Determine OCSP provider from certificate

Given a certificate, if you want to know whether there is an OCSP provider associated with it, you can get this information from the own certificate.

OCSP information is encoded inside " Authority Information Access" field. Open de certificate with some tool, for example, windows default program, and look for its value. You can also use openssl:

# openssl x509 -in PF_ACTIVO_EIDAS.cer -text -noout | grep OCSP
               OCSP - URI:http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder

# openssl x509 -in PF_ACTIVO_EIDAS.cer -ocsp_uri -noout
http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder

Note that the certificate must be in PEM format.

In order to call the OCSP service you need the certificate serial number (the one you want to check) and the CA chain, as described in a previous post:

# openssl x509 -in PF_ACTIVO_EIDAS.cer -serial -noout
serial=0902999F8486CAA55821C9A36BFAA499

# openssl ocsp -issuer AC_FNMT_Usuarios.pem -serial 0x0902999F8486CAA55821C9A36BFAA499 -url http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
Response verify OK
0x0902999F8486CAA55821C9A36BFAA499: good
        This Update: Aug 15 17:04:27 2019 GMT
        Next Update: Aug 15 18:04:27 2019 GMT

Another important subject with OCSP is that when you ask for a certificate, often, the response is signed by the provider. If you need to determine wich certificate it is, for example, in order to store it in a truststore, you can add the "-resp_text" flag:

# openssl ocsp -resp_text -issuer AC_FNMT_Usuarios.pem -serial 0x0902999F8486CAA55821C9A36BFAA499 -url http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = ES, O = FNMT-RCM, OU = Ceres, CN = Servidor OCSP AC FNMT Usuarios
    Produced At: Aug 15 17:08:28 2019 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: ACB3EDC1572E4DA000C62307BEBBC1953AA27423
      Issuer Key Hash: B1D44FC42379FA440509C6EB39CFE835B0B82064
      Serial Number: 0902999F8486CAA55821C9A36BFAA499
    Cert Status: good
    This Update: Aug 15 17:08:28 2019 GMT
    Next Update: Aug 15 18:08:28 2019 GMT

