Documente Academic
Documente Profesional
Documente Cultură
■ Jared Still
■ RadiSys Corporation, Hillsboro Oregon, USA
■ Oracle DBA for 10 years
■ Perl aficionado for 10 years
■ Background
✓ DBA since 1994
✓ Unix user since 1988
✓ Written a few bourne and korn shell scripts in that time
✓ Also written a fair number of DOS batch scripts.
■ Began using Perl in 1994.
✓ Purpose for using Perl was initially as a reporting language.
✓ Soon realized it could do much more
✓ Used to create a job scheduler that ran our reports in the
background, notifying users when reports were complete.
■ After this I was hooked.
✓ Perl provided much more control over details than was
possible in shell scripts.
✓ Does not mean that Shell and SQL*Plus were abandoned.
✓ Perl was a powerful new tool in the toolbox.
■ Adaptability
✓ “Swiss Army Knife” of languages
✓ Have you ever had to write routines in Shell, SQL or PL/SQL
and run into language limitations?
• Connections to multiple databases not known until runtime.
• Complex data structures
✓ There are virtually no limitations in Perl and DBI
• Multiple simultaneous database connections
• Complex data structures are easy to create
• If you need to deal with LONG datatypes, you can do so in Perl with DBI ( you can’t
do so in PL/SQL with a LONG > 32k )
• Virtually anything you need to do can be done in Perl.
■ Complexity
✓ Unix users are probably scripting in ksh, or maybe bash.
✓ Finer grain of control
• Easily trap both OS and Oracle errors
• Powerful command line argument parsing
• Direct control of many OS features
• Sockets, ftp, ssh, file handling
• Language control structures
✓ Several things that Perl can do that you cannot easily in
shell scripts, SQL*Plus or PL/SQL
• Create multiple simultaneous connections to 1 or more databases
• Perform complex mass transformations on data outside the database
• Interact with the user – cannot do this in PL/SQL
• Interact with the user while performing error and sanity checking on user inputs –
cannot do this in SQL*Plus or PL/SQL
• Some of these features available in shell, but not as robust and not cross platform.
✓ Perl give you the most of the power of C, but in an easier to
use form.
■ Compatibility
✓ Scripts that are written in Perl can work the same way
regardless of platform
✓ I write scripts on Linux; then run them on Win32.
✓ The same script will work the same way on multiple
versions of unix.
■ Simplicity
✓ You may hear that Perl code resembles line noise.
• This can be true of any language
✓ What can be done in other languages can usually be done
in less time and fewer lines of code in Perl.
• Perl has some powerful operators and functions that can accomplish a lot with just a
little code. Not required to use them.
■ simple.pl
■ I use this, or a variation, to begin most of my Perl
scripts that connect to Oracle.
■ Includes
✓ Parsing of command line arguments
✓ Connecting to the database
✓ Preparing a SQL statement
✓ Executing the SQL statement
✓ Displaying the data
✓ A basic help screen
■ Data formatting
124 :
125 : format STDOUT =
126 : @<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<
@<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<
127 : @data
128 : .
129 :
■ Monitoring
✓ Alert Log Monitor (chkalert.pl)
✓ Uptime monitor (dbup.pl)
■ Log Rotation
✓ Copy alert.log to new file and compress
✓ Truncate remainder
✓ Delete archives after 90 days.
✓ (alert_log_cleanup.pl)
■ Auditing
✓ Auditors and Managers like to see data in Excel
spreadsheets.
✓ Dump data to CSV, load, massage data, etc.
✓ Very time consuming and tedious.
✓ Lots of cut and paste involved.
✓ For repetitive tasks (such as audit reports), two modules
have proved to be a huge benefit.
■ SpreadSheet::WriteExcel
✓ This Perl module allows creation of Excel Spreadsheets
with multiple worksheets.
✓ Allows most formatting capabilities of excel: colors, cell
formats, etc.
✓ Cross platform. Files created on Linux work fine on
Windows.
■ SpreadSheet::ParseExcel
✓ Security data may be supplied in Excel spreadsheets.
✓ This module allows the data to be parsed from the file at
runtime. Alternative is to dump to tables, but this is more
work, and a may be a manual process.
■ Baseline Audits
✓ Auditors want to know what has changed in the database
since the previous audit.
✓ Each change in the database should have a corresponding
Change Control Record in your Change Management
System.
✓ Generally audited from the database back. ie. Changes in
the database are identified, change control records
examined.
✓ You should be able to determine changes that have
occurred since the previous audit.
✓ Rather than evaluating tools to collect baseline data and
report on it, I created one.
✓ It does exactly what I need it to do, and the time spent
writing it was less than that needed to locate, evaluate,
purchase and implement a canned tool.
✓ Saving both time, and money.
RadiSys Corporation Confidential
Audit Reports with Perl – cont.
Baseline Report
■ Permissions Audits
✓ Auditors require reports detailing permissions granted in the database. This
is known as account reconciliation.
✓ As a DBA, you will be the person asked to provide this data.
✓ This is another area where a little extra time spent to automate the task will
simplify subsequent future audits.
✓ Example types of account reconciliation
• List of known roles and purpose of each
• List of known system accounts and purpose of each
• List of accounts and purpose of each
• List of accounts and roles and privileges assigned to each
• List of roles, and each user they are assigned to
• List of roles, and privileges assigned to each.
✓ This turns out to be quite a bit of work.
✓ Some of our security data is stored in spread sheets and must be retrieved
from there, and used to validate the user accounts for employees and
contractors.
✓ This could be a very intensive manual task, and must be performed several
times a year.
✓ Spreadsheet::ParseExcel module is used to load data from excel
spreadsheets into Perl data structures. These are used to validate database
security information at runtime.
✓ Unknown accounts, roles, etc. are marked as suspect and must be validated
by application owners and the DBA.
✓ Spreadsheet::WriteExcel is used to create an Excel spreadsheet that can be
used for any remaining validation that must be done.
✓ Time to do this manually, even using SQL scripts to dump CSV files, is
prohibitive.
✓ This is a major time saver for the DBA at our company (me)
■ Questions?
■ Jared Still
✓ jkstill@cybcon.com
✓ jkstill@gmail.com