Sybase add user error

Error Message
Server Message: Number 17331, Severity 16
Server 'SYBASE', Procedure 'sp_adduser', Line 253:
User already has a login under a different name.

use the following sp

CREATE PROCEDURE drop_user_null_userdb
AS
DECLARE @username VARCHAR(25)
DECLARE GetOrphanUsers CURSOR
FOR
select Username = name
from userdb..sysusers
where suid not in(select suid from master..syslogins) and gid = 16390 and suid != -2

OPEN GetOrphanUsers
FETCH GetOrphanUsers
INTO @username

WHILE @@sqlstatus = 0
BEGIN

exec sp_dropuser @username


FETCH GetOrphanUsers
INTO @username
END

gid and suid need to change before exec

solaris 5.8 / 10 notes 2

Remove Interface

1. Remove or rename the /etc/hostname.hme0 file
2. ifconfig hme0 down
3. ifconfig hme0 unplumb
4. Edit /etc/hosts and /etc/netmasks
5. boot

Configure Interface
1. Create the /etc/hostname.hme0 file
2. ifconfig hme0 plumb
3. Edit your /etc/hosts and /etc/netmasks
4. boot

DHCP server:
# dhcpconfig (command prompt)
or
# dhcpmgr (GUI)

Disk Management

fdisk /dev/rdsk/c4t4d5s0 [rdsk/c4t4d6s0]

format>partition

newfs /dev/rdsk/c4t4d5s0 [rdsk/c4t4d6s0]

RAID 0 (concatenation)

metainit d4 3 1 c1t5d0s0 1 c4t4d5s0 1 c4t4d6s0

metainit d4 2 1 c4t4d5s0 1 c4t4d6s0

mount /dev/md/dsk/d4 /sportix4
growfs -M /sportix4 /dev/md/rdsk/d4

/dev/md/dsk/d4 /dev/md/rdsk/d4 /devdb ufs 2 yes -

RAID 1 (umountable file system)

metainit -f d18 1 1 c2t8d0s0

metainit d28 1 1 c2t13d0s0

metainit d8 -m d18

umount /sportix4

vi /etc/vfstab
/dev/md/dsk/d8 /dev/md/rdsk/d8 /sportix4 ufs 2 yes -

mount /sportix4

metattach d0 d2

Add a user with rights as root
change the UID to "0" as same as root from /etc/passwd

Logging for executed commands

Solaris作業系統可以通過設置日 誌檔可以對每個用戶的每一條命令進行紀錄，這一功能默認是不開放的，為了打開它，需要執行/usr/lib/acct目錄下的accton檔，格式如下 /usr/lib/acct/accton /var/adm/pacct，在sun的手冊上，只有這一種用法，但這樣做的缺點是明顯的，大多數有經驗的入侵者一定不會放過/var/adm和 /var/log這兩個目錄的，如果它們看到有pacct這個東西，不刪才怪。針對這種情況其實有個很好的解決辦法，執行 /usr/lib/acct/accton 後面跟一個別的目錄和檔即可，如/usr/lib/acct/accton /yiming/log/commandlog，這樣入侵者不會在/var/adm/下看到pacct，入侵者也許會刪掉message，syslog等 日誌，但他並不知道實際上他所有的操作都被記錄在案，管理員事後只要把commandlog這個檔拷貝到/var/adm下，改為pacct ，同時執行讀取命令lastcomm，就一切盡在掌握啦。如lastcomm hack，可得到下面的輸出結果：

sh S hack pts/7 0.05 secs Mon Jun 12 14：28
sh F hack pts/7 0.00 secs Mon Jun 12 14：39
ls hack pts/7 0.01 secs Mon Jun 12 14：39
ls hack pts/7 0.02 secs Mon Jun 12 14：39
ls hack pts/7 0.01 secs Mon Jun 12 14：38
df hack pts/7 0.03 secs Mon Jun 12 14：38
ftp hack pts/7 0.02 secs Mon Jun 12 14：37
ls hack pts/7 0.01 secs Mon Jun 12 14：37
vi hack pts/7 0.02 secs Mon Jun 12 14：37
who hack pts/7 0.02 secs Mon Jun 12 14：36

Sybase "sa" Passwords Recovery

1. kill the sybase server

2. edit $SYBASE/ASE-12_5/install/RUN_ file

3. add "-psa" :
#!/bin/sh
#
# ASE page size (KB): 2k # Master device path: /home/sybase/data/master.dat
# Error log path: /home/sybase/ASE-12_5/install/SUN1.log
# Configuration file path: /home/sybase/ASE-12_5/SUN1.cfg
# Directory for shared memory files: /home/sybase/ASE-12_5
# Adaptive Server name: SUN1
# /home/sybase/ASE-12_5/bin/dataserver \
-d/home/sybase/data/master.dat \
-e/home/sybase/ASE-12_5/install/SUN1.log \
-c/home/sybase/ASE-12_5/spxh2_train.cfg \
-M/home/sybase/ASE-12_5 -psa \
-sSUN1 \

4. start the sybase server
./startserver -f RUN_

for example:
.....
00:00000:00001:2001/05/26 18:29:21.39 server 'bin_iso_1' (ID = 50)
00:00000:00001:2001/05/26 18:29:21.39 server on top of default character set:
00:00000:00001:2001/05/26 18:29:21.39 server 'iso_1' (ID = 1).
00:00000:00001:2001/05/26 18:29:21.39 server Loaded default Unilib conversion handle.

New SSO password for sa:tmfyrkdwpibung <-- find this line
.....

5. login sybase: isql -S -Usa -Ptmfyrkdwpibung

6. change sa password: sp_password tmfyrkdwpibung,newpasswd

7. shutdown sybase

8. fallback RUN_ file

9. start sybase again

OK now! =)