[20160513]Restrict Session与静态监听.txt
[20160513]Restrict Session与静态监听.txt
--给同事讲解动静态监听时,一次测试,当执行后alter system enable restricted session;发现远程用户依旧可以登录,检查发现是静态
--监听注册搞的鬼,做一个记录.并且把各种情况做一个总结:
1.环境:
SYS@book> @ &r/ver1
PORT_STRING VERSION BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx 11.2.0.4.0 Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
2.检查监听状态:
--没有静态监听注册.
$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
#SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.78)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
ADR_BASE_LISTENER = /u01/app/oracle
DIAG_ADR_ENABLED_LISTENER=OFF
3.首先分析启动数据库的各个阶段:
--//关闭数据库.
SYS@book> shutdown immediate ;
Database closed.
Database dismounted.
ORACLE instance shut down.
$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully
--可以发现没有服务.
--启动到nomount阶段:
SYS@book> startup nomount
ORACLE instance started.
Total System Global Area 634732544 bytes
Fixed Size 2255792 bytes
Variable Size 197133392 bytes
Database Buffers 427819008 bytes
Redo Buffers 7524352 bytes
$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "book" has 1 instance(s).
Instance "book", status BLOCKED, has 1 handler(s) for this service...
The command completed successfully
--注意这个时候监听状态BLOCKED.
--这个时候远程client端是无法连接数据库,要想通过连接要加入UR=A的内容如下,并且只能以sys用户登录.
78 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.78)(PORT = 1521))
)
(SDU = 32768)
(CONNECT_DATA =
(UR = A)
~~~~~~~
(SERVICE_NAME = book)
)
)
--//启动到mount阶段:
SYS@book> alter database mount ;
Database altered.
$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "book" has 1 instance(s).
Instance "book", status READY, has 1 handler(s) for this service...
The command completed successfully
--如果不出现状态READY,可能要等1小会,或者执行alter system register;,这个时候可以实现远程登录使用sys用户.
--另外仅仅存在一个服务.所以仅仅看到一项.
SYS@book> show parameter service
NAME TYPE VALUE
------------- ------- ----------
service_names string book
--//启动到open阶段:
SYS@book> alter database open ;
Database altered.
$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 1 instance(s).
Instance "book", status READY, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status READY, has 1 handler(s) for this service...
The command completed successfully
--到open阶段,可以发现还启动了bookXDB服务,以及打开了HTTP以及ftp端口.
4.执行alter system enable restricted session;后.
--//执行alter system enable restricted session后,可以禁止远程用户登录,但不影响本地用户登录.但是实际情况呢?
SYS@book> alter system enable restricted session;
System altered.
$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 1 instance(s).
Instance "book", status RESTRICTED, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status RESTRICTED, has 1 handler(s) for this service...
The command completed successfully
--//可以发现状态变成了RESTRICTED.远程连接出现如下错误不管sys用户还是scott用户.
ORA-12526: TNS:listener: all appropriate instances are in restricted mode
--//但是如果tnsnames.ora配置加入UR=A,完全不受任何影响,照样可以登录.感觉UR=A就像打开了一个后门.
--//取消restricted.
SYS@book> alter system disable restricted session;
System altered.
5.加入静态监听注册呢?
$ lsnrctl stop
..
$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
#SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SDU=32767)
(GLOBAL_DBNAME = book)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0.4/dbhome_1)
(SID_NAME = book)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.78)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
ADR_BASE_LISTENER = /u01/app/oracle
DIAG_ADR_ENABLED_LISTENER=OFF
$ lsnrctl start
..
SYS@book> alter system register;
System altered.
$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 2 instance(s).
Instance "book", status UNKNOWN, has 1 handler(s) for this service...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instance "book", status READY, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status READY, has 1 handler(s) for this service...
The command completed successfully
--注意看~,启动状态是UNKNOWN,这个就是静态监听注册,因为这个即使数据库没有启动也存在,因为这个实例是否存在未知,所以oracle标
--识状态为UNKNOWN.
SYS@book> alter system enable restricted session;
System altered.
$ lsnrctl status
....
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 2 instance(s).
Instance "book", status UNKNOWN, has 1 handler(s) for this service...
Instance "book", status RESTRICTED, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status RESTRICTED, has 1 handler(s) for this service...
The command completed successfully
--可以发现动态监听状态RESTRICTED.但是由于静态监听存在,远程用户依旧可以登录,无需加入UR=A.
--远程client使用sqlplus连上后观察:
$ lsnrctl service
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 17-MAY-2016 08:23:31
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.100.78)(PORT=1521)))
Services Summary...
Service "book" has 2 instance(s).
Instance "book", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1 refused:0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LOCAL SERVER
Instance "book", status RESTRICTED, has 2 handler(s) for this service...
Handler(s):
"D000" established:0 refused:0 current:0 max:1022 state:ready
DISPATCHER <machine: gxqyydg4, pid: 53314>
(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=21060))
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
Service "bookXDB" has 1 instance(s).
