thierry/sql-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync

Browse Source
This commit is contained in:
Thierry Schork
2024-01-31 14:50:39 +01:00
parent 0548c775b3
commit bb404b6ce6
7 changed files with 370 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
DBG - Scripter les jobs.sql
View File

@@ -65,7 +65,8 @@ DECLARE @job_id UNIQUEIDENTIFIER = NULL,
SELECT sj.job_id,sj.name, sj.[enabled], sj.[description], sj.start_step_id, sj.category_id, sj.owner_sid, sj.notify_level_eventlog, sj.notify_level_email, sj.notify_level_netsend, sj.notify_level_page, sj.notify_email_operator_id, sj.notify_netsend_operator_id, sj.notify_page_operator_id, sj.delete_level
FROM msdb.dbo.sysjobs sj
JOIN msdb.dbo.[syscategories] sc ON sc.[category_id] = sj.[category_id]
WHERE LOWER(sj.name) NOT LIKE '%distribution%'
WHERE 1=1
AND LOWER(sj.name) NOT LIKE '%distribution%'
AND LOWER(sj.name) NOT LIKE '%subscription%'
AND LOWER(sj.name) NOT LIKE '%replication%'
AND LOWER(sj.name) NOT LIKE '%ActivePos_read-%'

5
DBG - check SA login errors.sql
View File

@@ -13,9 +13,6 @@ EXEC sys.xp_readerrorlog 0;
SELECT *
FROM @log l
WHERE [l].[logMessage] LIKE '%''sa''%'
AND [l].[logDate]>'20231113'
AND [l].[logDate]>'20231120'
SELECT *
FROM msdb.dbo.sysjobs j
WHERE name LIKE 'D90700%'

8
DBG - syncro H debug.sql
View File

@@ -22,15 +22,15 @@ select amr.AMR_horizontal_extraction_TS, amr.AMR_aps_ts, amr.AMR_extraction_time
from aps_monitor_row amr ( nolock)
join APS_monitor_table amt
on amt.APS_monitor_table_ID = amr.AMR_APS_monitor_table
where amr.AMR_APS_TS BETWEEN '2023-06-15' AND '2023-06-15 23:59:59' /* Flag comme extrait */
and amt.AMT_table_name = 'PH_item_regulation_info' /* Table en erreur */
where amr.AMR_APS_TS BETWEEN '2023-11-21' AND '2023-11-21 23:59:59' /* Flag comme extrait */
and amt.AMT_table_name = 'item_key' /* Table en erreur */
/* AMR totaux */
select amr.AMR_horizontal_extraction_TS, amr.AMR_aps_ts, amr.AMR_extraction_timestamp, amr.*
from aps_monitor_row amr ( nolock)
join APS_monitor_table amt
on amt.APS_monitor_table_ID = amr.AMR_APS_monitor_table
where amr.AMR_APS_TS BETWEEN '2023-06-15' AND '2023-06-15 23:59:59' /* Flag comme extrait */
where amr.AMR_APS_TS BETWEEN '2023-11-21' AND '2023-11-21 23:59:59' /* Flag comme extrait */
--and AMR_APS_monitor_table = 460 /* Item_Key */
--#endregion
@@ -43,7 +43,7 @@ UPDATE aps_monitor_row
SET AMR_horizontal_extraction_TS = NULL,
AMR_extraction_timestamp = NULL
WHERE AMR_APS_TS BETWEEN '2023-06-15' AND '2023-06-15 23:59:59' /* Flag comme extrait */
AND AMR_APS_monitor_table NOT IN (1817) /* Item_Key */ /* (334700 rows affected) */
AND AMR_APS_monitor_table NOT IN (1817) /* Item_Key = 460*/ /* (334700 rows affected) */
/**************************/
/* Etapes de la synchro H (Step 3)*/