    Response Extensions:
        OCSP Nonce:
            04109B882F00D026E282BE6D2194DFC96845
    Signature Algorithm: sha256WithRSAEncryption
         14:87:45:a1:ad:37:14:7e:d4:3b:7f:bf:7d:6a:cc:2e:5f:01:
         81:2a:fc:20:96:b4:b7:27:01:64:6d:fd:ab:09:a8:26:49:b1:
         15:16:86:c9:7c:c1:3c:79:d8:d7:a2:55:10:be:2d:a5:b9:ba:
         f8:db:19:7f:9c:8a:ba:44:3e:ec:5d:9a:62:8e:85:1b:6b:7e:
         e9:b9:e0:ce:b2:45:0b:fa:9c:ad:bd:5e:5e:14:0c:ae:15:89:
         68:83:77:92:a7:80:b2:7f:37:94:cc:98:26:73:c8:53:86:4f:
         6a:45:5a:70:0f:30:ce:83:66:72:2c:ae:0f:06:93:17:15:1d:
         9f:1f:14:53:ae:a9:32:cb:7f:14:5f:4d:e9:29:fc:6d:f0:a2:
         f2:c1:fb:e4:1b:b9:ea:6e:5f:2d:0b:9b:e5:5f:6b:58:c8:5a:
         09:43:f6:27:91:db:da:56:c1:dc:48:aa:4a:86:a5:28:5f:94:
         65:f9:36:fe:d1:b3:0c:be:66:ad:5f:3b:26:38:25:a4:67:ff:
         1e:4c:b3:5d:88:46:c0:5a:2b:67:42:47:4e:d8:67:0e:2d:2c:
         45:c2:43:f4:33:4e:ca:bc:df:ff:a9:e0:79:b0:d3:6f:90:c7:
         8b:29:6f:14:52:d9:5a:82:c4:b3:a6:31:9b:12:96:33:dd:41:
         c2:51:9d:92
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:f0:a3:e9:d7:e3:93:01:5c:d2:91:e3:26:66:bc:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=ES, O=FNMT-RCM, OU=Ceres, CN=AC FNMT Usuarios
        Validity
            Not Before: May  8 08:22:59 2019 GMT
            Not After : Nov  8 09:22:59 2019 GMT
        Subject: C=ES, O=FNMT-RCM, OU=Ceres, CN=Servidor OCSP AC FNMT Usuarios
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d7:49:d2:98:b6:41:60:3d:28:1b:06:ce:f9:10:
                    53:b6:7b:ff:01:29:43:fc:64:58:22:7b:90:7b:79:
                    07:f5:41:db:e7:ec:3e:27:88:5c:c0:d1:7e:8f:3c:
                    c8:68:c6:8e:33:b4:78:3d:9d:65:30:ec:77:a9:6f:
                    65:ca:c9:62:78:3e:36:d6:1b:eb:cb:da:33:c8:35:
                    94:02:03:60:53:75:df:34:37:42:65:c7:9d:d8:bf:
                    b8:a3:18:5a:ea:17:9d:18:e6:80:0e:6e:5f:27:32:
                    04:93:6c:05:d2:db:ee:aa:dc:98:3f:af:39:ec:aa:
                    f9:eb:39:13:c5:7e:9b:cd:7e:d6:21:82:72:22:46:
                    d5:e1:9d:30:f1:fc:c2:02:3b:32:a5:f8:87:4f:e1:
                    a1:8a:3c:08:7f:e1:e3:84:17:29:2a:d2:7d:f8:82:
                    9b:88:13:38:d1:c1:a8:fd:71:e8:59:d4:e5:6f:9d:
                    97:a8:ef:fa:d3:b7:20:4f:3d:e1:55:19:62:96:1e:
                    94:53:80:18:42:08:6e:24:9c:e6:fd:6e:9e:08:34:
                    f9:fa:75:1d:34:dc:55:89:2e:bf:55:52:9c:ce:0e:
                    8e:bb:2f:9b:91:c5:91:84:cb:06:74:8e:41:54:2a:
                    b3:7e:dc:ee:05:1a:cf:07:8d:62:8f:d7:43:5a:0c:
                    ad:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Extended Key Usage: critical
                OCSP Signing
            X509v3 Subject Key Identifier:
                BB:6F:79:C3:04:25:98:D6:62:C7:CD:71:25:AF:C9:61:B0:12:3A:8B
            X509v3 Authority Key Identifier:
                keyid:B1:D4:4F:C4:23:79:FA:44:05:09:C6:EB:39:CF:E8:35:B0:B8:20:64

            OCSP No Check:

            Authority Information Access:
                CA Issuers - URI:http://www.cert.fnmt.es/certs/ACUSU.crt

            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.5734.3.10.15
                  CPS: http://www.cert.fnmt.es/dpcs/
                  User Notice:
                    Explicit Text: Sujeto a las condiciones de uso expuestas en la DPC de la FNMT-RCM (C/Jorge Juan 106-28009-Madrid-España)

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:ldap://ldapusu.cert.fnmt.es/cn=CRL2503,cn=AC%20FNMT%20Usuarios,ou=CERES,o=FNMT-RCM,c=ES?certificateRevocationList;binary?base?objectclass=cRLDistributionPoint

