Code Snippets

#!/bin/bash

# Enterprise log error detection script
# Searches multiple log files for common error patterns

LOG_DIR=${1:-/var/log}
SEARCH_PATTERNS=(
    "ERROR"
    "FATAL"
    "CRITICAL"
    "Exception"
    "Failed"
    "denied"
    "timeout"
    "connection refused"
)
OUTPUT_FILE="error_report_$(date +%Y%m%d_%H%M%S).txt"

find_errors() {
    local log_file=$1
    local pattern=$2
    
    if [ -f "$log_file" ] && [ -r "$log_file" ]; then
        grep -i "$pattern" "$log_file" 2>/dev/null | while read -r line; do
            echo "[$pattern] $log_file: $line"
        done
    fi
}

{
    echo "=== Error Log Analysis ==="
    echo "Search directory: $LOG_DIR"
    echo "Analysis date: $(date)"
    echo "Patterns searched: ${SEARCH_PATTERNS[*]}"
    echo ""
    
    # Find all log files
    LOG_FILES=$(find "$LOG_DIR" -type f \( -name "*.log" -o -name "*.log.*" \) 2>/dev/null)
    
    if [ -z "$LOG_FILES" ]; then
        echo "No log files found in $LOG_DIR"
        exit 1
    fi
    
    echo "Found $(echo "$LOG_FILES" | wc -l) log files"
    echo ""
    
    # Search each pattern in each log file
    for pattern in "${SEARCH_PATTERNS[@]}"; do
        echo "=== Searching for: $pattern ==="
        echo ""
        
        for log_file in $LOG_FILES; do
            find_errors "$log_file" "$pattern"
        done
        
        echo ""
    done
    
    # Summary by log file
    echo "=== Error Count by Log File ==="
    for log_file in $LOG_FILES; do
        if [ -f "$log_file" ] && [ -r "$log_file" ]; then
            ERROR_COUNT=0
            for pattern in "${SEARCH_PATTERNS[@]}"; do
                COUNT=$(grep -ic "$pattern" "$log_file" 2>/dev/null || echo 0)
                ERROR_COUNT=$((ERROR_COUNT + COUNT))
            done
            if [ $ERROR_COUNT -gt 0 ]; then
                echo "$log_file: $ERROR_COUNT errors found"
            fi
        fi
    done
    echo ""
    
    # Recent errors (last 100 lines of each log)
    echo "=== Recent Errors (Last 100 lines) ==="
    for log_file in $LOG_FILES; do
        if [ -f "$log_file" ] && [ -r "$log_file" ]; then
            RECENT_ERRORS=$(tail -100 "$log_file" 2>/dev/null | grep -iE "$(IFS='|'; echo "${SEARCH_PATTERNS[*]}")" | wc -l)
            if [ $RECENT_ERRORS -gt 0 ]; then
                echo ""
                echo "--- $log_file (last 100 lines) ---"
                tail -100 "$log_file" 2>/dev/null | grep -iE "$(IFS='|'; echo "${SEARCH_PATTERNS[*]}")"
            fi
        fi
    done
    
} | tee "$OUTPUT_FILE"

echo ""
echo "Error analysis complete. Results saved to: $OUTPUT_FILE"

Quick error search commands:

# Search for errors in a single log
grep -i error /var/log/syslog

# Search multiple patterns
grep -iE "error|fatal|critical" /var/log/app.log

# Search with context (lines before/after)
grep -i error -A 5 -B 5 /var/log/app.log

# Count errors
grep -ic error /var/log/app.log

# Find errors in last hour
tail -1000 /var/log/app.log | grep -i error

# Search all log files in directory
grep -r "error" /var/log/

#!/bin/bash

# Enterprise Apache log analysis script
# Parses access logs for common patterns, errors, and statistics

LOG_FILE=${1:-/var/log/apache2/access.log}
OUTPUT_FILE="apache_analysis_$(date +%Y%m%d_%H%M%S).txt"

if [ ! -f "$LOG_FILE" ]; then
    echo "Error: Log file not found: $LOG_FILE"
    exit 1
fi

{
    echo "=== Apache Access Log Analysis ==="
    echo "Log file: $LOG_FILE"
    echo "Analysis date: $(date)"
    echo "Total log entries: $(wc -l < "$LOG_FILE")"
    echo ""
    
    echo "=== Top 10 IP Addresses ==="
    awk '{print $1}' "$LOG_FILE" | sort | uniq -c | sort -rn | head -10
    echo ""
    
    echo "=== Top 10 Requested URLs ==="
    awk '{print $7}' "$LOG_FILE" | sort | uniq -c | sort -rn | head -10
    echo ""
    
    echo "=== HTTP Status Codes ==="
    awk '{print $9}' "$LOG_FILE" | sort | uniq -c | sort -rn
    echo ""
    
    echo "=== Error Responses (4xx, 5xx) ==="
    awk '$9 >= 400 {print $9, $7, $1}' "$LOG_FILE" | sort | uniq -c | sort -rn | head -20
    echo ""
    
    echo "=== Top User Agents ==="
    awk -F'"' '{print $6}' "$LOG_FILE" | sort | uniq -c | sort -rn | head -10
    echo ""
    
    echo "=== Requests by Hour ==="
    awk '{print $4}' "$LOG_FILE" | cut -d: -f2 | sort | uniq -c | sort -n
    echo ""
    
    echo "=== Most Active Hours ==="
    awk '{print $4}' "$LOG_FILE" | cut -d: -f2 | sort | uniq -c | sort -rn | head -10
    echo ""
    
    echo "=== Bandwidth Usage (Top 10) ==="
    awk '{sum[$7] += $10} END {for (url in sum) print sum[url], url}' "$LOG_FILE" | sort -rn | head -10
    echo ""
    
    echo "=== Suspicious Activity (Multiple 404s from same IP) ==="
    awk '$9 == 404 {print $1, $7}' "$LOG_FILE" | sort | uniq -c | sort -rn | head -10
    echo ""
    
    echo "=== Requests by Method ==="
    awk '{print $6}' "$LOG_FILE" | sed 's/"//g' | sort | uniq -c | sort -rn
    echo ""
    
} | tee "$OUTPUT_FILE"

echo ""
echo "Analysis complete. Results saved to: $OUTPUT_FILE"

Quick log analysis commands:

# Count total requests
wc -l /var/log/apache2/access.log

# Find most common IPs
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -10

# Find 404 errors
grep " 404 " access.log

# Find requests in last hour
tail -1000 access.log | grep "$(date +%d/%b/%Y:%H)"

# Real-time log monitoring
tail -f /var/log/apache2/access.log

#!/bin/bash

# Enterprise port scanning script
# Lists all listening ports with process information

echo "=== Listening Ports and Processes ==="
echo "Generated: $(date)"
echo ""

# Method 1: Using ss (modern, faster)
if command -v ss &> /dev/null; then
    echo "Using 'ss' command:"
    echo "-------------------"
    ss -tulnp | grep LISTEN | while read line; do
        PROTO=$(echo $line | awk '{print $1}')
        STATE=$(echo $line | awk '{print $2}')
        LOCAL=$(echo $line | awk '{print $5}')
        PROCESS=$(echo $line | awk '{print $7}')
        echo "Protocol: $PROTO | State: $STATE | Address: $LOCAL | Process: $PROCESS"
    done
    echo ""
fi

