Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Database security check monitoring is the key. Set the listening password.

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)06/01 Report--

The security management of Oracle database snooping is easy to ignore. Do a test.

Disable the local authentication function of monitoring, set the listening password, and the database version is 11.2.0.4.

1. Default configuration listener.ora

LISTENER =

(DESCRIPTION_LIST =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP) (HOST = roidb01) (PORT = 1521))

)

)

SID_LIST_LISTENER=

(SID_LIST =

(SID_DESC =

(GLOBAL_DBNAME = orcl)

(ORACLE_HOME = / u01/app/oracle/product/11.2.0/dbhome_1)

(SID_NAME = orcl)

)

)

ADR_BASE_LISTENER = / u01/app/oracle

2. Add parameters

LOCAL_OS_AUTHENTICATION_LISTENER = OFF

Use vi to add the above parameters as follows:

LISTENER =

(DESCRIPTION_LIST =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP) (HOST = roidb01) (PORT = 1521))

)

)

SID_LIST_LISTENER=

(SID_LIST =

(SID_DESC =

(GLOBAL_DBNAME = orcl)

(ORACLE_HOME = / u01/app/oracle/product/11.2.0/dbhome_1)

(SID_NAME = orcl)

)

)

ADR_BASE_LISTENER = / u01/app/oracle

LOCAL_OS_AUTHENTICATION_LISTENER = OFF

3. Reload snooping

$lsnrctl start

$lsnrctl reload

LSNRCTL for Linux: Version 11.2.0.4.0-Production on 29-NOV-2018 10:55:16

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=roidb01) (PORT=1521)

The command completed successfully

$ps-ef | grep tns

Root 10 2 0 09:11? 00:00:00 [netns]

Oracle 2809 10 10:55? 00:00:00 / u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr LISTENER-inherit

Oracle 2820 1898 0 10:55 pts/0 00:00:00 grep tns

$

4. Set the listening password

$lsnrctl

LSNRCTL for Linux: Version 11.2.0.4.0-Production on 29-NOV-2018 10:55:50

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL > help

The following operations are available

An asterisk (*) denotes a modifier or extended command:

Start stop status

Services version reload

Save_config trace spawn

Change_password quit exit

Set show

LSNRCTL > change_password

Old password:

New password:

Reenter new password:

Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=roidb01) (PORT=1521)

Password changed for LISTENER

The command completed successfully

LSNRCTL > save_config

Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=roidb01) (PORT=1521)

TNS-01169: The listener has not recognized the password

LSNRCTL > set password

Password:

The command completed successfully

LSNRCTL > save_config

Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=roidb01) (PORT=1521)

Saved LISTENER configuration parameters.

Listener Parameter File / u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Old Parameter File / u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.bak

The command completed successfully

LSNRCTL > status

Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=roidb01) (PORT=1521)

STATUS of the LISTENER

Alias LISTENER

Version TNSLSNR for Linux: Version 11.2.0.4.0-Production

Start Date 29-NOV-2018 10:55:01

Uptime 0 days 0 hr. 2 min. 14 sec

Trace Level off

Security ON: Password

SNMP OFF

Listener Parameter File / u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Listener Log File / u01/app/oracle/diag/tnslsnr/roidb01/listener/alert/log.xml

Listening Endpoints Summary...

(DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=roidb01) (PORT=1521))

Services Summary...

Service "ORCL_DGB" has 1 instance (s).

Instance "orcl", status READY, has 1 handler (s) for this service...

Service "orcl" has 2 instance (s).

Instance "orcl", status UNKNOWN, has 1 handler (s) for this service...

Instance "orcl", status READY, has 1 handler (s) for this service...

Service "orclXDB" has 1 instance (s).

Instance "orcl", status READY, has 1 handler (s) for this service...

The command completed successfully

LSNRCTL >

5. Turn off the monitoring method

$lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.4.0-Production on 29-NOV-2018 10:58:12

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=roidb01) (PORT=1521)

TNS-01169: The listener has not recognized the password

$lsnrctl

LSNRCTL for Linux: Version 11.2.0.4.0-Production on 29-NOV-2018 10:58:15

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL > set password

Password:

The command completed successfully

LSNRCTL > stop

Connecting to (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=roidb01) (PORT=1521)

The command completed successfully

LSNRCTL >

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Database

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report