58
DELPHIX - count tables per schemas.sql Normal file
View File

@@ -0,0 +1,58 @@
USE master;
IF OBJECT_ID('tempdb..#dbs')IS NOT NULL BEGIN;
DROP TABLE #dbs;
END;
SELECT [db].[name]
INTO #dbs
FROM sys.databases db
WHERE [db].[name] NOT IN ( 'master', 'msdb', 'tempdb', 'distribution', 'model', 'symbiose', 'arizonaCash', 'activerob', 'SSISDB' );
IF OBJECT_ID('tempdb..#TblCountBySchema')IS NOT NULL BEGIN;
DROP TABLE #TblCountBySchema;
END;
CREATE TABLE #TblCountBySchema(
[db_name] varchar(255) NOT NULL,
[schema_name] varchar(255) NOT NULL,
[tables_count] int NOT NULL
,CONSTRAINT pk_tblCountBySchema PRIMARY KEY ([db_name], [schema_name])
)
DECLARE @tpl VARCHAR(MAX)='
use @db@
INSERT INTO #TblCountBySchema([db_name], [schema_name], [tables_count])
SELECT
''@db@'' as [db_name],
[t].[TABLE_SCHEMA] as [schema_name],
COUNT(1) AS table_count
FROM [INFORMATION_SCHEMA].[TABLES] t
GROUP BY [t].[TABLE_SCHEMA];
'
/* declare variables */
DECLARE @dbName VARCHAR(255)
DECLARE csr_db CURSOR FAST_FORWARD READ_ONLY FOR SELECT name FROM [#dbs]
OPEN csr_db
FETCH NEXT FROM csr_db INTO @dbName
WHILE @@FETCH_STATUS = 0
BEGIN
DECLARE @stmt NVARCHAR(MAX) = REPLACE(@tpl, '@db@', @dbName);
PRINT @stmt;
EXEC sp_executesql @stmt, N'';
FETCH NEXT FROM csr_db INTO @dbName
END
CLOSE csr_db
DEALLOCATE csr_db
SELECT *
FROM [#TblCountBySchema]

14
EXPLOIT - recovery pending.sql Normal file
View File

@@ -0,0 +1,14 @@
ALTER DATABASE arizona SET EMERGENCY;
GO
ALTER DATABASE arizona set single_user
GO
DBCC CHECKDB (arizona, REPAIR_ALLOW_DATA_LOSS) WITH ALL_ERRORMSGS, NO_INFOMSGS;
GO
ALTER DATABASE arizona set multi_user
GO
EXEC sp_configure filestream_access_level, 2;
RECONFIGURE;

35
SWTRIATEST01 - tde enabling.sql Normal file
View File

@@ -0,0 +1,35 @@
USE master; -- Replace with your database name
SET XACT_ABORT ON
-- Create a new master key if not already created
IF NOT EXISTS (SELECT * FROM sys.symmetric_keys WHERE name = '##MS_DatabaseMasterKey##')
BEGIN
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'v$~2YXERm2cj:WL9dlQu|Rvh7OohY/%v:';
PRINT 'master key created'
END
/*
-- Create a new certificate
CREATE CERTIFICATE TDECert
WITH SUBJECT = 'Database TDE encryption',
START_DATE = '20240101', -- Replace with the desired start date in the format 'YYYYMMDD'
EXPIRY_DATE = '20241231' -- Replace with the desired expiry date in the format 'YYYYMMDD'
BACKUP CERTIFICATE [TDECert] TO FILE = 'd:\TDECert.cer';
BACKUP CERTIFICATE TDECert
TO FILE = 'd:\TDE_Cert.cer'
WITH PRIVATE KEY (file='d:\TDE_CertKey.pvk',
ENCRYPTION BY PASSWORD='Hax0r$P@ss')
*/
USE [AdventureWorks2022]
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE TDECert
USE master
ALTER DATABASE [AdventureWorks2022] SET ENCRYPTION ON
SELECT [d].[name], [e].[encryption_state_desc], e.*
FROM sys.dm_database_encryption_keys e
JOIN sys.databases d ON d.[database_id]=e.[database_id];

