sync

DBG - Scripter les jobs.sql

@@ -65,7 +65,8 @@ DECLARE @job_id                     UNIQUEIDENTIFIER = NULL,
      SELECT sj.job_id,sj.name, sj.[enabled], sj.[description], sj.start_step_id, sj.category_id, sj.owner_sid, sj.notify_level_eventlog, sj.notify_level_email, sj.notify_level_netsend, sj.notify_level_page, sj.notify_email_operator_id, sj.notify_netsend_operator_id, sj.notify_page_operator_id, sj.delete_level
        FROM msdb.dbo.sysjobs sj
         JOIN msdb.dbo.[syscategories] sc ON sc.[category_id] = sj.[category_id]
-WHERE LOWER(sj.name) NOT LIKE '%distribution%'
+WHERE 1=1
+  AND LOWER(sj.name) NOT LIKE '%distribution%'
   AND LOWER(sj.name) NOT LIKE '%subscription%'
   AND LOWER(sj.name) NOT LIKE '%replication%'
   AND LOWER(sj.name) NOT LIKE '%ActivePos_read-%'

DBG - check SA login errors.sql

@@ -13,9 +13,6 @@ EXEC sys.xp_readerrorlog 0;
 SELECT * 
 FROM @log l
 WHERE [l].[logMessage] LIKE '%''sa''%'
-AND [l].[logDate]>'20231113'
+AND [l].[logDate]>'20231120'
 
 
-SELECT * 
-FROM msdb.dbo.sysjobs j
-WHERE name LIKE 'D90700%'

DBG - syncro H debug.sql

@@ -22,15 +22,15 @@ select amr.AMR_horizontal_extraction_TS, amr.AMR_aps_ts, amr.AMR_extraction_time
   from aps_monitor_row amr ( nolock)
   join APS_monitor_table amt 
     on amt.APS_monitor_table_ID = amr.AMR_APS_monitor_table
-where amr.AMR_APS_TS BETWEEN '2023-06-15' AND '2023-06-15 23:59:59' /* Flag comme extrait */
+where amr.AMR_APS_TS BETWEEN '2023-11-21' AND '2023-11-21 23:59:59' /* Flag comme extrait */
-   and amt.AMT_table_name = 'PH_item_regulation_info' /* Table en erreur */
+   and amt.AMT_table_name = 'item_key' /* Table en erreur */
 
 /* AMR totaux */
 select amr.AMR_horizontal_extraction_TS, amr.AMR_aps_ts, amr.AMR_extraction_timestamp, amr.*
   from aps_monitor_row amr ( nolock)
   join APS_monitor_table amt
     on amt.APS_monitor_table_ID = amr.AMR_APS_monitor_table
-where amr.AMR_APS_TS BETWEEN '2023-06-15' AND '2023-06-15 23:59:59' /* Flag comme extrait */
+where amr.AMR_APS_TS BETWEEN '2023-11-21' AND '2023-11-21 23:59:59' /* Flag comme extrait */
  --and AMR_APS_monitor_table = 460 /* Item_Key */
 --#endregion
 
@@ -43,7 +43,7 @@ UPDATE aps_monitor_row
     SET AMR_horizontal_extraction_TS = NULL,
         AMR_extraction_timestamp = NULL
 WHERE AMR_APS_TS BETWEEN '2023-06-15' AND '2023-06-15 23:59:59' /* Flag comme extrait */
-   AND AMR_APS_monitor_table NOT IN (1817) /* Item_Key */  /* (334700 rows affected) */
+   AND AMR_APS_monitor_table NOT IN (1817) /* Item_Key = 460*/  /* (334700 rows affected) */
 
