MySQL 8.0版本ibd文件恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:MySQL 8.0版本ibd文件恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

对于单个的ibd文件,大部分情况下可以通过DISCARD TABLESPACE和IMPORT TABLESPACE方式进行恢复

mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> CREATE TABLE `t1` (
    ->   `id` int DEFAULT NULL
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
Query OK, 0 rows affected (0.01 sec)
mysql> insert into t1 values(1);
Query OK, 1 row affected (0.02 sec)

mysql> insert into t1 values(2);
Query OK, 1 row affected (0.01 sec)

mysql> insert into t1 values(3);
Query OK, 1 row affected (0.00 sec)

关闭mysql服务,备份mysql中的t1.ibd文件

[root@xifenfei ~]# service mysql stop
Shutting down MySQL..... SUCCESS! 
[root@xifenfei test]# cp t1.ibd  t1_bak

启动mysql服务,并删除并创建新的t1表(表结构相同)

[root@xifenfei test]# service mysql start
Starting MySQL..................... SUCCESS! 


[root@xifenfei test]# mysql -uroot -poracle test
mysql: [Warning] Using a password on the command line interface can be insecure.
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.31 MySQL Community Server - GPL

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> drop table t1;
Query OK, 0 rows affected (0.20 sec)


mysql> 
mysql> CREATE TABLE `t1` (
    ->   `id` int DEFAULT NULL
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
Query OK, 0 rows affected (0.01 sec)

DISCARD TABLESPACE操作

mysql> ALTER TABLE t1 DISCARD TABLESPACE;
Query OK, 0 rows affected (0.01 sec)

把备份的t1.ibd还原回去并修改权限

[root@xifenfei test]# mv t1_bak t1.ibd
[root@xifenfei test]# ls -ltr
total 112
-rw-r-----. 1 root root 114688 Dec 18 17:24 t1.ibd
[root@xifenfei test]# chown mysql.mysql t1.ibd

IMPORT TABLESPACE并验证数据

mysql> ALTER TABLE t1 IMPORT TABLESPACE;
Query OK, 0 rows affected, 1 warning (0.24 sec)

mysql> select * from t1;
+------+
| id   |
+------+
|    1 |
|    2 |
|    3 |
+------+
3 rows in set (0.00 sec)

在恢复途中如果遇到表定义不对,或者ibd文件损坏,或者版本不匹配等各种情况,可能在IMPORT TABLESPACE的时候可能出现类似ERROR 1808 (HY000): Schema mismatch (Clustered index validation failed. Because the .cfg file is missing, table definition of the IBD file could be different. Or the data file itself is already corrupted.)错误

mysql>  alter table       `t1` import tablespace;                    
ERROR 1808 (HY000): Schema mismatch (Clustered index validation failed. 
Because the .cfg file is missing, table definition of the IBD file could be different. 
Or the data file itself is already corrupted.)

