Oracle Listener Protection
Submitted by admin on Sat, 2003-02-15 07:26
articles:
Database listeners can be stopped remotely from any operating system account (not just oracle). To prevent this, all listeners on production machines MUST be password protected.
Configuration:
1. Do the following on a test system to obtain an encrypted password value:
LSNRCTL> SET SAVE_CONFIG_ON_STOP ON LSNRCTL> CHANGE_PASSOWRD Old password: <enter> New password: oracledba Reenter the new password: oracledba LSNRCTL> SET PASSWORD Password: oracledba LSNRCTL> STOP
Edit or view your LISTENER.ORA file and write down the password value that Oracle added to the listener.ora file (PASSWORDS_LISTENER=...)
2. On your production systems, add the following two lines for all listeners listed in LISTENER.ORA:
PASSWORDS_lsnrname=<VALUE OBTAINED FROM STEP 1> ADMIN_RESTRICTIONS_lsnrname=ON
These parameters will allow you to start the listener (without a password). However, trying to stop it will require you to enter the password.
3. Lastly, protect your Oracle Net files at operating system level:
$ chmod ug=rw listener.ora $ chmod ug=rw,o=r sqlnet.ora tnsnames.ora
»
- admin's blog
- Log in to post comments