你的监听安全吗

你的监听安全吗

你的监听安全吗

​​个是不是相当的可怕呀，如果你了解到了服务器的Oracle目录结构，已经listener的配置，你就可以轻而易举的悄无声息的把服务器的监听给端掉 了。

这是客户端的listener.ora的一个片段，客户端B的IP是172.16.10.129，服务器A的IP是172.16.10.130 在服务器A上配置监听LISTENER01 在listener.ora里添加配置

LISTENER01 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 172.16.10.130)(PORT = 21521)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0)) ) )

然后启动LISTENER01

[oracle@asm02 ~]$ lsnrctl start LISTENER01LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 24-MAR-2010 23:26:05Copyright (c) 1991, 2005, Oracle. All rights reserved.Starting /u01/app/oracle/product/10.2.0/db_1/bin/tnslsnr: please wait…TNSLSNR for Linux: Version 10.2.0.1.0 - Production System parameter file is /u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora Log messages written to /u01/app/oracle/product/10.2.0/db_1/network/log/listener01.log Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.10.130)(PORT=21521))) Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC0)))Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.10.130)(PORT=21521))) STATUS of the LISTENER ———————— Alias LISTENER01 Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production Start Date 24-MAR-2010 23:26:06 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora Listener Log File /u01/app/oracle/product/10.2.0/db_1/network/log/listener01.log Listening Endpoints Summary… (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.10.130)(PORT=21521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC0))) The listener supports no services The command completed successfully

这样服务器的LISTENER已经启动

下面我们来在客户端B机器上来对其尝试着进行操作，对于客户端B来说，不是本地的IP，需要在tnsname.ora里配置。 我们修改客户端的tnsname.ora

LISTENER01 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 172.16.10.130)(PORT = 21521)) ) )

加入服务器A的IP。

现在在客户端查看服务器A的监听状态 lsnrctl进入listner控制台

[oracle@asm01 ~]$ lsnrctl LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 23-MAR-2010 07:23:06 Copyright (c) 1991, 2005, Oracle. All rights reserved. Welcome to LSNRCTL, type “help” for information.LSNRCTL> set current_listener LISTENER01 Current Listener is LISTENER01 LSNRCTL> status Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.10.130)(PORT=21521))) TNS-01189: The listener could not authenticate the user

这里提示authenticate的error。是认证上的问题。 看上面的地方，可以看到服务器A上的LISTENER01的security方式是Local OS Authentication，本地认证，所以这remote的登录失败。

下面我们来设置服务器A上的监听的Security开启密码认证。 在服务器A上执行

[oracle@asm02 ~]$ lsnrctl LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 24-MAR-2010 23:27:09 Copyright (c) 1991, 2005, Oracle. All rights reserved. Welcome to LSNRCTL, type “help” for information.LSNRCTL> set current_listener LISTENER01 Current Listener is LISTENER01 LSNRCTL> change_password Old password: New password: Reenter new password: Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.10.130)(PORT=21521))) Password changed for LISTENER01 The command completed successfully

现在再来查看一下Security

…….. STATUS of the LISTENER ———————— Alias LISTENER01 Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production Start Date 24-MAR-2010 23:26:06 Uptime 0 days 0 hr. 1 min. 41 sec Trace Level off [b]Security ON: Password or Local OS Authentication[/b] SNMP OFF Listener Parameter File /u01/app/oracle/product/10.2.0/db_1/network/admin/listener.ora Listener Log File /u01/app/oracle/product/10.2.0/db_1/network/log/listener01.log Listening Endpoints Summary… (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.16.10.130)(PORT=21521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC0))) The listener supports no services The command completed successfully LSNRCTL> exit

已经修改为密码认证。

再转到客户端B上试试我们刚才的命令

LSNRCTL> set current_listener LISTENER01 Current Listener is LISTENER01 LSNRCTL> set password Password: The command completed successfully LSNRCTL> status Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.10.130)(PORT=21521))) STATUS of the LISTENER ———————— Alias LISTENER01 Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production Start Date 24-MAR-2010 23:26:06 Uptime 0 days 0 hr. 3 min. 2 sec Trace Level off [b]Security ON: Password or Local OS Authentication[/b]

已经可以看到status

下面我们来远程关闭服务器A上的LISTENER01

LSNRCTL> stop Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=172.16.10.130)(PORT=21521))) The command completed successfully

检验在服务器A上查看LISTENER01是否关闭 已经关闭了。

这是在10g里加强的，在9i的版本里，客户端可以直接的对服务器端得监听进行操作，带来安全上的隐患，如果把LISTENER直接给干掉了，你的 db也就连不上了，好一个釜底抽薪。 不过在10g里加强了这点，就不能有这个问题了。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。