 /**************************/
 /* Etapes de la synchro H (Step 3)*/

DELPHIX - count tables per schemas.sql

@@ -0,0 +1,58 @@
+USE master;
+
+IF OBJECT_ID('tempdb..#dbs')IS NOT NULL BEGIN;
+	DROP TABLE #dbs;
+END;
+
+SELECT [db].[name]
+INTO #dbs
+  FROM sys.databases db
+ WHERE [db].[name] NOT IN ( 'master', 'msdb', 'tempdb', 'distribution', 'model', 'symbiose', 'arizonaCash', 'activerob', 'SSISDB' );
+
+IF OBJECT_ID('tempdb..#TblCountBySchema')IS NOT NULL BEGIN;
+	DROP TABLE #TblCountBySchema;
+END;
+
+CREATE TABLE #TblCountBySchema(
+    [db_name] varchar(255) NOT NULL,
+    [schema_name] varchar(255) NOT NULL,
+    [tables_count] int NOT NULL
+    
+    ,CONSTRAINT pk_tblCountBySchema PRIMARY KEY ([db_name], [schema_name])
+)
+
+DECLARE @tpl VARCHAR(MAX)='
+use @db@
+
+INSERT INTO #TblCountBySchema([db_name], [schema_name], [tables_count])
+SELECT 
+    ''@db@'' as [db_name],
+    [t].[TABLE_SCHEMA] as [schema_name], 
+    COUNT(1) AS table_count
+FROM [INFORMATION_SCHEMA].[TABLES] t
+GROUP BY [t].[TABLE_SCHEMA];
+'
+
+/* declare variables */
+DECLARE @dbName VARCHAR(255)
+
+DECLARE csr_db CURSOR FAST_FORWARD READ_ONLY FOR SELECT name FROM [#dbs]
+
+OPEN csr_db
+
+FETCH NEXT FROM csr_db INTO @dbName
+
+WHILE @@FETCH_STATUS = 0
+BEGIN
+    DECLARE @stmt NVARCHAR(MAX) = REPLACE(@tpl, '@db@', @dbName);
+    PRINT @stmt;
+    EXEC sp_executesql @stmt, N'';
+
+    FETCH NEXT FROM csr_db INTO @dbName
+END
+
+CLOSE csr_db
+DEALLOCATE csr_db
+
+SELECT * 
+FROM [#TblCountBySchema]

EXPLOIT - recovery pending.sql

@@ -0,0 +1,14 @@
+ALTER DATABASE arizona SET EMERGENCY;
+GO
+
+ALTER DATABASE arizona set single_user
+GO
+
+DBCC CHECKDB (arizona, REPAIR_ALLOW_DATA_LOSS) WITH ALL_ERRORMSGS, NO_INFOMSGS;
+GO 
+
+ALTER DATABASE arizona set multi_user
+GO
+
+EXEC sp_configure filestream_access_level, 2;
+RECONFIGURE;

SWTRIATEST01 - tde enabling.sql

@@ -0,0 +1,35 @@
+USE master; -- Replace with your database name
+SET XACT_ABORT ON 
+
+-- Create a new master key if not already created
+IF NOT EXISTS (SELECT * FROM sys.symmetric_keys WHERE name = '##MS_DatabaseMasterKey##')
+BEGIN
+    CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'v$~2YXERm2cj:WL9dlQu|Rvh7OohY/%v:';
+    PRINT 'master key created'
+END
+
+/*
+-- Create a new certificate
+CREATE CERTIFICATE TDECert
+WITH SUBJECT = 'Database TDE encryption',
+     START_DATE = '20240101', -- Replace with the desired start date in the format 'YYYYMMDD'
+     EXPIRY_DATE = '20241231' -- Replace with the desired expiry date in the format 'YYYYMMDD'
+
+BACKUP CERTIFICATE [TDECert] TO FILE = 'd:\TDECert.cer';
+
+BACKUP CERTIFICATE TDECert
+TO FILE = 'd:\TDE_Cert.cer'
+WITH PRIVATE KEY (file='d:\TDE_CertKey.pvk',
+ENCRYPTION BY PASSWORD='Hax0r$P@ss') 
+
+*/
+
+USE [AdventureWorks2022]
+CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE TDECert
+
+USE master
+ALTER DATABASE [AdventureWorks2022] SET ENCRYPTION ON 
+
+SELECT [d].[name], [e].[encryption_state_desc], e.* 
+FROM sys.dm_database_encryption_keys e
+    JOIN sys.databases d ON d.[database_id]=e.[database_id];