如果出现此类错误,无法直接通过该方法进行解决,参考frm和ibd文件数据库恢复,使用专业恢复工具进行处理

linux系统文件加密勒索病毒

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:linux系统文件加密勒索病毒

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

昨天晚上,一客户联系我们,其linux的dg备库上发现病毒,让我给看看,登录上去之后发现异常进程
import pty;pty.spawn

进一步检查发现很多文件被加密成.locked1
locked1
对应的README.html内容

[yyapp@ncapp ~]$ cat README1.html 
contact email: service@hellowinter.online, prepare 0.12btc, 
if you can't contact my email, please contact some data recovery  company(suggest taobao.com), 
may they can contact to me .
your person id:izeieOMvPH+SDWYAxX6snmD2k306byUOpTP4Djfm9gaekoP0Q9JwWVcG0NI1grBM/DIo22A+sjCm
UfXXDwq/s72bc014WxmIy8jXCowuH4e6hJBjUgnkfoe/NbfPJN1CNQS3EdO6UaxMS3fwUzfnZTvW
63GyygBgZTzq9CfTdDUBmXe3aP30VTisTrtaFCdRnD2JaMUe5fVPUQ/vX39S4Kkng/VeZtOwUek7
24WbH7Z62Jo+7pnXyeB2PJpdvg0Rcy42VXJj7vZYe48xt2/PYYGuNLIjdDGt00qDiBuWLh19Q8us
mBILkB5sypmE6drpzAR74ao9/fh/YOawkppism9bSbKDnLAUQz1MG7z0MqEEwWF+5uMUoxqk+Wmj
zAY6/eu2X5cV/UASWI8TS+U+agRGgo98B2dkVgTGaXrGc/GzX/QNVVrAYAIqe3o3Mx0EG05vwEjf
cv6AUYK3W+QshyNwUJUrptJaAAzdtpz20dAlQtAWrezAHzY14W91puE5NUmBhWO//xv3xu/5F9wd
eBqfIFHFBkb3RxMTuU19UDQtsn/CKObjdiFz9gunugZXbubSnq1m5huk5dpgXvDh5hU1pdPdVNR6
tLldjbQQH+UQKl7wyQvs205UHRQW0OTfoxcnk2DagwqQyCc4U4BnigjMxYnpiLS2p9G1i/Sg3mU1
6ES7lgQ3WzjICcdhisApjFGomWNOwPNrqwlWihCvugUIbe0ST/n57XiU2HcNjvjraR8KINtDHYhp
dS8FQZZA4/G8JTOMOdsQ2CPKXK7BLX+m39/1xe4w6/g492Qb9L6k7xLHdgrMalnNO5yGgd38WEaG
aYAF40ICmOy55hmdl1Gp6docZ5XDB+eB/A5QcoihZkEeSqB39ibLarubyBjS2jv1ZN6uqCw4wwaV
RC22N4miT0aM3GkX+sfT2J3fWo0HFtgE18T9pVhsE73Sf00bW+LT0yh8SpK9IE4wRA4m+jskzg9S
aJLZDWRc4vtYlx93VXT4Z+3G2rnm1FnX2MXySAyhVlvQmRAfPoDC285Jn95259/17e9Y4639jxSs
JvOO8kiJHBQNbbyV1XXsxBtKyl514wbUjn2mccUlJ51EyfssuITjqdMeHoDaO4KzguXNFJgwGzbv
K+y3NX54yuE1Xm9sCI07pJs2WwC8GzErfmXbseTEvUvcXl0qsQFXTFCTNLnSNdXkswN+Hh/5uI5c
dAM73VP+qiTdvj4a0GRXa+riZ136lVEd9pZpy62XYQYkn+LGGJljvPooMH9rM1oIp8tOiPldIm29
0nNLmiaSmaEefY9I6wRAemvNAHw9Wq75pDBY3H3Xjt8ENsmj2MNpchDvYHM/ndckMoReN8cEsouv
LhuhtjjBktuaVz1j9Vj6UM6LEjGe6ZJyx+fjnTI2haMLej6vf0hopck0vJmSuL1mN03gd/QkBsBt
wDxFReExoTfcuhMRSdkrMqJFWLOpKI+XrYaB6DqHbFjqr3ME6RJcP9ynNF8qqF7JXNJsMu9PJ5ml
0hcg71NirMD7iXNUy1YDgzKqULABvL4SeUAjEE/Sa/HvUw+lMgZaM6aodAczTyWVqITVXzcuDXLV
vlrF5uMflQC13qaPTlqgTbB9xv4F/S8joC/c60fd+5WjdjWT6tMXHLlWRPQJrUNW06+fCh9EPjmW
llD6HJXreorpbjB7hWwahu5mSnWhwWqFsHwYbK7tSo98GqXdOEmOH21zPF57UCr0Sff47tDrSEtn
YCKHt47lS/ayCfnx1g9HAFu0NyULUE/UowuW5aPdRyqcRAaA1UAMugRqZB/QkTQVoPsCQRmca352
HE9M4LasANxTk4RT4HHmrBQSCzW0QZ+L2ouDTYgc2ipjXQbnLuZgU1AgIqvjjo+dDz4A9BYeJWEU
4QDg89IfDFpSiU26nvsDHIxh2KP0F5Uvf5n4Q1K/sO3g71G9prxMHLyq+M6UdY5W/zVAzYFuzx/H
Z8jvaQTYHopyUQUHLZ1XvkD+CzRFMruTHyVavu1OL+3xzgILP23IDyoPdp1pyfQbrwN0inDlAEMN
3cJRvMleqKB145p7hItgOpDCwqojMveM+YaT+mPhPCZbV4GsJ/YeP2yzMPG8lXTHG2nu/0Ew08TO
BstwUtAFqTc8C0vgMLR6ZGZ8UtwT0yE7WQm7KPwPiMtzqhNtW4ORtzrSmy1YPjpqZ2LIu5WrqW3Y
hh56D6Kl1fQgFA4x2PuBF1+VJm8jovm4MQkOBjwKr0gpcWqwHsPPGLvTb/tiFRoP3r2+nulgKP7D
zaoJpbhqtp2e18Ip6RC4MWvNRZ8MJwF9X9s1KI7Gqdxp1ePvwmsVFvOzozIUA9WczSlGQ9oMs0Rq
Kf6Q6VypCpOkRHtHpKsB96drqs08dpQ1zRZdLaCzs/r6je7JGFDZyf7iI7qvZjZWBPIJNGR4q+Ms
6ur3xsHm4jRbg5knH+9c7n9hA0Y7HHVweXo8SAmxd2Zbggldiw/qXlnhEg6yUEE3QYvkw9gnmMkO
N7Biclfd6VcOc6vXGtzXLGml09DVNJg4vWVauwldzAEUT15Eoo5aVjqtYLJjDYmWIefKrQoeQ8GS
SmZ7Y66hYZRAQFmBPYNq0T5g0se5j8+tYvldL6u+waqive9cUKG4Au5wYUwDFbY93D9AK73sR7lY
z8oq3AXgT1Leiy3r/O2HNSpb4Qqn6vN3cOxtmmPAPpAhzZ/Ab9iEJCqTp5aqerlJUJWSarQ8DDca
V0gc41vAue9AEc5mNnf/oUILLJv4Kok62PIEAwg3Y/Zw8jv1226QqgAD3jXpVDK52H6nPa6IOqaI
YY5EwUYBcK8FqpJtquzqt7C0NZnIOlSur/og750HieWl5FOc9NpOTNrIW+Fb5Uqhiv2FHR6E874x
IaN3cW2tCtATndFOf5+YQPo1vcEXyZTp+rQjMDqrJdMe8u1nO7ewJF7TAcWLB8PKhejn3aj4S4uC
zMTt7wdp64co8wUusQc11mcpItHfSxE7GViUeZlYnOkb9tzQRmf8ff4I2g2kwwYzrF/OWKgqNDXv
ZfbR1XwXHXlqcyIJJzubxAucYrSaSG6M
[yyapp@ncapp ~]

