oracle listener & security



1. Set Password for listenner
 a basic security requirement is to protect oracle listener with a password.
Lsnrctl
LSNRCTL>set current_listener <listener name>
LSNRCTL>change_password
old password:
New password:
Reenter new password:
LSNRCTL>set password
Password:
LSNRCTL>save_config
After implemented lsnrctl-save_config, you can check what was generated by looking in the listener.ora file.
This is what was generated from the above commands:

    PASSWORDS_LISTENER = N1599554r6236532B

- - >  Remove the listener password do the following:
    LSNRCTL> set password
    Password:
    The command completed successfully
    LSNRCTL> stop
    LSNRCTL> 

2. Set monitor log
    LSNRCTL>set current_listener <listener name>
    LSNRCTL>set password Password:<input password>
    LSNRCTL>set log_directory <oracle_home path>/network/admin
    LSNRCTL>set log_file <SID name>.log
    LSNRCTL>set log_status on
    LSNRCTL>save_config

3. Set ADMIN_RESTRICTIONS in the listener.ora
  ADMIN_RESTRICTIONS_<listener name> = ON
Use the parameter ADMIN_RESTRICTIONS_listener_name to restrict runtime administration of the listener. The parameter is useful if the listener is not password-protected.
Setting ADMIN_RESTRICTIONS_listener_name=on disables the runtime modification of parameters in listener.ora. That is, the listener will refuse to accept SET commands that alter its parameters. To change any of the parameters in listener.ora, including ADMIN_RESTRICTIONS_listener_name itself, modify the listener.ora file manually and reload its parameters (with the RELOAD command) for the new changes to take effect without explicitly stopping and restarting the listener. (stop/start)
The above content is from http://docs.oracle.com/cd/B10500_01/network.920/a96581/listener.htm#500821.

评论

此博客中的热门博文

XML, XSL, HTML

Input in element.eleme.io

Data URI是由RFC 2397 ACE