# Method 2: Using netstat (fallback)
if command -v netstat &> /dev/null; then
    echo "Using 'netstat' command:"
    echo "-------------------------"
    netstat -tulnp 2>/dev/null | grep LISTEN | while read line; do
        echo "$line"
    done
    echo ""
fi

# Detailed process information
echo "=== Detailed Process Information ==="
echo ""

# Get unique PIDs from listening ports
PIDS=$(ss -tulnp 2>/dev/null | grep LISTEN | grep -oP 'pid=\K[0-9]+' | sort -u)

if [ -z "$PIDS" ]; then
    PIDS=$(netstat -tulnp 2>/dev/null | grep LISTEN | awk '{print $7}' | cut -d'/' -f1 | grep -E '^[0-9]+$' | sort -u)
fi

for PID in $PIDS; do
    if [ -d "/proc/$PID" ]; then
        echo "PID: $PID"
        echo "  Command: $(cat /proc/$PID/comm 2>/dev/null)"
        echo "  Full Command: $(cat /proc/$PID/cmdline 2>/dev/null | tr '\0' ' ')"
        echo "  User: $(stat -c '%U' /proc/$PID 2>/dev/null)"
        echo "  Ports:"
        ss -tulnp 2>/dev/null | grep "pid=$PID" | awk '{print "    - " $5}'
        echo ""
    fi
done

# Summary by port number
echo "=== Summary by Port Number ==="
ss -tulnp 2>/dev/null | grep LISTEN | awk '{print $5}' | cut -d':' -f2 | sort -n | uniq -c | sort -rn | head -20

Quick port checks:

# List all listening ports
ss -tuln
netstat -tuln

# Find what's using a specific port
lsof -i :80
ss -tulnp | grep :80

# Find process by port
fuser 80/tcp

# Check if port is in use
netstat -tuln | grep :22 && echo "Port 22 is in use" || echo "Port 22 is free"

#!/bin/bash

# Enterprise network connectivity testing script
# Tests connectivity to multiple hosts with detailed logging

HOSTS_FILE=${1:-hosts.txt}
LOG_FILE="connectivity_test_$(date +%Y%m%d_%H%M%S).log"
TIMEOUT=${2:-5}

if [ ! -f "$HOSTS_FILE" ]; then
    echo "Creating sample hosts file: $HOSTS_FILE"
    cat > "$HOSTS_FILE" << EOF
8.8.8.8
google.com
github.com
EOF
fi

log_result() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

test_host() {
    local host=$1
    local port=${2:-80}
    
    log_result "Testing $host:$port..."
    
    # Test ICMP ping
    if ping -c 1 -W $TIMEOUT "$host" > /dev/null 2>&1; then
        PING_RESULT="✓ Ping OK"
    else
        PING_RESULT="✗ Ping FAILED"
    fi
    
    # Test TCP port
    if timeout $TIMEOUT bash -c "echo > /dev/tcp/$host/$port" 2>/dev/null; then
        PORT_RESULT="✓ Port $port OPEN"
    else
        PORT_RESULT="✗ Port $port CLOSED/UNREACHABLE"
    fi
    
    # DNS resolution test
    if host "$host" > /dev/null 2>&1; then
        DNS_RESULT="✓ DNS resolves"
        IP=$(host "$host" | grep "has address" | head -1 | awk '{print $4}')
    else
        DNS_RESULT="✗ DNS FAILED"
        IP="N/A"
    fi
    
    # Traceroute (first 5 hops)
    log_result "  $PING_RESULT"
    log_result "  $PORT_RESULT"
    log_result "  $DNS_RESULT"
    log_result "  IP: $IP"
    
    if [ "$PING_RESULT" = "✓ Ping OK" ]; then
        log_result "  Traceroute (first 5 hops):"
        traceroute -m 5 "$host" 2>/dev/null | head -6 | sed 's/^/    /' | tee -a "$LOG_FILE"
    fi
    
    log_result ""
}

log_result "=== Network Connectivity Test ==="
log_result "Started: $(date)"
log_result "Hosts file: $HOSTS_FILE"
log_result "Timeout: ${TIMEOUT}s"
log_result ""

while IFS= read -r line || [ -n "$line" ]; do
    # Skip comments and empty lines
    [[ "$line" =~ ^#.*$ ]] && continue
    [[ -z "$line" ]] && continue
    
    # Parse host:port format
    if [[ "$line" =~ : ]]; then
        HOST=$(echo "$line" | cut -d: -f1)
        PORT=$(echo "$line" | cut -d: -f2)
    else
        HOST="$line"
        PORT=80
    fi
    
    test_host "$HOST" "$PORT"
done < "$HOSTS_FILE"

log_result "=== Test Complete ==="
log_result "Results saved to: $LOG_FILE"

Quick connectivity tests:

# Test single host
ping -c 4 google.com

# Test TCP port
timeout 5 bash -c "echo > /dev/tcp/google.com/80" && echo "Port open" || echo "Port closed"

# Test multiple ports
for port in 22 80 443; do
    timeout 2 bash -c "echo > /dev/tcp/hostname/$port" 2>/dev/null && echo "Port $port: OPEN" || echo "Port $port: CLOSED"
done

# DNS lookup
nslookup google.com
dig google.com

#!/bin/bash

# Enterprise directory backup script
# Creates timestamped backups with rotation and validation

SOURCE_DIR=$1
BACKUP_BASE_DIR=${2:-/backups}
RETENTION_DAYS=${3:-30}

if [ -z "$SOURCE_DIR" ] || [ ! -d "$SOURCE_DIR" ]; then
    echo "Usage: $0 <source_directory> [backup_base_dir] [retention_days]"
    echo "Example: $0 /var/www /backups 30"
    exit 1
fi

TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_NAME=$(basename "$SOURCE_DIR")
BACKUP_DIR="$BACKUP_BASE_DIR/$BACKUP_NAME"
BACKUP_FILE="$BACKUP_DIR/${BACKUP_NAME}_${TIMESTAMP}.tar.gz"
LOG_FILE="$BACKUP_DIR/backup.log"

# Create backup directory if it doesn't exist
mkdir -p "$BACKUP_DIR"

log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

# Create backup
log_message "Starting backup of $SOURCE_DIR"
tar -czf "$BACKUP_FILE" -C "$(dirname "$SOURCE_DIR")" "$(basename "$SOURCE_DIR")" 2>&1 | tee -a "$LOG_FILE"

if [ ${PIPESTATUS[0]} -eq 0 ]; then
    BACKUP_SIZE=$(du -h "$BACKUP_FILE" | cut -f1)
    log_message "Backup completed successfully: $BACKUP_FILE ($BACKUP_SIZE)"
    
    # Verify backup integrity
    if tar -tzf "$BACKUP_FILE" > /dev/null 2>&1; then
        log_message "Backup integrity verified"
    else
        log_message "ERROR: Backup integrity check failed"
        exit 1
    fi
else
    log_message "ERROR: Backup failed"
    rm -f "$BACKUP_FILE"
    exit 1
fi

