Shulou(Shulou.com)06/01 Report--

Oracle user Management:

SQL*Plus

Create user username identified by password; / / create user

Grant permissions (dba= administrator, resource= ordinary user, connect= visitor) to username; / / authorization

Drop user user name cascade; / / Delete the user, add cascade will delete everything created by the user

Linux sets user timeout:

/ etc/profile / / mainly controls global variables, etc.

TMOUT / / set user no operation time, automatically disconnect, global (in seconds)

Linux to view user account restrictions:

/ etc/login.defs / / main control password validity period

PASS_MAX_DAYS / / longest usage cycle of user password

PASS_MIN_DAYS / / minimum usage cycle of user password

Minimum length of PASS_MIN_LEN / / user password

Prompt before PASS_WARN_AGE / / password expires

MD5_CRYPE_ENAB / / A pair of user passwords are encrypted with MD5

/ etc/pam.d/system-auth / / mainly control password complexity, etc.

Password requisite pam_cracklib.so

Retry / / if the password is not strong enough, the number of times you are allowed to reenter

Difok / / allows new and old passwords to have the same number of characters

Minlen / / minimum password length

Dcredit / / limit how many digits a new password must have

Ucredit / / limit how many uppercase letters a new password must have

Lcredit / / limit how many lowercase letters a new password must have

Ocredit / / limits how many special characters a new password must have

/ etc/pam.d/login / / mainly controls the number of logins. If all methods are limited, modify system-auth.

Auth required pam_tally2.so / / mainly controls the number of logins and locks out users

Even_deny_root / / also limits the number of logins for root users

Deny / / sets the maximum number of consecutive error logins for ordinary users and root users

Unlock_time / / sets the unlocking time of an ordinary user after locking (in seconds)

Root_unlock_time / / sets the unlocking time after the root user is locked (in seconds)

Oracle to view user account restrictions:

SQLPlus:select from dba_profiles; / / controls password policies and system resources

Password Policy:

Account lockout time (in days) after PASSWORD_LOCK_TIME / / login failure reaches a certain number of times

PASSWORD_VERYFY_FUNCTION / / place password verification script

Maximum number of logins before FAILED_LOGIN_ATEMPTS / / account is locked

Maximum life cycle of PASSWORD_LIFE_TIME / / password (in days)

Maximum number of days before PASSWORD_REUSE_TIME / / password reuse

The number of times the PASSWORD_REUSE_MAX / / password was changed before it was reused

System resources: SESSION_PER_USER / / limits the CPU time limit of CPU_PER_SESSION / / sessions for users, in 1% seconds CPU_PER_CALL / / specifies the CPU time limit for one call, and specifies the total connection world of the session in 1% seconds CONNECT_TIME / / Unit: IDLE_TIME / / specify session timeout LOGICAL_READS_PER_SESSION / / specify the number of blocks allowed to be read by a session, including memory and hard disk LOGICAL_READ_PER_CALL / / specify the maximum number of blocks allowed to be read by a SQL / / specify the maximum allocation space for a session in the shared pool Specifies the total resource consumption of a session in bytes COMPOSITE_LIMIT / /, expressed in service units units

/ / Oracle default password control function is not allowed to be the same as the user name, the minimum password length is 4, (passwords are not allowed to contain welcome, user, account, database, password, computer, abcd), (numbers, letters and symbols are required), cannot be the same as the last password, lock for one minute after 3 login failures, and the password can be used for up to 60 days

Oracle remote Management data encryption:

Sqlnet.ora

Sqlnet.encryption=true / / encrypts remote management data

Oracle views the status of all users

SQLPlus

Select username,account_status from dba_users; / / View all user names and user status

Select from all_users; / / View all user names, view all users ID and creation date

Oracle looks at the roles and system privileges granted to a specific user 1:

SQLPlus

Select from dba_role_privs where grantee=' user name'; / / query the role of the user

Select from dba_sys_privs where grantee=' user name'; / / query the user's system privileges

Select from dba_tab_privs where grantee=' user name'; / / query the object permissions contained by the user

Oracle audit function:

$ORACLE_HOME/dbs/init.ora

Audit_trail / / if true, audit is enabled and records are stored in the sys.aud$ table

Audit_file_dest / / if the previous entry is os, you need to specify this parameter, and the audit record is saved in the directory specified by the parameter.

SQL*Plus

Alter system set audit_trail=none scope=spfile

Oracle disables operating system authentication to log into the database:

$ORACLE_HOME/network/admin/sqlnet.ora

SQLNET.AUTHENTICATION_SERVICES= (NONE)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.