Oracle数据库测评
安装oracle
一、docker拉取oracle
docker pull registry.cn-hangzhou.aliyuncs.com/helowin/oracle_11g
二、运行容器
服务器需要开启oracle的默认1521端口
firewall-cmd --zone=public --add-port=1521/tcp --permanent
firewall-cmd --reload
docker run -d -p 1521:1521 --name oracle11g registry.cn-hangzhou.aliyuncs.com/helowin/oracle_11g -v /home/oracle/app/oracle/product/11.2.0/dbhome_2:/home/oracle/app/oracle/product/11.2.0/dbhome_2
三、进入容器配置
docker exec -it oracle11g bash
切换到root用户下进行配置: su root 输入密码: helowin
编辑profile文件配置ORACLE环境变量: vi /etc/profile
,并添加如下内容, 保存退出后使配置生效 source /etc/profile
export ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_2
export ORACLE_SID=helowin
export PATH=$ORACLE_HOME/bin:$PATH
- 创建软连接:
ln -s $ORACLE_HOME/bin/sqlplus /usr/bin
- 切换到oracle 用户:
su - oracle
登录sqlplus并修改sys、system用户密码:
sudo oracle
sqlplus /nolog # 登录
conn /as sysdba # 连接
alter user system identified by system; # 修改system的密码为system
alter user sys identified by sys; # 修改sys的密码为sys
alter profile default limit password_life_time unlimited;
exit;
测评
身份鉴别
密码复杂度
select * from dba_profiles where profile = 'DEFAULT';
select * from dba_profiles where profile = 'PASSWORD_VERIFY_FUNCTION';
口令有效期
select * from dba_profiles where profile = 'password_life_time';
select * from dba_profiles where profile = 'DEFAULT';
登陆失败处理
select limit from dba_profiles where profile =‘DEFAULT’ and resource_name =‘FAILED_LOGIN_ATTEMPTS’;
登录失败后锁定时间
SELECT LIMIT FROM DBA_PROFILES WHERE PROFILE=‘DEFAULT’ AND RESOURCE_NAME=‘PASSWORD_LOCK_TIME’;
登录超时策略
SELECT LIMIT FROM DBA_PROFILES WHERE PROFILE='DEFAULT' AND RESOURCE_NAME='IDLE_TIME';
访问控制
登录用户分配账户权限
select username,account_status from dba_users;
select username,profile from dba_users where account_status='OPEN';
默认账户
sys默认口令为CHANGE_ON_INSTALL;SYSTEM:MANAGER;DBSNMP的默认口令为:DBSNMP
尝试默认口令登录即可验证
多余过期共享账户
select username,account_status from dba_users;
管理账户的权限分离
select * from dba_tab_privs where grantee='SYS' ORDER BY GRANTEE;
安全审计
开启审计
用户审计
select value from v$parameter where name ='audit_trail';
show parameter audit_trail;
重要事件审计
select * from dba_stmt_audit_opts;
select * from dba_priv_audit_opts;
特权连接SQL语句进行审计
show parameter audit_sys_operations;
select * from dba_stmt_audit_opts;
审计内容
入侵防范
最小安装
select * from v$option;
本文环境搭建参考以下博客
https://blog.csdn.net/zwq56693/article/details/123903308