SQL Scripts

scanner.sql

This is a simple scanner script to look for certain security issues within an Oracle database. This scanner accompanies a white paper published on security focus at http://www.securityfocus.com/infocus/1522.

su.sql

This script allows the user to change users in an Oracle database without knowing the password of the user they wish to log in as. To use this script you need to be logged in as a dba.

sql.sql

This script retrieves the SQL from the Oracle SGA for a particular user and session ID. This allows you to see the statements being executed by any user.

events.sql

This script can be used to see which Oracle events are set for the current Oracle session.

layout.sql

This script displays details of the logical structures in an Oracle database and the main datafiles used by an Oracle database.

who.sql

Shows who is logged onto an Oracle database and gives the database serial number and PID as well as the O/S PID.

check_users.sql

Can be used to check for default users installed in the database where the password is still set to the default.

check_roles.sql

Can be used to check for default roles installed in the database where the password is still set to the default.

link.sql

Script to show the database link details including any stored passwords.

disk.sql

Display details of each data file used in the database and show reads, writes and totals.

objchk.sql

Checks all objects in the database for validity and displays the objects that are invalid by owner and type.

dump.sql

Displays the user_dump_dest (trace directory) from the fixed tables.

utl.sql

Displays the user_file_dir (directory utl_file writes to) from the fixed tables.

idxchk.sql

This script finds any indexes that are invalid and displays their details.

enqueue.sql

This script displays the "enqueue" statistics.

resource_limits.sql

Show the resource limits, the current values and the max values.

stats.sql

Show all of the system statistics.

sys_event.sql

Show all of the system event statistics.

redo_latch.sql

Show all of the redo latch statistics.

event_names.sql

Display all of the event names and parameters.

latch_hit_ratio.sql

Display the latch misses and immediate misses.

all_latch.sql

Display the latch statistics wholesale.

db_links.sql

Script to show details of database links from dba_db_links.

dict_cache.sql

Script to show the hit ratio of the dictionary cache.

buffer_cache.sql

Script to show the hit ratio of the buffer cache.

sga_mem.sql

Script to show the break down of the SGA in terms of type, status and size.

sga_sizing.sql

Script to show the sizing of the SGA and the current use.

free_space.sql

Script to show free space for each tablespace in the database.

cache.sql

Shows the size of the SQL, the free memory and the percentage free memory in the SGA. Also shows the three key hit ratio's i.e. the buffer cache, the dictionary cache and the library cache. Finally the numbers of memory and disk sorts are shown with the percentage sorts done in memory.

sysstat.sql

This script shows the three SGA hit ratio's with slightly different detail to the report above.

last_analyze.sql

Dates of the oldest and newest analyze done on the table.

lock.c

This 'C' program can be used to lock the shared memory segments allocated to Oracle in core. This can be used as a workaround for the init.ora parameter LOCK_SGA that will not work on Solaris due to only root being allowed to lock memory in core. This 'C' program can be SUID root or be run as root. Ideally it would be run in a shell script right after the database has been started. This will help prevent the SGA from being paged out.

parameters.sql

This script will display all of the initialisation parameters including the hidden ones.

hidden.sql

This script will display all of the undocumented hidden initialisation parameters.

check_freelist.sql

Checks the number of wait stats on the class "free list".

free_memory.sql

Displays the free memory in the SGA.

Archivearrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2016 All Rights Reserved. Privacy statement