Forensic SGA capture

This script can help you in gathering artifacts for an Oracle SGA and deliver it in such a way that its integrity can be verified (written for Oracle Database Server on Linux). Please find a demo video below the code.

if [ $# -ne 2 ]; then
echo "Usage: $0 <output filename> <seconds to read (first thousand characters) from shared SQL area>"
exit 1
if [[ "$2" != +([0-9]) ]]
echo "Usage:       $0 <output filename> <seconds to read (first thousand characters) from shared SQL area>"
echo "For example: $0 case_suspicion 120"
exit 1
STARTTIME=$(date +'%Y%m%d %H:%M:%S.%N')
echo "**************************************************************" > "$FILE.log"
echo "" >> "$FILE.log"
echo "- Start at $STARTTIME " >> "$FILE.log"
STARTRUN=$(date +'%Y%m%d %H:%M:%S.%N')
STARTTOTAL=`date +%s`
while (( $SECONDS < $SECS )); do
sqlplus -s /nolog  <<EOF connect / as sysdba alter session set nls_date_format='YYYYMMDDHH24MISS'; alter session set nls_timestamp_format='YYYYMMDDHH24MISSFF'; spool $FILE.dsv append -- ----------------------------------------------------------------------------- -- WWW.PETEFINNIGAN.COM LIMITED -- ----------------------------------------------------------------------------- -- Script Name : sga.sql -- Author : Pete Finnigan -- Date : September 2017 -- ----------------------------------------------------------------------------- -- Description : get SQL Text from the SGA -- ----------------------------------------------------------------------------- -- Maintainer : Pete Finnigan ( -- Copyright : Copyright (C) 2007 to 2017 Limited. All rights -- reserved. All registered trademarks are the property of their -- respective owners and are hereby acknowledged. -- ----------------------------------------------------------------------------- -- License : This software is licensed to you by Limited. All -- rights and ownership and copyright in the software are retained by -- Limited in all possible cases. Posession of this -- software does not infer any additonal rights. If you receive this -- software without these copyright notices and license text, this text, -- license and copyright still applies. This text, copyright and license -- must not be removed under any circumstances. This applies to all -- text displayed as comments up until and including the version history, -- This text also applies to any copyright, banner or other text -- refering to Limited ownership that is output by -- the program. -- -- This software is free to use BUT it is NOT open source and NOT GPL -- or any similar license and it is NOT in the public domain. -- -- You are permitted to use this software commercially or privately -- provided these notices or banners as described are not removed. You -- may modify the software and use it internally but this does not -- infer any additonal rights in the software. i.e. if you delete -- some of our code or change variable names or add features that does -- not make it your code and does not give you the right to remove -- our ownership in this software shown in these notices. This software must -- not be made available or published in anyway, any language, any -- modified form or original form except by Limited. -- You must not incorporate this software into any free or commercial -- product or software and you must not sell or give away any software that -- includes this sofware. -- -- -- In short this text is not written by a lawyer so please respect the -- intent that you can use or modify it freely but not give it away -- yourself or take away our right to attribution. -- If someone else needs a copy please ask them to come to -- Limited and we will happily let them also have a free copy. Also -- as you may expect freely use does not include adding this software to -- a commercial or free product (without our permission) but you -- can use it internally in projects. We put our time into the free scripts -- on our website or training courses and give these tools away for free and -- in return we expect our copyright and ownership to always remain. -- We like to help people but we also want to benefit from the fact -- our name becomes known through these scripts and tools and software -- that we make. We hope this makes sense. -- -- -- ----------------------------------------------------------------------------- -- Version History -- =============== -- -- Who version Date Description -- === ======= ====== ====================== -- P.Finnigan 1.0 Sep 2017 First Issue. set pages 0 set lines 2000 select sql_id ||'|'||sql_text ||'|'||first_load_time ||'|'||parsing_user_id ||'|'||parsing_schema_id ||'|'||service ||'|'||module ||'|'||action ||'|'||last_load_time ||'|'||last_active_time from gv$sql; exit EOF done ENDTIME=$(date +'%Y%m%d %H:%M:%S.%N') ENDTOTAL=`date +%s` RUNTIME=$((ENDTOTAL-STARTTOTAL)) echo "- End at $ENDTIME " >> "$FILE.log"
echo "" >> "$FILE.log"
echo "SHA512 message digest:" >> "$FILE.log"
/usr/bin/sha512sum $FILE.dsv >> "$FILE.log"
echo "" >> "$FILE.log"
echo "User defined seconds to read (first thousand characters) from shared SQL area was $SECS seconds" >>"$FILE.log"
echo "Script runtime duration was $RUNTIME seconds" >>"$FILE.log"
echo "" >> "$FILE.log"
echo "- Make a working copy of $FILE.dsv and store the original, including "$FILE.log", as evidence. ">> "$FILE.log"
echo "- Use e.g. Elastic Stack or Splunk to import $FILE.dsv">> "$FILE.log"
echo "- Or use spreadsheet tool to import $FILE.dsv with delimiter sign '|'">> "$FILE.log"
echo "   For example in Microsoft Excel 2010:">> "$FILE.log"
echo "   Open Microsoft Excel.">> "$FILE.log"
echo "   Click on the Data tab.">> "$FILE.log"
echo "   In the Get External Data group, click From Text.">> "$FILE.log"
echo "   Double-click $FILE.dsv in the Import Text File dialogue box.">> "$FILE.log"
echo "   Click Import.">> "$FILE.log"
echo "   Select Delimited and click Next.">> "$FILE.log"
echo "   Uncheck all and select Other and enter '|'">> "$FILE.log"
echo "   Click Next.">> "$FILE.log"
echo "**************************************************************">> "$FILE.log"
if [ -f "$FILE.log" ]
cat "$FILE.log"
echo "$FILE.log not found."

WordPress – How to Fix File and Folder Permissions –

echo "v1.1, 2014120301"
echo ""
echo "Current directory is:"
read -p "Make sure you are in your WordPress directory, are you ? (y/n) " -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]
echo ""
echo "... Setting chmod 775 for all directories"
find ./ -type d -exec chmod 775 {} \;
echo "... Setting chmod 664 for all files"
find ./ -type f -exec chmod 664 {} \;
echo "... But setting chmod 664 for wp-config.php, though, assuming chown is set to ft
p user"
chmod 664 wp-config.php
echo "Type username"
read user
echo "... Setting chown $user:www-data for *"
chown -R $user:www-data *
#echo "... Setting chown to :www-data for wp-content/uploads"
#chown -R :www-data wp-content/uploads
echo "... Setting chown :www-data for .htaccess"
chown :www-data .htaccess
echo "... Setting chmod 644 for .htaccess"
chmod 644 .htaccess
echo ""
echo "Done"
echo ""
read -p "Also run fix for WordPress upgrade and file permissions issue ? (y/n) " -n 1
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]
echo ""
echo "... Changing wp-content group ownership to www-data"
chgrp -R www-data wp-content
echo "... Making wp-content and all of its sub-directories group-writable"
chmod -R g+w wp-content
echo "... Newly-created files to be group-owned"
chmod g+s wp-content
echo "If necessary, add the following to the bottom of wp-config.php"
##/* Force direct file updating
##- taken from
##For more information, take a look at wp-admin/includes/file.php’s function get_files
echo "define('FS_METHOD', 'direct');"