# Clean up old backups
log_message "Cleaning up backups older than $RETENTION_DAYS days"
find "$BACKUP_DIR" -name "${BACKUP_NAME}_*.tar.gz" -type f -mtime +$RETENTION_DAYS -delete
find "$BACKUP_DIR" -name "${BACKUP_NAME}_*.tar.gz" -type f -mtime +$RETENTION_DAYS -exec log_message "Deleted old backup: {}" \;

Quick backup commands:

# Simple tar backup
tar -czf backup_$(date +%Y%m%d).tar.gz /path/to/directory

# Backup with rsync (preserves permissions, faster for large dirs)
rsync -avz --delete /source/ /backup/destination/

# Incremental backup with rsync
rsync -avz --link-dest=/backup/latest /source/ /backup/$(date +%Y%m%d)/

#!/bin/bash

# Enterprise disk space monitoring script
# Checks disk usage and alerts when thresholds are exceeded

THRESHOLD_WARNING=80  # Percentage for warning
THRESHOLD_CRITICAL=90  # Percentage for critical alert
LOG_FILE="/var/log/disk-monitor.log"

# Function to log messages
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOG_FILE"
}

# Function to send alert (customize based on your alerting system)
send_alert() {
    local level=$1
    local message=$2
    log_message "[$level] $message"
    # Example: Send email or use monitoring system API
    # mail -s "Disk Space Alert: $level" [email protected] <<< "$message"
}

# Check all mounted filesystems
df -h | awk 'NR>1 {print $5, $6}' | while read usage mountpoint; do
    # Remove % sign and get numeric value
    usage_num=$(echo $usage | sed 's/%//')
    
    if [ "$usage_num" -ge "$THRESHOLD_CRITICAL" ]; then
        send_alert "CRITICAL" "Disk space critical on $mountpoint: ${usage} used"
    elif [ "$usage_num" -ge "$THRESHOLD_WARNING" ]; then
        send_alert "WARNING" "Disk space warning on $mountpoint: ${usage} used"
    fi
done

# Find largest files/directories (top 10)
echo "Top 10 largest directories:" >> "$LOG_FILE"
du -h / 2>/dev/null | sort -rh | head -10 >> "$LOG_FILE"

Quick check for specific mount point:

# Check specific mount point
df -h /var | awk 'NR==2 {print $5}'

# Find largest files in a directory
du -h /path/to/directory | sort -rh | head -20

#!/bin/bash

# Enterprise process termination script
# Safely kills processes by name with validation and logging

PROCESS_NAME=$1
SIGNAL=${2:-TERM}  # Default to TERM signal, can use KILL for force

if [ -z "$PROCESS_NAME" ]; then
    echo "Usage: $0 <process_name> [SIGNAL]"
    echo "Example: $0 nginx TERM"
    exit 1
fi

LOG_FILE="/var/log/process-kill.log"

log_action() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOG_FILE"
}

# Find PIDs for the process
PIDS=$(pgrep -f "$PROCESS_NAME")

if [ -z "$PIDS" ]; then
    echo "No processes found matching: $PROCESS_NAME"
    exit 0
fi

echo "Found processes matching '$PROCESS_NAME':"
ps -p $PIDS -o pid,user,cmd

read -p "Kill these processes? (yes/no): " confirm

if [ "$confirm" != "yes" ]; then
    echo "Aborted."
    exit 0
fi

# Kill processes
for PID in $PIDS; do
    log_action "Killing PID $PID (process: $PROCESS_NAME) with signal $SIGNAL"
    kill -$SIGNAL $PID 2>/dev/null
    
    if [ $? -eq 0 ]; then
        echo "Successfully sent $SIGNAL signal to PID $PID"
    else
        echo "Failed to kill PID $PID" >&2
        log_action "ERROR: Failed to kill PID $PID"
    fi
done

# Wait and verify
sleep 2
REMAINING=$(pgrep -f "$PROCESS_NAME")
if [ -n "$REMAINING" ]; then
    echo "Warning: Some processes are still running. PIDs: $REMAINING"
    log_action "WARNING: Processes still running after kill: $REMAINING"
fi

Quick one-liner version:

# Kill all processes matching name (use with caution)
pkill -f "process_name"

# Force kill if TERM doesn't work
pkill -9 -f "process_name"

# Kill specific PID
kill -TERM <PID>

#!/bin/bash

# Enterprise system information gathering script
# Collects comprehensive system details for troubleshooting

OUTPUT_FILE="${1:-system_info_$(hostname)_$(date +%Y%m%d_%H%M%S).txt}"

{
    echo "=========================================="
    echo "System Information Report"
    echo "Generated: $(date)"
    echo "Hostname: $(hostname)"
    echo "=========================================="
    echo ""
    
    echo "=== Operating System ==="
    if [ -f /etc/os-release ]; then
        cat /etc/os-release
    elif [ -f /etc/redhat-release ]; then
        cat /etc/redhat-release
    elif [ -f /etc/debian_version ]; then
        echo "Debian $(cat /etc/debian_version)"
    fi
    uname -a
    echo ""
    
    echo "=== CPU Information ==="
    lscpu 2>/dev/null || cat /proc/cpuinfo | grep -E "model name|processor|cores"
    echo ""
    
    echo "=== Memory Information ==="
    free -h
    echo ""
    echo "Memory Details:"
    cat /proc/meminfo | head -10
    echo ""
    
    echo "=== Disk Usage ==="
    df -h
    echo ""
    
    echo "=== Network Interfaces ==="
    ip addr show 2>/dev/null || ifconfig
    echo ""
    
    echo "=== Network Connections ==="
    ss -tuln 2>/dev/null || netstat -tuln
    echo ""
    
    echo "=== Running Services ==="
    systemctl list-units --type=service --state=running 2>/dev/null | head -20
    echo ""
    
    echo "=== Top Processes by CPU ==="
    ps aux --sort=-%cpu | head -10
    echo ""
    
    echo "=== Top Processes by Memory ==="
    ps aux --sort=-%mem | head -10
    echo ""
    
    echo "=== Load Average ==="
    uptime
    echo ""
    
    echo "=== Kernel Modules ==="
    lsmod | head -20
    echo ""
    
    echo "=== Mounted Filesystems ==="
    mount | column -t
    echo ""
    
    echo "=== Environment Variables ==="
    env | sort
    echo ""
    
    echo "=== Last Boot Time ==="
    who -b 2>/dev/null || last reboot | head -1
    echo ""
    
} | tee "$OUTPUT_FILE"

echo "System information saved to: $OUTPUT_FILE"

Quick system checks:

# Quick system overview
echo "Uptime: $(uptime)"
echo "Load: $(cat /proc/loadavg)"
echo "Memory: $(free -h | grep Mem)"
echo "Disk: $(df -h / | tail -1)"

# Check specific resource
free -h          # Memory
df -h            # Disk
top -bn1 | head  # CPU processes

#!/bin/bash

# MySQL Backup and Restore Script
# Enterprise backup with compression, rotation, and validation

MYSQL_USER="backup_user"
MYSQL_PASS="password"
MYSQL_HOST="localhost"
BACKUP_DIR="/backups/mysql"
RETENTION_DAYS=30
TIMESTAMP=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p "$BACKUP_DIR"

backup_database() {
    local db_name=$1
    local backup_file="$BACKUP_DIR/${db_name}_${TIMESTAMP}.sql.gz"
    
    echo "Backing up database: $db_name"
    
    # Full backup with compression
    mysqldump -u "$MYSQL_USER" -p"$MYSQL_PASS" -h "$MYSQL_HOST" \
        --single-transaction \
        --routines \
        --triggers \
        --events \
        --quick \
        --lock-tables=false \
        "$db_name" | gzip > "$backup_file"
    
    if [ ${PIPESTATUS[0]} -eq 0 ]; then
        echo "Backup completed: $backup_file"
        echo "Size: $(du -h "$backup_file" | cut -f1)"
        
        # Verify backup integrity
        if gunzip -t "$backup_file" 2>/dev/null; then
            echo "Backup integrity verified"
        else
            echo "ERROR: Backup integrity check failed"
            rm -f "$backup_file"
            return 1
        fi
    else
        echo "ERROR: Backup failed"
        rm -f "$backup_file"
        return 1
    fi
}

backup_all_databases() {
    echo "Backing up all databases..."
    
