[20160513]Restrict Session与静态监听.txt

--给同事讲解动静态监听时,一次测试,当执行后alter system enable restricted session;发现远程用户依旧可以登录,检查发现是静态
--监听注册搞的鬼,做一个记录.并且把各种情况做一个总结:

1.环境:
SYS@book> @ &r/ver1
PORT_STRING VERSION BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx 11.2.0.4.0 Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

2.检查监听状态:
--没有静态监听注册.
$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.

#SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF

LISTENER =
(DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.78)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
)

ADR_BASE_LISTENER = /u01/app/oracle
DIAG_ADR_ENABLED_LISTENER=OFF

3.首先分析启动数据库的各个阶段:
--//关闭数据库.
SYS@book> shutdown immediate ;
Database closed.
Database dismounted.
ORACLE instance shut down.

--启动到nomount阶段:
SYS@book> startup nomount
ORACLE instance started.

Total System Global Area 634732544 bytes
Fixed Size                  2255792 bytes
Variable Size             197133392 bytes
Database Buffers          427819008 bytes
Redo Buffers                7524352 bytes

--注意这个时候监听状态BLOCKED.
--这个时候远程client端是无法连接数据库,要想通过连接要加入UR=A的内容如下,并且只能以sys用户登录.

78 =
(DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.78)(PORT = 1521))
    )
    (SDU = 32768)
    (CONNECT_DATA =
        (UR = A)
        ~~~~~~~
      (SERVICE_NAME = book)
)
)

--//启动到mount阶段:
SYS@book> alter database mount ;
Database altered.

--如果不出现状态READY,可能要等1小会,或者执行alter system register;,这个时候可以实现远程登录使用sys用户.
--另外仅仅存在一个服务.所以仅仅看到一项.
SYS@book> show parameter service
NAME TYPE VALUE
------------- ------- ----------
service_names string book

--//启动到open阶段:
SYS@book> alter database open ;
Database altered.

$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 1 instance(s).
Instance "book", status READY, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status READY, has 1 handler(s) for this service...
The command completed successfully

--到open阶段,可以发现还启动了bookXDB服务,以及打开了HTTP以及ftp端口.

4.执行alter system enable restricted session;后.
--//执行alter system enable restricted session后,可以禁止远程用户登录,但不影响本地用户登录.但是实际情况呢?

SYS@book> alter system enable restricted session;
System altered.

$ lsnrctl status
...
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 1 instance(s).
Instance "book", status RESTRICTED, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status RESTRICTED, has 1 handler(s) for this service...
The command completed successfully

--//可以发现状态变成了RESTRICTED.远程连接出现如下错误不管sys用户还是scott用户.

ORA-12526: TNS:listener: all appropriate instances are in restricted mode

--//但是如果tnsnames.ora配置加入UR=A,完全不受任何影响,照样可以登录.感觉UR=A就像打开了一个后门.
--//取消restricted.

SYS@book> alter system disable restricted session;
System altered.

5.加入静态监听注册呢?
$ lsnrctl stop
..

$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.

#SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF

SID_LIST_LISTENER =
   (SID_LIST =
    (SID_DESC =
      (SDU=32767)
      (GLOBAL_DBNAME = book)
      (ORACLE_HOME = /u01/app/oracle/product/11.2.0.4/dbhome_1)
      (SID_NAME = book)
      )
    )

LISTENER =
(DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.78)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
)

ADR_BASE_LISTENER = /u01/app/oracle
DIAG_ADR_ENABLED_LISTENER=OFF

$ lsnrctl start
..

SYS@book> alter system register;
System altered.

$ lsnrctl status
...

Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 2 instance(s).
Instance "book", status UNKNOWN, has 1 handler(s) for this service...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instance "book", status READY, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status READY, has 1 handler(s) for this service...
The command completed successfully

--注意看~,启动状态是UNKNOWN,这个就是静态监听注册,因为这个即使数据库没有启动也存在,因为这个实例是否存在未知,所以oracle标
--识状态为UNKNOWN.

SYS@book> alter system enable restricted session;
System altered.

