-
加我微信(17813235971)
加我QQ(107644445)
标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-00742 ORA-01110 ORA-01555 ORA-01578 ORA-01595 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (103)
- 数据库 (1,764)
- DB2 (22)
- MySQL (77)
- Oracle (1,605)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (24)
- ORA-xxxxx (166)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (15)
- ORACLE 21C (3)
- Oracle 23ai (8)
- Oracle ASM (69)
- Oracle Bug (8)
- Oracle RAC (54)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (588)
- Oracle安装升级 (97)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (86)
- PostgreSQL (30)
- pdu工具 (6)
- PostgreSQL恢复 (9)
- SQL Server (32)
- SQL Server恢复 (13)
- TimesTen (7)
- 达梦数据库 (3)
- 达梦恢复 (1)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (39)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (22)
-
最近发表
- 文件系统格式化MySQL数据库恢复
- .sstop勒索加密数据库恢复
- 解决一次硬件恢复之后数据文件0kb的故障恢复case
- Error in invoking target ‘libasmclntsh19.ohso libasmperl19.ohso client_sharedlib’问题处理
- ORA-01171: datafile N going offline due to error advancing checkpoint
- linux环境oracle数据库被文件系统勒索加密为.babyk扩展名溯源
- ORA-600 ksvworkmsgalloc: bad reaper
- ORA-600 krccfl_chunk故障处理
- Oracle Recovery Tools恢复案例总结—202505
- ORA-600 kddummy_blkchk 数据库循环重启
- 记录一次asm disk加入到vg通过恢复直接open库的案例
- CHECKDB 发现了 N 个分配错误和 M 个一致性错误
- 达梦数据库dm.ctl文件异常恢复
- Oracle Recovery Tools修复ORA-00742、ORA-600 ktbair2: illegal inheritance故障
- 可能是 tempdb 空间用尽或某个系统表不一致故障处理
- 11.2.0.4库中遇到ORA-600 kcratr_nab_less_than_odr报错
- [MY-013183] [InnoDB] Assertion failure故障处理
- Oracle 19c 202504补丁(RUs+OJVM)-19.27
- Oracle Recovery Tools修复ORA-600 6101/kdxlin:psno out of range故障
- pdu完美支持金仓数据库恢复(KingbaseES)
年归档:2022
MySQL 8.0版本ibd文件恢复
对于单个的ibd文件,大部分情况下可以通过DISCARD TABLESPACE和IMPORT TABLESPACE方式进行恢复
mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> CREATE TABLE `t1` (
-> `id` int DEFAULT NULL
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
Query OK, 0 rows affected (0.01 sec)
mysql> insert into t1 values(1);
Query OK, 1 row affected (0.02 sec)
mysql> insert into t1 values(2);
Query OK, 1 row affected (0.01 sec)
mysql> insert into t1 values(3);
Query OK, 1 row affected (0.00 sec)
关闭mysql服务,备份mysql中的t1.ibd文件
[root@xifenfei ~]# service mysql stop Shutting down MySQL..... SUCCESS! [root@xifenfei test]# cp t1.ibd t1_bak
启动mysql服务,并删除并创建新的t1表(表结构相同)
[root@xifenfei test]# service mysql start
Starting MySQL..................... SUCCESS!
[root@xifenfei test]# mysql -uroot -poracle test
mysql: [Warning] Using a password on the command line interface can be insecure.
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.31 MySQL Community Server - GPL
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> drop table t1;
Query OK, 0 rows affected (0.20 sec)
mysql>
mysql> CREATE TABLE `t1` (
-> `id` int DEFAULT NULL
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
Query OK, 0 rows affected (0.01 sec)
DISCARD TABLESPACE操作
mysql> ALTER TABLE t1 DISCARD TABLESPACE; Query OK, 0 rows affected (0.01 sec)
把备份的t1.ibd还原回去并修改权限
[root@xifenfei test]# mv t1_bak t1.ibd [root@xifenfei test]# ls -ltr total 112 -rw-r-----. 1 root root 114688 Dec 18 17:24 t1.ibd [root@xifenfei test]# chown mysql.mysql t1.ibd
IMPORT TABLESPACE并验证数据
mysql> ALTER TABLE t1 IMPORT TABLESPACE; Query OK, 0 rows affected, 1 warning (0.24 sec) mysql> select * from t1; +------+ | id | +------+ | 1 | | 2 | | 3 | +------+ 3 rows in set (0.00 sec)
在恢复途中如果遇到表定义不对,或者ibd文件损坏,或者版本不匹配等各种情况,可能在IMPORT TABLESPACE的时候可能出现类似ERROR 1808 (HY000): Schema mismatch (Clustered index validation failed. Because the .cfg file is missing, table definition of the IBD file could be different. Or the data file itself is already corrupted.)错误
mysql> alter table `t1` import tablespace; ERROR 1808 (HY000): Schema mismatch (Clustered index validation failed. Because the .cfg file is missing, table definition of the IBD file could be different. Or the data file itself is already corrupted.)
