01.dbf (1) Block: 521 Offsets: 0 to 63 Dba:0x00400209 ------------------------------------------------------------------------------------------------------------------------------------------------ 06a20000 09024000 d7010000 00000106 fa520000 01000000 3b000000 73010000 00000000 01f80200 00000000 00002500 02000000 11024000 02004c00 18200000 <64 bytes per line>BBED> copy dba 301,522 to dba 1,522
File: /mnt/ramdisk/book/system01.dbf (1) Block: 522 Offsets: 0 to 63 Dba:0x0040020a ------------------------------------------------------------------------------------------------------------------------------------------------ 06a20000 0a024000 d7010000 00000106 e81e0000 01000000 3b000000 bb010000 00000000 01f80200 00000000 00002500 02000000 20024000 04000700 15200000 <64 bytes per line>BBED> copy dba 301,523 to dba 1,523
File: /mnt/ramdisk/book/system01.dbf (1) Block: 523 Offsets: 0 to 63 Dba:0x0040020b ------------------------------------------------------------------------------------------------------------------------------------------------ 06a20000 0b024000 d7010000 00000106 7b7e0000 01000000 3b000000 d0010000 00000000 01000300 00000000 00002500 02000000 27024000 04002f00 0f200000 <64 bytes per line>--//OK.也可以这样写:
BBED> copy filename '/u01/backup/20170301B/system01.dbf' block 521 to filename '/mnt/ramdisk/book/system01.dbf' block 521 File: /mnt/ramdisk/book/system01.dbf (1) Block: 521 Offsets: 0 to 63 Dba:0x00400209 ------------------------------------------------------------------------------------------------------------------------------------------------ 06a20000 09024000 d7010000 00000106 fa520000 01000000 3b000000 73010000 00000000 01f80200 00000000 00002500 02000000 11024000 02004c00 18200000 <64 bytes per line>SYS@book> startup
ORACLE instance started. Total System Global Area 634732544 bytes Fixed Size 2255792 bytes Variable Size 197133392 bytes Database Buffers 427819008 bytes Redo Buffers 7524352 bytes Database mounted.--//这样方法只要原来的system01.dbf是ok的,一般问题不大.
4.通过bbed修复方法二:
--//恢复删除标识从0x3c=>0x2c,实际上这个要修改60条记录还是比较麻烦的. --//注意我前面的bbed参数设置 $ cat bbed.par blocksize=8192 listfile=$HOME/bbed/filelist.txt mode=edit PASSWORD=blockedit SPOOL=Y--//spool=y
$ cat d.cmd
set dba 1,521 x /rnnc *kdbr[0] x /rnnc *kdbr[1] x /rnnc *kdbr[2] x /rnnc *kdbr[3] x /rnnc *kdbr[4] x /rnnc *kdbr[5] x /rnnc *kdbr[6] x /rnnc *kdbr[7] x /rnnc *kdbr[8] x /rnnc *kdbr[9] x /rnnc *kdbr[10] x /rnnc *kdbr[11] x /rnnc *kdbr[12] x /rnnc *kdbr[13] x /rnnc *kdbr[14] x /rnnc *kdbr[15] x /rnnc *kdbr[16] x /rnnc *kdbr[17] x /rnnc *kdbr[18] x /rnnc *kdbr[19] x /rnnc *kdbr[20] x /rnnc *kdbr[21] x /rnnc *kdbr[22] x /rnnc *kdbr[23] quit$ rm log.bbd
/bin/rm: remove regular file `log.bbd'? y$ rlwrap -s 9999 -c -r -i $ORACLE_HOME/bin/bbed parfile=bbed.par cmdfile=d.cmd
...$ grep flag log.bbd
flag@8167: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@8030: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@7641: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@7441: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@7058: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@6846: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@6641: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@6029: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@5823: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@5623: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