Oracle listener password and listener Security explanation, oracle listener

Oracle listener password and listener Security explanation, oracle listener

Many Oracle users know that the Oracle listener has always had a security risk. If security measures are not set for this, users who can access the listener can close the listener remotely.

Example:

D:> lsnrctl stop eygleLSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on 28-11 month-2007 10: 02: 40 Copyright (c) 1991,200 6, Oracle. all rights reserved. connecting to (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = 172.16.33.11) (PORT = 1521) (CONNECT_DATA = (SERVICE_NAME = eygle )))

Command executed successfully

You can find that the default listener log cannot record the operation address at this time:

No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))28-NOV-2007 09:59:20 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=Administrator))(COMMAND=stop)(ARGUMENTS=64)(SERVICE=eygle)(VERSION=169870080)) * stop * 0

To ensure the security of the listener, you are advised to set a password for the listener:

[oracle@jumper log]$ lsnrctlLSNRCTL for Linux: Version 9.2.0.4.0 - Production on 28-NOV-2007 10:18:17Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.Welcome to LSNRCTL, type "help" for information.LSNRCTL> set current_listener listenerCurrent Listener is listenerLSNRCTL> change_passwordOld password:New password:Reenter new password:Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))Password changed for listenerThe command completed successfullyLSNRCTL> set passwordPassword:The command completed successfullyLSNRCTL> save_configConnecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))Saved LISTENER configuration parameters.Listener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.oraOld Parameter File /opt/oracle/product/9.2.0/network/admin/listener.bakThe command completed successfully

After we set the password, the remote operation will fail because the password is missing:

D:> lsnrctl stop eygleLSNRCTL for 32-bit Windows: Version 10.2.0.3.0-Production on-2007 10: 22: 57 Copyright (c) 1991,200 6, Oracle. all rights reserved. connecting to (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = 172.16.33.11) (PORT = 1521) (CONNECT_DATA = (SERVICE_NAME = eygle )))

TNS-01169: the listener has not recognized the password

Note: at this time on the server side or client side, we need to start and stop the listener using the password:

LSNRCTL> set passwordPassword:The command completed successfullyLSNRCTL> stopConnecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))The command completed successfullyLSNRCTL> startStarting /opt/oracle/product/9.2.0/bin/tnslsnr: please wait...TNSLSNR for Linux: Version 9.2.0.4.0 - ProductionSystem parameter file is /opt/oracle/product/9.2.0/network/admin/listener.oraLog messages written to /opt/oracle/product/9.2.0/network/log/listener.logTrace information written to /opt/oracle/product/9.2.0/network/trace/listener.trcListening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))STATUS of the LISTENER------------------------Alias LISTENERVersion TNSLSNR for Linux: Version 9.2.0.4.0 - ProductionStart Date 28-NOV-2007 10:22:23Uptime 0 days 0 hr. 0 min. 0 secTrace Level supportSecurity ONSNMP OFFListener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.oraListener Log File /opt/oracle/product/9.2.0/network/log/listener.logListener Trace File /opt/oracle/product/9.2.0/network/trace/listener.trcListening Endpoints Summary...(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))Services Summary...Service "eygle" has 1 instance(s).Instance "eygle", status UNKNOWN, has 1 handler(s) for this service...Service "julia" has 1 instance(s).Instance "eygle", status UNKNOWN, has 1 handler(s) for this service...The command completed successfully

In addition, the ADMIN_RESTRICTIONS parameter is also an important security option. in the ora file, set ADMIN_RESTRICTIONS _ to ON. After that, all modifications to the listener during runtime will be blocked. All modifications to the listener must be manually modified by listener. the ora file can be successfully completed.