通过以上信息基本上确认一种类似win的加密勒索病毒,经过分区确认只是加密了yyapp用户有读写权限的数据,其他数据用户数据没有被加密(这个机器是应用服务器,并且做了oracle的备库[没有被加密]),因此基于目前的情况对客户没有太大损失,直接重装应用配置dg即可.通过进一步分区,确认该病毒是通过应用漏洞入侵,建议客户进行应用和系统安全加固.
温馨提示:以前的勒索病毒绝大部分都集中在win平台上,现在可能linux平台也会收到很大影响,建议各位对各自系统进行安全加固,系统和应用打上漏洞补丁和网络安全防护

RAC节点时间间隔过大导致执行root.sh不成功

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:RAC节点时间间隔过大导致执行root.sh不成功

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

在一次oracle linux 7.9 安装11.2.0.4 RAC过程中遇到在第二个节点执行root.sh失败
20221211162732

报错提示为CTSS服务启动失败,查看对应日志
20221211162821
从这个提示中看,是由于时间两个节点时间间隔太大,导致ctss无法启动,查看两个节点时间
20221211162757

20221211162747

通过查看确认节点1的时间为2017年,节点2为2022年,相差非常大,修改时间,执行rootcrs.pl -deconfig -force
20221211163443
然后再重新执行root.sh成功,完成集群安装,粗心的结果,安装之前没有看系统时间

数据库附加失败 错误5172

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:数据库附加失败 错误5172

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

SQL server 数据库附加附失败 错误 5172
sql-attach-err

通过分析是由于ldf文件损坏(具体原因是客户被中勒索病毒,部分文件解密没有彻底成功)
ldf-error
通过人工特殊处理,附加数据库成功,数据库checkdb检测正常,数据查询正常
20221126194946
20221127125234
如果有sql 数据库问题无法自行解决,需要专业恢复技术支持,请联系我们:专业Sql Server数据库恢复服务
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com

