1. 1.首先查看监听状态(使用的是默认监听):
[root@dbserver ~]# su - oracle
[oracle@dbserver ~]$ lsnrctl
LSNRCTL for Linux: Version
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
TNS-12541: TNS: no listener
TNS-12560: TNS: protocol adapter error
TNS-00511: No listener
Linux Error: 111: Connection refused
要设置口令的监听必须处于启动状态
1. 2.启动监听
LSNRCTL> start
Starting /oracle/app/oracle/product/
TNSLSNR for Linux: Version
System parameter file is /oracle/app/oracle/product/
Log messages written to /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version
Start Date 11-OCT-2012 13:52:32
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Password or Local OS Authentication
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
The listener supports no services
The command completed successfully
LSNRCTL>
3.给监听设置口令
listener的密码策略对start无效,目的是防止恶意stop(start ,如果有在运行,则不成功,所以也就不需要保护了)
LSNRCTL> set current_listener listener<-- 设置当前监听器的配置名称
Current Listener is listener
LSNRCTL> change_password
Old password: <原来的口令> <-- 如果原来没有设置口令就直接回车,否则输入原来的口令
New password: <新口令>
Reenter new password: <新口令>
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
Password changed for listener
The command completed successfully
LSNRCTL> set password
Password: <新口令>
The command completed successfully
LSNRCTL> save_config(此步重要,保存当前设置)
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /oracle/app/oracle/product/
Old Parameter File /oracle/app/oracle/product/
The command completed successfully
LSNRCTL>
4.禁用本地验证
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version
Start Date 11-OCT-2012 13:52:32
Uptime 0 days 0 hr. 10 min. 56 sec
Trace Level off
Security ON: Password or Local OS Authentication
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Services Summary...
Service "sztech1" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
Service "sztech1XDB" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
The command completed successfully
在默认情况下,启动Listener或者使用lsnrctl status命令查看监听状态,可以看到:
Security ON: Password OR Local OS Authentication
这表明Listener的安全机制使用了Password方式或者Local OS Authentication方式,在这种状态下,即使是设置了监听密码,对于启动监听的user来说,也仍然是不需要任何密码就可以停止监听的。
如果我们想去除自Oracle10g之后的这种新安全机制,那么需要在listener.ora文件中添加:
LOCAL_OS_AUTHENTICATION_[listener name]=OFF
[oracle@dbserver admin]$ vi listener.ora
# listener.ora Network Configuration File: /oracle/app/oracle/product/
# Generated by Oracle configuration tools.
SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.133.120)(PORT = 1521))
)
)
ADR_BASE_LISTENER = /oracle/app/oracle
#----ADDED BY TNSLSNR 11-OCT-2012 12:01:40---
PASSWORDS_LISTENER = BC15114DF0BA2BF0
#--------------------------------------------
LOCAL_OS_AUTHENTICATION_listener=OFF
"listener.ora" 21L, 544C written
重新启动Listener之后,将会只看到:
LSNRCTL> start
Starting /oracle/app/oracle/product/
TNSLSNR for Linux: Version
System parameter file is /oracle/app/oracle/product/
Log messages written to /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version
Start Date 11-OCT-2012 14:07:53
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Password
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
The listener supports no services
The command completed successfully
这就又回复到了Oracle9i时的状态,只要有密码存在,无论是谁尝试停止监听都会被要求set password。
5.验证口令已生效
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
TNS-01169: The listener has not recognized the password
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
TNS-01169: The listener has not recognized the password
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version
Start Date 11-OCT-2012 14:07:53
Uptime 0 days 0 hr. 1 min. 35 sec
Trace Level off
Security ON: Password
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Services Summary...
Service "sztech1" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
Service "sztech1XDB" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
The command completed successfully
LSNRCTL>
| 欢迎光临 重庆思庄Oracle、Redhat认证学习论坛 (http://bbs.cqsztech.com/) | Powered by Discuz! X3.2 |