    Signature Algorithm: sha256WithRSAEncryption
         2f:32:00:b2:e7:42:86:81:9b:87:c8:7c:fe:ff:99:d9:9c:fe:
         31:a1:92:db:2c:cf:6b:38:bd:d2:c4:0d:2d:fb:1e:35:ef:87:
         9f:30:ab:c0:45:3c:ea:e2:e2:67:b4:f2:90:f7:a3:cb:ed:17:
         38:17:c7:06:8e:b9:50:d0:4e:66:c4:89:cf:cb:3a:d8:ac:a3:
         85:18:ba:e4:75:54:66:f3:4c:3c:99:3f:cd:6d:6e:a0:18:c9:
         25:35:cb:4f:1c:42:a8:14:35:61:37:04:c8:e4:41:2f:4f:6a:
         cf:2a:78:7d:a6:2d:00:03:a7:36:c7:1e:cd:98:cc:b2:db:a8:
         82:25:a8:b2:7c:9c:53:54:48:84:f8:36:17:ac:f9:9e:ba:5e:
         18:18:d7:35:ea:a5:4f:68:30:d2:04:fc:fb:ca:95:c8:0b:86:
         6e:16:68:b7:b6:f5:6a:b1:8e:0e:b3:bf:ef:95:65:2a:ef:5e:
         2c:67:f0:80:e0:c3:dd:95:e3:dc:89:46:00:74:73:33:df:77:
         c9:b5:e1:42:0c:fa:76:a2:19:06:d4:73:e5:9e:43:d2:79:b5:
         10:da:d1:3d:e1:64:08:05:ad:04:b0:bd:3e:69:67:88:0f:93:
         66:c5:ab:9f:f2:87:6a:76:bf:ad:30:96:8a:8d:af:c2:2e:00:
         93:52:8c:4e
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIQAfCj6dfjkwFc0pHjJma8QzANBgkqhkiG9w0BAQsFADBL
MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVz
MRkwFwYDVQQDDBBBQyBGTk1UIFVzdWFyaW9zMB4XDTE5MDUwODA4MjI1OVoXDTE5
MTEwODA5MjI1OVowWTELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4w
DAYDVQQLDAVDZXJlczEnMCUGA1UEAwweU2Vydmlkb3IgT0NTUCBBQyBGTk1UIFVz
dWFyaW9zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10nSmLZBYD0o
GwbO+RBTtnv/ASlD/GRYInuQe3kH9UHb5+w+J4hcwNF+jzzIaMaOM7R4PZ1lMOx3
qW9lyslieD421hvry9ozyDWUAgNgU3XfNDdCZced2L+4oxha6hedGOaADm5fJzIE
k2wF0tvuqtyYP6857Kr56zkTxX6bzX7WIYJyIkbV4Z0w8fzCAjsypfiHT+GhijwI
f+HjhBcpKtJ9+IKbiBM40cGo/XHoWdTlb52XqO/607cgTz3hVRlilh6UU4AYQghu
JJzm/W6eCDT5+nUdNNxViS6/VVKczg6Ouy+bkcWRhMsGdI5BVCqzftzuBRrPB41i
j9dDWgyt6wIDAQABo4ICSjCCAkYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAw
FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFLtvecMEJZjWYsfNcSWv
yWGwEjqLMB8GA1UdIwQYMBaAFLHUT8QjefpEBQnG6znP6DWwuCBkMA8GCSsGAQUF
BzABBQQCBQAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vd3d3
LmNlcnQuZm5tdC5lcy9jZXJ0cy9BQ1VTVS5jcnQwgcIGA1UdIASBujCBtzCBtAYK
KwYBBAGsZgMKDzCBpTApBggrBgEFBQcCARYdaHR0cDovL3d3dy5jZXJ0LmZubXQu
ZXMvZHBjcy8weAYIKwYBBQUHAgIwbAxqU3VqZXRvIGEgbGFzIGNvbmRpY2lvbmVz
IGRlIHVzbyBleHB1ZXN0YXMgZW4gbGEgRFBDIGRlIGxhIEZOTVQtUkNNIChDL0pv
cmdlIEp1YW4gMTA2LTI4MDA5LU1hZHJpZC1Fc3Bhw7FhKTCBtQYDVR0fBIGtMIGq
MIGnoIGkoIGhhoGebGRhcDovL2xkYXB1c3UuY2VydC5mbm10LmVzL2NuPUNSTDI1
MDMsY249QUMlMjBGTk1UJTIwVXN1YXJpb3Msb3U9Q0VSRVMsbz1GTk1ULVJDTSxj
PUVTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5P2Jhc2U/b2JqZWN0
Y2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwDQYJKoZIhvcNAQELBQADggEBAC8y
ALLnQoaBm4fIfP7/mdmc/jGhktssz2s4vdLEDS37HjXvh58wq8BFPOri4me08pD3
o8vtFzgXxwaOuVDQTmbEic/LOtiso4UYuuR1VGbzTDyZP81tbqAYySU1y08cQqgU
NWE3BMjkQS9Pas8qeH2mLQADpzbHHs2YzLLbqIIlqLJ8nFNUSIT4Nhes+Z66XhgY
1zXqpU9oMNIE/PvKlcgLhm4WaLe29Wqxjg6zv++VZSrvXixn8IDgw92V49yJRgB0
czPfd8m14UIM+naiGQbUc+WeQ9J5tRDa0T3hZAgFrQSwvT5pZ4gPk2bFq5/yh2p2
v60wloqNr8IuAJNSjE4=
-----END CERTIFICATE-----
Certificate:
(...)
Response verify OK
0x0902999F8486CAA55821C9A36BFAA499: good
        This Update: Aug 15 17:08:28 2019 GMT
        Next Update: Aug 15 18:08:28 2019 GMT