ORA-00742: 日志读取在线程 %d 序列 %d 块 %d 中检测到写入丢失情况

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:ORA-00742: 日志读取在线程 %d 序列 %d 块 %d 中检测到写入丢失情况

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

由于主机异常断电,导致oracle数据库无法正常启动,数据库启动报错ORA-07445 kdxlin,ORA-01172,ORA-00312,ORA-00742等错误

Fri Nov 25 11:24:53 2022
alter database open
Beginning crash recovery of 1 threads
 parallel recovery started with 15 processes
Started redo scan
Completed redo scan
 read 900 KB redo, 386 data blocks need recovery
Started redo application at
 Thread 1: logseq 93214, block 60163
Recovery of Online Redo Log: Thread 1 Group 1 Seq 93214 Reading mem 0
  Mem# 0: D:\APP\ADMINISTRATOR\ORADATA\XFF\REDO01.LOG
Completed redo application of 0.46MB
Fri Nov 25 11:25:02 2022
Hex dump of (file 3, block 208) in trace file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p004_1988.trc
Reading datafile 'D:\APP\ADMINISTRATOR\ORADATA\XFF\UNDOTBS01.DBF' for corruption at rdba: 0x00c000d0 (file 3, block 208)
Reread (file 3, block 208) found valid data
Hex dump of (file 3, block 208) in trace file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p004_1988.trc
Repaired corruption at (file 3, block 208)
Hex dump of (file 3, block 152) in trace file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p004_1988.trc
Reading datafile 'D:\APP\ADMINISTRATOR\ORADATA\XFF\UNDOTBS01.DBF' for corruption at rdba: 0x00c00098 (file 3, block 152)
Reread (file 3, block 152) found same corrupt data (logically corrupt)
RECOVERY OF THREAD 1 STUCK AT BLOCK 152 OF FILE 3
Fri Nov 25 11:25:02 2022
Hex dump of (file 3, block 6859) in trace file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p001_19268.trc
Reading datafile 'D:\APP\ADMINISTRATOR\ORADATA\XFF\UNDOTBS01.DBF' for corruption at rdba: 0x00c01acb (file 3, block 6859)
Reread (file 3, block 6859) found same corrupt data (logically corrupt)
Fri Nov 25 11:25:13 2022
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p010_7024.trc  (incident=224379):
ORA-07445: 出现异常错误: 核心转储 [kdxlin()+4432] [ACCESS_VIOLATION] [ADDR:0xC] [PC:0x14306B54A] [UNABLE_TO_READ] []
Incident details in: D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\incident\incdir_224379\XFF_p010_7024_i224379.trc
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
Fri Nov 25 11:25:13 2022
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p005_12036.trc  (incident=224343):
ORA-07445: 出现异常错误: 核心转储 [kdxlin()+4432] [ACCESS_VIOLATION] [ADDR:0xC] [PC:0x14306B54A] [UNABLE_TO_READ] []
Incident details in: D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\incident\incdir_224343\XFF_p005_12036_i224343.trc
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
Fri Nov 25 11:25:18 2022
Sweep [inc][224379]: completed
Sweep [inc][224343]: completed
Sweep [inc2][224379]: completed
Sweep [inc2][224343]: completed
RECOVERY OF THREAD 1 STUCK AT BLOCK 6859 OF FILE 3
Fri Nov 25 11:25:33 2022
Slave exiting with ORA-1172 exception
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p004_1988.trc:
ORA-01172: 线程 1 的恢复停止在块 152 (在文件 3 中)
ORA-01151: 如果需要, 请使用介质恢复以恢复块和还原备份
Fri Nov 25 11:25:34 2022
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p001_19268.trc:
ORA-10388: parallel query server interrupt (failure)
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p001_19268.trc:
ORA-10388: parallel query server interrupt (failure)
Fri Nov 25 11:25:38 2022
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p010_7024.trc:
ORA-00742: 日志读取在线程 %d 序列 %d 块 %d 中检测到写入丢失情况
ORA-00312: 联机日志 1 线程 1: 'D:\APP\ADMINISTRATOR\ORADATA\XFF\REDO01.LOG'
ORA-00607: 当更改数据块时出现内部错误
ORA-00602: 内部编程异常错误
ORA-07445: 出现异常错误: 核心转储 [kdxlin()+4432] [ACCESS_VIOLATION] [ADDR:0xC] [PC:0x14306B54A] [UNABLE_TO_READ] []
