停止空想

一直觉得给listener设置密码的作用不是很大，但是绿盟给我们安全检测之后，说这是一个比较严重的安全隐患。

简单来说，如果有多个listener，那么就必须设定current listener的名字。

set current_listener L1

change_password  是设定密码

注意：change_password 设置密码马上生效，如果要进一步对该listener进行操作（status，stop）等等，必须

set password 。这个命令的目的是使用我设定好的密码。

具体的步骤是：

下面内容来自metalink

PURPOSE

——-

This article serves as a quick reference to setting up password protection

for listeners

SCOPE & APPLICATION

——————-

Customers, Support. UNIX platforms.

RELATED DOCUMENTS

—————–

Oracle Net 8 Administrator’s Guide

How to password protect your listener

————————————-

To avoid inadvertent stopping of your listener or to prevent unauthorized

access to your listener, you may set up password protection for your listener.

1. Cleartext Password

- Add PASSWORDS_<your_listener_name> entry to your existing listener.ora file.

   e.g.

   PASSWORDS_listener1 = (p1,p2)

- Stop your listener, and restart it.

Now passwords are in effect.

To stop the listener, set password command must be used.

e.g.

lsnrctl

LSNRCTL> set current_listener listener1

LSNRCTL> set password p1

LSNRCTL> stop

2. Encrypted Password

- Comment out PASSWORD_ line if cleartext password is set.

- Restart listener.

- Run lsnrctl

LSNRCTL> set current_listener <your_listener_name>

LSNRCTL> set save_config_on_stop on

LSNRCTL> change_password

Old password: <enter>

New password: <enter_your_password>

Reenter new password: <reenter_your_password>

e.g:

LSNRCTL> change_password

Old password: <enter>

New password: e1

Reenter new password: e1

Just hit <enter> key for old password since no previuos password is set. 

The passwords you entered will not be echoed.

- Stop the listener

LSNRCTL> set password 

Password: <enter_your_password_here>

LSNRCTL> stop

e.g.

LSNRCTL> set password 

Password: e1

LSNRCTL> stop

- Check your listener.ora file

Entries similar to the following should have been added to your listener.ora 

automatically.

SAVE_CONFIG_ON_STOP_listener1 = ON

PASSWORDS_listener1 = 2D6C48144CF753AC

Sample Files:

————-

listener.ora

#

# (1) listener.ora

#

LOG_DIRECTORY_LISTENER1 = /tmp/log

LOG_FILE_LISTENER1 = listener.log

TRACE_DIRECTORY_LISTENER1 = /tmp/log

TRACE_FILE_LISTENER1 = listener.trc

TRACE_LEVEL_LISTENER1 = ADMIN

LISTENER1 =

  (ADDRESS_LIST =

    (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 12345))

  )

#passwords_listener1=(p1,p2)

#—-ADDED BY TNSLSNR 23-DEC-99 14:57:24—

SAVE_CONFIG_ON_STOP_listener1 = ON

PASSWORDS_listener1 = 2D6C48144CF753AC

#——————————————

sqlnet.ora

#

# (2) sqlnet.ora

#

NAMES.DEFAULT_DOMAIN = your_domain

NAMES.DIRECTORY_PATH = (TNSNAMES)

LOG_DIRECTORY_SERVER = /tmp/log

LOG_FILE_SERVER = server.log

TRACE_DIRECTORY_SERVER = /tmp/log

TRACE_FILE_SERVER = server 

TRACE_LEVEL_SERVER = ADMIN

#

#eof