Recently “someone/somewhere” started migrating there storage to PureStorage FlashArray. Usually when doing this kind of things we tend to flow different best practice dictated in this case by the storage vendor . Following best practice without carefully understanding them may have bad consequence. In this particular case multiple JAVA application stopped running after the migration !
For big database servers (used for consolidating multiple databases) with a lot of memory and a lot of preallocated free HugePages it’s important to take into consideration the number of free HugePage for capacity planning .
The default “memory used” metric calculated as (MemTotal – (MemFree + Buffers + Cached)) and as (MemTotal – (MemFree – Buffers – Cached – Slab)) in recent version as shown by the free command (Ref: https://access.redhat.com/solutions/406773) don’t take into consideration the amount of Free HugePages. Using the metric extension feature of cloud control we can easily alleviate that.
The UEK5 kernel is out and as usually there is many enhancements and new features included in it ! One of the notable new feature is the dtrace PID provider Which allow setting “function boundary probes on user space functions, and to probe most arbitrary instructions within user space functions” check uek5-features-dtrace
Let’s give it a try :
The Linux Audit system provides a way to determine the violator of the security policy and the actions they performed such as tracking malicious changes on the oracle executable.
Using Linux Audit system we can basically do the following activities :
- Watching file access
- Monitoring system calls
- Recording commands run by a user
- Recording security events
In this short blog post i will show how we can easily use it to catch changes in “./bin” directory.
In one of my previous post i showed how we can inject a backdoor in an ORACLE database based on Dennis Yurichev findings.The described method required the modification of the oracle executable files. Few days ago Rodrigo Jorge shared a blog post explaining how we can add another layer of security to the oracle binaries files to protect them against improper changes. That motivated me to check if i still can implement the hidden Trojan without modifying the oracle executable files ?
Rodrigo Jorge has already explained a great way to install and play with Oracle 18c DB instance on-premises using Exadata binaries downloaded from edelivery. The basic idea is to install the oracle exadata binaries and before creating the database replace the library “libserver18.a” with the version gotten from an oracle cloud instance (Using Oracle Cloud trial account). And that’s it !
- Installing Oracle Database 22.214.171.124.0 binaries on Oracle Linux 7
- Creating and running an Oracle 126.96.36.199.0 DB instance on Oracle Linux
But for those like me that don’t have an international credit card required to create an Oracle Cloud trial account (Yes i don’t have one 😦 ) or don’t want to create one ! How to proceed to get a copy of this working libserver18.a library ? May be ask one of the oracle folks to upload it to somewhere and hope that there is no backdoor on it :p or just try to hack it your self 😀
Here is a little experimental script based on a great blog post by Stefan Koehler entitled Trace back to responsible SQL or PL/SQL code for a particular (PGA) memory request by intercepting process with DTrace and one of my old blog post Geeky PL/SQL tracer/profiler : First step
And here is what it does :
The purpose of this blog post is demonstrate again the power of Linux dynamic tracing/instrumentation tools.
In my last blog post Enhancing DBMS_OUTPUT using systemtap i showed how we can track the parameter values passed to “dbms_output.put_line” routine using systemtap.That was a very simple example because we already know the type of the arguments passed (a simple VARCHAR2) and also because there is only ONE parameter.
Tracking PL/SQL routine calls arguments using dynamic tracing utility like perf or systemtap can become quite complex depending on many things like :
- Argument types
- Argument number
- Argument passed By Value/By reference
- Subprograms type (nested/package/standalone subprogram)
- Optimization level (ex: inlining of call of procedure)
Time for the serious stuff with dynamic tracing tool PERF !
Memory bound applications are sensitive to memory latency and bandwidth that’s why it’s important to measure and monitor them.Even if this two concepts are often described independently they are inherently interrelated.
According to Bruce Jacob in ” The memory system: you can’t avoid it, you can’t ignore it, you can’t fake it” the bandwidth vs latency response curve for a system has three regions.
- Constant region: The latency response is fairly constant for the first 40% of the sustained bandwidth.
Linear region: In between 40% to 80% of the sustained bandwidth, the latency response increases almost linearly with the bandwidth demand of the system due to contention overhead by numerous memory requests.
Exponential region: Between 80% to 100% of the sustained bandwidth, the memory latency is dominated by the contention latency which can be as much as twice the idle latency or more.
Maximum sustained bandwidth : Is 65% to 75% of the theoretical maximum bandwidth.