Fri Nov 25 11:25:41 2022
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p005_12036.trc  (incident=224344):
ORA-01578: ORACLE 数据块损坏 (文件号 27, 块号 520567)
ORA-01110: 数据文件 27: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMPP.DBF'
ORA-10564: tablespace POWERMPP
ORA-01110: 数据文件 27: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMPP.DBF'
ORA-10561: block type 'TRANSACTION MANAGED INDEX BLOCK', data object# 89776
ORA-00607: 当更改数据块时出现内部错误
ORA-00602: 内部编程异常错误
ORA-07445: 出现异常错误: 核心转储 [kdxlin()+4432] [ACCESS_VIOLATION] [ADDR:0xC] [PC:0x14306B54A] [UNABLE_TO_READ] []
Incident details in: D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\incident\incdir_224344\XFF_p005_12036_i224344.trc
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p005_12036.trc:
ORA-01578: ORACLE 数据块损坏 (文件号 27, 块号 520567)
ORA-01110: 数据文件 27: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMPP.DBF'
ORA-10564: tablespace POWERMPP
ORA-01110: 数据文件 27: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMPP.DBF'
ORA-10561: block type 'TRANSACTION MANAGED INDEX BLOCK', data object# 89776
ORA-00607: 当更改数据块时出现内部错误
ORA-00602: 内部编程异常错误
ORA-07445: 出现异常错误: 核心转储 [kdxlin()+4432] [ACCESS_VIOLATION] [ADDR:0xC] [PC:0x14306B54A] [UNABLE_TO_READ] []
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p010_7024.trc  (incident=224380):
ORA-01578: ORACLE 数据块损坏 (文件号 26, 块号 227101)
ORA-01110: 数据文件 26: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMSP.DBF'
ORA-10564: tablespace POWERMSP
ORA-01110: 数据文件 26: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMSP.DBF'
ORA-10561: block type 'TRANSACTION MANAGED INDEX BLOCK', data object# 99375
ORA-00607: 当更改数据块时出现内部错误
ORA-00602: 内部编程异常错误
ORA-07445: 出现异常错误: 核心转储 [kdxlin()+4432] [ACCESS_VIOLATION] [ADDR:0xC] [PC:0x14306B54A] [UNABLE_TO_READ] []
Fri Nov 25 11:25:51 2022
Incident details in: D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\incident\incdir_224380\XFF_p010_7024_i224380.trc
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_p010_7024.trc:
ORA-01578: ORACLE 数据块损坏 (文件号 26, 块号 227101)
ORA-01110: 数据文件 26: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMSP.DBF'
ORA-10564: tablespace POWERMSP
ORA-01110: 数据文件 26: 'D:\APP\ADMINISTRATOR\PRODUCT\11.2.0\DBHOME_1\DATABASE\POWERMSP.DBF'
ORA-10561: block type 'TRANSACTION MANAGED INDEX BLOCK', data object# 99375
ORA-00607: 当更改数据块时出现内部错误
ORA-00602: 内部编程异常错误
ORA-07445: 出现异常错误: 核心转储 [kdxlin()+4432] [ACCESS_VIOLATION] [ADDR:0xC] [PC:0x14306B54A] [UNABLE_TO_READ] []
Fri Nov 25 11:25:54 2022
Aborting crash recovery due to slave death, attempting serial crash recovery
Beginning crash recovery of 1 threads
Started redo scan
Completed redo scan
 read 900 KB redo, 386 data blocks need recovery
Started redo application at
 Thread 1: logseq 93214, block 60163
Recovery of Online Redo Log: Thread 1 Group 1 Seq 93214 Reading mem 0
  Mem# 0: D:\APP\ADMINISTRATOR\ORADATA\XFF\REDO01.LOG
Hex dump of (file 3, block 6743) in trace file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_ora_4172.trc
Reading datafile 'D:\APP\ADMINISTRATOR\ORADATA\XFF\UNDOTBS01.DBF' for corruption at rdba: 0x00c01a57 (file 3, block 6743)
Reread (file 3, block 6743) found same corrupt data (logically corrupt)
RECOVERY OF THREAD 1 STUCK AT BLOCK 6743 OF FILE 3
Fri Nov 25 11:26:09 2022
Aborting crash recovery due to error 1172
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_ora_4172.trc:
ORA-01172: 线程 1 的恢复停止在块 6743 (在文件 3 中)
ORA-01151: 如果需要, 请使用介质恢复以恢复块和还原备份
Errors in file D:\APP\ADMINISTRATOR\diag\rdbms\XFF\XFF\trace\XFF_ora_4172.trc:
ORA-01172: 线程 1 的恢复停止在块 6743 (在文件 3 中)
ORA-01151: 如果需要, 请使用介质恢复以恢复块和还原备份
ORA-1172 signalled during: alter database open...