The first certificate in the response is the OCSP server signer certificate. You can save it in a .CER file. In this example you can see that the subject is "C=ES, O=FNMT-RCM, OU=Ceres, CN=Servidor OCSP AC FNMT Usuarios"


Another example of validation, but this time you send the whole certificate.

openssl ocsp -issuer CHAMBERS_OF_COMMERCE_ROOT-2016.cer -cert AC_CAMERFIRMA_FOR_NATURAL_PERSONS-2016.cer -text -url http://ocsp.camerfirma.com -CAfile CHAMBERS_OF_COMMERCE_ROOT-2016.cer

CentOS 7 - Increase swap memory

[root@archive ~]# free -m
              total        used        free      shared  buff/cache   available
Mem:           1839         124        1570           8         144        1554
Swap:          1227           0        1227

[root@archive ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root  9.8G  1.6G  8.3G  17% /
devtmpfs                 909M     0  909M   0% /dev
tmpfs                    920M     0  920M   0% /dev/shm
tmpfs                    920M  8.4M  912M   1% /run
tmpfs                    920M     0  920M   0% /sys/fs/cgroup
/dev/sda1               1014M  143M  872M  15% /boot
tmpfs                    184M     0  184M   0% /run/user/0

[root@archive ~]# dd if=/dev/zero of=/root/vembuswap bs=1M count=2048
2048+0 records in
2048+0 records out
2147483648 bytes (2.1 GB) copied, 24.9862 s, 85.9 MB/s

[root@archive ~]# mv /root/vembuswap /root/customswap

[root@archive ~]# ls -l /root/customswap
-rw-r--r--. 1 root root 2147483648 Jul 26 12:25 /root/customswap

[root@archive ~]# chmod 600 /root/customswap

[root@archive ~]# mkswap /root/customswap
Setting up swapspace version 1, size = 2097148 KiB
no label, UUID=8b5f50f4-3c03-422a-946d-403afbcb3a22

[root@archive ~]# swapon /root/customswap

[root@archive ~]# vi /etc/fstab
Add the following line:
/root/customswap swap   swap    defaults        0 0
 

[root@archive ~]# swapon -s
Filename                                Type            Size    Used    Priority
/dev/dm-1                               partition       1257468 0       -1
/root/customswap                        file    2097148 0       -2

[root@archive ~]# free -m
              total        used        free      shared  buff/cache   available
Mem:           1839         124          76           8        1638        1528
Swap:          3275           0        3275
[root@archive ~]#