256
TDE - scripts to init and rotate keys.sql Normal file
View File

@@ -0,0 +1,256 @@
/* TDE ACTIVATION */
USE [master];
GO
DECLARE @oldlogin VARCHAR(255),
@keyname VARCHAR(255) = 'TDE_20241101',
@AZkeyname VARCHAR(255) = 'SQLTDE';
SELECT @oldlogin = sp.name
FROM sys.server_principal_credentials pc
INNER JOIN sys.credentials c
ON pc.credential_id = c.credential_id
JOIN sys.server_principals sp
ON sp.principal_id = pc.principal_id
WHERE c.name = 'sysadmin_ekm_cred';
IF (@oldlogin IS NOT NULL) EXEC ('ALTER LOGIN ' + @oldlogin + ' DROP CREDENTIAL [sysadmin_ekm_cred];');
ALTER LOGIN [sysadmin_ekm] ADD CREDENTIAL [sysadmin_ekm_cred];
EXEC ('IF NOT EXISTS(SELECT 1 FROM sys.asymmetric_keys WHERE name = ''' + @keyname + ''') CREATE ASYMMETRIC KEY [' + @keyname + ']
FROM PROVIDER [AzureKeyVault_EKM_Prov]
WITH PROVIDER_KEY_NAME = ''' + @AZkeyname + ''', CREATION_DISPOSITION = OPEN_EXISTING;');
ALTER LOGIN [sysadmin_ekm] DROP CREDENTIAL [sysadmin_ekm_cred];
EXEC ('IF NOT EXISTS (SELECT 1 FROM sys.syslogins where name = ''' + @keyname + ''')CREATE LOGIN [' + @keyname + '] FROM ASYMMETRIC KEY [' + @keyname + '];');
EXEC ('ALTER LOGIN [' + @keyname + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
DECLARE @sqlCommand VARCHAR(MAX);
SET @sqlCommand
= 'USE ? IF NOT EXISTS (SELECT 1 FROM sys.dm_database_encryption_keys AS e
LEFT JOIN master.sys.asymmetric_keys AS c
ON e.encryptor_thumbprint = c.thumbprint
WHERE DB_NAME(e.database_id) = DB_NAME() AND c.name like ''TDE%'') IF DB_ID(''?'') > 4
BEGIN
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER ASYMMETRIC KEY [' + @keyname + '];
ALTER DATABASE ? SET ENCRYPTION ON
END;';
EXEC master..sp_MSforeachdb @sqlCommand;
BACKUP DATABASE [TestTDE]
TO DISK = N'D:\SQLDatabaseDump\TDE_20241101.bak'
WITH COPY_ONLY,
NOFORMAT,
INIT,
NAME = N'TestTDE-Full Database Backup',
SKIP,
NOREWIND,
NOUNLOAD,
COMPRESSION,
STATS = 10;
GO
/* ROTATE */
/* CREATE NEW KEY IN AZURE BY POWERSHELL */
USE [master];
GO
DECLARE @oldlogin VARCHAR(255),
@keyname VARCHAR(255) = 'TDE_20241201',
@AZkeyname VARCHAR(255) = 'SQLTDE';
SELECT @oldlogin = sp.name
FROM sys.server_principal_credentials pc
INNER JOIN sys.credentials c
ON pc.credential_id = c.credential_id
JOIN sys.server_principals sp
ON sp.principal_id = pc.principal_id
WHERE c.name = 'sysadmin_ekm_cred';
EXEC ('ALTER LOGIN ' + @oldlogin + ' DROP CREDENTIAL [sysadmin_ekm_cred];');
ALTER LOGIN [sysadmin_ekm] ADD CREDENTIAL [sysadmin_ekm_cred];
EXEC ('CREATE ASYMMETRIC KEY [' + @keyname + ']
FROM PROVIDER [AzureKeyVault_EKM_Prov]
WITH PROVIDER_KEY_NAME = ''' + @AZkeyname + ''', CREATION_DISPOSITION = OPEN_EXISTING;');
ALTER LOGIN [sysadmin_ekm] DROP CREDENTIAL [sysadmin_ekm_cred];
EXEC ('CREATE LOGIN [' + @keyname + '] FROM ASYMMETRIC KEY [' + @keyname + '];');
EXEC ('ALTER LOGIN [' + @keyname + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
DECLARE @sqlCommand VARCHAR(MAX);
SET @sqlCommand
= 'USE ? IF EXISTS (SELECT 1 FROM sys.dm_database_encryption_keys AS e
LEFT JOIN master.sys.asymmetric_keys AS c
ON e.encryptor_thumbprint = c.thumbprint
WHERE DB_NAME(e.database_id) = DB_NAME() AND c.name like ''TDE%'') ALTER DATABASE ENCRYPTION KEY
ENCRYPTION BY SERVER ASYMMETRIC KEY [' + @keyname + '];';