尝试人工recover恢复,报ORA-00283 ORA-00742 ORA-00312错误

SQL> recover database;
ORA-00283: 恢复会话因错误而取消
ORA-00742: 日志读取在线程 %d 序列 %d 块 %d 中检测到写入丢失情况
ORA-00312: 联机日志 1 线程 1: 'D:\APP\ADMINISTRATOR\ORADATA\XFF\REDO01.LOG'

通过特殊这里之后recover库成功

SQL> recover database until cancel;
ORA-00279: 更改 47073228694 (在 11/25/2022 08:11:15 生成) 对于线程 1 是必需的
ORA-00289: 建议:
D:\APP\ADMINISTRATOR\FAST_RECOVERY_AREA\XFF\ARCHIVELOG\2022_11_25\O1_MF_1_932
14_%U_.ARC
ORA-00280: 更改 47073228694 (用于线程 1) 在序列 #93214 中


指定日志: {<RET>=suggested | filename | AUTO | CANCEL}
D:\APP\ADMINISTRATOR\ORADATA\XFF\REDO01.LOG
已应用的日志。
完成介质恢复。

打开数据库报ORA-600 2662错误
20221125215429

使用oracle patch scn工具快速修改 open库成功
patch_scn-ora-600-2662
SQL> startup mount pfile='d:/pfile.txt'
ORACLE 例程已经启动。

Total System Global Area       1603411968 bytes
Fixed Size                        2281656 bytes
Variable Size                  1191186248 bytes
Database Buffers                402653184 bytes
Redo Buffers                      7290880 bytes
数据库装载完毕。
SQL> ALTER DATABASE OPEN;

数据库已更改。

然后逻辑导出数据,导入新库,完成数据迁移工作

MyISAM表delete记录恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:MyISAM表delete记录恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

有客户delete删除了myisam表中的部分数据,本来表中4-5w条记录,删除之后值剩余几十条,希望对其进行恢复(该库没有开启binlog)

mysql> select count(1) from db_bet;
+----------+
| count(1) |
+----------+
|       46 |
+----------+
1 row in set (0.00 sec)

通过分析.MYD文件确认数据依旧在文件中
myisam-delete-recovery

通过工具对其删除操作分析,找到记录如下
20221125175222
对其记录入库确认

mysql> select count(1) from db_bet_deleted;
+----------+
| count(1) |
+----------+
|    40158 |
+----------+
1 row in set (0.10 sec)

OGG-01777 Extract abended as it ran out of sequence numbers used to create TRAIL files

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:OGG-01777 Extract abended as it ran out of sequence numbers used to create TRAIL files

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

ogg extract 进程报OGG-01777 Extract abended as it ran out of sequence numbers used to create TRAIL files. The maximum number of TRAIL files allowed is 999999.
20221125124140

由于extract进程已经异常,直接对其抽取的trail文件命名新文件

--ggsci中执行
edit param eora_1  
--修改文件
EXTTRAIL ./dirdat/ab

--ggsci中执行
delete exttrail ./dirdat/aa extract eora_1
add exttrail ./dirdat/ab extract eora_1

GGSCI (xff-source) 51> info eora_1

EXTRACT    EORA_1    Last Started 2022-11-24 22:59   Status STOPPED
Checkpoint Lag       00:00:00 (updated 00:00:00 ago)
Log Read Checkpoint  Oracle Redo Logs
                     First Record         Seqno 248386, RBA 0
                     SCN 0.0 (0)

修改extract pump进程

edit params PORA_1
rmttrail ./dirdat/pc

delete rmttrail ./dirdat/pa extract PORA_1
add rmttrail ./dirdat/pc extract PORA_1
alter ext PORA_1 exttrailsource ./dirdat/ab

