Tunneling by Example

ssh -g -L 8888: localhost

I am saying on my localhost(any Linux box) , i want the port 8888 to be listening only to incoming connections to .

So if anyone connects to my localhost on port 8888, my localhost will forward the connection to on port 3389.

Port 3389 is the Windows RDP port number, so the example above is an rdp connection to the windows box

So the connection would look like this below

where MyWin is the localhost




A Skeleton Key of Unknown Strength

Dan Kaminsky's Blog

TL;DR:  The glibc DNS bug (CVE-2015-7547) is unusually bad.  Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend.  This affects a universally used library (glibc) at a universally used protocol (DNS).  Generic tools that we didn’t even know had network surface (sudo) are thus exposed, as is software written in programming languages designed explicitly to be safe. Who can exploit this vulnerability? We know unambiguously that an attacker directly on our networks can take over many systems running Linux.  What we are unsure of is whether an attacker anywhere on the Internet is similarly empowered, given only the trivial capacity to cause our systems to look up addresses inside their malicious domains.

We’ve investigated the DNS lookup path, which requires the glibc exploit to survive traversing one of the millions of DNS caches dotted across the Internet. …

View original post 3,986 more words

Reclaiming disk space from Oracle datafiles

You want to reclaim some valuable Oracle estate – disk space, from your datafile(s).

ALTER DATABASE DATAFILE … RESIZE can reclaim the space at the end of the datafile,

But if you tried it and got the error below, then you must have chosen some arbitrary values which tried to reclaim beyond that is possible.

ORA-03297: file contains used data beyond requested RESIZE value

There is a minimum value that you can’t go beyond called the ‘datafile high water mark’.

So, how do you find this minimum value – the datafile’s high water mark? Query the view dba_extents

On a large database system, do not query the dba_extents  view/table.You can query DBA_EXTENTS to know that. But   It runs forever and is resource-intensive.


We query  SYS.X$KTFBUE instead, which is the underlying fixed table that gives extent allocation in Locally Managed Tablespaces.

Here is the query:

set linesize 1000 pagesize 0 feedback off trimspool on
 hwm as (
  -- get highest block id from each datafiles ( from x$ktfbue as we don't need all joins from dba_extents )
  select /*+ materialize */ ktfbuesegtsn ts#,ktfbuefno relative_fno,max(ktfbuebno+ktfbueblks-1) hwm_blocks
  from sys.x$ktfbue group by ktfbuefno,ktfbuesegtsn
 hwmts as (
  -- join ts# with tablespace_name
  select name tablespace_name,relative_fno,hwm_blocks
  from hwm join v$tablespace using(ts#)
 hwmdf as (
  -- join with datafiles, put 5M minimum for datafiles with no extents
  select file_name,nvl(hwm_blocks*(bytes/blocks),5*1024*1024) hwm_bytes,bytes,autoextensible,maxbytes
  from hwmts right join dba_data_files using(tablespace_name,relative_fno)
 case when autoextensible='YES' and maxbytes>=bytes
 then -- we generate resize statements only if autoextensible can grow back to current size
  '/* reclaim '||to_char(ceil((bytes-hwm_bytes)/1024/1024),999999)
   ||'M from '||to_char(ceil(bytes/1024/1024),999999)||'M */ '
   ||'alter database datafile '''||file_name||''' resize '||ceil(hwm_bytes/1024/1024)||'M;'
 else -- generate only a comment when autoextensible is off
  '/* reclaim '||to_char(ceil((bytes-hwm_bytes)/1024/1024),999999)
   ||'M from '||to_char(ceil(bytes/1024/1024),999999)
   ||'M after setting autoextensible maxsize higher than current size for file '
   || file_name||' */'
 end SQL
from hwmdf
 bytes-hwm_bytes>1024*1024 -- resize only if at least 1MB can be reclaimed
order by bytes-hwm_bytes desc
This was what I got from my system
 It generates the resize statements with the right values
/* reclaim    2370M from    2505M */ alter database datafile ‘/u02/app/oracle/oradata/CHARLES/undotbs01.dbf’ resize 136M;
/* reclaim     593M from    3072M */ alter database datafile ‘/u02/app/oracle/oradata/CHARLES/euna_data_02.dbf’ resize 2480M;
/* reclaim     248M from     256M */ alter database datafile ‘/u02/app/oracle/oradata/CHARLES/euna_rsa_data_01.dbf’ resize 9M;
/* reclaim     243M from     256M */ alter database datafile ‘/u02/app/oracle/oradata/CHARLES/euna_rsa_idx_01.dbf’ resize 14M;
/* reclaim     141M from     142M */ alter database datafile ‘/u02/app/oracle/oradata/CHARLES/users01.dbf’ resize 2M;
/* reclaim      41M from     710M */ alter database datafile ‘/u02/app/oracle/oradata/CHARLES/sysaux01.dbf’ resize 670M;
/* reclaim       3M from    1390M */ alter database datafile ‘/u02/app/oracle/oradata/CHARLES/system01.dbf’ resize 1388M;

Running external jobs in Oracle

If as an Oracle  DBA you want to  generate a file within oracle and ftp it to an ftp server using an oracle scheduler_job .You probably might run into an error like this below

ORA-27369: job of type EXECUTABLE failed with exit code: Permission denied

The solution is easy.

  • On the unix  oracle server run the following as oracle

          ls -l  $ORACLE_HOME/rdbms/admin/externaljob.ora

          The result should return something similar to this depending on your file tree layout

          –rw-r—– 1 root oinstall 1536 Apr 16 17:23 /u01/app/oracle/product/11.2-EE/rdbms/admin/externaljob.ora

  • As you can see the file by default is read only for oracle,so let’s sudo su – and edit it

          sudo su –

          vi  /u01/app/oracle/product/11.2-EE/rdbms/admin/externaljob.ora

           change the run_user from nobody to oracle and change the run_group from nobody to oinstall as show below and save it

           run_user = oracle
           run_group = oinstall

  •            Then you are done.The job should run now