TDE - scripts to init and rotate keys.sql

@@ -0,0 +1,256 @@
+/* TDE ACTIVATION */
+USE [master];
+GO
+ 
+DECLARE @oldlogin  VARCHAR(255),
+        @keyname   VARCHAR(255) = 'TDE_20241101',
+        @AZkeyname VARCHAR(255) = 'SQLTDE';
+ 
+SELECT      @oldlogin = sp.name
+  FROM      sys.server_principal_credentials pc
+INNER JOIN sys.credentials c
+    ON pc.credential_id = c.credential_id
+  JOIN      sys.server_principals sp
+    ON sp.principal_id  = pc.principal_id
+WHERE      c.name = 'sysadmin_ekm_cred';
+ 
+IF (@oldlogin IS NOT NULL) EXEC ('ALTER LOGIN ' + @oldlogin + ' DROP CREDENTIAL [sysadmin_ekm_cred];');
+ 
+ALTER LOGIN [sysadmin_ekm] ADD CREDENTIAL [sysadmin_ekm_cred];
+ 
+EXEC ('IF NOT EXISTS(SELECT 1 FROM sys.asymmetric_keys WHERE name = ''' + @keyname + ''') CREATE ASYMMETRIC KEY [' + @keyname + ']
+FROM PROVIDER [AzureKeyVault_EKM_Prov]
+WITH PROVIDER_KEY_NAME = ''' + @AZkeyname + ''', CREATION_DISPOSITION = OPEN_EXISTING;');
+ 
+ALTER LOGIN [sysadmin_ekm] DROP CREDENTIAL [sysadmin_ekm_cred];
+ 
+EXEC ('IF NOT EXISTS (SELECT 1 FROM sys.syslogins where name = ''' + @keyname + ''')CREATE LOGIN [' + @keyname + '] FROM ASYMMETRIC KEY [' + @keyname + '];');
+ 
+EXEC ('ALTER LOGIN [' + @keyname + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
+ 
+DECLARE @sqlCommand VARCHAR(MAX);
+ 
+SET @sqlCommand
+    = 'USE ? IF NOT EXISTS (SELECT 1 FROM sys.dm_database_encryption_keys AS e
+  LEFT JOIN master.sys.asymmetric_keys AS c
+    ON e.encryptor_thumbprint = c.thumbprint
+WHERE DB_NAME(e.database_id) = DB_NAME() AND c.name like ''TDE%'')  IF DB_ID(''?'') > 4 
+BEGIN
+CREATE DATABASE ENCRYPTION KEY
+WITH ALGORITHM = AES_256
+ENCRYPTION BY SERVER ASYMMETRIC KEY [' + @keyname + '];
+ALTER DATABASE ? SET ENCRYPTION ON
+END;';
+ 
+EXEC master..sp_MSforeachdb @sqlCommand;
+ 
+ 
+ 
+ 
+ 
+BACKUP DATABASE [TestTDE]
+TO  DISK = N'D:\SQLDatabaseDump\TDE_20241101.bak'
+WITH COPY_ONLY,
+     NOFORMAT,
+     INIT,
+     NAME = N'TestTDE-Full Database Backup',
+     SKIP,
+     NOREWIND,
+     NOUNLOAD,
+     COMPRESSION,
+     STATS = 10;
+GO
+ 
+ 
+ 
+/* ROTATE */
+ 
+/* CREATE NEW KEY IN AZURE BY POWERSHELL */
+USE [master];
+GO
+ 
+DECLARE @oldlogin  VARCHAR(255),
+        @keyname   VARCHAR(255) = 'TDE_20241201',
+        @AZkeyname VARCHAR(255) = 'SQLTDE';
+ 
+SELECT      @oldlogin = sp.name
+  FROM      sys.server_principal_credentials pc
+INNER JOIN sys.credentials c
+    ON pc.credential_id = c.credential_id
+  JOIN      sys.server_principals sp
+    ON sp.principal_id  = pc.principal_id
+WHERE      c.name = 'sysadmin_ekm_cred';
+ 
+EXEC ('ALTER LOGIN ' + @oldlogin + ' DROP CREDENTIAL [sysadmin_ekm_cred];');
+ 
+ALTER LOGIN [sysadmin_ekm] ADD CREDENTIAL [sysadmin_ekm_cred];
+ 
+EXEC ('CREATE ASYMMETRIC KEY [' + @keyname + ']
+FROM PROVIDER [AzureKeyVault_EKM_Prov]
+WITH PROVIDER_KEY_NAME = ''' + @AZkeyname + ''', CREATION_DISPOSITION = OPEN_EXISTING;');
+ 
+ALTER LOGIN [sysadmin_ekm] DROP CREDENTIAL [sysadmin_ekm_cred];
+ 
+EXEC ('CREATE LOGIN [' + @keyname + '] FROM ASYMMETRIC KEY [' + @keyname + '];');
+ 
+EXEC ('ALTER LOGIN [' + @keyname + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
+ 
+DECLARE @sqlCommand VARCHAR(MAX);
+ 
+SET @sqlCommand
+    = 'USE ? IF EXISTS (SELECT 1 FROM sys.dm_database_encryption_keys AS e
+  LEFT JOIN master.sys.asymmetric_keys AS c
+    ON e.encryptor_thumbprint = c.thumbprint
+WHERE DB_NAME(e.database_id) = DB_NAME() AND c.name like ''TDE%'') ALTER DATABASE ENCRYPTION KEY
+ENCRYPTION BY SERVER ASYMMETRIC KEY [' + @keyname + '];';
+ 
+EXEC master..sp_MSforeachdb @sqlCommand;
+ 
+EXEC ('DROP LOGIN ' + @oldlogin + ';');
+EXEC ('DROP ASYMMETRIC KEY [' + @oldlogin + '];');
+ 
+ 
+ 
+ 
+ 
+/* RESTORE OLD BACKUP */
+USE [master];
+GO
+ 
+ 
+DECLARE @oldlogin         VARCHAR(255),
