實例講解oracle監(jiān)聽口令及監(jiān)聽器安全
來源:易賢網(wǎng) 閱讀:884 次 日期:2014-10-21 14:09:49
溫馨提示:易賢網(wǎng)小編為您整理了“實例講解oracle監(jiān)聽口令及監(jiān)聽器安全”,方便廣大網(wǎng)友查閱!

很多人都知道,oracle的監(jiān)聽器一直存在著一個安全隱患,假如不設置安全措施,那么能夠訪問的用戶就可以遠程關閉監(jiān)聽器。

相關示例:

d:>lsnrctl stop eygle

lsnrctl for 32-bit windows: version 10.2.0.3.0 - production on 28-11月-2007 10:02:40

copyright (c) 1991, 2006, oracle. all rights reserved.

正在連接到 (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521))

(connect_data=(service_name=eygle)))

命令執(zhí)行成功

大家可以發(fā)現(xiàn),此時缺省的監(jiān)聽器的日志還無法記錄操作地址:

no longer listening on: (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

28-nov-2007 09:59:20 * (connect_data=(cid=(program=)(host=)(user=administrator))(command=stop)

(arguments=64)(service=eygle)(version=169870080)) * stop * 0

為了更好的保證監(jiān)聽器的安全,大家最好為監(jiān)聽設置密碼:

[oracle@jumper log]$ lsnrctl

lsnrctl for linux: version 9.2.0.4.0 - production on 28-nov-2007 10:18:17

copyright (c) 1991, 2002, oracle corporation. all rights reserved.

welcome to lsnrctl, type help for information.

lsnrctl> set current_listener listener

current listener is listener

lsnrctl> change_password

old password:

new password:

reenter new password:

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

password changed for listener

the command completed successfully

lsnrctl> set password

password:

the command completed successfully

lsnrctl> save_config

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

saved listener configuration parameters.

listener parameter file /opt/oracle/product/9.2.0/network/admin/listener.ora

old parameter file /opt/oracle/product/9.2.0/network/admin/listener.bak

the command completed successfully

在我們設置密碼后,遠程操作將會因缺失密碼而出現(xiàn)失敗:

d:>lsnrctl stop eygle

lsnrctl for 32-bit windows: version 10.2.0.3.0 - production on 28-11月-2007 10:22:57

copyright (c) 1991, 2006, oracle. all rights reserved.

正在連接到 (description=(address=(protocol=tcp)(host=172.16.33.11)

(port=1521))(connect_data=(service_name=eygle)))

tns-01169: 監(jiān)聽程序尚未識別口令

注意:此時在服務器端或客戶端,都需要我們通過密碼來起停監(jiān)聽器:

lsnrctl> set password

password:

the command completed successfully

lsnrctl> stop

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

the command completed successfully

lsnrctl> start

starting /opt/oracle/product/9.2.0/bin/tnslsnr: please wait...

tnslsnr for linux: version 9.2.0.4.0 - production

system parameter file is /opt/oracle/product/9.2.0/network/admin/listener.ora

log messages written to /opt/oracle/product/9.2.0/network/log/listener.log

trace information written to /opt/oracle/product/9.2.0/network/trace/listener.trc

listening on: (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

connecting to (description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

status of the listener

------------------------

alias listener

version tnslsnr for linux: version 9.2.0.4.0 - production

start date 28-nov-2007 10:22:23

uptime 0 days 0 hr. 0 min. 0 sec

trace level support

security on

snmp off

listener parameter file /opt/oracle/product/9.2.0/network/admin/listener.ora

listener log file /opt/oracle/product/9.2.0/network/log/listener.log

listener trace file /opt/oracle/product/9.2.0/network/trace/listener.trc

listening endpoints summary...

(description=(address=(protocol=tcp)(host=172.16.33.11)(port=1521)))

services summary...

service eygle has 1 instance(s).

instance eygle, status unknown, has 1 handler(s) for this service...

service julia has 1 instance(s).

instance eygle, status unknown, has 1 handler(s) for this service...

the command completed successfully

另外,admin_restrictions參數(shù)也是一個重要的安全選項,大家可以在 listener.ora 文件中設置 admin_restrictions_ 為 on,此后所有在運行時對監(jiān)聽器的修改都將會被阻止,所有對監(jiān)聽器的修改都必須通過手工修改listener.ora文件才能順利完成。

更多信息請查看IT技術專欄

更多信息請查看數(shù)據(jù)庫
易賢網(wǎng)手機網(wǎng)站地址:實例講解oracle監(jiān)聽口令及監(jiān)聽器安全

2025國考·省考課程試聽報名

  • 報班類型
  • 姓名
  • 手機號
  • 驗證碼
關于我們 | 聯(lián)系我們 | 人才招聘 | 網(wǎng)站聲明 | 網(wǎng)站幫助 | 非正式的簡要咨詢 | 簡要咨詢須知 | 加入群交流 | 手機站點 | 投訴建議
工業(yè)和信息化部備案號:滇ICP備2023014141號-1 云南省教育廳備案號:云教ICP備0901021 滇公網(wǎng)安備53010202001879號 人力資源服務許可證:(云)人服證字(2023)第0102001523號
聯(lián)系電話:0871-65099533/13759567129 獲取招聘考試信息及咨詢關注公眾號:hfpxwx
咨詢QQ:526150442(9:00—18:00)版權所有:易賢網(wǎng)