如果出现此类错误,无法直接通过该方法进行解决,参考frm和ibd文件数据库恢复,使用专业恢复工具进行处理
linux系统文件加密勒索病毒
昨天晚上,一客户联系我们,其linux的dg备库上发现病毒,让我给看看,登录上去之后发现异常进程
进一步检查发现很多文件被加密成.locked1
对应的README.html内容
[yyapp@ncapp ~]$ cat README1.html contact email: service@hellowinter.online, prepare 0.12btc, if you can't contact my email, please contact some data recovery company(suggest taobao.com), may they can contact to me . your person id:izeieOMvPH+SDWYAxX6snmD2k306byUOpTP4Djfm9gaekoP0Q9JwWVcG0NI1grBM/DIo22A+sjCm UfXXDwq/s72bc014WxmIy8jXCowuH4e6hJBjUgnkfoe/NbfPJN1CNQS3EdO6UaxMS3fwUzfnZTvW 63GyygBgZTzq9CfTdDUBmXe3aP30VTisTrtaFCdRnD2JaMUe5fVPUQ/vX39S4Kkng/VeZtOwUek7 24WbH7Z62Jo+7pnXyeB2PJpdvg0Rcy42VXJj7vZYe48xt2/PYYGuNLIjdDGt00qDiBuWLh19Q8us mBILkB5sypmE6drpzAR74ao9/fh/YOawkppism9bSbKDnLAUQz1MG7z0MqEEwWF+5uMUoxqk+Wmj zAY6/eu2X5cV/UASWI8TS+U+agRGgo98B2dkVgTGaXrGc/GzX/QNVVrAYAIqe3o3Mx0EG05vwEjf cv6AUYK3W+QshyNwUJUrptJaAAzdtpz20dAlQtAWrezAHzY14W91puE5NUmBhWO//xv3xu/5F9wd eBqfIFHFBkb3RxMTuU19UDQtsn/CKObjdiFz9gunugZXbubSnq1m5huk5dpgXvDh5hU1pdPdVNR6 tLldjbQQH+UQKl7wyQvs205UHRQW0OTfoxcnk2DagwqQyCc4U4BnigjMxYnpiLS2p9G1i/Sg3mU1 6ES7lgQ3WzjICcdhisApjFGomWNOwPNrqwlWihCvugUIbe0ST/n57XiU2HcNjvjraR8KINtDHYhp dS8FQZZA4/G8JTOMOdsQ2CPKXK7BLX+m39/1xe4w6/g492Qb9L6k7xLHdgrMalnNO5yGgd38WEaG aYAF40ICmOy55hmdl1Gp6docZ5XDB+eB/A5QcoihZkEeSqB39ibLarubyBjS2jv1ZN6uqCw4wwaV RC22N4miT0aM3GkX+sfT2J3fWo0HFtgE18T9pVhsE73Sf00bW+LT0yh8SpK9IE4wRA4m+jskzg9S aJLZDWRc4vtYlx93VXT4Z+3G2rnm1FnX2MXySAyhVlvQmRAfPoDC285Jn95259/17e9Y4639jxSs JvOO8kiJHBQNbbyV1XXsxBtKyl514wbUjn2mccUlJ51EyfssuITjqdMeHoDaO4KzguXNFJgwGzbv K+y3NX54yuE1Xm9sCI07pJs2WwC8GzErfmXbseTEvUvcXl0qsQFXTFCTNLnSNdXkswN+Hh/5uI5c dAM73VP+qiTdvj4a0GRXa+riZ136lVEd9pZpy62XYQYkn+LGGJljvPooMH9rM1oIp8tOiPldIm29 0nNLmiaSmaEefY9I6wRAemvNAHw9Wq75pDBY3H3Xjt8ENsmj2MNpchDvYHM/ndckMoReN8cEsouv LhuhtjjBktuaVz1j9Vj6UM6LEjGe6ZJyx+fjnTI2haMLej6vf0hopck0vJmSuL1mN03gd/QkBsBt wDxFReExoTfcuhMRSdkrMqJFWLOpKI+XrYaB6DqHbFjqr3ME6RJcP9ynNF8qqF7JXNJsMu9PJ5ml 0hcg71NirMD7iXNUy1YDgzKqULABvL4SeUAjEE/Sa/HvUw+lMgZaM6aodAczTyWVqITVXzcuDXLV