Oracle 安全
Oracle 安全
1.監聽設定密碼
oracle@cmwapgw1:~> lsnrctl
LSNRCTL for Linux: Version 9.2.0.4.0 - Production on 18-AUG-2012 03:04:11
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener
Current Listener is LISTENER
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.11)(PORT=1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.11)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.ora
Old Parameter File /opt/oracle/product/9.2.0/network/admin/listener.bak
The command completed successfully
LSNRCTL> exit
Current Listener is LISTENER
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.11)(PORT=1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.11)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.ora
Old Parameter File /opt/oracle/product/9.2.0/network/admin/listener.bak
The command completed successfully
LSNRCTL> exit
oracle@cmwapgw1:~> more /opt/oracle/product/9.2.0/network/admin/listener.ora
# LISTENER.ORA Network Configuration File: /opt/oracle/product/9.2.0/network/admin/listener.ora
# Generated by Oracle configuration tools.
# LISTENER.ORA Network Configuration File: /opt/oracle/product/9.2.0/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =(SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /opt/oracle/product/9.2.0) (PROGRAM = extproc)))
LISTENER =(DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.11)(PORT = 1521))) (ADDRESS_LIST = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC)))))
#----ADDED BY TNSLSNR 18-AUG-2012 03:04:56---
PASSWORDS_LISTENER = 1DF5C2FD0FE9CFA2-----------------------------------監聽設定的密碼
#--------------------------------------------
PASSWORDS_LISTENER = 1DF5C2FD0FE9CFA2-----------------------------------監聽設定的密碼
#--------------------------------------------
oracle@cmwapgw1:~> lsnrctl stop
LSNRCTL for Linux: Version 9.2.0.4.0 - Production on 18-AUG-2012 03:08:34
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.11)(PORT=1521)))
TNS-01169: The listener has not recognized the password
TNS-01169: The listener has not recognized the password
可以看出,監聽設定密碼後,不能直接在通過lsnrctl stop停止監聽,需要lsnrctl進入監聽再進行相關操作
Oracle密碼安全
SQL> alter profile DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 6;
SQL> alter profile DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 6;
SQL> alter profile DEFAULT LIMIT PASSWORD_REUSE_MAX 5;
SQL> alter profile DEFAULT LIMIT PASSWORD_LIFE_TIME 90;
SQL> @?/rdbms/admin/utlpwdmg
SQL> alter profile DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION verify_function;
Oracle安全加固選項操作如下
1.
撤銷pulic組的使用UTL_FILE、UTL_HTTP、UTL_TCP、UTL_SMTP的許可權
SQL> conn / as sysdba
Connected.
回收public使用UTL_FILE許可權
SQL> revoke execute on UTL_FILE from public;
Revoke succeeded.
回收public使用UTL_TCP許可權
SQL> revoke execute on UTL_TCP from public;
Revoke succeeded.
回收public使用UTL_HTTP許可權
SQL> revoke execute on UTL_HTTP from public;
Revoke succeeded.
回收public使用UTL_SMTP許可權
SQL> revoke execute on UTL_SMTP from public;
Revoke succeeded.
2.