    # Get list of databases (exclude system databases)
    databases=$(mysql -u "$MYSQL_USER" -p"$MYSQL_PASS" -h "$MYSQL_HOST" \
        -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema|mysql|sys)")
    
    for db in $databases; do
        backup_database "$db"
    done
}

restore_database() {
    local db_name=$1
    local backup_file=$2
    
    if [ ! -f "$backup_file" ]; then
        echo "Error: Backup file not found: $backup_file"
        return 1
    fi
    
    echo "Restoring database: $db_name from $backup_file"
    
    # Create database if it doesn't exist
    mysql -u "$MYSQL_USER" -p"$MYSQL_PASS" -h "$MYSQL_HOST" \
        -e "CREATE DATABASE IF NOT EXISTS $db_name;"
    
    # Restore database
    if [[ "$backup_file" == *.gz ]]; then
        gunzip < "$backup_file" | mysql -u "$MYSQL_USER" -p"$MYSQL_PASS" -h "$MYSQL_HOST" "$db_name"
    else
        mysql -u "$MYSQL_USER" -p"$MYSQL_PASS" -h "$MYSQL_HOST" "$db_name" < "$backup_file"
    fi
    
    if [ $? -eq 0 ]; then
        echo "Database restored successfully"
    else
        echo "ERROR: Restore failed"
        return 1
    fi
}

cleanup_old_backups() {
    echo "Cleaning up backups older than $RETENTION_DAYS days..."
    find "$BACKUP_DIR" -name "*.sql.gz" -type f -mtime +$RETENTION_DAYS -delete
    echo "Cleanup completed"
}

# Main execution
ACTION=$1
DB_NAME=$2
BACKUP_FILE=$3

case $ACTION in
    backup)
        if [ -z "$DB_NAME" ]; then
            backup_all_databases
        else
            backup_database "$DB_NAME"
        fi
        cleanup_old_backups
        ;;
    restore)
        if [ -z "$DB_NAME" ] || [ -z "$BACKUP_FILE" ]; then
            echo "Usage: $0 restore <database_name> <backup_file>"
            exit 1
        fi
        restore_database "$DB_NAME" "$BACKUP_FILE"
        ;;
    *)
        echo "Usage: $0 <backup|restore> [database_name] [backup_file]"
        exit 1
        ;;
esac

Common backup commands:

# Backup single database
mysqldump -u user -p database_name > backup.sql

# Backup with compression
mysqldump -u user -p database_name | gzip > backup.sql.gz

# Backup all databases
mysqldump -u user -p --all-databases > all_databases.sql

# Backup specific tables
mysqldump -u user -p database_name table1 table2 > tables.sql

# Backup with single transaction (consistent backup)
mysqldump -u user -p --single-transaction database_name > backup.sql

# Backup structure only (no data)
mysqldump -u user -p --no-data database_name > structure.sql

# Backup data only (no structure)
mysqldump -u user -p --no-create-info database_name > data.sql

# Restore database
mysql -u user -p database_name < backup.sql

# Restore compressed backup
gunzip < backup.sql.gz | mysql -u user -p database_name

# Backup with specific options
mysqldump -u user -p \
    --single-transaction \
    --routines \
    --triggers \
    --events \
    --quick \
    --lock-tables=false \
    database_name > backup.sql

-- MySQL User and Permission Management
-- Enterprise security best practices

-- ============================================
-- CREATE USER
-- ============================================

-- Create user with password
CREATE USER 'db_user'@'localhost' IDENTIFIED BY 'StrongPassword123!';

-- Create user from any host
CREATE USER 'db_user'@'%' IDENTIFIED BY 'StrongPassword123!';

-- Create user from specific IP
CREATE USER 'db_user'@'192.168.1.100' IDENTIFIED BY 'StrongPassword123!';

-- Create user with password expiration
CREATE USER 'db_user'@'localhost' 
IDENTIFIED BY 'StrongPassword123!'
PASSWORD EXPIRE INTERVAL 90 DAY;

-- Create user with resource limits
CREATE USER 'db_user'@'localhost' 
IDENTIFIED BY 'StrongPassword123!'
WITH MAX_QUERIES_PER_HOUR 1000
     MAX_CONNECTIONS_PER_HOUR 100
     MAX_UPDATES_PER_HOUR 500;

-- ============================================
-- GRANT PERMISSIONS
-- ============================================

-- Grant all privileges on database
GRANT ALL PRIVILEGES ON database_name.* TO 'db_user'@'localhost';

-- Grant specific privileges
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'db_user'@'localhost';

-- Grant privileges on specific table
GRANT SELECT, INSERT, UPDATE ON database_name.table_name TO 'db_user'@'localhost';

-- Grant privileges on all databases
GRANT SELECT ON *.* TO 'db_user'@'localhost';

-- Grant privileges with GRANT OPTION (allows user to grant to others)
GRANT SELECT, INSERT ON database_name.* TO 'db_user'@'localhost' WITH GRANT OPTION;

-- Grant specific column privileges
GRANT SELECT (column1, column2), UPDATE (column1) ON database_name.table_name TO 'db_user'@'localhost';

-- Grant procedure/function privileges
GRANT EXECUTE ON PROCEDURE database_name.procedure_name TO 'db_user'@'localhost';

-- ============================================
-- ROLES (MySQL 8.0+)
-- ============================================

-- Create role
CREATE ROLE 'readonly_role', 'readwrite_role';

-- Grant privileges to role
GRANT SELECT ON database_name.* TO 'readonly_role';
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'readwrite_role';

-- Grant role to user
GRANT 'readonly_role' TO 'db_user'@'localhost';

-- Set default role
SET DEFAULT ROLE 'readonly_role' TO 'db_user'@'localhost';

-- Activate role for current session
SET ROLE 'readonly_role';

-- ============================================
-- REVOKE PERMISSIONS
-- ============================================

-- Revoke specific privileges
REVOKE INSERT, UPDATE ON database_name.* FROM 'db_user'@'localhost';

-- Revoke all privileges
REVOKE ALL PRIVILEGES ON database_name.* FROM 'db_user'@'localhost';

-- Revoke GRANT OPTION
REVOKE GRANT OPTION ON database_name.* FROM 'db_user'@'localhost';

-- ============================================
-- VIEW PERMISSIONS
-- ============================================

-- Show grants for user
SHOW GRANTS FOR 'db_user'@'localhost';