GGSCI (xff-source) 56> info pora_1 

EXTRACT    PORA_1    Initialized   2022-11-24 22:59   Status STOPPED
Checkpoint Lag       00:00:00 (updated 00:01:37 ago)
Log Read Checkpoint  File ./dirdat/ab000000
                     First Record  RBA 0

replcat进程处理

alter rep rep1 exttrail ./dirdat/pc

GGSCI (xff-target) 9> info rep1

REPLICAT   REP1      Initialized   2022-11-24 23:00   Status STOPPED
Checkpoint Lag       00:00:00 (updated 00:00:07 ago)
Log Read Checkpoint  File ./dirdat/pb000000
                     First Record  RBA 0

启动相关进程进行传输即可.
另外可以考虑相对简单一点操作,直接delete/add exttrail,delete/add rmttrail同名文件,省去修改param文件的麻烦,注意最终找trail文件名称和偏移量是否准确,如果不正确注意使用类似命令修改

add exttrail ./dirdat/xx, extract xxx, megabytes 1024
add rmttrail ./dirdat/xx, megabytes 1024, seqno 0 , rba 0, extract xxx
alter replicat xxx, extseqno 0, extrba 0
alter extract xxx,extseqno xxxx,extrba xxxx

ORA-00800: soft external error, arguments: [Set Priority Failed]

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:ORA-00800: soft external error, arguments: [Set Priority Failed]

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

在一套19.14的linux 2节点rac库中,使用sqlplus启动数据库成功,但是alert日志中报ORA-00800: soft external error, arguments: [Set Priority Failed]错误.

2022-09-21T22:20:35.924251+08:00
Starting background process VKTM
2022-09-21T22:20:35.977936+08:00
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl1/trace/orcl1_vktm_22653.trc  (incident=880052):
ORA-00800: soft external error, arguments: [Set Priority Failed], [VKTM],
 [Check traces and OS configuration], [Check Oracle document and MOS notes], []
Incident details in: /u01/app/oracle/diag/rdbms/orcl/orcl1/incident/incdir_880052/orcl1_vktm_22653_i880052.trc
2022-09-21T22:20:35.980555+08:00
Error attempting to elevate VKTM's priority: no further priority changes will be attempted for this process
VKTM started with pid=6, OS id=22653

Starting background process LMHB
2022-09-21T22:20:36.467831+08:00
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl1/trace/orcl1_lms0_22703_22708.trc  (incident=920005):
ORA-00800: soft external error, arguments: [Set Priority Failed], [LMS0], 
[Check traces and OS configuration], [Check Oracle document and MOS notes], []
Incident details in: /u01/app/oracle/diag/rdbms/orcl/orcl1/incident/incdir_920005/orcl1_lms0_22703_22708_i920005.trc
2022-09-21T22:20:36.470535+08:00
Error attempting to elevate LMS0's priority: no further priority changes will be attempted for this process

错误提示比较明显,提升进程的优先级失败,通过操作系统命令观察发现确实进程优先级没有提升

[root@oradb01 ~]# ps -eo pid,class,pri,nice,time,args|grep vktm|grep -v grep 
 5656 TS   19   0 00:00:00 ora_vktm_orcl1
30838 RR   41   - 13:08:36 ora_vktm_+ASM1

重新使用srvctl启动数据库,优先级提升正常,alert日志中也无类似警告

[root@oradb01 ~]# ps -eo pid,class,pri,nice,time,args|grep vktm|grep -v grep 
 5716 RR   41   0 00:00:00 ora_vktm_orcl1
30838 RR   41   - 13:18:46 ora_vktm_+ASM1

这个问题一直困惑了很久,今天无意中在mos上发现了相关mos文档,具体参考:(DB50) Clusterware Fails to Start Because CSSD Cannot Get Real-Time Priority (Doc ID 2903663.1),由于 bug 34286265 and bug 34318125(Bug 34649727 Linux: ORA-800 / Set Priority / DB Performance Merge Patch for 19.17 – 34286265 34318125)
20221121210544

尽量不要使用sqlplus去启动数据库,而是选择使用srvctl,避免在rac环境中导致数据库后台关键进程优先级无法提升问题.

