熱點推薦:
您现在的位置: 電腦知識網 >> 編程 >> Oracle >> 正文

Oracle監聽口令及監聽器安全

2013-11-13 15:41:30  來源: Oracle 

  很多人都知道Oracle的監聽器一直存在著一個安全隱患假如不設置安全措施那麼能夠訪問的用戶就可以遠程關閉監聽器

  相關示例          D:\>lsnrctl stop eygle
        LSNRCTL for bit Windows: Version Production on ::
        Copyright (c) Oracle All rights reserved

  正在連接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=))

  (CONNECT_DATA=(SERVICE_NAME=eygle)))

  命令執行成功

  大家可以發現此時缺省的監聽器的日志還無法記錄操作地址          No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=)))
        NOV :: * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=Administrator))(COMMAND=stop)
        (ARGUMENTS=)(SERVICE=eygle)(VERSION=)) * stop *

  為了更好的保證監聽器的安全大家最好為監聽設置密碼          [oracle@jumper log]$ lsnrctl
        LSNRCTL for Linux: Version Production on NOV ::
        Copyright (c) Oracle Corporation All rights reserved
        Welcome to LSNRCTL type help for information
        LSNRCTL> set current_listener listener
        Current Listener is listener
        LSNRCTL> change_password
        Old password:
        New password:
        Reenter new password:
        Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)))
        Password changed for listener
        The command completed successfully
        LSNRCTL> set password
        Password:
        The command completed successfully
        LSNRCTL> save_config
        Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)))
        Saved LISTENER configuration parameters
        Listener Parameter File /opt/oracle/product//network/admin/listenerora
        Old Parameter File /opt/oracle/product//network/admin/listenerbak
        The command completed successfully

  在我們設置密碼後遠程操作將會因缺失密碼而出現失敗

            D:\>lsnrctl stop eygle
        LSNRCTL for bit Windows: Version Production on ::
        Copyright (c) Oracle All rights reserved

  正在連接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)

  (PORT=))(CONNECT_DATA=(SERVICE_NAME=eygle)))

  TNS: 監聽程序尚未識別口令

  注意此時在服務器端或客戶端都需要我們通過密碼來起停監聽器          LSNRCTL> set password
        Password:
        The command completed successfully
        LSNRCTL> stop
        Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)))
        The command completed successfully
        LSNRCTL> start
        Starting /opt/oracle/product//bin/tnslsnr: please wait
        TNSLSNR for Linux: Version Production
        System parameter file is /opt/oracle/product//network/admin/listenerora
        Log messages written to /opt/oracle/product//network/log/listenerlog
        Trace information written to /opt/oracle/product//network/trace/listenertrc
        Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=)))
        Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)))
        STATUS of the LISTENER
       
        Alias LISTENER
        Version TNSLSNR for Linux: Version Production
        Start Date NOV ::
        Uptime days hr min sec
        Trace Level support
        Security ON
        SNMP OFF
        Listener Parameter File /opt/oracle/product//network/admin/listenerora
        Listener Log File /opt/oracle/product//network/log/listenerlog
        Listener Trace File /opt/oracle/product//network/trace/listenertrc
        Listening Endpoints Summary
        (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=)))
        Services Summary
        Service eygle has instance(s)
        Instance eygle status UNKNOWN has handler(s) for this service
        Service julia has instance(s)
        Instance eygle status UNKNOWN has handler(s) for this service
        The command completed successfully

  另外ADMIN_RESTRICTIONS參數也是一個重要的安全選項大家可以在 listenerora 文件中設置 ADMIN_RESTRICTIONS_ 為 ON此後所有在運行時對監聽器的修改都將會被阻止所有對監聽器的修改都必須通過手工修改listenerora文件才能順利完成


From:http://tw.wingwit.com/Article/program/Oracle/201311/17148.html
    推薦文章
    Copyright © 2005-2013 電腦知識網 Computer Knowledge   All rights reserved.