-- Show current user grants
SHOW GRANTS;

-- List all users
SELECT user, host FROM mysql.user;

-- List user privileges
SELECT * FROM mysql.user WHERE user = 'db_user';

-- List database privileges
SELECT * FROM mysql.db WHERE user = 'db_user';

-- List table privileges
SELECT * FROM mysql.tables_priv WHERE user = 'db_user';

-- ============================================
-- MODIFY USER
-- ============================================

-- Change password
ALTER USER 'db_user'@'localhost' IDENTIFIED BY 'NewPassword123!';

-- Change password and expire immediately
ALTER USER 'db_user'@'localhost' IDENTIFIED BY 'NewPassword123!' PASSWORD EXPIRE;

-- Lock/unlock account
ALTER USER 'db_user'@'localhost' ACCOUNT LOCK;
ALTER USER 'db_user'@'localhost' ACCOUNT UNLOCK;

-- Change resource limits
ALTER USER 'db_user'@'localhost'
WITH MAX_QUERIES_PER_HOUR 2000
     MAX_CONNECTIONS_PER_HOUR 200;

-- Rename user
RENAME USER 'old_user'@'localhost' TO 'new_user'@'localhost';

-- ============================================
-- REMOVE USER
-- ============================================

-- Drop user
DROP USER 'db_user'@'localhost';

-- Drop multiple users
DROP USER 'user1'@'localhost', 'user2'@'localhost';

-- ============================================
-- FLUSH PRIVILEGES
-- ============================================

-- Apply privilege changes immediately
FLUSH PRIVILEGES;

Bash script for user management:

#!/bin/bash

# MySQL User Management Script
MYSQL_USER="admin"
MYSQL_PASS="password"
MYSQL_HOST="localhost"
DB_NAME="database_name"
NEW_USER="db_user"
NEW_PASS="StrongPassword123!"

# Create user
mysql -u "$MYSQL_USER" -p"$MYSQL_PASS" -h "$MYSQL_HOST" << EOF
CREATE USER '$NEW_USER'@'localhost' IDENTIFIED BY '$NEW_PASS';
GRANT SELECT, INSERT, UPDATE, DELETE ON $DB_NAME.* TO '$NEW_USER'@'localhost';
FLUSH PRIVILEGES;
EOF

# Verify user
mysql -u "$MYSQL_USER" -p"$MYSQL_PASS" -h "$MYSQL_HOST" -e "SHOW GRANTS FOR '$NEW_USER'@'localhost';"

#!/bin/bash

# PostgreSQL Backup and Restore Script
# Enterprise backup with compression, rotation, and validation

PGUSER="backup_user"
PGHOST="localhost"
BACKUP_DIR="/backups/postgresql"
RETENTION_DAYS=30
TIMESTAMP=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p "$BACKUP_DIR"

backup_database() {
    local db_name=$1
    local backup_file="$BACKUP_DIR/${db_name}_${TIMESTAMP}.dump"
    
    echo "Backing up database: $db_name"
    
    # Custom format backup (compressed, allows selective restore)
    pg_dump -U "$PGUSER" -h "$PGHOST" \
        -Fc \
        -f "$backup_file" \
        "$db_name"
    
    if [ $? -eq 0 ]; then
        echo "Backup completed: $backup_file"
        echo "Size: $(du -h "$backup_file" | cut -f1)"
        
        # Verify backup
        if pg_restore -l "$backup_file" > /dev/null 2>&1; then
            echo "Backup integrity verified"
        else
            echo "ERROR: Backup integrity check failed"
            rm -f "$backup_file"
            return 1
        fi
    else
        echo "ERROR: Backup failed"
        rm -f "$backup_file"
        return 1
    fi
}

backup_all_databases() {
    echo "Backing up all databases..."
    
    # Get list of databases (exclude template databases)
    databases=$(psql -U "$PGUSER" -h "$PGHOST" -t -c \
        "SELECT datname FROM pg_database WHERE datistemplate = false AND datname != 'postgres';")
    
    for db in $databases; do
        db=$(echo $db | xargs)  # Trim whitespace
        if [ -n "$db" ]; then
            backup_database "$db"
        fi
    done
}

restore_database() {
    local db_name=$1
    local backup_file=$2
    
    if [ ! -f "$backup_file" ]; then
        echo "Error: Backup file not found: $backup_file"
        return 1
    fi
    
    echo "Restoring database: $db_name from $backup_file"
    
    # Drop and recreate database
    psql -U "$PGUSER" -h "$PGHOST" -c "DROP DATABASE IF EXISTS $db_name;"
    psql -U "$PGUSER" -h "$PGHOST" -c "CREATE DATABASE $db_name;"
    
    # Restore database
    if [[ "$backup_file" == *.dump ]] || [[ "$backup_file" == *.custom ]]; then
        # Custom format
        pg_restore -U "$PGUSER" -h "$PGHOST" -d "$db_name" "$backup_file"
    elif [[ "$backup_file" == *.sql.gz ]]; then
        # SQL format compressed
        gunzip < "$backup_file" | psql -U "$PGUSER" -h "$PGHOST" "$db_name"
    elif [[ "$backup_file" == *.sql ]]; then
        # SQL format
        psql -U "$PGUSER" -h "$PGHOST" "$db_name" < "$backup_file"
    else
        echo "Error: Unknown backup format"
        return 1
    fi
    
    if [ $? -eq 0 ]; then
        echo "Database restored successfully"
    else
        echo "ERROR: Restore failed"
        return 1
    fi
}

backup_globals() {
    local backup_file="$BACKUP_DIR/globals_${TIMESTAMP}.sql"
    
    echo "Backing up global objects (roles, tablespaces)..."
    
    pg_dumpall -U "$PGUSER" -h "$PGHOST" \
        --globals-only \
        -f "$backup_file"
    
    if [ $? -eq 0 ]; then
        echo "Global backup completed: $backup_file"
    else
        echo "ERROR: Global backup failed"
        rm -f "$backup_file"
        return 1
    fi
}

cleanup_old_backups() {
    echo "Cleaning up backups older than $RETENTION_DAYS days..."
    find "$BACKUP_DIR" -name "*.dump" -type f -mtime +$RETENTION_DAYS -delete
    find "$BACKUP_DIR" -name "*.sql" -type f -mtime +$RETENTION_DAYS -delete
    find "$BACKUP_DIR" -name "*.sql.gz" -type f -mtime +$RETENTION_DAYS -delete
    echo "Cleanup completed"
}

# Main execution
ACTION=$1
DB_NAME=$2
BACKUP_FILE=$3

case $ACTION in
    backup)
        if [ -z "$DB_NAME" ]; then
            backup_globals
            backup_all_databases
        else
            backup_database "$DB_NAME"
        fi
        cleanup_old_backups
        ;;
    restore)
        if [ -z "$DB_NAME" ] || [ -z "$BACKUP_FILE" ]; then
            echo "Usage: $0 restore <database_name> <backup_file>"
            exit 1
        fi
        restore_database "$DB_NAME" "$BACKUP_FILE"
        ;;
    *)
        echo "Usage: $0 <backup|restore> [database_name] [backup_file]"
        exit 1
        ;;
esac

Common backup commands:

