实例讲解oracle监听口令及监听器安全
来源: 阅读:859 次 日期:2014-10-21 14:09:49
温馨提示: 小编为您整理了“实例讲解oracle监听口令及监听器安全”,方便广大网友查阅!

很多人都知道,oracle的监听器一直存在着一个安全隐患,假如不设置安全措施,那么能够访问的用户就可以远程关闭监听器。

相关示例:

d:>lsnrctl stop eygle

lsnrctl for 32-bit windows: version 10.2.0.3.0 - production on 28-11月-2007 10:02:40

copyright (c) 1991, 2006, oracle. all rights reserved.

正在连接到 (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521))

(connect_data=(service_name=eygle)))

命令执行成功

大家可以发现,此时缺省的监听器的日志还无法记录操作地址:

no longer listening on: (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

28-nov-2007 09:59:20 * (connect_data=(cid=(program=)(host=)(user=administrator))(command=stop)

(arguments=64)(service=eygle)(version=169870080)) * stop * 0

为了更好的保证监听器的安全,大家最好为监听设置密码:

[oracle@jumper log]$ lsnrctl

lsnrctl for linux: version 9.2.0.4.0 - production on 28-nov-2007 10:18:17

copyright (c) 1991, 2002, oracle corporation. all rights reserved.

welcome to lsnrctl, type help for information.

lsnrctl> set current_listener listener

current listener is listener

lsnrctl> change_password

old password:

new password:

reenter new password:

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

password changed for listener

the command completed successfully

lsnrctl> set password

password:

the command completed successfully

lsnrctl> save_config

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

saved listener configuration parameters.

listener parameter file /opt/oracle/product/9.2.0/network/admin/listener.ora

old parameter file /opt/oracle/product/9.2.0/network/admin/listener.bak

the command completed successfully

在我们设置密码后,远程操作将会因缺失密码而出现失败:

d:>lsnrctl stop eygle

lsnrctl for 32-bit windows: version 10.2.0.3.0 - production on 28-11月-2007 10:22:57

copyright (c) 1991, 2006, oracle. all rights reserved.

正在连接到 (description=(address=(protocol=tcp)(host=172.16.33.11)

(port=1521))(connect_data=(service_name=eygle)))

tns-01169: 监听程序尚未识别口令

注意:此时在服务器端或客户端,都需要我们通过密码来起停监听器:

lsnrctl> set password

password:

the command completed successfully

lsnrctl> stop

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

the command completed successfully

lsnrctl> start

starting /opt/oracle/product/9.2.0/bin/tnslsnr: please wait...

tnslsnr for linux: version 9.2.0.4.0 - production

system parameter file is /opt/oracle/product/9.2.0/network/admin/listener.ora

log messages written to /opt/oracle/product/9.2.0/network/log/listener.log

trace information written to /opt/oracle/product/9.2.0/network/trace/listener.trc

listening on: (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

status of the listener

------------------------

alias listener

version tnslsnr for linux: version 9.2.0.4.0 - production

start date 28-nov-2007 10:22:23

uptime 0 days 0 hr. 0 min. 0 sec

trace level support

security on

snmp off

listener parameter file /opt/oracle/product/9.2.0/network/admin/listener.ora

listener log file /opt/oracle/product/9.2.0/network/log/listener.log

listener trace file /opt/oracle/product/9.2.0/network/trace/listener.trc

listening endpoints summary...

(description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

services summary...

service eygle has 1 instance(s).

instance eygle, status unknown, has 1 handler(s) for this service...

service julia has 1 instance(s).

instance eygle, status unknown, has 1 handler(s) for this service...

the command completed successfully

另外,admin_restrictions参数也是一个重要的安全选项,大家可以在 listener.ora 文件中设置 admin_restrictions_ 为 on,此后所有在运行时对监听器的修改都将会被阻止,所有对监听器的修改都必须通过手工修改listener.ora文件才能顺利完成。

更多信息请查看IT技术专栏

更多信息请查看数据库
由于各方面情况的不断调整与变化, 提供的所有考试信息和咨询回复仅供参考,敬请考生以权威部门公布的正式信息和咨询为准!

2025国考·省考课程试听报名

  • 报班类型
  • 姓名
  • 手机号
  • 验证码
关于我们 | 联系我们 | 人才招聘 | 网站声明 | 网站帮助 | 非正式的简要咨询 | 简要咨询须知 | 加入群交流 | 手机站点 | 投诉建议
工业和信息化部备案号:滇ICP备2023014141号-1 云南省教育厅备案号:云教ICP备0901021 滇公网安备53010202001879号 人力资源服务许可证:(云)人服证字(2023)第0102001523号
云南网警备案专用图标
联系电话:0871-65317125(9:00—18:00) 获取招聘考试信息及咨询关注公众号:
咨询QQ:526150442(9:00—18:00)版权所有:
云南网警报警专用图标
Baidu
map