EXEC master..sp_MSforeachdb @sqlCommand;
EXEC ('DROP LOGIN ' + @oldlogin + ';');
EXEC ('DROP ASYMMETRIC KEY [' + @oldlogin + '];');
/* RESTORE OLD BACKUP */
USE [master];
GO
DECLARE @oldlogin VARCHAR(255),
@keynametorestore VARCHAR(255) = 'TDE_20241101',
@keyname VARCHAR(255) = 'TDE_20241201',
@db VARCHAR(255) = 'TestTDE2',
@AZkeyname VARCHAR(255) = 'SQLTDE/f514174481184130aef24e8999dd14c4';
SELECT @oldlogin = sp.name
FROM sys.server_principal_credentials pc
INNER JOIN sys.credentials c
ON pc.credential_id = c.credential_id
JOIN sys.server_principals sp
ON sp.principal_id = pc.principal_id
WHERE c.name = 'sysadmin_ekm_cred';
EXEC ('ALTER LOGIN ' + @oldlogin + ' DROP CREDENTIAL [sysadmin_ekm_cred];');
ALTER LOGIN [sysadmin_ekm] ADD CREDENTIAL [sysadmin_ekm_cred];
EXEC ('CREATE ASYMMETRIC KEY [' + @keynametorestore + ']
FROM PROVIDER [AzureKeyVault_EKM_Prov]
WITH PROVIDER_KEY_NAME = ''' + @AZkeyname + ''', CREATION_DISPOSITION = OPEN_EXISTING;');
EXEC ('CREATE LOGIN [' + @keynametorestore + '] FROM ASYMMETRIC KEY [' + @keynametorestore + '];');
EXEC ('ALTER LOGIN [sysadmin_ekm] DROP CREDENTIAL [sysadmin_ekm_cred];');
EXEC ('ALTER LOGIN [' + @keynametorestore + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
RESTORE DATABASE [TestTDE2]
FROM DISK = N'D:\SQLDatabaseDump\TDE_20241101.bak'
WITH FILE = 1,
MOVE N'AdventureWorks2022'
TO N'F:\SQLDatabase\TestTDE2.mdf',
MOVE N'AdventureWorks2022_log'
TO N'G:\SQLDatabase\TestTDE2_log.ldf',
NOUNLOAD,
REPLACE,
STATS = 5;
EXEC ('ALTER LOGIN [' + @keynametorestore + '] DROP CREDENTIAL [sysadmin_ekm_cred];');
EXEC ('ALTER LOGIN [' + @keyname + '] ADD CREDENTIAL [sysadmin_ekm_cred];');
EXEC('USE ['+ @db +'];ALTER DATABASE ENCRYPTION KEY
ENCRYPTION BY SERVER ASYMMETRIC KEY [' + @keyname + '];')
USE [master];
EXEC('DROP LOGIN [' + @keynametorestore + '];')
EXEC('DROP ASYMMETRIC KEY [' + @keynametorestore + '];')
GO
/* VALIDATE */
SELECT DB_NAME(e.database_id) AS DatabaseName,
e.database_id,
e.encryption_state,
CASE e.encryption_state
WHEN 0 THEN 'No database encryption key present, no encryption'
WHEN 1 THEN 'Unencrypted'
WHEN 2 THEN 'Encryption in progress'
WHEN 3 THEN 'Encrypted'
WHEN 4 THEN 'Key change in progress'
WHEN 5 THEN 'Decryption in progress' END AS encryption_state_desc,
c.name,
e.percent_complete,
e.create_date,
e.regenerate_date,
e.modify_date,
e.set_date,
e.opened_date,
e.key_algorithm,
e.key_length,
e.encryptor_thumbprint,
e.encryptor_type,
c.principal_id,
c.asymmetric_key_id,
c.pvt_key_encryption_type,
c.pvt_key_encryption_type_desc,
c.thumbprint,
c.algorithm,
c.algorithm_desc,
c.key_length,
c.sid,
c.string_sid,
c.public_key,
c.attested_by,
c.provider_type,
c.cryptographic_provider_guid,
c.cryptographic_provider_algid
FROM sys.dm_database_encryption_keys AS e
LEFT JOIN master.sys.asymmetric_keys AS c
ON e.encryptor_thumbprint = c.thumbprint
WHERE c.name <> 'tempdb';
/* DROP */
USE [master];
GO
ALTER DATABASE [TestTDE] SET ENCRYPTION OFF;
GO
/* WAIT */
USE [TestTDE];
GO
DROP DATABASE ENCRYPTION KEY;
GO
USE [master];
GO
ALTER LOGIN [TDE_20240601] DROP CREDENTIAL [sysadmin_ekm_cred];
GO
DROP LOGIN [TDE_20240601];
GO
DROP ASYMMETRIC KEY [TDE_20240601];
GO