来源 : 赛迪网

Oracle的监听器的隐患

很多人都知道，Oracle的监听器一直存在着一个安全隐患，假如不设置安全措施，那么能够访问的用户就可以远程关闭监听器。

相关示例：

D:>lsnrctl stop eygle

LSNRCTL for 32-bit Windows: Version 10.2.0.3.0 - Production on 28-11月-2007 10:02:40

Copyright (c) 1991, 2006, Oracle.  All rights reserved.

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521))

(CONNECT_DATA=(SERVICE_NAME=eygle)))

命令执行成功

大家可以发现，此时缺省的监听器的日志还无法记录操作地址：

No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.33.11)(PORT=1521)))

28-NOV-2007 09:59:20 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=Administrator))(COMMAND=stop)

(ARGUMENTS=64)(SERVICE=eygle)(VERSION=169870080)) * stop * 0

为了更好的保证监听器的安全，大家最好为监听设置密码：

[oracle@jumper log]$ lsnrctl

LSNRCTL for Linux: Version 9.2.0.4.0 - Production on 28-NOV-2007 10:18:17

Copyright (c) 1991, 2002, Oracle Corporation.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener listener

Current Listener is listener

LSNRCTL> change_password

Old password:

New password:

Reenter new password:

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))

Password changed for listener

The command completed successfully

LSNRCTL> set password

Password:

The command completed successfully

LSNRCTL> save_config

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.33.11)(PORT=1521)))

Saved LISTENER configuration parameters.

Listener Parameter File  /opt/oracle/product/9.2.0/network/admin/listener.ora

Old Parameter File  /opt/oracle/product/9.2.0/network/admin/listener.bak

The command completed successfully

[1] [2] [3] 下一页