# Backup single database (custom format - compressed)
pg_dump -U user -h host -Fc database_name > backup.dump

# Backup single database (SQL format)
pg_dump -U user -h host database_name > backup.sql

# Backup with compression
pg_dump -U user -h host database_name | gzip > backup.sql.gz

# Backup all databases
pg_dumpall -U user -h host > all_databases.sql

# Backup global objects only (roles, tablespaces)
pg_dumpall -U user -h host --globals-only > globals.sql

# Backup schema only
pg_dump -U user -h host -s database_name > schema.sql

# Backup data only
pg_dump -U user -h host -a database_name > data.sql

# Restore custom format backup
pg_restore -U user -h host -d database_name backup.dump

# Restore SQL backup
psql -U user -h host database_name < backup.sql

# Restore compressed SQL backup
gunzip < backup.sql.gz | psql -U user -h host database_name

# Restore specific schema
pg_restore -U user -h host -d database_name -n schema_name backup.dump

# List contents of custom format backup
pg_restore -l backup.dump

-- PostgreSQL User and Role Management
-- Enterprise security best practices

-- ============================================
-- CREATE ROLE/USER
-- ============================================

-- Create role (can be used as user or group)
CREATE ROLE role_name;

-- Create user (automatically has LOGIN privilege)
CREATE USER user_name WITH PASSWORD 'StrongPassword123!';

-- Create user with additional options
CREATE USER user_name WITH
    PASSWORD 'StrongPassword123!'
    CREATEDB
    CREATEROLE
    LOGIN
    VALID UNTIL '2025-12-31';

-- Create role with connection limit
CREATE ROLE user_name WITH
    PASSWORD 'StrongPassword123!'
    LOGIN
    CONNECTION LIMIT 10;

-- ============================================
-- GRANT PRIVILEGES
-- ============================================

-- Grant database privileges
GRANT CONNECT ON DATABASE database_name TO user_name;
GRANT CREATE ON DATABASE database_name TO user_name;

-- Grant schema privileges
GRANT USAGE ON SCHEMA schema_name TO user_name;
GRANT CREATE ON SCHEMA schema_name TO user_name;
GRANT ALL ON SCHEMA schema_name TO user_name;

-- Grant table privileges
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE schema_name.table_name TO user_name;
GRANT ALL PRIVILEGES ON TABLE schema_name.table_name TO user_name;

-- Grant privileges on all tables in schema
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA schema_name TO user_name;

-- Grant sequence privileges
GRANT USAGE, SELECT ON SEQUENCE schema_name.sequence_name TO user_name;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA schema_name TO user_name;

-- Grant function/procedure privileges
GRANT EXECUTE ON FUNCTION schema_name.function_name TO user_name;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA schema_name TO user_name;

-- Grant default privileges (for future objects)
ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name
    GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user_name;

ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name
    GRANT USAGE, SELECT ON SEQUENCES TO user_name;

-- ============================================
-- ROLE MEMBERSHIP
-- ============================================

-- Grant role to user
GRANT role_name TO user_name;

-- Create role hierarchy
CREATE ROLE admin_role;
CREATE ROLE manager_role;
GRANT admin_role TO manager_role;
GRANT manager_role TO user_name;

-- ============================================
-- REVOKE PRIVILEGES
-- ============================================

-- Revoke specific privileges
REVOKE INSERT, UPDATE ON TABLE schema_name.table_name FROM user_name;

-- Revoke all privileges
REVOKE ALL PRIVILEGES ON TABLE schema_name.table_name FROM user_name;

-- Revoke role membership
REVOKE role_name FROM user_name;

-- ============================================
-- VIEW PERMISSIONS
-- ============================================

-- List all roles
SELECT rolname, rolsuper, rolcreaterole, rolcreatedb, rolcanlogin
FROM pg_roles
ORDER BY rolname;

-- List role memberships
SELECT 
    r.rolname AS role_name,
    m.rolname AS member_name
FROM pg_roles r
JOIN pg_auth_members am ON r.oid = am.roleid
JOIN pg_roles m ON am.member = m.oid
ORDER BY r.rolname, m.rolname;

-- List table privileges
SELECT 
    grantee,
    table_schema,
    table_name,
    privilege_type
FROM information_schema.table_privileges
WHERE grantee = 'user_name'
ORDER BY table_schema, table_name, privilege_type;

-- List database privileges
SELECT 
    datname,
    usename,
    has_database_privilege(usename, datname, 'CONNECT') AS can_connect,
    has_database_privilege(usename, datname, 'CREATE') AS can_create
FROM pg_database, pg_user
WHERE has_database_privilege(usename, datname, 'CONNECT')
ORDER BY datname, usename;

-- ============================================
-- MODIFY ROLE/USER
-- ============================================

-- Change password
ALTER USER user_name WITH PASSWORD 'NewPassword123!';

-- Change password expiration
ALTER USER user_name VALID UNTIL '2025-12-31';

-- Add privileges to role
ALTER ROLE user_name CREATEDB;
ALTER ROLE user_name CREATEROLE;
ALTER ROLE user_name SUPERUSER;

-- Remove privileges from role
ALTER ROLE user_name NOCREATEDB;
ALTER ROLE user_name NOCREATEROLE;
ALTER ROLE user_name NOSUPERUSER;

-- Set connection limit
ALTER ROLE user_name CONNECTION LIMIT 20;

-- Rename role
ALTER ROLE old_name RENAME TO new_name;

-- ============================================
-- REMOVE ROLE/USER
-- ============================================

-- Drop role (must revoke privileges first)
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA schema_name FROM user_name;
DROP ROLE user_name;

-- Drop role with cascade (removes dependent objects)
DROP ROLE user_name CASCADE;

Bash script for user management:

#!/bin/bash

# PostgreSQL User Management Script
PGUSER="postgres"
PGHOST="localhost"
DB_NAME="database_name"
NEW_USER="db_user"
NEW_PASS="StrongPassword123!"

# Create user
psql -U "$PGUSER" -h "$PGHOST" << EOF
CREATE USER $NEW_USER WITH PASSWORD '$NEW_PASS';
GRANT CONNECT ON DATABASE $DB_NAME TO $NEW_USER;
GRANT USAGE ON SCHEMA public TO $NEW_USER;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO $NEW_USER;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $NEW_USER;
EOF

# Verify user
psql -U "$PGUSER" -h "$PGHOST" -c "\du $NEW_USER"

# SQL Server Database Backup Script
# Enterprise backup with validation and retention

param(
    [Parameter(Mandatory=$true)]
    [string]$ServerInstance,
    
    [Parameter(Mandatory=$true)]
    [string]$DatabaseName,
    
    [Parameter(Mandatory=$false)]
    [string]$BackupPath = "C:\Backups",
    
    [Parameter(Mandatory=$false)]
    [int]$RetentionDays = 30
)

Import-Module SqlServer -ErrorAction Stop

try {
    # Create backup directory if it doesn't exist
    if (-not (Test-Path $BackupPath)) {
        New-Item -ItemType Directory -Path $BackupPath -Force | Out-Null
    }
    
    $timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
    $backupFile = Join-Path $BackupPath "$DatabaseName`_$timestamp.bak"
    
