威凡网全力打造:网页编程、软件开发编程、平面设计、服务器端开发、操作系统等在线学习平台!学编程,上威凡网!
数据库>> Mysql Sqlserver Oracle SQlite Access Sybase SQL其他
当前位置:首页 > 数据库 > Oracle
上一节 下一节
 实例讲解Oracle监听口令及监听器安全

      很多人都知道,oracle的监听器一直存在着一个安全隐患,假如不设置安全措施,那么能够访问的用户就可以远程关闭监听器。

  相关示例:

  d:>lsnrctl stop eygle

  lsnrctl for 32-bit windows: version 10.2.0.3.0 - production on 28-11月-2007 10:02:40

  copyright (c) 1991, 2006, oracle. all rights reserved.

  正在连接到 (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521))

  (connect_data=(service_name=eygle)))

  命令执行成功

  大家可以发现,此时缺省的监听器的日志还无法记录操作地址:

  no longer listening on: (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

  28-nov-2007 09:59:20 * (connect_data=(cid=(program=)(host=)(user=administrator))(command=stop)

  (arguments=64)(service=eygle)(version=169870080)) * stop * 0

  为了更好的保证监听器的安全,大家最好为监听设置密码:

  [oracle@jumper log]$ lsnrctl

  lsnrctl for linux: version 9.2.0.4.0 - production on 28-nov-2007 10:18:17

  copyright (c) 1991, 2002, oracle corporation. all rights reserved.

  welcome to lsnrctl, type "help" for information.

  lsnrctl> set current_listener listener

  current listener is listener

  lsnrctl> change_password

  old password:

  new password:

  reenter new password:

  connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

  password changed for listener

  the command completed successfully

  lsnrctl> set password

  password:

  the command completed successfully

  lsnrctl> save_config

  connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

  saved listener configuration parameters.

  listener parameter file /opt/oracle/product/9.2.0/network/admin/listener.ora

  old parameter file /opt/oracle/product/9.2.0/network/admin/listener.bak

  the command completed successfully

  在我们设置密码后,远程操作将会因缺失密码而出现失败:

  d:>lsnrctl stop eygle

  lsnrctl for 32-bit windows: version 10.2.0.3.0 - production on 28-11月-2007 10:22:57

  copyright (c) 1991, 2006, oracle. all rights reserved.

  正在连接到 (description=(address=(protocol=tcp)(host=172.16.33.11)

  (port=1521))(connect_data=(service_name=eygle)))

  tns-01169: 监听程序尚未识别口令

  注意:此时在服务器端或客户端,,都需要我们通过密码来起停监听器:

  lsnrctl> set password

  password:

  the command completed successfully

  lsnrctl> stop

  connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

  the command completed successfully

  lsnrctl> start

  starting /opt/oracle/product/9.2.0/bin/tnslsnr: please wait...

  tnslsnr for linux: version 9.2.0.4.0 - production

  system parameter file is /opt/oracle/product/9.2.0/network/admin/listener.ora

  log messages written to /opt/oracle/product/9.2.0/network/log/listener.log

  trace information written to /opt/oracle/product/9.2.0/network/trace/listener.trc

  listening on: (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

  connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

  status of the listener

  ------------------------

  alias listener

  version tnslsnr for linux: version 9.2.0.4.0 - production

  start date 28-nov-2007 10:22:23

  uptime 0 days 0 hr. 0 min. 0 sec

  trace level support

  security on

  snmp off

  listener parameter file /opt/oracle/product/9.2.0/network/admin/listener.ora

  listener log file /opt/oracle/product/9.2.0/network/log/listener.log

  listener trace file /opt/oracle/product/9.2.0/network/trace/listener.trc

  listening endpoints summary...

  (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

  services summary...

  service "eygle" has 1 instance(s).

  instance "eygle", status unknown, has 1 handler(s) for this service...

  service "julia" has 1 instance(s).

  instance "eygle", status unknown, has 1 handler(s) for this service...

  the command completed successfully

  另外,admin_restrictions参数也是一个重要的安全选项,大家可以在 listener.ora 文件中设置 admin_restrictions_ 为 on,此后所有在运行时对监听器的修改都将会被阻止,所有对监听器的修改都必须通过手工修改listener.ora文件才能顺利完成。


申明:本教程内容由威凡网编辑整理并提供IT程序员分享学习,如文中有侵权行为,请与站长联系(QQ:254677821)!
上一节 下一节
相关教程  
其他教程  
Mysql
Sqlserver
Oracle
SQlite
Access
Sybase
SQL其他

违法和不良信息举报中心】邮箱:254677821@qq.com
Copyright©威凡网 版权所有 苏ICP备2023020142号
站长QQ:254677821