@5402: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@5198: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@4915: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@4681: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@4434: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@3964: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@3756: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@3541: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@3261: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@2477: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@2272: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@1698: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@1489: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH) flag@1290: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH)$ grep "flag" log.bbd | cut -c6-9 | xargs -I{} echo assign dba 1,521 offset {} = 0x2c
assign dba 1,521 offset 8167 = 0x2c assign dba 1,521 offset 8030 = 0x2c assign dba 1,521 offset 7641 = 0x2c assign dba 1,521 offset 7441 = 0x2c assign dba 1,521 offset 7058 = 0x2c assign dba 1,521 offset 6846 = 0x2c assign dba 1,521 offset 6641 = 0x2c assign dba 1,521 offset 6029 = 0x2c assign dba 1,521 offset 5823 = 0x2c assign dba 1,521 offset 5623 = 0x2c assign dba 1,521 offset 5402 = 0x2c assign dba 1,521 offset 5198 = 0x2c assign dba 1,521 offset 4915 = 0x2c assign dba 1,521 offset 4681 = 0x2c assign dba 1,521 offset 4434 = 0x2c assign dba 1,521 offset 3964 = 0x2c assign dba 1,521 offset 3756 = 0x2c assign dba 1,521 offset 3541 = 0x2c assign dba 1,521 offset 3261 = 0x2c assign dba 1,521 offset 2477 = 0x2c assign dba 1,521 offset 2272 = 0x2c assign dba 1,521 offset 1698 = 0x2c assign dba 1,521 offset 1489 = 0x2c assign dba 1,521 offset 1290 = 0x2c$ grep "flag" log.bbd | cut -c6-9 | xargs -I{} echo assign dba 1,521 offset {} = 0x2c > e.cmd
$ rlwrap -s 9999 -c -r -i $ORACLE_HOME/bin/bbed parfile=bbed.par cmdfile=e.cmd .. --//最后执行: BBED> sum apply dba 1,521 Check value for File 1, Block 521: current = 0x4231, required = 0x4231BBED> quit
--//其它数据块dba=1,522 以及1,.523如法炮制.略.
BBED> set dba 1,521
DBA 0x00400209 (4194825 1,521)BBED> x /24rnnc *kdbr[23]
....BBED> x /2rnnc *kdbr[23]
--//我这里显示2条 rowdata[0] @1290 ---------- flag@1290: 0x2c (KDRHFL, KDRHFF, KDRHFH) lock@1291: 0x01 cols@1292: 3col 0[2] @1293: 7
col 1[2] @1296: 7 col 2[189] @1299: CREATE INDEX I_TS# ON CLUSTER C_TS# PCTFREE 10 INITRANS 2 MAXTRANS 255 STORAGE ( INITIAL 64K NEXT 1024K MINEXTENTS 1 MAXEXTENTS 214748 3645 PCTINCREASE 0 OBJNO 7 EXTENTS (FILE 1 BLOCK 184))rowdata[199] @1489
------------ flag@1489: 0x2c (KDRHFL, KDRHFF, KDRHFH) lock@1490: 0x01 cols@1491: 3col 0[2] @1492: 6
col 1[2] @1495: 6 col 2[199] @1498: CREATE CLUSTER C_TS#("TS#" NUMBER) PCTFREE 10 PCTUSED 40 INITRANS 2 MAXTRANS 255 STORAGE ( INITIAL 64K NEXT 1024K MINEXTENTS 1 MAXEXTE NTS 2147483645 PCTINCREASE 0 OBJNO 6 EXTENTS (FILE 1 BLOCK 176))BBED> set dba 1,522 BBED> x /21rnnc *kdbr[20] ...
BBED> set dba 1,523
DBA 0x0040020b (4194827 1,523)BBED> x /151rnnc *kdbr[14]
...--/重启数据库看看.
SYS@book> startup
ORACLE instance started. Total System Global Area 634732544 bytes Fixed Size 2255792 bytes Variable Size 197133392 bytes Database Buffers 427819008 bytes Redo Buffers 7524352 bytes Database mounted. Database opened.--//OK.修复了删除bootstrap$导致无法启动的问题.
转载地址:http://kglfm.baihongyu.com/