Instance "book", status RESTRICTED, has 1 handler(s) for this service...
Handler(s):
"D000" established:0 refused:0 current:0 max:1022 state:ready
DISPATCHER <machine: gxqyydg4, pid: 53314>
(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=21060))
The command completed successfully
--注意看~,可以发现是通过静态监听连上数据库的.
SYS@book> alter system disable restricted session;
System altered.
6.做一个总结:
-- 如果tnsnames.ora,加入(UR=A),就好像打开了一个后门,
-- 配置静态监听注册, alter system enable restricted session;对于远程用户无效.
-- 最后在补充一点,不启动监听实际上也可以远程连接数据库,参考链接:http://blog.itpub.net/267265/viewspace-1816211/
[20160513]Restrict Session与静态监听.txt相关推荐
- oracle中12523,【Oracle】静态监听导致的ORA-12523错误
今天配置完共享服务器模式之后发现登录过程中报错ORA-12523,排查错误之后发现是静态监听惹的祸.本机之上有两个监听,一个静态监 今天配置完共享服务器模式之后发现登录过程中报错ORA-12523,排 ...
- Oracle DBA之配置静态监听(listener registered statically)
为什么80%的码农都做不了架构师?>>> (1)listener.ora 本次实验将配置静态监听到listener L1上,项目SID_LIST_L1为L1的静态监听配置信息: ...
- 玩转oracle 11g(21):修改为静态监听
4. listener修改为静态监听 增加红色部分 SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSEx ...
- oracle 静态监听 端口,侦听动态注册静态注册local_listener参数端口PORT
之前都是网上看过整理的,今天看到local_listener竟然一点印象都没有,太恐怖,索性再好好整理一下,避免再次忘记. 一.什么是注册 注册就是将数据库作为一个服务注册到监听程序.客户端不需要知道 ...
- oracle什么时候使用静态监听,Oracle监听之动态监听与静态监听特点
动态注册不需要显示的配置listener.ora文件,实例启动的时候,PMON进程根据instance_name,service_name参数将实例和服务动态注册 1.如何查询某服务是静态监听注册还是 ...
- 静态监听 lsnrctl reload
配置静态静态 vi /opt/grid/products/11.2.0/network/admin/listener.ora SID_LIST_LISTENER =(SID_LIST =(SID_DE ...
- Oracle 动态监听和静态监听非1521端口配置
硬核配置方法, 动态监听配置默认的1521不做演示 动态注册非1521端口,需要配置三个地方listener.ora.tnsname.ora.local_listener. listener.ora配 ...
- Linux静态暗Oracle,Oracle静态监听配置示例
有的情况下比如在做DATA GUARD时备库的listener.ora需要配置静态注册. 1.listener.ora需要增加静态注册的相关语句: [Oracle@bys001 admin]$ cat ...
- oracle监听静态注册,oracle监听器动态注册于静态注册的区别
1, oracle 10g 用netca方式建立的都默认为动态注册方式 2,如果想改为静态注册的方式则在listener.ora 中加入如下内容即可 SID_LIST_LISTENER = (SID_ ...
最新文章
- 轮询没有收到的可能性_收到大学录取通知书,不去报到有什么影响?
- linux x window system下载,为Ubuntu 添加 KDE X WINDOW SYSTEM
- 单例模式(线程安全+延迟加载)
- Java多线程:线程间通信之Lock
- ROS安装并运行小乌龟
- LeetCode 1944. 队列中可以看到的人数(单调栈)
- linux终端快捷方式
- 吴恩达深度学习笔记 第二章作业1
- Go语言中的单引号、双引号、反引号
- python笔记:统计字符串里各种字符的个数 + pandas删除某列
- 使用Python基于BibTeX引用格式自动生成文献的IEEE引用格式
- 仿苹果桌面Android,iLauncher(仿苹果桌面)安卓版
- 罗素说理想与历程—幸福心灵的获取
- vue+element在IE中遇到的问题
- C++ Guaranteed Copy Elision
- Linux下测试SSD硬盘读写速率
- 全网最全软件测试面试题,拿不到offer算我输!
- 怎么用计算机算出锁屏密码,电脑怎么设置锁屏密码
- java面试技术准备
- PTA函数题相关接口(未完)
热门文章
- og-bin=mysql-bin_init_connect + binlog 记录 mysql 操作日志
- 戴森要搞能爬楼梯的吸尘器,两项专利设计现已提交
- 图神经网络世界冠军团队手把手授课,7天搞定图神经网络!
- 百万奖池,鹅厂offer,2020腾讯广告算法大赛等你来战!
- ICLR论文盲审大反转:三个“8”完美过关,又来两个“1”彻底拒绝
- 看懂这十步,8岁的小朋友都能理解深度学习
- 看一名 KDE 开发者如何使用 C++17 为项目提升巨大速度
- SpringOne 2017第二日:Juergen Hoeller的演讲
- Python Web实时消息后台服务器推送技术---GoEasy
- Visual studio 快捷键大全