Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: I want to re-install system, how can I backup and recover?

Re: I want to re-install system, how can I backup and recover?

From: Paul Drake <paled_at_home.com>
Date: Fri, 11 May 2001 22:49:42 -0700
Message-ID: <F001.00301D24.20010511221519@fatcity.com>

Robert Chen wrote:
>
> hi,
>
> Because a hacker hackered our system, I have to re-install the solaris. How
> can I backup the oracle database?
>
> Just backup all the physical files? I am not a back up and recover expert.
> Please help me...
>

Robert,

If your Solaris box is truly compromised, a backup of all files, followed by a restore of all files, would give you the compromised box back. Aim higher.
What is required is an install from original media, followed by a restore of only the absolutely necessary files - init.ora, control files, log files, data files. (from a cold shutdown). Don't restore by directory - restore by individual file.

Leave everything else behind - on tape.

Here is your starting point:

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

<snip>
E.Recover from the intrusion

1.Install a clean version of your operating system

Keep in mind that if a machine is compromised, anything on that system could have been modified, including
the kernel, binaries, datafiles, running processes, and memory. In general, the only way to trust that a
machine is free from backdoors and intruder modifications is to reinstall the operating system from the
distribution media and install all of the security patches before connecting back to the network. Merely
determining and fixing the vulnerability that was used to initially compromise this machine may not be enough.

We encourage you to restore your system using known clean binaries. In order to put the machine into a
known state, you should re-install the operating system using the original distribution media.
</snip>

Now that you've gone through this, you may be tempted to use an intrusion detection system.
Tripwire comes to mind - lots of other pieces of code for recording MD5 checksums of files.

http://www.cert.org/tech_tips/intruder_detection_checklist.html

Please don't reconnect the box to your network until it is completely patched.

good luck - enjoy the learning experience.

Paul

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Paul Drake
  INET: paled_at_home.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Sat May 12 2001 - 00:49:42 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US