今天是2013-08-24,不对刚刚过了12点,应该是2013-08-25日,今天我的同事对数据库 进行监听安全加固失败,然后 我的哥们也做了同样的实验,结果还是失败,至此我不知道 什么原因,在此想对显伟兄说一句,对此我感到很抱歉,我没有拿出时间来和你研究这个问题的错误,希望得到大家的谅解。写这篇日志,就是为了展示我怎么做的。希望对 大家有帮助。也欢迎高手提出见解和宝贵的意见,小海我坦然耐心虚心接受,我知道不懂的虚心去学习的人,终究会失去成功的机遇。好了。在此记录一下笔记:

其实我一直不赞同设置监听保护,但是可能是为了完成安全扫描的要求才进行整改的。它的安全扫描就一定正确吗?对于我来说只有经历过真正实验过才知道答案,不能胡说八道。
notice:
Ensure that the password has not been set in the listener.ora file. The local operating system authentication will secure the listener administration. The remote listener administration is disabled when the password has not been set. This prevents brute force attacks of the listener password.
 
Remember that the listener password has been deprecated in this release, and will not be supported in the next release of Oracle Database

好,步骤如下:
[oracle@oracle-one admin]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:21:12

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Starting /opt/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Log messages written to /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                25-AUG-2013 00:21:12
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File         /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))
The listener supports no services
The command completed successfully

ok,看到我们现在的security 为:Local OS Authentication,然后设置password,如下:

[oracle@oracle-one admin]$ lsnrctl

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:21:16

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener listener
Current Listener is listener
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
Password changed for listener
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Old Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.bak
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
No changes to save for LISTENER.
The command completed successfully
LSNRCTL> exit
[oracle@oracle-one admin]$ pwd
/opt/app/oracle/product/11.2.0/dbhome_1/network/admin
[oracle@oracle-one admin]$ vi listener.ora

# listener.ora Network Configuration File: /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.

LISTENER =(DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = oracle-one)(PORT = 1521))))

ADR_BASE_LISTENER = /opt/app/oracle

#----ADDED BY TNSLSNR 25-AUG-2013 00:22:10---
PASSWORDS_LISTENER = 555BD864D140F721
#--------------------------------------------
LOCAL_OS_AUTHENTICATION_LISTENER=OFF

[oracle@oracle-one admin]$ lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:23:10

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
The command completed successfully
[oracle@oracle-one admin]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:23:15

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Starting /opt/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Log messages written to /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                25-AUG-2013 00:23:15
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Password
SNMP                      OFF
Listener Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File         /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))
The listener supports no services
The command completed successfully
[oracle@oracle-one admin]$

ok,这就好了,看到Security                  ON: Password,然后查看一下状态,发现需要使用密码
[oracle@oracle-one admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:23:53

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
TNS-01169: The listener has not recognized the password

ok,然后我输入密码查看状态。如下:

[oracle@oracle-one admin]$ lsnrctl

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:24:00

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener listener
Current Listener is listener
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                25-AUG-2013 00:23:15
Uptime                    0 days 0 hr. 1 min. 26 sec
Trace Level               off
Security                  ON: Password
SNMP                      OFF
Listener Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File         /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))
Services Summary...
Service "RHYS.ORACLE" has 1 instance(s).
  Instance "RHYS", status READY, has 1 handler(s) for this service...
Service "RHYSXDB.ORACLE" has 1 instance(s).
  Instance "RHYS", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL>
至此已经完成操作了。

好了 ,回头看一下,他为什么不成功,我猜测
1)密码设置正确,但是没有取消os认证LOCAL_OS_AUTHENTICATION_LISTENER=OFF如下:
[oracle@oracle-one admin]$ lsnrctl

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:28:04

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener listener
Current Listener is listener
LSNRCTL> start
Starting /opt/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Log messages written to /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                25-AUG-2013 00:28:20
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File         /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))
The listener supports no services
The command completed successfully
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
Password changed for listener
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
Saved listener configuration parameters.
Listener Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Old Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.bak
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
No changes to save for listener.
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
The command completed successfully
LSNRCTL> start
Starting /opt/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Log messages written to /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     listener
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                25-AUG-2013 00:28:56
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Password or Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File         /opt/app/oracle/diag/tnslsnr/oracle-one/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle-one)(PORT=1521)))
The listener supports no services
The command completed successfully
LSNRCTL> exit
[oracle@oracle-one admin]$
[oracle@oracle-one admin]$ lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-AUG-2013 00:30:17

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle-one)(PORT=1521)))
The command completed successfully
[oracle@oracle-one admin]$
看到了,还是可以直接关闭的。
2)监听名字错误。
ok。至此结束了。

oracle 之监听保护的更多相关文章

  1. Oracle修改监听端口号1521[转]

    在oracle中,默认的监听端口号为1521,一旦有人扫描出这个端口号就会知道此服务器为oracle数据库服务器,存在极其大的安全隐患,在这里,教大家如何修改oracle默认端口号为9999: 1.查 ...

