Sharing Knowledge by Mithun Ashok

Posts

Showing posts from 2012

More Free Online Tests and Certifications

1. http://ranksheet.com,

This site gives your free online tests and helps you build your resume. Tests are for older version, why bother when its free.

2. WIZIQ.COM
Oracle Certified Associate -- http://www.wiziq.com/tests/oca,
For DBA -- http://www.wiziq.com/tests/dba,
SQL -- http://www.wiziq.com/tests/search.aspx?qry=sql

This site gives you multiple tests which will help you prepare for OCA exams.

3. http://www.ncsacademy.com/freetest.cfm
http://www.msexpert.com/exams/examlist.asp

Not that great certifications but kind of ok to have certifications in different domains.

LDAP NULL BASE SEARCH/ Disabling Put and Delete methods

Follow the steps below to disable Null Base search on Oracle Ldap Oracle Internet Directory,

1. First check if anonymous bind is enabled,

ldapbind -h localhost -p 389 -D cn=orcladmin
This means anonymous bind is enable

2. Now check the parameter,

ldapsearch -h localhost -p 389 -D "cn=orcladmin" -w xxxx -s base -b "" "(objectclass=*)" "orclanonymousbindsflag"
3. Create an ldif file disable.ldif to set the flag to 0 with the following contents,

dn:
changetype: modify
replace: orclanonymousbindsflag
orclanon

1 comment

Read more

Vulnerability -- Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation

May 17, 2012

To remove this vulnerability,

Modify oprocmgr.conf from

<VirtualHost _default_:8100>
<IfDefine SSL>
     SSLEngine off
</IfDefine>
     Port 8100
     <Location />
       Order Deny,Allow
       Allow from all

To,

<VirtualHost _default_:8100>
<IfDefine SSL>
     SSLEngine off
</IfDefine>
     Port 8100
     <Location />
       Order Deny,Allow
       Deny from all

You need to modify only "Allow from all" to "Deny from all" rest everything will remain the same.

Post a Comment

Read more

Vulnerability -- Oracle 9iAS DMS / JPM Pages Anonymous Access

May 17, 2012

To remove this vulnerability from your E-Biz suite implementation,

1. Modify the following section in httpd.conf and httpd_pls.conf

From,

<IfModule mod_dms.c>
<Location /dms0>
    SetHandler dms-handler
</Location>
</IfModule>

To,

<IfModule mod_dms.c>
<Location /dms0>
    SetHandler dms-handler
    Order Deny,Allow
    Deny from all
</Location>
</IfModule>

2. Modify trusted.conf

From,

<Location ~ "/(dms0|DMS|Spy|AggreSpy)">
Order deny,allow
Allow from all

To,

<Location ~ "/(dms0|DMS|Spy|AggreSpy)">
Order deny,allow
Deny from all

3. Modify httpd_pls.conf,

Add the following to VirtualHost,

<Location ~ "/(dms0|DMS|Spy|AggreSpy)">
Order deny,allow
Deny from all
</Location>

Modify it From,

<VirtualHost _default_:*>
<Location />
    Order deny,allow
    Allow from all
    Allow from localhost
   </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
&l…

Post a Comment

Read more

Windows XP Mode for Windows 7 Users

May 09, 2012

Am one of Windows XP lovers for its simple, elegant and yet faster interface with less bug free environment.

Lately I was forced to used Windows 7 which is part of my companies policy to move to a supported version of windows for all the laptops. With all the resistance I had to move to Windows 7 for RAM's sake that is Random Access Memory.

Windows XP does not support more than 3GB of memory, and my laptops are always loaded with too may Application Servers, Databases and Software's.

Nothing is perfect in this world and even Windows 7 is not perfect and it cannot run many of the applications that I use.

Also one major problem with Windows 7 is that it cannot run Jinitiator which is used for E-Biz Suite prior to 11.5.10.2. Even Oracle does not support Windows 7 client with Jinitiator, refer to Oracle Support document formerly metalink document,

Is The Oracle Jinitiator JRE / Plugin Compatible Or Certified With Windows 7? [ID 1234626.1]

Most of my customer run 11i with Jinitiato…

1 comment

Read more

How to replace a string in vi editor which includes / or to replace ^M in vi

May 09, 2012

To replace a string in vi editor use global replace command,

:%s/searchstring/replacestring/g

this statement will replace searchstring and replace it with replacestring.

One more example,

:%s/hello/hi/g

Here this command will replace string hello with hi in the entire text.

Above is fairly simple and most of us who work on vi are well versed with the command above. Problem is when you want to remove ^M and replace a directory structure with another one.

Consider replacing a directory /home/applmgr with /usr/var in a text file,

Post a Comment

Read more

HTTP TRACE / TRACK Methods Allowed Vulnerability

May 09, 2012

HTTP TRACE / TRACK Methods Allowed is one of the vulnerabilities which haunts Apache server.

To remove this vulnerability,

1. Modify httpd.conf add the following lines at the end of the file.

#Added by Mithun Ashok to remove vulnerabilities
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

2. Restart Apache.

Following steps can be used for Oracle E-Biz Suite 11i in along with modifying httpd.conf.

In 11i, this vulnerability not only surfaces for http port but also for httpd_pls as well as oprocmgr port. Follow the steps below to remove HTTP Trace and Track for httpd_pls and oprocmgr port.

3. Modify httpd.conf,

First comment following line in httpd.conf,

AddModule mod_rewrite.c
and then add the same line,

AddModule mod_rewrite.c
before the line below,

Post a Comment

Read more

More posts