Monthly Archives: January 2012

Oracle hidden init.ora parameter

This post focuses on init.ora parameters. It is not really new topic, but rather a personal reference to some practical queries and scripts. If you are the customer, it’s always handy when you can easily access your own queries.

It is quite simple to get some information on init.ora parameters from SQLPlus. Using a tool like TOAD or SQL Developer make it even easier. Unfortunately I work often at the customer without my own tools and scripts. So commandline and SQLPlus is the only “tools” available to work on the database. It is not an issue to dig through the data dictionary to get any kind of information as long as there is 1-2 view involved. But for querying multiple View’s, X$ views etc it is easier to have something on hand.

OK, what’s different with my queries? Not much, they just fit my needs :-) Instead of just querying v$parameter I’ll query as well the X$ views to see as well the hidden parameter and simple description for each parameter.

The first query does a select on X$KSPPI, X$KSPPCV, X$KSPPSV and V$PARAMETER to display all init.ora parameter including the hidden parameters. The result can be limited by adding a part of the parameter name or specify % to see all which then would be a little over 2500 parameters. S stands for it is session modifiable, I stands for it is system modifiable and D show if the parameter does still have the default value or not. I’ve added the query as hip.sql (stands somehow for hidden init parameter) to my small script collection which can be downloaded in the script section.

SET linesize 235
col Parameter FOR a50
col SESSION FOR a28
col Instance FOR a55
col S FOR a1
col I FOR a1
col D FOR a1
col Description FOR a90

SELECT  
  a.ksppinm  "Parameter",
  decode(p.isses_modifiable,'FALSE',NULL,NULL,NULL,b.ksppstvl) "Session",
  c.ksppstvl "Instance",
  decode(p.isses_modifiable,'FALSE','F','TRUE','T') "S",
  decode(p.issys_modifiable,'FALSE','F','TRUE','T','IMMEDIATE','I','DEFERRED','D') "I",
  decode(p.isdefault,'FALSE','F','TRUE','T') "D",
  a.ksppdesc "Description"
FROM x$ksppi a, x$ksppcv b, x$ksppsv c, v$parameter p
WHERE a.indx = b.indx AND a.indx = c.indx
  AND p.name(+) = a.ksppinm
  AND UPPER(a.ksppinm) LIKE UPPER('%&1%')
ORDER BY a.ksppinm;

The second script does the same as the first one exempt that it limit the result to the list of parameter which are not default. I’ve added the query as hipf.sql (stands somehow for hidden init parameter false) to my small script collection which can be downloaded in the script section.

SET linesize 235 pagesize 200
col Parameter FOR a50
col SESSION FOR a28
col Instance FOR a55
col S FOR a1
col I FOR a1
col D FOR a1
col Description FOR a90

SELECT * FROM (SELECT  
  a.ksppinm  "Parameter",
  decode(p.isses_modifiable,'FALSE',NULL,NULL,NULL,b.ksppstvl) "Session",
  c.ksppstvl "Instance",
  decode(p.isses_modifiable,'FALSE','F','TRUE','T') "S",
  decode(p.issys_modifiable,'FALSE','F','TRUE','T','IMMEDIATE','I','DEFERRED','D') "I",
  decode(p.isdefault,'FALSE','F','TRUE','T') "D",
  a.ksppdesc "Description"
FROM x$ksppi a, x$ksppcv b, x$ksppsv c, v$parameter p
WHERE a.indx = b.indx AND a.indx = c.indx
  AND p.name(+) = a.ksppinm
  AND UPPER(a.ksppinm) LIKE UPPER('%&1%')
ORDER BY a.ksppinm) WHERE d='F';

A few information on hidden init.ora parameter can be found in the Metalink Note How To Query And Change The Oracle Hidden Parameters In Oracle 10g [315631.1]

Update: Oracle released CPU / PSU January 2012

As I mentioned in a previous post Oracle CPU / PSU Pre-Release Announcement Januar 2012 the CPU / PSU patches are available for 10g and 11g. Whereby the download of 10g patches is again possible without a corresponding Extended Support contract. I assume this is related to the SCN flaw. This Critical Patch Update contains 78 new security vulnerability fixes for several Oracle products. 2 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 5.5, which seams to be not critical. On the other hand it look like one of this bug fix is related to the Oracle SCN flaw. I’ll post a few comments on this later this week.

  • Core RDBMS (related to the SCN flaw)
  • Listener

The Database Server Patch’s are available for Oracle Database 11g Release 2 (11.2.0.2,11.2.0.3), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). It looks like that the first CPU in 2012 is as well the first one for 11.2.0.3.

A bunch of useful links around the current CPU / PSU:

As well as a few generic links about CPU / PSU:

New release of Oracle Audit Vault

Somewhen beginning of 2012 Oracle has secretly released an update of Oracle Audit Vault. So far just for Linux x86-64bit but I guess other OS will follow. The new release is available trough OTN or Oracle eDelivery. You’ll have to download around 2.3GB for the Audit Vault Server and an other 620MB for the Audit Vault Collection Agent. According the Oracle Audit Vault documentation this release has the following new features.

  • Starting with this release Oracle use a 11.2.0.3 Database as Audit Vault repository
  • change of console URL respectively port from old http://host:5700/av to new https://host:1158/av
  • Updated MS SQL Server JDBC Driver. MS SQL Server JDBC Driver version 3.0 has to be used to configure Microsoft SQL Server source databases
  • Support for Sybase Adaptive Server Enterprise 15.5 and IBM DB2 9.7 for Linux, UNIX and MS Windows
  • SSL and HTTPS is automatically configured. Due to this a two avca command have been removed (secure_agent,secure_av)

OK the update to 11gR2 was somehow foreseeable. I wonder more why it took that long. Any way, I’ll setup a VM to do a short test installation and check how to new Audit Vault does look like. I’ll post my experience on the installation a bit later.

More details on these new features as well on all changes for 10.2.3.2 and 10.2.3.1 can be found in Oracle® Audit Vault Administrator’s Guide and Oracle Audit Vault Auditor’s Guide on OTN.

Oracle CPU / PSU Pre-Release Announcement Januar 2012

Oracle has recently published the Pre-Release Announcement for the CPU Patch. This Critical Patch Update contains 78 new security vulnerability fixes for several Oracle products. 2 of these fixes are just for the Oracle Database Server, but none of them is for client-only installations. The maximum CVSS base score for pure Oracle Server vulnerabilities is 5.5, which seams to be not critical. But on the other hand Oracle mention that 1 of this 2 fixes can may be remotely exploitable without authentication. If this is true, I would expect a higher CVSS rating. We will see it next week in detailed. Nevertheless the following Database Server Products are affected.

  • Core RDBMS
  • Listener

So far the Database Server Patch’s are planned for Oracle Database 11g Release 2 (11.2.0.2,11.2.0.3), Oracle Database 11g Release (11.2.0.7), Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5) and Oracle Database 10g Release 1 (10.1.0.5). It looks like that the first CPU in 2012 is as well the first one for 11.2.0.3.

The official release for the CPU / PSU is planned for next week 17 Januar 2012. More details about the patch will follow soon on the Oracle Security Pages: