Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: some process flooding oracle's .sh_history file

Re: some process flooding oracle's .sh_history file

From: joel garry <joel-garry_at_home.com>
Date: Tue, 31 Jul 2007 16:01:26 -0700
Message-ID: <1185922886.134566.241790@z24g2000prh.googlegroups.com>


On Jul 31, 1:33 pm, EdStevens <quetico_..._at_yahoo.com> wrote:
> On Jul 31, 2:39 pm, sybra..._at_hccnet.nl wrote:
>
>
>
>
>
> > On Tue, 31 Jul 2007 11:02:36 -0700, EdStevens <quetico_..._at_yahoo.com>
> > wrote:
>
> > >Platform: Oracle 10.2.0.2.0 on HP-UX B.11.11
>
> > >This began just recently. While logged on to the sever with the
> > >'oracle' account, I noticed my command line history returning a bunch
> > >of stuff I hadn't entered. This is a very small shop, so I have a
> > >pretty good feel for when someone else may be logged on, and the
> > >commands in the history didn't look like anything any of us would have
> > >entered at the command line.
>
> > >Looking into oracle's .sh_history file, I found scores of entries like
> > >this:
>
> > >2 echo Start Command;LC_ALL=C;export LC_ALL;netstat -i; echo Finish
> > >Command
> > >3 echo Start Command; LC_ALL=C;export LC_ALL;/etc/swapinfo -t | grep
> > >total;echo Finish Command
>
> > >( I've left the vi line numbers, to deliniate individual records.)
>
> > >Looks like something the dbcontrol agent would be doing to gather
> > >stats, but if so, I've never seen it show up in the .sh_history file
> > >before.
>
> > >Anyone seen anything like this, or have and educated idea?
>
> > You could of course have
> > HISTFILE=<any filename>$$
> > in your profile.
>
> > --
> > Sybrand Bakker
> > Senior Oracle DBA
>
> Yes, but I'd like to find out where this history is coming from, not
> simply how to dodge it.- Hide quoted text -
>
> - Show quoted text -

I threw together a quickie script one time when I was trying to figure out what weirdness was happening in the middle of the night, run every 10 minutes in root cron:

THE_DATE=`date +%y%m%d%H%M`
(UNIX95= ps -e -o "vsz args" |sort) > /var/adm/syslog/keepps/ unix95$THE_DATE
(ps -efl|sort -nk10) > /var/adm/syslog/keepps/psef$THE_DATE

Then every day a cron to get rid of stuff however many days old.

Don't remember where I got the idea, but could be modified for whatever you want to look for, like a grep for oracle. You perhaps want to be grabbing the .sh_history, since the one-liners probably happen very quickly, maybe you can see a pattern of when they are happening because they are also cronned or similar, once you see that you can tight-loop the ps to grab it.

Another thing I've done in the past is use a while or until loop in a script to wait until something happens, in your case it might be to wait until the history changes and do the ps. I _think_ the ps is slow enough to grab a transient process like that. Unix power tools has an example of waiting for someone to log on:

#!/bin/sh
until who | grep "^barb "
do sleep 60
done
echo The system manager just logged on.

Then you'd execute that in the background.

jg

--
@home.com is bogus.
http://groups.google.com/group/net.lang.c/msg/66008138e07aa94c
Received on Tue Jul 31 2007 - 18:01:26 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US