Script to change Oracle SYS and SYSTEM passwords
To satisfy Oracle requirement I change SYS and SYSTEM passwords once in 3 months.
Here is a cron job that runs at 7:00 am on the 1st of the month of Jan, Apr, Jul and Oct.
0 7 1 1,4,7,10 * /app/scripts/pass_change.sh
In the end script emails me new passwords for all databases.
. /home/oracle/ora.env
_email_txt=/tmp/pass_change.txt
rm -f $_email_txt
create_passwd()
{
# Oracle passwords should start with alpha so I randomly choose first character
_mypass1=`</dev/urandom tr -dc a-z | head -c1`
# Then other 6 chacaters wil be random numbers or alphas, small and caps
_mypass2=`</dev/urandom tr -dc a-zA-Z0-9 | head -c6`
# Make the last character a number
_mypass3=`</dev/urandom tr -dc 0-9 | head -c1`
_mypass=${_mypass1}${_mypass2}${_mypass3}
}
create_sql()
{
_pass_file=/tmp/pass_change_${1}.sql
create_passwd
echo ALTER USER SYS IDENTIFIED BY ${_mypass}\; 1>${_pass_file}
create_passwd
echo ALTER USER SYSTEM IDENTIFIED BY ${_mypass}\; 1>>${_pass_file}
echo ${1} >> $_email_txt
cat ${_pass_file} >> $_email_txt
}
change_one()
{
export ORACLE_SID=$1
sqlplus /nolog <<EOF
connect / as sysdba
@${_pass_file}
exit
EOF
}
email_me()
{
MAIL_SUBJECT="Passwords for SYS"
EMAIL_LIST="dlevin@domain.com"
cat $_email_txt | mail -s "$MAIL_SUBJECT" -e "$EMAIL_LIST"
}
create_sql Database1_SID
change_one Database1_SID
create_sql Database2_SID
change_one Database2_SID
email_me
rm -f /tmp/pass_change*