When folks talk about UNIX security and the tools
available to prevent mishaps, it is important to remember just how
fragile the UNIX environment can be. The primary job of the UNIX
Oracle DBA is keeping the database running, so they are not usually
surprised to see how easy it is to clobber a server.
The script below cripples the UNIX server by an
implosion of incoming jobs. This is known as a Denial Of Service
(DOS) attack, and the Oracle DBA should be aware just how easy it is
for a hacker to make a mess in UNIX.
Interestingly, the use of a DOS attack is
not new and mainframe programmers have known how to clobber a
mainframe job intiator since the 1960's.
The same kind of attack can be launched against
IBM mainframes by creating a recursive IEFBR14 job that directs its
SYSOUT to the mainframe internal reader.
The following is a section of JCL that
illustrates the recursive job submission technique.
WARNING: The following command will clobber
any UNIX server in a matter in just a few seconds. This script
is provided for illustration purposes only, and it should not ever
be run in a production environment:
/tmp/recursive.ksh > /dev/null 2>&1 &
The recursive.ksh file
submits two of the same tasks.
nohup /tmp/recursive.ksh >
/dev/null 2>&1 &
nohup /tmp/recursive.ksh > /dev/null 2>&1 &
Because the job submits itself, two jobs submit
4, four submit 16, and so on, until the entire server in unable to
accept any work.
Again this script is described as a warning to
any cocky Oracle DBA who assures management that their UNIX server
is impervious to DOS attacks.
Get the Complete
Oracle SQL Tuning Information
The landmark book
SQL Tuning The Definitive Reference" is
filled with valuable information on Oracle SQL Tuning.
This book includes scripts and tools to hypercharge Oracle 11g
performance and you can
for 30% off directly from the publisher.