OCSP - FNMT Testing

FNMT

Certificate Autority: https://www.sede.fnmt.gob.es/descargas/certificados-raiz-de-la-fnmt

In this case I just need the following CA: Certificados AC Raíz de la FNMT

• AC Raíz FNMT-RCM
• AC FNMT Usuarios
• AC Representación
• AC Administración Pública
• AC Componentes Informáticos

OCSP service

There are three OCSP services (not for Componentes Informáticos):

• AC Usuarios: http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder
• AC Representación: http://ocsprep.cert.fnmt.es/ocsprep/OcspResponder
• AC Administración Pública: http://ocspap.cert.fnmt.es/ocspap/OcspResponder 
• AC Componentes Informáticos: http://ocspcomp.cert.fnmt.es/ocsp/OcspResponder

Service Testing

Test certificate kit from Junta de Andalucía: https://ws024.juntadeandalucia.es/ae/newsletter/actualizaciondelkitdecertificadosdepruebaalaversion912

Install openssl:

# yum install libtool perl-core zlib-devel

Params:

• ocsp
• issuer. Testing certificate's CA in PEM format
• seriel. Testing certificate's serial number
• CAfile: issuer's CA in PEM format (the CA of the CA of the certificate :))
• url: OSCP url

# openssl ocsp -issuer AC_FNMT_Usuarios.pem -serial 0x1b38186910f9667c5821ca627f360420 -url http://ocspusu.cert.fnmt.es/ocspusu/OcspResponder -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
Response verify OK
0x1b38186910f9667c5821ca627f360420: revoked
        This Update: Jun 29 11:15:50 2019 GMT
        Next Update: Jun 29 12:15:50 2019 GMT
        Reason: cessationOfOperation
        Revocation Time: Nov  8 12:53:48 2016 GMT

# openssl ocsp -issuer AC_Administracion_Publica_SHA256.pem -serial 0x433d6899af0072375829d42560d7e733 -url http://ocspap.cert.fnmt.es/ocspap/OcspResponder  -CAfile AC_Raiz_FNMT-RCM_SHA256.pem
Response verify OK
0x433d6899af0072375829d42560d7e733: good
        This Update: Jun 29 11:21:23 2019 GMT
        Next Update: Jun 29 12:21:23 2019 GMT

Note: Here you can check OCSP service status of Camerfirma: https://www.camerfirma.com/ayuda/servicios/

CentOS 7 - Port forwarding

I have three environments:

1. Local, i.e, my PC
2. Server 1, a remote CentOS 7 server
3. Database Server, a remote Oracle Database server

Server 1 has access to Database Server.

Local has access to Server 1.

Local does not have access to Database Server.

By assuming Oracle Database is opened in port 1521 this is the configuration in Server 1 in order to redirect all requests in port 1521 to Database Server port 1521:

# sudo firewall-cmd --add-forward-port=port=1521:proto=tcp:toport=1521:toaddr=DatabaseServer

# sudo firewall-cmd --add-masquerade

# sudo firewall-cmd --zone=public --add-port=1521/tcp

# sudo firewall-cmd --list-all

Virtual Box Guest connect to Windows Host

You have a Windows Host running Virtual Box, and a CentOS 7 Guest as virtual machine.
Guest needs to connect to some service in Host. As an example, Host has an Apache web server running in port 80.


First, you have to determine the gateway used by the Guest.

enp0s3 is my "host only" network interface in VirtualBox.
In my case, it's 192.168.56.1. This is the IP the Guest knows as Host so, if you call for port 80, you should get Apache home page.

As you see Guest is not able to connecto to Host. In order to allow that, you need to configure Host firewall, in my case, Windows 10.
You can disable firewall for private networks as follow, but this is not a good solition due security concerns.



The proper solution is to configure a firewall rule for this port in the private network.

Connect Apache Web Server and Apache Tomcat

We have Apache Web Server (httpd) as front-end and Apache Tomcat as back-end.
This solution is based on mod_proxy and AJP connector.