vlrF5uMflQC13qaPTlqgTbB9xv4F/S8joC/c60fd+5WjdjWT6tMXHLlWRPQJrUNW06+fCh9EPjmW llD6HJXreorpbjB7hWwahu5mSnWhwWqFsHwYbK7tSo98GqXdOEmOH21zPF57UCr0Sff47tDrSEtn YCKHt47lS/ayCfnx1g9HAFu0NyULUE/UowuW5aPdRyqcRAaA1UAMugRqZB/QkTQVoPsCQRmca352 HE9M4LasANxTk4RT4HHmrBQSCzW0QZ+L2ouDTYgc2ipjXQbnLuZgU1AgIqvjjo+dDz4A9BYeJWEU 4QDg89IfDFpSiU26nvsDHIxh2KP0F5Uvf5n4Q1K/sO3g71G9prxMHLyq+M6UdY5W/zVAzYFuzx/H Z8jvaQTYHopyUQUHLZ1XvkD+CzRFMruTHyVavu1OL+3xzgILP23IDyoPdp1pyfQbrwN0inDlAEMN 3cJRvMleqKB145p7hItgOpDCwqojMveM+YaT+mPhPCZbV4GsJ/YeP2yzMPG8lXTHG2nu/0Ew08TO BstwUtAFqTc8C0vgMLR6ZGZ8UtwT0yE7WQm7KPwPiMtzqhNtW4ORtzrSmy1YPjpqZ2LIu5WrqW3Y hh56D6Kl1fQgFA4x2PuBF1+VJm8jovm4MQkOBjwKr0gpcWqwHsPPGLvTb/tiFRoP3r2+nulgKP7D zaoJpbhqtp2e18Ip6RC4MWvNRZ8MJwF9X9s1KI7Gqdxp1ePvwmsVFvOzozIUA9WczSlGQ9oMs0Rq Kf6Q6VypCpOkRHtHpKsB96drqs08dpQ1zRZdLaCzs/r6je7JGFDZyf7iI7qvZjZWBPIJNGR4q+Ms 6ur3xsHm4jRbg5knH+9c7n9hA0Y7HHVweXo8SAmxd2Zbggldiw/qXlnhEg6yUEE3QYvkw9gnmMkO N7Biclfd6VcOc6vXGtzXLGml09DVNJg4vWVauwldzAEUT15Eoo5aVjqtYLJjDYmWIefKrQoeQ8GS SmZ7Y66hYZRAQFmBPYNq0T5g0se5j8+tYvldL6u+waqive9cUKG4Au5wYUwDFbY93D9AK73sR7lY z8oq3AXgT1Leiy3r/O2HNSpb4Qqn6vN3cOxtmmPAPpAhzZ/Ab9iEJCqTp5aqerlJUJWSarQ8DDca V0gc41vAue9AEc5mNnf/oUILLJv4Kok62PIEAwg3Y/Zw8jv1226QqgAD3jXpVDK52H6nPa6IOqaI YY5EwUYBcK8FqpJtquzqt7C0NZnIOlSur/og750HieWl5FOc9NpOTNrIW+Fb5Uqhiv2FHR6E874x IaN3cW2tCtATndFOf5+YQPo1vcEXyZTp+rQjMDqrJdMe8u1nO7ewJF7TAcWLB8PKhejn3aj4S4uC zMTt7wdp64co8wUusQc11mcpItHfSxE7GViUeZlYnOkb9tzQRmf8ff4I2g2kwwYzrF/OWKgqNDXv ZfbR1XwXHXlqcyIJJzubxAucYrSaSG6M [yyapp@ncapp ~]
通过以上信息基本上确认一种类似win的加密勒索病毒,经过分区确认只是加密了yyapp用户有读写权限的数据,其他数据用户数据没有被加密(这个机器是应用服务器,并且做了oracle的备库[没有被加密]),因此基于目前的情况对客户没有太大损失,直接重装应用配置dg即可.通过进一步分区,确认该病毒是通过应用漏洞入侵,建议客户进行应用和系统安全加固.
温馨提示:以前的勒索病毒绝大部分都集中在win平台上,现在可能linux平台也会收到很大影响,建议各位对各自系统进行安全加固,系统和应用打上漏洞补丁和网络安全防护
发表在 Linux
评论关闭
RAC节点时间间隔过大导致执行root.sh不成功
在一次oracle linux 7.9 安装11.2.0.4 RAC过程中遇到在第二个节点执行root.sh失败
报错提示为CTSS服务启动失败,查看对应日志
从这个提示中看,是由于时间两个节点时间间隔太大,导致ctss无法启动,查看两个节点时间
通过查看确认节点1的时间为2017年,节点2为2022年,相差非常大,修改时间,执行rootcrs.pl -deconfig -force
然后再重新执行root.sh成功,完成集群安装,粗心的结果,安装之前没有看系统时间
发表在 Oracle安装升级
评论关闭