檢查TNSNAMES.ORA和LISTENER.ORA檔案,刪除icache_extproc、PLSExtproc和extproc條目
a. 使用Oracle登入資料庫伺服器
su - oracle
b. 檢查tnsnames.ora,vi
$ORACLE_HOME/network/admin/tnsnames.ora,
如有icache_extproc、PLSExtproc和extproc,請郵件反饋結果
c. 檢查listener.ora,vi
$ORACLE_HOME/network/admin/listener.ora,如果存在則:
1)修改
(SID_NAME = PLSExtProc)為
(SID_NAME =
CMCCWAP) 、注:CMCCWAP為Oracle
例項名稱instance_name
2)修改
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
為
(ADDRESS = (PROTOCOL = IPC)(KEY = CMCCWAP)) 、注:CMCCWAP為Oracle 例項名稱instance_name
3)刪除(PROGRAM = extproc)一行
Oracle重建密碼檔案(需重啟資料庫)
oracle@linux-u72z:~> cd $ORACLE_HOME/dbs/
oracle@linux-u72z:~/product/9.2.0/dbs> orapwd file=orapw password=oracle entries=10;
SQL> shutdown immeidate;
SQL> startup;
SQL> select * from v$pwfile_users;
USERNAME SYSDB SYSOP
------------------------------ ----- -----
SYS TRUE TRUE
------------------------------ ----- -----
SYS TRUE TRUE
Oracle10g修改WEEKNIGHT_WINDOW、WEEKEND_WINDOW
begin
sys.dbms_scheduler.set_attribute(name => 'SYS.WEEKNIGHT_WINDOW', attribute => 'repeat_interval', value => 'Freq=daily;ByDay=MON,TUE,WED,THU,FRI;ByHour=01;ByMinute=0;BySecond=0');
end;
/
sys.dbms_scheduler.set_attribute(name => 'SYS.WEEKNIGHT_WINDOW', attribute => 'repeat_interval', value => 'Freq=daily;ByDay=MON,TUE,WED,THU,FRI;ByHour=01;ByMinute=0;BySecond=0');
end;
/
begin
sys.dbms_scheduler.set_attribute(name => 'SYS.WEEKEND_WINDOW', attribute => 'repeat_interval', value => 'Freq=daily;ByDay=Sat, Sun;ByHour=01;ByMinute=0;BySecond=0');
sys.dbms_scheduler.set_attribute(name => 'SYS.WEEKEND_WINDOW', attribute => 'duration', value => '0 08:00:00');
end;
/
sys.dbms_scheduler.set_attribute(name => 'SYS.WEEKEND_WINDOW', attribute => 'repeat_interval', value => 'Freq=daily;ByDay=Sat, Sun;ByHour=01;ByMinute=0;BySecond=0');
sys.dbms_scheduler.set_attribute(name => 'SYS.WEEKEND_WINDOW', attribute => 'duration', value => '0 08:00:00');
end;
/
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/17252115/viewspace-741326/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle安全配置Oracle
- oracle安全性Oracle
- 【安全】Oracle 安全管理與審計(二)Oracle
- oracle密碼安全管理Oracle密碼
- oracle 密碼安全 (zt)Oracle密碼
- ORACLE之常用FAQ:ORACLE網路與安全Oracle
- oracle 安全性引數Oracle
- Oracle 標籤安全 LABELOracle
- Oracle安全機制--審記Oracle
- 【安全】oracle 標準審計Oracle
- Oracle高階安全管理手冊Oracle
- 安全關閉Oracle資料庫Oracle資料庫
- oracle net manager 資料傳輸安全Oracle
- Oracle資料庫安全資源-1Oracle資料庫
- Apps DBA 談Oracle EBS 安全APPOracle
- oracle資料安全面面觀(轉)Oracle
- 保護Oracle資料庫的安全Oracle資料庫
- 如何安全解除安裝Oracle RAC(轉)Oracle
- OracleLabelSecurity(Oracle標籤安全性)Oracle
- Oracle資料庫安全策略(轉)Oracle資料庫
- Oracle 承諾整合Fusion的安全特性(轉)Oracle
- 杜絕安全隱患 容易忽視的Oracle安全問題(轉)Oracle
- 著名安全專家Litchfield對Oracle開火Oracle
- 加固Oracle安全,為監聽設定口令Oracle
- Oracle高階安全管理手冊總結Oracle
- Oracle 10g資料安全策略Oracle 10g
- Oracle資料庫的安全策略(轉)Oracle資料庫
- Oracle安全:SCN可能最大值與耗盡問題Oracle安全:SCN可能最大值與耗盡問題Oracle
- 利用ORACLE VPD實現使用者安全控制Oracle
- Oracle安全 - 虛擬專用資料庫 VPDOracle資料庫
- 資料安全警示錄——Oracle DBA手記4Oracle
- Oracle 資料庫安全許可權配置標準Oracle資料庫
- ORACLE11g密碼安全與過期策略Oracle密碼
- 利用Oracle VPD實現行級安全保護(二)Oracle
- 利用Oracle VPD實現行級安全保護(一)Oracle
- 《Oracle Database 10g安全性高效設計》OracleDatabase
- 使用Oracle外部身份認證增強安全性Oracle
- oracle network 管理之安全(b14266)Oracle