熱點推薦:
您现在的位置: 電腦知識網 >> 編程 >> Oracle >> 正文

實例講解Oracle監聽口令及監聽器安全

2013-11-13 15:46:04  來源: Oracle 

  很多人都知道Oracle的監聽器一直存在著一個安全隱患假如不設置安全措施那麼能夠訪問的用戶就可以遠程關閉監聽器

  相關示例

  

  D:\>lsnrctl stop eygle LSNRCTL for bit Windows: Version Production on :: Copyright (c) Oracle All rights reserved 正在連接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)) (CONNECT_DATA=(SERVICE_NAME=eygle))) 命令執行成功

  

  大家可以發現此時缺省的監聽器的日志還無法記錄操作地址

  

  No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=))) NOV :: * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=Administrator))(COMMAND=stop) (ARGUMENTS=)(SERVICE=eygle)(VERSION=)) * stop *

  為了更好的保證監聽器的安全大家最好為監聽設置密碼

  

  [oracle@jumper log]$ lsnrctl LSNRCTL for Linux: Version Production on NOV :: Copyright (c) Oracle Corporation All rights reserved Welcome to LSNRCTL type help for information LSNRCTL> set current_listener listener Current Listener is listener LSNRCTL> change_password Old password: New password: Reenter new password: Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=))) Password changed for listener The command completed successfully LSNRCTL> set password Password: The command completed successfully LSNRCTL> save_config Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=))) Saved LISTENER configuration parameters Listener Parameter File /opt/oracle/product//network/admin/listenerora Old Parameter File /opt/oracle/product//network/admin/listenerbak The command completed successfully

  

  在我們設置密碼後遠程操作將會因缺失密碼而出現失敗

  

  D:\>lsnrctl stop eygle LSNRCTL for bit Windows: Version Production on :: Copyright (c) Oracle All rights reserved 正在連接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=) (PORT=))(CONNECT_DATA=(SERVICE_NAME=eygle))) TNS: 監聽程序尚未識別口令

  注意此時在服務器端或客戶端都需要我們通過密碼來起停監聽器

  

  LSNRCTL> set password Password: The command completed successfully LSNRCTL> stop Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=))) The command completed successfully LSNRCTL> start Starting /opt/oracle/product//bin/tnslsnr: please wait TNSLSNR for Linux: Version Production System parameter file is /opt/oracle/product//network/admin/listenerora Log messages written to /opt/oracle/product//network/log/listenerlog Trace information written to /opt/oracle/product//network/trace/listenertrc Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=))) Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=))) STATUS of the LISTENER Alias LISTENER Version TNSLSNR for Linux: Version Production Start Date NOV :: Uptime days hr min sec Trace Level support Security ON SNMP OFF Listener Parameter File /opt/oracle/product//network/admin/listenerora Listener Log File /opt/oracle/product//network/log/listenerlog Listener Trace File /opt/oracle/product//network/trace/listenertrc Listening Endpoints Summary (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=))) Services Summary Service eygle has instance(s) Instance eygle status UNKNOWN has handler(s) for this service Service julia has instance(s) Instance eygle status UNKNOWN has handler(s) for this service The command completed successfully

  另外ADMIN_RESTRICTIONS參數也是一個重要的安全選項大家可以在 listenerora 文件中設置 ADMIN_RESTRICTIONS_
為 ON此後所有在運行時對監聽器的修改都將會被阻止所有對監聽器的修改都必須通過手工修改listenerora文件才能順利完成


From:http://tw.wingwit.com/Article/program/Oracle/201311/17273.html
  • 上一篇文章:

  • 下一篇文章:
  • 推薦文章
    Copyright © 2005-2013 電腦知識網 Computer Knowledge   All rights reserved.