数据库安全检查监听是重点，设置监听密码

2024-04-02 19:04:59 741人浏览泡泡鱼

摘要

oracle 数据库监听的安全管理是比较容易忽略的一个问题，做一个测试禁用监听的本地验证功能，设置监听密码，数据库版本为11.2.0.4 1、默认配置listener.ora LISTENER =(DESC

oracle 数据库监听的安全管理是比较容易忽略的一个问题，做一个测试
禁用监听的本地验证功能，设置监听密码，数据库版本为11.2.0.4

1、默认配置listener.ora

LISTENER =
(DESCRIPTioN_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = tcp)(HOST = roidb01)(PORT = 1521))
)
)
SID_LIST_LISTENER=
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = orcl)
(ORACLE_HOME =/u01/app/oracle/product/11.2.0/dbhome_1)
(SID_NAME = orcl)
)
)
ADR_BASE_LISTENER = /u01/app/oracle

2、添加参数
LOCAL_OS_AUTHENTICATION_LISTENER = OFF

使用vi 添加以上参数如下：
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = roidb01)(PORT = 1521))
)
)
SID_LIST_LISTENER=
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = orcl)
(ORACLE_HOME =/u01/app/oracle/product/11.2.0/dbhome_1)
(SID_NAME = orcl)
)
)
ADR_BASE_LISTENER = /u01/app/oracle

LOCAL_OS_AUTHENTICATION_LISTENER = OFF

3、reload 监听
<roidb01:orcl:/home/oracle>$lsnrctl start
<roidb01:orcl:/home/oracle>$lsnrctl reload

LSNRCTL for linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:55:16

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))
The command completed successfully
<roidb01:orcl:/home/oracle>$ps -ef|grep tns
root 10 2 0 09:11 ? 00:00:00 [netns]
oracle 2809 1 0 10:55 ? 00:00:00 /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr LISTENER -inherit
oracle 2820 1898 0 10:55 pts/0 00:00:00 grep tns
<roidb01:orcl:/home/oracle>$

4、设置监听密码
<roidb01:orcl:/home/oracle>$lsnrctl

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:55:50

Welcome to LSNRCTL, type "help" for infORMation.

LSNRCTL> help
The following operations are available
An asterisk (*) denotes a modifier or extended command:

start stop status
services version reload
save_config trace spawn
change_passWord quit exit
set show

LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))
TNS-01169: The listener has not recognized the password

LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Old Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.bak
The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

STATUS of the LISTENER

Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 29-NOV-2018 10:55:01
Uptime 0 days 0 hr. 2 min. 14 sec
Trace Level off
Security ON: Password
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/roidb01/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=roidb01)(PORT=1521)))
Services Summary...
Service "ORCL_DGB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl" has 2 instance(s).
Instance "orcl", status UNKNOWN, has 1 handler(s) for this service...
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL>
5、关闭监听方法
<roidb01:orcl:/home/oracle>$lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:58:12

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))
TNS-01169: The listener has not recognized the password
<roidb01:orcl:/home/oracle>$lsnrctl

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:58:15

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))
The command completed successfully
LSNRCTL>

您可能感兴趣的文档:

--结束END--

本文标题: 数据库安全检查监听是重点，设置监听密码

本文链接: https://lsjlt.com/news/37734.html(转载时请注明来源链接)

有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341