加固Oracle安全,為監聽設定口令
近日安全部門在對系統進行安全掃描檢查時,報出有幾套庫的監聽LISTENER的口令沒有設定的警告資訊,大部分系統的監聽口令都是被設定的,僅有少量的幾套9I和10G的監聽沒有配置口令,既然要做這項工作,就先做個測試,也與大家分享下。
在10G版本上的測試:
[oracle@ligle-db
admin]$ lsnrctl
LSNRCTL for Linux: Version 10.2.0.4.0 - Production on 12-APR-2011 12:49:20
Copyright (c) 1991, 2007, Oracle. All
rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener LIGLEWANG_LSNR -
- >設定為當前監聽
Current Listener is LIGLEWANG_LSNR
LSNRCTL> change_password -
- >改變密碼
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ligle-db)(PORT=8000)))
Password changed for LIGLEWANG_LSNR
The command completed successfully
LSNRCTL> save_config -
- >儲存配置
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ligle-db)(PORT=8000)))
Saved LIGLEWANG_LSNR configuration parameters.
Listener Parameter File
/u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Old Parameter File
/u01/app/oracle/product/10.2.0/db_1/network/admin/listener.bak
The command completed successfully
LSNRCTL> status -
- >查詢監聽狀態
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ligle-db)(PORT=8000)))
STATUS of the LISTENER
------------------------
Alias LIGLEWANG_LSNR
Version TNSLSNR for
Linux: Version 10.2.0.4.0 – Production
Start Date 12-APR-2011
12:46:46
Uptime 0 days 0 hr. 3
min. 44 sec
Trace Level off
Security ON: Password or Local OS
Authentication
SNMP OFF
Listener Parameter File
/u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Listener Log File
u01/app/oracle/product/10.2.0/db_1/network/log/liglewang_lsnr.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ligle-db)(PORT=8000)))
The listener supports no services
The command completed successfully
在status命令的輸出中,可以看到有這樣一行:
Security ON: Password or Local OS Authentication
該行表示使用本地作業系統認證,這種認證方式在我們對監聽進行維護時是不需要輸入口令的,這也是跟9i的一個小差別。當然也不是任何登入到OS中的使用者都可以對LISTENER進行維護的,比如系統中存在ligle這樣的一個使用者:
[ligle@ligle-db
~]$ id - - >當前OS使用者為ligle
uid=503(ligle) gid=501(oinstall) groups=501(oinstall),502(dba)
[ligle@ligle-db ~]$ lsnrctl
LSNRCTL for Linux: Version 10.2.0.4.0 - Production on 12-APR-2011 13:16:17
Copyright (c) 1991, 2007, Oracle. All
rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener LIGLEWANG_LSNR -
- >設定為當前監聽
Current Listener is LIGLEWANG_LSNR
LSNRCTL> status -
- >檢視監聽狀態(此操作沒問題)
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ligle-db)(PORT=8000)))
STATUS of the LISTENER
------------------------
Alias LIGLEWANG_LSNR
Version TNSLSNR for
Linux: Version 10.2.0.4.0 – Production
Start Date 12-APR-2011
12:46:46
Uptime 0 days 0 hr. 29
min. 44 sec
Trace Level off
Security ON: Password or
Local OS Authentication
SNMP OFF
Listener Parameter File
/u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Listener Log File
u01/app/oracle/product/10.2.0/db_1/network/log/liglewang_lsnr.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ligle-db)(PORT=8000)))
The listener supports no services
The command completed successfully
LSNRCTL> stop -
- >停止監聽(報錯)
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ligle-db)(PORT=8000)))
TNS-01190: The
user is not authorized to execute the requested listener command
LSNRCTL> set password -
- >輸入密碼
Password:
The command completed successfully
LSNRCTL> stop -
- >停止監聽(正常)
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ligle-db)(PORT=8000)))
The command completed successfully
可以看到OS使用者ligle在對stop監聽的時候,報TNS-01190錯誤,這是因為該使用者沒有輸入監聽口令所致;在透過set password設定口令之後,方可對監聽執行維護操作。
Bset Regards
2011.11.05
--The End—
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/25834554/viewspace-710259/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 為監聽設定密碼密碼
- 為listener設定口令!
- ORACLE listener監聽設定密碼Oracle密碼
- 為監聽設定密碼防止遠端關閉監聽密碼
- ORACLE資料庫安全漏洞之監聽密碼設定Oracle資料庫密碼
- 設定 Oracle 監聽器密碼(LISTENER)Oracle密碼
- 監聽設定密碼密碼
- Androidx為Fragment中的按鈕設定監聽AndroidFragment
- oracle 設定監聽白名單,並且怎麼設定白名單地址Oracle
- 設定USB資料監聽
- Oracle 監聽Oracle
- 域伺服器基礎設施設定與安全加固伺服器
- 設定Flume監聽檔案內容
- 設定USB無線網路卡為監聽模式大學霸IT達人模式
- Oracle監聽(1)Oracle
- ORACLE動態監聽與靜態監聽Oracle
- oracle靜態監聽和動態監聽Oracle
- 【oracle】動態監聽與靜態監聽Oracle
- Oracle 修改預設監聽埠故障分析Oracle
- 【DB寶49】Oracle如何設定DB、監聽和EM開機啟動Oracle
- 【Oracle】修改oracle監聽埠Oracle
- oracle 10g 監聽安全機制的加強Oracle 10g
- UNIX環境設定監聽埠的指令碼指令碼
- ios安全加固 ios 加固方案iOS
- oracle靜態監聽Oracle
- JMS監聽Oracle AQOracle
- oracle 監聽器配置Oracle
- Oracle監聽的作用Oracle
- ORACLE監聽簡介Oracle
- oracle 監聽重啟Oracle
- ORACLE 修改11.2.0.4 RAC 預設監聽埠號1521為1621Oracle
- vue監聽input是否為空(監聽值為物件某個屬性)Vue物件
- 多IP伺服器上監聽器的設定伺服器
- flash呼叫攝像頭彈出設定框監聽
- nginx安全加固Nginx
- Oracle10g RAC - 客戶端,Server端tnsnames.ora及監聽設定Oracle客戶端Server
- 【listener】oracle靜態監聽和動態監聽 【轉載】Oracle
- git gitinore設定失效,執行口令!Git