    Write-Host "Starting backup of database: $DatabaseName" -ForegroundColor Green
    
    # Perform full backup
    Backup-SqlDatabase `
        -ServerInstance $ServerInstance `
        -Database $DatabaseName `
        -BackupFile $backupFile `
        -BackupAction Database `
        -CompressionOption On `
        -Initialize
    
    Write-Host "Backup completed: $backupFile" -ForegroundColor Green
    
    # Verify backup
    $restoreResult = Restore-SqlDatabase `
        -ServerInstance $ServerInstance `
        -Database "${DatabaseName}_Verify" `
        -BackupFile $backupFile `
        -NoRecovery `
        -ErrorAction Stop
    
    # Clean up verification database
    Remove-SqlDatabase -ServerInstance $ServerInstance -Database "${DatabaseName}_Verify" -Force
    
    Write-Host "Backup verification successful" -ForegroundColor Green
    
    # Clean up old backups
    $cutoffDate = (Get-Date).AddDays(-$RetentionDays)
    Get-ChildItem -Path $BackupPath -Filter "$DatabaseName`_*.bak" | 
        Where-Object { $_.LastWriteTime -lt $cutoffDate } | 
        Remove-Item -Force
    
    Write-Host "Old backups cleaned up (retention: $RetentionDays days)" -ForegroundColor Yellow
    
} catch {
    Write-Error "Backup failed: $($_.Exception.Message)"
    exit 1
}

T-SQL backup commands:

-- Full database backup
BACKUP DATABASE [DatabaseName]
TO DISK = 'C:\Backups\DatabaseName.bak'
WITH COMPRESSION, INIT, CHECKSUM;

-- Differential backup
BACKUP DATABASE [DatabaseName]
TO DISK = 'C:\Backups\DatabaseName_diff.bak'
WITH DIFFERENTIAL, COMPRESSION, INIT, CHECKSUM;

-- Transaction log backup
BACKUP LOG [DatabaseName]
TO DISK = 'C:\Backups\DatabaseName.trn'
WITH COMPRESSION, INIT, CHECKSUM;

-- Backup to multiple files (striped)
BACKUP DATABASE [DatabaseName]
TO DISK = 'C:\Backups\File1.bak',
         DISK = 'D:\Backups\File2.bak'
WITH COMPRESSION, INIT, CHECKSUM;

-- Verify backup
RESTORE VERIFYONLY
FROM DISK = 'C:\Backups\DatabaseName.bak'
WITH CHECKSUM;

-- SQL Server Performance Monitoring Queries
-- Enterprise performance analysis

-- ============================================
-- TOP QUERIES BY CPU
-- ============================================

SELECT TOP 20
    qs.execution_count,
    qs.total_worker_time / qs.execution_count AS avg_cpu_time,
    qs.total_worker_time AS total_cpu_time,
    qs.total_elapsed_time / qs.execution_count AS avg_elapsed_time,
    qs.total_logical_reads / qs.execution_count AS avg_logical_reads,
    SUBSTRING(qt.text, (qs.statement_start_offset/2) + 1,
        ((CASE qs.statement_end_offset
            WHEN -1 THEN DATALENGTH(qt.text)
            ELSE qs.statement_end_offset
        END - qs.statement_start_offset)/2) + 1) AS query_text,
    qt.text AS full_query_text,
    qp.query_plan
FROM sys.dm_exec_query_stats qs
CROSS APPLY sys.dm_exec_sql_text(qs.sql_handle) qt
CROSS APPLY sys.dm_exec_query_plan(qs.plan_handle) qp
ORDER BY qs.total_worker_time DESC;

-- ============================================
-- TOP QUERIES BY I/O
-- ============================================

SELECT TOP 20
    qs.execution_count,
    qs.total_logical_reads / qs.execution_count AS avg_logical_reads,
    qs.total_logical_reads AS total_logical_reads,
    qs.total_physical_reads / qs.execution_count AS avg_physical_reads,
    qs.total_physical_reads AS total_physical_reads,
    SUBSTRING(qt.text, (qs.statement_start_offset/2) + 1,
        ((CASE qs.statement_end_offset
            WHEN -1 THEN DATALENGTH(qt.text)
            ELSE qs.statement_end_offset
        END - qs.statement_start_offset)/2) + 1) AS query_text
FROM sys.dm_exec_query_stats qs
CROSS APPLY sys.dm_exec_sql_text(qs.sql_handle) qt
ORDER BY qs.total_logical_reads DESC;

-- ============================================
-- BLOCKING QUERIES
-- ============================================

SELECT 
    t1.session_id AS blocking_session_id,
    t1.wait_type,
    t1.wait_duration_ms,
    t1.blocking_session_id,
    t2.session_id AS blocked_session_id,
    DB_NAME(t1.database_id) AS database_name,
    t1.command,
    t1.text AS blocking_query,
    t2.text AS blocked_query
FROM sys.dm_exec_requests t1
LEFT JOIN sys.dm_exec_requests t2 ON t1.session_id = t2.blocking_session_id
CROSS APPLY sys.dm_exec_sql_text(t1.sql_handle) t1
CROSS APPLY sys.dm_exec_sql_text(t2.sql_handle) t2
WHERE t1.blocking_session_id > 0;

-- ============================================
-- MISSING INDEXES
-- ============================================

SELECT 
    migs.avg_total_user_cost * (migs.avg_user_impact / 100.0) * (migs.user_seeks + migs.user_scans) AS improvement_measure,
    'CREATE INDEX [missing_index_' + CONVERT(VARCHAR, mig.index_group_handle) + '_' + CONVERT(VARCHAR, mid.index_handle) + '_' + LEFT(PARSENAME(mid.statement, 1), 32) + ']' +
    ' ON ' + mid.statement +
    ' (' + ISNULL(mid.equality_columns, '') +
    CASE WHEN mid.equality_columns IS NOT NULL AND mid.inequality_columns IS NOT NULL THEN ',' ELSE '' END +
    ISNULL(mid.inequality_columns, '') + ')' +
    ISNULL(' INCLUDE (' + mid.included_columns + ')', '') AS create_index_statement,
    migs.*,
    mid.database_id,
    mid.[object_id]
FROM sys.dm_db_missing_index_groups mig
INNER JOIN sys.dm_db_missing_index_group_stats migs ON migs.group_handle = mig.index_group_handle
INNER JOIN sys.dm_db_missing_index_details mid ON mig.index_handle = mid.index_handle
WHERE migs.avg_total_user_cost * (migs.avg_user_impact / 100.0) * (migs.user_seeks + migs.user_scans) > 10
ORDER BY migs.avg_total_user_cost * migs.avg_user_impact * (migs.user_seeks + migs.user_scans) DESC;

-- ============================================
-- DATABASE FILE I/O STATISTICS
-- ============================================

SELECT 
    DB_NAME(database_id) AS database_name,
    file_id,
    io_stall_read_ms / num_of_reads AS avg_read_latency_ms,
    io_stall_write_ms / num_of_writes AS avg_write_latency_ms,
    io_stall / (num_of_reads + num_of_writes) AS avg_io_latency_ms,
    num_of_reads,
    num_of_writes,
    (num_of_bytes_read + num_of_bytes_written) / 1024 / 1024 AS total_mb
FROM sys.dm_io_virtual_file_stats(NULL, NULL)
ORDER BY avg_io_latency_ms DESC;

