Shulou(Shulou.com)06/01 Report--

Preface

In the database security configuration, the relevant security reinforcement work needs to be done. To confirm the security of the database, however, sometimes, after improper operation or the database business account changes the password, and the configuration of the connection database of the program is encapsulated in jar, if the configuration information of the connection database in jar has not been modified accordingly. It will cause serious consequences to this business account of the database.

This article will introduce the relevant contents of Oracle 11g security reinforcement in detail, and share it for your reference and study. I won't say much below. Let's take a look at the detailed introduction.

1. Inspection direction of safety reinforcement

Remote login restrictions for 1.1.sysdba users (view Oracle login authentication)

Check:

Show parameter remote_login_passwordfile

Rectification and reform:

Alter system set remote_login_passwordfile = NONE scope=spfile

Note: the library needs to be restarted to take effect.

1.2. Whether resource restrictions are enabled

Show parameter resource_limitalter system set resource_limit = true

1.3. Account lockout policy for login failure

Select * from dba_profiles order by 1

Pay attention to the set value of FAILED_LOGIN_ATTEMPTS

1.4. Database user account check

Check:

Select username,profile from dba_users where account_status='OPEN'

Rectification and reform:

Lock in users: alter user lock

Delete user: drop user cascade

1.5. Sample database account

Whether there is a default example database account, such as scott, you can consider deleting the scott account.

1.6.dba permission account check

Select * from dba_role_privs where granted_role='DBA'

1.7. Encrypted storage of database account password

The account passwords in 11g data are originally encrypted.

1.8. Database password security check function

Select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_VERIFY_FUNCTION'

1.9. Set the trust IP set

Just set the following line in the file $ORACLE_HOME/network/admin/sqlnet.ora on the server:

Tcp.validnode_checking = yes tcp.invited_nodes = (ip1,ip2 …)

1.10. Whether the idle remote connection that times out is automatically disconnected

Set the appropriate value according to the actual need.

Set the following parameters in $ORACLE_HOME/network/admin/sqlnet.ora:

SQLNET.EXPIRE_TIME=10

two。 Safety reinforcement check safeCheck.sh

#! / bin/bash#name:safeCheck.sh#function:to create a safe check report.#usage: log in to oracle user and execute sh safeCheck.sh > / tmp/safeCheck.log#logon databasesqlplus-S / as sysdba

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.