| DBA Best Practices [message #119932] |
Mon, 16 May 2005 15:08  |
toddlane
Messages: 1
Registered: May 2005
|
Junior Member |
|
|
Hi - I am new to the world of Oracle DBAs, and I am looking for a little guidance.
In order to make sure I do the best job possible, I am looking for tips and best practices in regards to general DBA and security. For example, someone told me that the alert logs can become huge over time and this needs to be taken care of. The more tips the better...anything from security to logs to general rules I should follow, etc.
Your help is much appreciated.
Thanks,
Todd
|
|
|
|
| Re: DBA Best Practices [message #120462 is a reply to message #119932] |
Thu, 19 May 2005 22:24  |
sunil_v_mishra
Messages: 506
Registered: March 2005
|
Senior Member |
|
|
hi,
When ever you come in your office see the alert log file for any type of error in it ... and if you find no error than delete alert log file ... coz oracle create alert log file automatically. daily you have to read alert log file as a DBA.
Delete trace file if error shown by trace file is solved by you.
Another thing if your database is in archive log mode than delete your archive file after taking hotbackup.
Dont allow user or someone else to sit on Machine on which database is present for security of physical file of database.
Always check how many user r there in ur database by querying dba_users table coz by this u can know who are the new user enter in your database . if you find any one new and you know that you had not made him/her user of datbase .. then that user is intruder so check its ip from where he is accessing the database and block that user to access the database.
DBA should know from where he should get answer to solve the error that occured in database.
Always have mirroring of redolog lifes on seprate disk.
Do multiplexing of control file.
All user tablespce shuould be different.
User should not allowed to store data in system tablespace.
DBA should know how to change password of DBA.
If database is 24x7 then it should be in archive log mode.
If you know that your user will b more than 150 than your database shuould be MTS.
There are many more thing that DBA should do for his database but what i mentioned is basic and most important.
My answer is from technical point of view not as how he DBA should intract with his user and subordiante etc....
From :- Sunil
|
|
|
|
| Re: DBA Best Practices [message #120470 is a reply to message #120462] |
Fri, 20 May 2005 00:24 |
girish.rohini
Messages: 744
Registered: April 2005
Location: Delhi (India)
|
Senior Member |
|
|
Hi Todd/Sunil
First n foremost--- do lots of reading in order to gain expertise. Dont wait for things to happen, prepare urself before they happen.
When ever you come in your office see the alert log file for any type of error in it ... and if you find no error than delete alert log file ... coz oracle create alert log file automatically. daily you have to read alert log file as a DBA.
OK, but dont delete. Do keep it for future reference.
Delete trace file if error shown by trace file is solved by you.
Worst thing to do is to delete trace containing error solved by u. If etal u want to delete, first make note of error message, and its solution that u had made. This will serve as reference guide for future.
Another thing if your database is in archive log mode than delete your archive file after taking hotbackup.
Take care in deleting archivelogs.
If at all u want to delete, delete upto last log before u started the hot backup. If any archive log, generated after u begin hotbackup is deleted, ur hotbackup is good for nothing. U wont be able to recover database completely using it.
Dont allow user or someone else to sit on Machine on which database is present for security of physical file of database.
Hahaha... is security some kind of joke. Do some good reading about securing ur databases.
Always check how many user r there in ur database by querying dba_users table coz by this u can know who are the new user enter in your database . if you find any one new and you know that you had not made him/her user of datbase .. then that user is intruder so check its ip from where he is accessing the database and block that user to access the database.
OK, but DBS_USERS gives u al users created in database. It doesn't tell u which all users are currently logged in ur database. U need to query v$session & its related views to get this info.
DBA should know from where he should get answer to solve the error that occured in database.
Gud one...But remember this again involves loads of reading.
Always keep track of some sites that provide ready information on Oracle errors & their solutions + Oracle tips/scripts. But do keep testing these in test environment. U should seldom use any of these scripts directly in ur production environment, unless u are doubly sure, wat this script is going to do.
Always have mirroring of redolog lifes on seprate disk.
Yes, at leats 2 members per group on separate disks.
Do multiplexing of control file.
Yes, upto 8 copies are allowed. But do place them on separate disks.
All user tablespce shuould be different.
Store users data in separate tablespace then system.
Also have a defaukt temporary tablespace, other then system, for all users.
User should not allowed to store data in system tablespace.
Yes
DBA should know how to change password of DBA.
Primary thing to know.
If database is 24x7 then it should be in archive log mode.
It depends. If DB is used for readonly activities, then having it in archivelog, can only serve 1 purpose... u can take hot backups any time u want... Otherwise its as good as no-archive mode.
If you know that your user will b more than 150 than your database shuould be MTS.
Can't comment... Haven't tested this as yet.
as for rest....
do wish u all the best
Regds
Girish
|
|
|
|
|
|
| Re: DBA Best Practices [message #120510 is a reply to message #120476] |
Fri, 20 May 2005 04:54 |
 |
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
|
Senior Member
Account Moderator |
|
|
>>If database is 24x7 then it should be in archive log mode.
If a Database is worthy for anything and if there is some activity throughout, it needs to be in archvedlog mode.
>>Dont allow user or someone else to sit on Machine on which database is present for security of physical file of database.
The base definition of security in ANY O/S is questioned here.
Oracle files are installed by specific DBA / OINSTALL group in unix ( and similiar in Windows).
Any OTHER user logging into the system who is not a member of this group cannot HARM the datafiles.
But if the intruder is hacked in as a ROOT user OR oracle user, you are done. The system level security should be maintained by Sysadmins.
>>Always check how many user r there in ur database by querying dba_users table coz by this u can know who are the new user enter in your database . if you find any one new and you know that you had not made him/her user of datbase .. then that user is intruder so check its ip from where he is accessing the database and block that user to access the database.
Thats a luxury.
It is tooooo late.
It is simple. The moment there is an intruder in database who can create a user, database security is compromised in worst possible level. And what if he gets into database from OTHER ip?
THe intruder have done the damage potentially well before you can get iin.
Can you get in?
If i am the intruder i could have changed all the administrative passwords!!!.
fix?
If I was the DBA/System admin/network admin, I would have be fired and been qurantined.
Hire the intruder.
as Girish said, spending a quality time in reading the documentation should pay you back.
[Updated on: Fri, 20 May 2005 05:25] Report message to a moderator |
|
|
|
| Re: DBA Best Practices [message #120567 is a reply to message #119932] |
Fri, 20 May 2005 08:52 |
smartin
Messages: 1803
Registered: March 2005
Location: Jacksonville, Florida
|
Senior Member |
|
|
Yeah, I'd agree with others in that it isn't all that complicated. Keep in mind it won't happen overnight. Read the concepts guide. Read the administratos guide. Read the backup guides. Install a sandbox db on your pc to practice with. Repeat all of the above reading and practice on your pc.
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