-- ============================================
-- WAIT STATISTICS
-- ============================================

SELECT TOP 20
    wait_type,
    waiting_tasks_count,
    wait_time_ms,
    max_wait_time_ms,
    signal_wait_time_ms,
    wait_time_ms - signal_wait_time_ms AS resource_wait_time_ms,
    CAST((wait_time_ms - signal_wait_time_ms) * 100.0 / SUM(wait_time_ms - signal_wait_time_ms) OVER() AS DECIMAL(5,2)) AS percent_resource_waits
FROM sys.dm_os_wait_stats
WHERE wait_type NOT IN (
    'CLR_SEMAPHORE', 'LAZYWRITER_SLEEP', 'RESOURCE_QUEUE', 'SLEEP_TASK',
    'SLEEP_SYSTEMTASK', 'SQLTRACE_BUFFER_FLUSH', 'WAITFOR', 'LOGMGR_QUEUE',
    'CHECKPOINT_QUEUE', 'REQUEST_FOR_DEADLOCK_SEARCH', 'XE_TIMER_EVENT',
    'BROKER_TO_FLUSH', 'BROKER_TASK_STOP', 'CLR_MANUAL_EVENT', 'CLR_AUTO_EVENT',
    'DISPATCHER_QUEUE_SEMAPHORE', 'FT_IFTS_SCHEDULER_IDLE_WAIT',
    'XE_DISPATCHER_WAIT', 'XE_DISPATCHER_JOIN', 'SQLTRACE_INCREMENTAL_FLUSH_SLEEP'
)
ORDER BY wait_time_ms DESC;

-- ============================================
-- ACTIVE CONNECTIONS
-- ============================================

SELECT 
    session_id,
    login_name,
    host_name,
    program_name,
    DB_NAME(database_id) AS database_name,
    status,
    cpu_time,
    memory_usage,
    total_scheduled_time,
    total_elapsed_time,
    last_request_start_time,
    last_request_end_time,
    reads,
    writes,
    logical_reads
FROM sys.dm_exec_sessions
WHERE is_user_process = 1
ORDER BY cpu_time DESC;

PowerShell monitoring:

# Get SQL Server performance counters
Get-Counter "\SQLServer:Databases(*)\Data File(s) Size (KB)" | 
    Select-Object -ExpandProperty CounterSamples | 
    Where-Object { $_.CookedValue -gt 0 } | 
    Sort-Object CookedValue -Descending | 
    Select-Object -First 10

# Monitor blocking
$query = @"
SELECT * FROM sys.dm_exec_requests 
WHERE blocking_session_id > 0
"@
Invoke-Sqlcmd -ServerInstance "ServerName" -Query $query

-- SQL Server User and Permission Management
-- Enterprise security best practices

-- ============================================
-- CREATE LOGIN (Server-level)
-- ============================================

-- Windows Authentication login
CREATE LOGIN [DOMAIN\username] FROM WINDOWS;

-- SQL Server Authentication login
CREATE LOGIN [sql_user] 
WITH PASSWORD = 'StrongPassword123!',
     CHECK_POLICY = ON,
     CHECK_EXPIRATION = ON,
     DEFAULT_DATABASE = [master];

-- ============================================
-- CREATE USER (Database-level)
-- ============================================

USE [DatabaseName];
GO

-- Create user from login
CREATE USER [db_user] FOR LOGIN [sql_user];

-- Create user with default schema
CREATE USER [db_user] 
FOR LOGIN [sql_user]
WITH DEFAULT_SCHEMA = [dbo];

-- ============================================
-- ROLE MANAGEMENT
-- ============================================

-- Add user to database role
ALTER ROLE [db_datareader] ADD MEMBER [db_user];
ALTER ROLE [db_datawriter] ADD MEMBER [db_user];
ALTER ROLE [db_ddladmin] ADD MEMBER [db_user];

-- Create custom database role
CREATE ROLE [CustomRole];
ALTER ROLE [CustomRole] ADD MEMBER [db_user];

-- Add user to server role
ALTER SERVER ROLE [sysadmin] ADD MEMBER [sql_user];
ALTER SERVER ROLE [dbcreator] ADD MEMBER [sql_user];

-- ============================================
-- GRANT PERMISSIONS
-- ============================================

-- Grant object-level permissions
GRANT SELECT, INSERT, UPDATE ON [dbo].[TableName] TO [db_user];
GRANT EXECUTE ON [dbo].[StoredProcedure] TO [db_user];

-- Grant schema-level permissions
GRANT SELECT, INSERT, UPDATE ON SCHEMA::[dbo] TO [db_user];

-- Grant database-level permissions
GRANT CREATE TABLE TO [db_user];
GRANT CREATE VIEW TO [db_user];
GRANT CREATE PROCEDURE TO [db_user];

-- Grant server-level permissions
GRANT VIEW SERVER STATE TO [sql_user];
GRANT VIEW ANY DATABASE TO [sql_user];

-- ============================================
-- DENY PERMISSIONS
-- ============================================

DENY DELETE ON [dbo].[TableName] TO [db_user];
DENY ALTER ON SCHEMA::[dbo] TO [db_user];

-- ============================================
-- VIEW PERMISSIONS
-- ============================================

-- List database users
SELECT name, type_desc, default_schema_name
FROM sys.database_principals
WHERE type IN ('S', 'U', 'G')
ORDER BY name;

-- List user permissions
SELECT 
    dp.name AS UserName,
    dp.type_desc AS UserType,
    p.permission_name,
    p.state_desc,
    o.name AS ObjectName
FROM sys.database_permissions p
JOIN sys.database_principals dp ON p.grantee_principal_id = dp.principal_id
LEFT JOIN sys.objects o ON p.major_id = o.object_id
WHERE dp.name = 'db_user';

-- List role members
SELECT 
    r.name AS RoleName,
    m.name AS MemberName
FROM sys.database_role_members rm
JOIN sys.database_principals r ON rm.role_principal_id = r.principal_id
JOIN sys.database_principals m ON rm.member_principal_id = m.principal_id
ORDER BY r.name, m.name;

-- ============================================
-- MODIFY USER
-- ============================================

-- Change user default schema
ALTER USER [db_user] WITH DEFAULT_SCHEMA = [sales];

-- Rename user
ALTER USER [old_name] WITH NAME = [new_name];

-- ============================================
-- REMOVE USER/LOGIN
-- ============================================

-- Remove user from role
ALTER ROLE [db_datareader] DROP MEMBER [db_user];

-- Drop database user
DROP USER [db_user];

-- Drop login
DROP LOGIN [sql_user];

PowerShell user management:

# Create SQL Server login
$login = New-SqlLogin -ServerInstance "ServerName" `
    -LoginName "sql_user" `
    -LoginType SqlLogin `
    -Password "StrongPassword123!" `
    -Enable `
    -EnforcePasswordPolicy `
    -EnforcePasswordExpiration

# Create database user
New-SqlUser -ServerInstance "ServerName" `
    -Database "DatabaseName" `
    -Name "db_user" `
    -LoginName "sql_user"

# Add user to role
Add-SqlRoleMember -ServerInstance "ServerName" `
    -Database "DatabaseName" `
    -RoleName "db_datareader" `
    -MemberName "db_user"