Oracle的监听器的隐患
很多人都知道,Oracle的监听器一直存在着一个安全隐患,假如不设置安全措施,那么能够访问的用户就可以远程关闭监听器。
相关示例:
D:>lsnrctl stop eygle
LSNRCTL for 32-bit Windows: Version 10.2.0.3.0 - Production on 28-11月-2007 10:02:40
Copyright (c) 1991, 2006, Oracle. All rights reserved.
正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521))
(CONNECT_DATA=(SERVICE_NAME=eygle)))
命令执行成功
大家可以发现,此时缺省的监听器的日志还无法记录操作地址:
No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))
28-NOV-2007 09:59:20 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=Administrator))(COMMAND=stop)
(ARGUMENTS=64)(SERVICE=eygle)(VERSION=169870080)) * stop * 0
为了更好的保证监听器的安全,大家最好为监听设置密码:
[oracle@jumper log]$ lsnrctl
LSNRCTL for Linux: Version 9.2.0.4.0 - Production on 28-NOV-2007 10:18:17
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener listener
Current Listener is listener
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))
Password changed for listener
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.ora
Old Parameter File /opt/oracle/product/9.2.0/network/admin/listener.bak
The command completed successfully
网友评论