被.mallox数据库恢复

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:被.mallox数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

.mallox勒索病毒加密文件破坏较多,很多时候无法正常通过工具恢复数据或者直接打开库
20221119164915

最近两例oracle数据库被该病毒加密,通过一系列处理,实现较为完美恢复(均为恢复之后,业务直接使用),这种病毒的FILE RECOVERY.txt内容类似为:

Hello

Your files are encrypted and can not be used
To return your files in work condition you need decryption tool
Follow the instructions to decrypt all your data

Do not try to change or restore files yourself, this will break them
If you want, on our site you can decrypt one file for free. 
Free test decryption allowed only for not valuable file with size less than 3MB


How to contact us:

The fastest way:
1) Download and install TOR browser by this link: https://www.torproject.org/download/
2) If TOR blocked in your country and you can't access to the link then use any VPN software
3) Run TOR browser and open the site: 
wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin
4) Copy your private ID in the input field. Your Private key: xxxxxxxxxxxxxxxxxxxx
5) You will see payment information and we can make free test decryption here


The slowest way:
If you are unable to contact us through the site, 
then you can email us: mallox@stealthypost.net
Waiting for a response via mail can be several days. 
Do not use it if you have not tried contacting through the site.

Our blog of leaked companies:
wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion

第一例通过dmp备份+dbf数据文件综合恢复
20221119163937

h:\BaiduNetdisk>dir *.dmp.mallox
 驱动器 H 中的卷是 SSD-SX
 卷的序列号是 84EB-F434

 h:\BaiduNetdisk 的目录

2022-11-08  17:18    17,016,836,196 1.dmp.mallox
2022-11-08  17:18    16,801,267,812 6.dmp.mallox
2022-11-08  16:22    17,016,152,164 7.dmp.mallox
               3 个文件 50,834,256,172 字节
               0 个目录 433,633,767,424 可用字节

第二例直接通过dbf文件完成核心恢复
20221119164257

对于类似这种被加密的勒索的数据文件,我们可以实现比较好的恢复效果,如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com
系统安全防护措施建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
9.保存良好的备份习惯,尽量做到每日备份,异地备份。

ora-600 kccpb_sanity_check_2故障处理

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:ora-600 kccpb_sanity_check_2故障处理

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

数据库启动报ORA-600 kccpb_sanity_check_2

SQL> startup mount pfile='d:/pfile.txt'
ORACLE 例程已经启动。

Total System Global Area 1258291200 bytes
Fixed Size                  1250548 bytes
Variable Size             243272460 bytes
Database Buffers         1006632960 bytes
Redo Buffers                7135232 bytes
ORA-00600: ??????, ??: [kccpb_sanity_check_2], [66014], [66011], [0x0], [], [],[], []

重建控制文件报错ora-600 kccsga_update_amx_1

SQL> CREATE CONTROLFILE REUSE DATABASE "zs" NORESETLOGS  NOARCHIVELOG
  2      MAXLOGFILES 50
  3      MAXLOGMEMBERS 5
  4      MAXDATAFILES 100
  5      MAXINSTANCES 8
  6      MAXLOGHISTORY 226
  7  LOGFILE
  8    GROUP 1 'd:\zs\redo01.log'  SIZE 50M,
  9    GROUP 2 'd:\zs\redo02.log'  SIZE 50M,
 10    GROUP 3 'd:\zs\redo03.log'  SIZE 50M
 11  DATAFILE
 12  'd:\zs\SYSAUX01.DBF',
………………
 22  'd:\zs\SYSTEM01.DBF',
 23  'd:\zs\UNDOTBS01.DBF',
 24  'd:\zs\USERS01.DBF'
 25  CHARACTER SET zhs16gbk
 26  ;
CREATE CONTROLFILE REUSE DATABASE "zs" NORESETLOGS  NOARCHIVELOG
*
第 1 行出现错误:
ORA-01503: CREATE CONTROLFILE ??
ORA-00600: ??????, ??: [kccsga_update_amx_1], [9], [2920], [292], [], [], [],[]

重启实例,重建ctl成功.尝试恢复库提示需要很久之前的日志,因为有两个数据文件scn异常
20221117182409

通过oracle recovery tools修改文件头
20221117175803
再次recover数据库成功顺利open库导出客户需要数据
20221117180144
20221117180602