  2. Oracle 数据库监听配置和服务

    -- 补充说明 如果要远程连接192.168.10.44上的oracle,那么192.168.10.44服务器必须启动TNSListener.(配置文件 listener.ora) PLSQL Dev ...

  3. Oracle修改监听端口教程

    Oracle默认监听端口1521,一众扫描器通常通过探测1521端口是否开启来探测是否存在Oracle服务,如果修改默认监听端口在一定程度上可以提升数据库和主机的安全性. 比如这里我们修改成2521为 ...

  4. 修改oracle默认监听端口

    修改oracle默认监听端口 oracle端口修改 主要是修改两个文件和修改oracle参数local_listener 1 查看当前监听状态 [oracle@test ~]$ lsnrctl sta ...

  5. Windows环境下修改Oracle实例监听IP地址

    Windows环境下修改Oracle实例监听IP地址. 配置文件路径:<ORACLE_HOME>\NETWORK\ADMIN 如:C:\Oracle11gR2\product\11.2.0 ...

  6. Oracle 静态监听注冊具体解释

    Oracle 静态监听注冊具体解释 网上有非常多关于oracle 监听静态注冊的文章.但大多都是简单说说,并没有具体的样例.这里,将结合linux as4 下的oracle 10gR2.0.1 举一个 ...

  7. Oracle 11g 监听很慢,由于监听日志文件太大引起的问题(Windows 下)

    现象:Windows 操作系统的Oracle 数据库,使用sqlplus 连接(不指定实例名)连接很快,程序连接或使用连接工具或在Net Manager 中测试连接都需要花费约三四十秒的时间(程序连接 ...

  8. Oracle数据库监听服务无法启动

    (1) 安装好Oracle后,启动Net Manager,测试orcl失败,报错“ORA-12514: TNS: 监听程序当前无法识别连接描述符中请求的服务”,需要修改监听文件.修改前: # list ...

  9. 怎样绕过oracle listener 监听的password设置

     怎样绕过oracle 监听的password设置: 1.找到监听进程pid ,并将它kill 掉 ps -ef|grep tns [oracle@lixora admin]$ ps -ef|gr ...

随机推荐

  1. UVALive 5059 C - Playing With Stones 博弈论Sg函数

    C - Playing With Stones Time Limit:3000MS     Memory Limit:0KB     64bit IO Format:%lld & %llu S ...

  2. 重温PHP之插入排序

    插入排序基本思路:将数组分为两个区(已排序区和未排序区),假定数组的第一个元素处于已排序区, 第一个元素之后的所有元素都处于未排序部分.排序时用到双层循环,外层循环用于从未排序部分中取出待排序元素,并 ...

  3. Flash Builder 4的快捷方式和调试技巧

    Flash Builder 4的快捷方式和调试技巧 来自于flex开发人员中心:http://www.adobe.com/cn/devnet/flex/articles/flashbuilder_sh ...

  4. Android自己定义组件系列【3】——自己定义ViewGroup实现側滑

    有关自己定义ViewGroup的文章已经非常多了,我为什么写这篇文章,对于刚開始学习的人或者对自己定义组件比較生疏的朋友尽管能够拿来主义的用了,可是要一步一步的实现和了解当中的过程和原理才干真真脱离别 ...

  5. Netdata----Linux 性能实时监测工具

    https://my-netdata.io/ https://github.com/firehol/netdata/wiki http://soluck.iteye.com/blog/2291618

  6. 设置SVN忽略文件和目录(文件夹)

    在多数项目中你总会有文件和目录不需要进行版本控制.这可能包括一些由编译器生成的文件,*.obj,*.lst,或许是一个用于存放可执行程序的输出文件夹.只要你提交修改,TortoiseSVN 就会在提交 ...

  7. DocumentManager 在标签位置显示气泡框 z

    关于DevExpress DockManager下的DocumentManager头部标签如何显示气泡框,类似Visual studio那样显示文件的路径,如下图所示,------- 方式很简单,从工 ...

  8. nyis oj 68 三点顺序 (计算几何基础)

    三点顺序 时间限制:1000 ms  |  内存限制:65535 KB 难度:3 描写叙述 如今给你不共线的三个点A,B,C的坐标,它们一定能组成一个三角形,如今让你推断A,B,C是顺时针给出的还是逆 ...

  9. Android网络通信Volley框架源代码浅析(二)

    尊重原创 http://write.blog.csdn.net/postedit/25921795 在前面的一片文章Volley框架浅析(一)中我们知道在RequestQueue这个类中,有两个队列: ...

  10. JobDataMap 不能被序列化如何解决研究中

    JobDataMap被用来保存一系列的(序列化的)对象,这些对象在Job执行时可以得到.JobDataMap是Java Map接口的一个实现,而且还增加了一些存储和读取主类型数据的便捷方法. 如果使用 ...