$ lsnrctl status
....
Listener Parameter File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=8888))(Presentation=HTTP)(Session=RAW))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=7777))(Presentation=FTP)(Session=RAW))
Services Summary...
Service "book" has 2 instance(s).
Instance "book", status UNKNOWN, has 1 handler(s) for this service...
Instance "book", status RESTRICTED, has 2 handler(s) for this service...
Service "bookXDB" has 1 instance(s).
Instance "book", status RESTRICTED, has 1 handler(s) for this service...
The command completed successfully

--可以发现动态监听状态RESTRICTED.但是由于静态监听存在,远程用户依旧可以登录,无需加入UR=A.
--远程client使用sqlplus连上后观察:

$ lsnrctl service
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 17-MAY-2016 08:23:31
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.100.78)(PORT=1521)))
Services Summary...
Service "book" has 2 instance(s).
Instance "book", status UNKNOWN, has 1 handler(s) for this service...
    Handler(s):
      "DEDICATED" established:1 refused:0
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         LOCAL SERVER
Instance "book", status RESTRICTED, has 2 handler(s) for this service...
    Handler(s):
      "D000" established:0 refused:0 current:0 max:1022 state:ready
         DISPATCHER <machine: gxqyydg4, pid: 53314>
         (ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=21060))
      "DEDICATED" established:0 refused:0 state:ready
         LOCAL SERVER
Service "bookXDB" has 1 instance(s).
Instance "book", status RESTRICTED, has 1 handler(s) for this service...
    Handler(s):
      "D000" established:0 refused:0 current:0 max:1022 state:ready
         DISPATCHER <machine: gxqyydg4, pid: 53314>
         (ADDRESS=(PROTOCOL=tcp)(HOST=gxqyydg4)(PORT=21060))
The command completed successfully

--注意看~,可以发现是通过静态监听连上数据库的.

SYS@book> alter system disable restricted session;
System altered.

6.做一个总结:
-- 如果tnsnames.ora,加入(UR=A),就好像打开了一个后门,
-- 配置静态监听注册, alter system enable restricted session;对于远程用户无效.
-- 最后在补充一点,不启动监听实际上也可以远程连接数据库,参考链接:http://blog.itpub.net/267265/viewspace-1816211/

[20160513]Restrict Session与静态监听.txt相关推荐

oracle中12523,【Oracle】静态监听导致的ORA-12523错误
今天配置完共享服务器模式之后发现登录过程中报错ORA-12523,排查错误之后发现是静态监听惹的祸.本机之上有两个监听,一个静态监今天配置完共享服务器模式之后发现登录过程中报错ORA-12523,排 ...
Oracle DBA之配置静态监听（listener registered statically）
为什么80%的码农都做不了架构师?>>> (1)listener.ora 本次实验将配置静态监听到listener L1上,项目SID_LIST_L1为L1的静态监听配置信息: ...
玩转oracle 11g（21）：修改为静态监听
4. listener修改为静态监听增加红色部分 SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSEx ...
oracle 静态监听端口,侦听动态注册静态注册local_listener参数端口PORT
之前都是网上看过整理的,今天看到local_listener竟然一点印象都没有,太恐怖,索性再好好整理一下,避免再次忘记. 一．什么是注册注册就是将数据库作为一个服务注册到监听程序.客户端不需要知道 ...
oracle什么时候使用静态监听,Oracle监听之动态监听与静态监听特点
动态注册不需要显示的配置listener.ora文件,实例启动的时候,PMON进程根据instance_name,service_name参数将实例和服务动态注册 1.如何查询某服务是静态监听注册还是 ...
静态监听 lsnrctl reload
配置静态静态 vi /opt/grid/products/11.2.0/network/admin/listener.ora SID_LIST_LISTENER =(SID_LIST =(SID_DE ...
Oracle 动态监听和静态监听非1521端口配置
硬核配置方法, 动态监听配置默认的1521不做演示动态注册非1521端口,需要配置三个地方listener.ora.tnsname.ora.local_listener. listener.ora配 ...
Linux静态暗Oracle,Oracle静态监听配置示例
有的情况下比如在做DATA GUARD时备库的listener.ora需要配置静态注册. 1.listener.ora需要增加静态注册的相关语句: [Oracle@bys001 admin]$ cat ...
oracle监听静态注册,oracle监听器动态注册于静态注册的区别
1, oracle 10g 用netca方式建立的都默认为动态注册方式 2,如果想改为静态注册的方式则在listener.ora 中加入如下内容即可 SID_LIST_LISTENER = (SID_ ...

[20160513]Restrict Session与静态监听.txt

[20160513]Restrict Session与静态监听.txt相关推荐

最新文章

热门文章