Apache web server config

You have to configure mod_proxy in apache httpd.
I added the following conf file in conf.d directory:

<VirtualHost 172.22.215.219:80>
    Servername sisifo.domain1
 
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
 
 
    LogLevel info
    ErrorLog  /var/log/httpd/sisifo.domain1_error_log
    CustomLog /var/log/httpd/sisifo.domain1_access_log combined
</VirtualHost>
 
 
 
<VirtualHost 172.22.215.219:443>
    Servername sisifo.domain1
 
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
 
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
    #SSLCACertificatePath /etc/httpd/certs/ca
 
    <Location "/">
    Order Deny,Allow
                    Deny from all
                    Allow from all
                    #Allow from 10.224.0.0/12
    </Location>
 
    ##########
 
    ProxyRequests Off
    ProxyPassMatch ^/(.*)$ balancer://tomcat_cluster/$1$2 stickysession=JSESSIONID|jsessionid
 
    <Proxy balancer://tomcat_cluster>
      BalancerMember ajp://[TOMCAT1]:8009 loadfactor=1 route=jvmTomcat1 ping=1
   BalancerMember ajp://[TOMCAT2]:8009 loadfactor=1 route=jvmTomcat2 ping=1
       
      ProxySet lbmethod=byrequests
      ProxySet nofailover=off
      ProxySet timeout=300
    </Proxy>
     
    ##########
 
    LogLevel info  
    ErrorLog /var/log/httpd/sisifo.domain1_ssl_error_log
    CustomLog /var/log/httpd/sisifo.domain1_ssl_access_log combined
</VirtualHost>

Tomcat config

You have to edit $TOMCAT_HOM/config/server.xml of each tomcat instance and set an unique value for  jvmRoute attribute. This attribute is in Engine tag.

<Engine defaultHost="localhost" name="Catalina" jvmRoute="jvmTomcat1">

ORA-00942 Table or View Does Not Exist - Identify target table

During the installation of a third party application which uses Oracle Database, I found the following error in server log:

ORA-00942: table or view does not exist
00942. 00000 -  "table or view does not exist"

The error was clear, the application was trying to execute an SQL statement against a table that was not in database, or the user did not have permissions. But, which table or view was that?

In order to discover the SQL the client was invoking I found this post: https://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:2975793633621#284628100346267414. In my post I´ll just refactor it in order to easy understanding.

The idea behind of this is to register a trigger for server error 942, obtain  context information and the sql being executed, and save all this info in other table. The complete code is as follow:

-- Table to store errors
create table ERROR942 (id number, 
    "time" timestamp,
    "event" varchar(100), 
    "user" varchar(100),
    "server_error" varchar2(4000),
    "sql" varchar2(4000) );

-- Sequence to generate the table id
create sequence SEQ_ERROR942;


-- Trigger to insert errors in table
create or replace trigger TGR_SERVER942
after servererror on database
declare
   l_sql_text ora_name_list_t;
   full_sql varchar2(4000);
   l_n number;
begin
    if ( is_servererror(942) )
    then        
        full_sql := '';
        l_n := ora_sql_txt( l_sql_text );
        for i in 1 .. l_n
        loop
           full_sql := full_sql || l_sql_text(i);
        end loop;
        
         insert into ERROR942 values (SEQ_ERROR942.nextval, current_date, ora_sysevent, ora_login_user,  ora_server_error(1), full_sql);
    end if;
end;

commit;

The main aspects here are:

• We create ERROR942 table in order to store all errors
• We create SEQ_ERROR942 in order to generate the previous table ids
• We create TGR_SERVER942 trigger in order to capture server errors and store then in the table. 

You can test the solution as follow:

select * from UNEXIST_TABLE;

select * ERROR942;

Apache httpd - Windows 10

In order to disable port 80 in windows 10 and to allow Apache Web Server start, execute de following command as administrator:

net stop branchcache