关闭oracle监听器密码检测,数据库安全检查监听是重点，设置监听密码-CSDN博客

Oracle 数据库监听的安全管理是比较容易忽略的一个问题，做一个测试

禁用监听的本地验证功能，设置监听密码，数据库版本为11.2.0.4

1、默认配置listener.ora

LISTENER =

(DESCRIPTION_LIST =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP)(HOST = roidb01)(PORT = 1521))

)

SID_LIST_LISTENER=

(SID_LIST =

(SID_DESC =

(GLOBAL_DBNAME = orcl)

(ORACLE_HOME =/u01/app/oracle/product/11.2.0/dbhome_1)

(SID_NAME = orcl)

)

ADR_BASE_LISTENER = /u01/app/oracle

2、添加参数

LOCAL_OS_AUTHENTICATION_LISTENER = OFF

使用vi 添加以上参数如下：

LISTENER =

(DESCRIPTION_LIST =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP)(HOST = roidb01)(PORT = 1521))

)

SID_LIST_LISTENER=

(SID_LIST =

(SID_DESC =

(GLOBAL_DBNAME = orcl)

(ORACLE_HOME =/u01/app/oracle/product/11.2.0/dbhome_1)

(SID_NAME = orcl)

)

ADR_BASE_LISTENER = /u01/app/oracle

LOCAL_OS_AUTHENTICATION_LISTENER = OFF

3、reload 监听

$lsnrctl start

$lsnrctl reload

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:55:16

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

The command completed successfully

$ps -ef|grep tns

root 10 2 0 09:11 ? 00:00:00 [netns]

oracle 2809 1 0 10:55 ? 00:00:00 /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr LISTENER -inherit

oracle 2820 1898 0 10:55 pts/0 00:00:00 grep tns

4、设置监听密码

$lsnrctl

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:55:50

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> help

The following operations are available

An asterisk (*) denotes a modifier or extended command:

start stop status

services version reload

save_config trace spawn

change_password quit exit

setshow

LSNRCTL>change_password

Old password:

New password:

Reenter new password:

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

Password changed for LISTENER

The command completed successfully

LSNRCTL>save_config

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

TNS-01169: The listener has not recognized the password

LSNRCTL>set password

Password:

The command completed successfully

LSNRCTL> save_config

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

Saved LISTENER configuration parameters.

Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Old Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.bak

The command completed successfully

LSNRCTL> status

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

STATUS of the LISTENER

Alias LISTENER

Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production

Start Date 29-NOV-2018 10:55:01

Uptime 0 days 0 hr. 2 min. 14 sec

Trace Level off

Security ON: Password

SNMP OFF

Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Listener Log File /u01/app/oracle/diag/tnslsnr/roidb01/listener/alert/log.xml

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=roidb01)(PORT=1521)))

Services Summary...

Service "ORCL_DGB" has 1 instance(s).

Instance "orcl", status READY, has 1 handler(s) for this service...

Service "orcl" has 2 instance(s).

Instance "orcl", status UNKNOWN, has 1 handler(s) for this service...

Instance "orcl", status READY, has 1 handler(s) for this service...

Service "orclXDB" has 1 instance(s).

Instance "orcl", status READY, has 1 handler(s) for this service...

The command completed successfully

LSNRCTL>

5、关闭监听方法

$lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:58:12

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

TNS-01169: The listener has not recognized the password

$lsnrctl

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-NOV-2018 10:58:15

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set password

Password:

The command completed successfully

LSNRCTL> stop

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=roidb01)(PORT=1521)))

The command completed successfully

LSNRCTL>