+        @keynametorestore VARCHAR(255) = 'TDE_20241101',
+		@keyname          VARCHAR(255) = 'TDE_20241201',
+        @db               VARCHAR(255) = 'TestTDE2',
+        @AZkeyname        VARCHAR(255) = 'SQLTDE/f514174481184130aef24e8999dd14c4';
+ 
+SELECT      @oldlogin = sp.name
+  FROM      sys.server_principal_credentials pc
+INNER JOIN sys.credentials c
+    ON pc.credential_id = c.credential_id
+  JOIN      sys.server_principals sp
+    ON sp.principal_id  = pc.principal_id
+WHERE      c.name = 'sysadmin_ekm_cred';
+ 
+EXEC ('ALTER LOGIN ' + @oldlogin + ' DROP CREDENTIAL [sysadmin_ekm_cred];');
+ 
+ALTER LOGIN [sysadmin_ekm] ADD CREDENTIAL [sysadmin_ekm_cred];
+ 
+EXEC ('CREATE ASYMMETRIC KEY [' + @keynametorestore + ']
+FROM PROVIDER [AzureKeyVault_EKM_Prov]
+WITH PROVIDER_KEY_NAME = ''' + @AZkeyname + ''', CREATION_DISPOSITION = OPEN_EXISTING;');
+ 
+ 
+EXEC ('CREATE LOGIN [' + @keynametorestore + '] FROM ASYMMETRIC KEY [' + @keynametorestore + '];');
+ 
+EXEC ('ALTER LOGIN [sysadmin_ekm] DROP CREDENTIAL [sysadmin_ekm_cred];');
+ 
+EXEC ('ALTER LOGIN [' + @keynametorestore + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
+ 
+ 
+RESTORE DATABASE [TestTDE2]
+FROM DISK = N'D:\SQLDatabaseDump\TDE_20241101.bak'
+WITH FILE = 1,
+     MOVE N'AdventureWorks2022'
+     TO N'F:\SQLDatabase\TestTDE2.mdf',
+     MOVE N'AdventureWorks2022_log'
+     TO N'G:\SQLDatabase\TestTDE2_log.ldf',
+     NOUNLOAD,
+     REPLACE,
+     STATS = 5;
+ 
+ 
+EXEC ('ALTER LOGIN [' + @keynametorestore + '] DROP CREDENTIAL [sysadmin_ekm_cred];');
+ 
+EXEC ('ALTER LOGIN [' + @keyname + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
+ 
+EXEC('USE ['+ @db +'];ALTER DATABASE ENCRYPTION KEY
+ENCRYPTION BY SERVER ASYMMETRIC KEY [' + @keyname + '];')
+ 
+ 
+USE [master];
+ 
+EXEC('DROP LOGIN [' + @keynametorestore + '];')
+EXEC('DROP ASYMMETRIC KEY [' + @keynametorestore + '];')
+GO
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+/* VALIDATE */
+SELECT      DB_NAME(e.database_id) AS DatabaseName,
+            e.database_id,
+            e.encryption_state,
+            CASE e.encryption_state
+                 WHEN 0 THEN 'No database encryption key present, no encryption'
+                 WHEN 1 THEN 'Unencrypted'
+                 WHEN 2 THEN 'Encryption in progress'
+                 WHEN 3 THEN 'Encrypted'
+                 WHEN 4 THEN 'Key change in progress'
+                 WHEN 5 THEN 'Decryption in progress' END AS encryption_state_desc,
+            c.name,
+            e.percent_complete,
+            e.create_date,
+            e.regenerate_date,
+            e.modify_date,
+            e.set_date,
+            e.opened_date,
+            e.key_algorithm,
+            e.key_length,
+            e.encryptor_thumbprint,
+            e.encryptor_type,
+            c.principal_id,
+            c.asymmetric_key_id,
+            c.pvt_key_encryption_type,
+            c.pvt_key_encryption_type_desc,
+            c.thumbprint,
+            c.algorithm,
+            c.algorithm_desc,
+            c.key_length,
+            c.sid,
+            c.string_sid,
+            c.public_key,
+            c.attested_by,
+            c.provider_type,
+            c.cryptographic_provider_guid,
+            c.cryptographic_provider_algid
+  FROM      sys.dm_database_encryption_keys AS e
+  LEFT JOIN master.sys.asymmetric_keys AS c
+    ON e.encryptor_thumbprint = c.thumbprint
+WHERE      c.name <> 'tempdb';
+ 
+ 
+ 
+ 
+/* DROP */
+USE [master];
+GO
+ 
+ALTER DATABASE [TestTDE] SET ENCRYPTION OFF;
+GO
+ 
+/* WAIT */
+ 
+USE [TestTDE];
+GO
+ 
+DROP DATABASE ENCRYPTION KEY;
+GO
+ 
+USE [master];
+GO
+ 
+ALTER LOGIN [TDE_20240601] DROP CREDENTIAL [sysadmin_ekm_cred];
+GO
+ 
+DROP LOGIN [TDE_20240601];
+GO
+ 
+DROP ASYMMETRIC KEY [TDE_20240601];
+GO