Shulou(Shulou.com)06/01 Report--

1. Background:

At the beginning of 2020, we have added a word "network protection operation" to our work, which has never been heard of before; this is a security concept put forward at the national level in order to ensure information security. Various organizations organize security drills on a regular basis. Our database level in order to deal with this security exercise also put forward their own ideas, database whitelist policy to restrict illegal equipment access to the database. This is the whole background for this configuration to monitor the whitelist.

Second, technical strategy:

Edit the sqlnet.ora file

# enable ip restriction feature

1tcp.validnodechecking = yes

# allow access to the list of IP addresses of the database. Multiple IP addresses are separated by commas

(192.168.1.5192.168.1.6)

# prohibit access to the IP address list of the database. Multiple IP addresses are separated by commas

1tcp. Located located at (192.168.1.1) 10.10.10.1)

Note:

1. The listener needs to be restarted to take effect.

2. This method is only suitable for TCP protocol and is suitable for versions above 9i. The file protocol.ora was used in versions prior to 9i.

3, the second line and the third line can be written on any one line, if both tcp.invited_nodes and tcp.excluded_nodes exist, mainly tcp.invited_nodes.

4. Do not disable the local IP address of the server, otherwise you will not be able to start or stop listening through lsnrctl, because the process listener will access the listener through the native IP.

III. Operation steps

3.1 obtain the device address of hierarchical access from the monitoring log:

1 2 3 456 7grep HOST listener.log | awk-F 'HOST='' {print $3}'| awk'{print $1}'| awk-F')'{print $1}'| grep-v jdbc | sort | uniq | wc-l & & grep HOST listener.log | awk-F 'HOST='' {print $3}'| awk'{print $1}'| awk-F')'{print $1}'| grep-v jdbc | sort | uniq 5 192.168.1.1 192. 168.1.2 192.168.1.3 192.168.1.4 192.168.1.71

3.2 address formatting

1 2tr-s "\ n", "alter system register; System altered. SQL >! lsnrctl status LSNRCTL for Linux: Version 11.2.0.4.0-Production on 28-JUL-2020 19:30:36 Copyright (c) 1991, 2013, Oracle. All rights reserved. Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=TestDB) (PORT=1521)) STATUS of the LISTENER-Alias LISTENER Version TNSLSNR for Linux: Version 11.2.0.4.0-Production Start Date 28-JUL-2020 19:30:25 Uptime 0 days 0 hr. 0 min. 11 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File / u01/app/oracle/product/11. 2.0 / db_1/network/admin/listener .ora Listener Log File / u01/app/oracle/diag/tnslsnr/TestDB/listener/alert/log .xml Listening Endpoints Summary... (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=TestDB) (PORT=1521) (DESCRIPTION= (ADDRESS= (PROTOCOL=ipc) (KEY=EXTPROC1521) Services Summary... Service "ORCL" has 1 instance (s). Instance "ORCL1", status READY, has 1 handler (s) for this service... Service "ORCL1XDB" has 1 instance (s). The command completed successfully

Original link: http://blog.itpub.net/20674423/viewspace-2707617/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.