主頁 > 知識庫 > Oracle監(jiān)聽口令及監(jiān)聽器安全詳解

Oracle監(jiān)聽口令及監(jiān)聽器安全詳解

很多Oracle用戶都知道，Oracle的監(jiān)聽器一直存在著一個(gè)安全隱患，假如對此不設(shè)置安全措施，那么能夠訪問的用戶就可以遠(yuǎn)程關(guān)閉監(jiān)聽器。

相關(guān)示例如下：

D:>lsnrctl stop eygle
LSNRCTL for 32-bit Windows: Version 10.2.0.3.0 - Production on 28-11月-2007 10:02:40
Copyright (c) 1991, 2006, Oracle. All rights reserved.
正在連接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521))
(CONNECT_DATA=(SERVICE_NAME=eygle)))

命令執(zhí)行成功

大家可以發(fā)現(xiàn)，此時(shí)缺省的監(jiān)聽器的日志還無法記錄操作地址：

No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))
28-NOV-2007 09:59:20 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=Administrator))(COMMAND=stop)
(ARGUMENTS=64)(SERVICE=eygle)(VERSION=169870080)) * stop * 0

有鑒于此，為了更好的保證監(jiān)聽器的安全，大家最好為監(jiān)聽設(shè)置密碼：

[oracle@jumper log]$ lsnrctl
LSNRCTL for Linux: Version 9.2.0.4.0 - Production on 28-NOV-2007 10:18:17
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener listener
Current Listener is listener
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))
Password changed for listener
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.ora
Old Parameter File /opt/oracle/product/9.2.0/network/admin/listener.bak
The command completed successfully

在我們設(shè)置密碼后，遠(yuǎn)程操作將會因缺失密碼而出現(xiàn)失敗：

D:>lsnrctl stop eygle
LSNRCTL for 32-bit Windows: Version 10.2.0.3.0 - Production on 28-11月-2007 10:22:57
Copyright (c) 1991, 2006, Oracle. All rights reserved.
正在連接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)
(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=eygle)))

TNS-01169: 監(jiān)聽程序尚未識別口令

注意：此時(shí)在服務(wù)器端或客戶端，都需要我們通過密碼來起停監(jiān)聽器：

LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))
The command completed successfully
LSNRCTL> start
Starting /opt/oracle/product/9.2.0/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 9.2.0.4.0 - Production
System parameter file is /opt/oracle/product/9.2.0/network/admin/listener.ora
Log messages written to /opt/oracle/product/9.2.0/network/log/listener.log
Trace information written to /opt/oracle/product/9.2.0/network/trace/listener.trc
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 9.2.0.4.0 - Production
Start Date 28-NOV-2007 10:22:23
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level support
Security ON
SNMP OFF
Listener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.ora
Listener Log File /opt/oracle/product/9.2.0/network/log/listener.log
Listener Trace File /opt/oracle/product/9.2.0/network/trace/listener.trc
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))
Services Summary...
Service "eygle" has 1 instance(s).
Instance "eygle", status UNKNOWN, has 1 handler(s) for this service...
Service "julia" has 1 instance(s).
Instance "eygle", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully

另外，ADMIN_RESTRICTIONS參數(shù)也是一個(gè)重要的安全選項(xiàng)，大家可以在 listener.ora 文件中設(shè)置 ADMIN_RESTRICTIONS_ 為 ON，此后所有在運(yùn)行時(shí)對監(jiān)聽器的修改都將會被阻止，所有對監(jiān)聽器的修改都必須通過手工修改listener.ora文件才能順利完成。

您可能感興趣的文章:

oracle 11g數(shù)據(jù)庫安全加固注意事項(xiàng)
Oracle數(shù)據(jù)庫安全策略分析（一）
Oracle數(shù)據(jù)庫安全策略分析 (三)
Oracle數(shù)據(jù)庫的安全策略
Oracle數(shù)據(jù)庫安全策略分析(二）
Oracle數(shù)據(jù)庫安全策略
Oracle數(shù)據(jù)安全面面觀
Oracle數(shù)據(jù)庫的安全策略
提升Oracle用戶密碼安全性的策略
Oracle 11g實(shí)現(xiàn)安全加固的完整步驟

標(biāo)簽：銅川湘潭湖南仙桃崇左衡水蘭州黃山

巨人網(wǎng)絡(luò)通訊聲明：本文標(biāo)題《Oracle監(jiān)聽口令及監(jiān)聽器安全詳解》，本文關(guān)鍵詞；如發(fā)現(xiàn)本文內(nèi)容存在版權(quán)問題，煩請?zhí)峁┫嚓P(guān)信息告之我們，我們將及時(shí)溝通與處理。本站內(nèi)容系統(tǒng)采集于網(wǎng)絡(luò)，涉及言論、版權(quán)與本站無關(guān)。