Friday, November 16, 2007

Oracle Listener Security

You are working on a critical issue on your database. You login to your database and you get the error "ORA-12541: TNS:no listener". Now you start wondering how the listener has been stopped. You have not stopped it. It means "SOMEONE ELSE HAS STOPPED THE LISTENER".

It shows, you need to secure your listener from unauthorized users.

You can protect your listener with a password so that only the authorized users can start and stop it and change the configuration.

To protect a listener with password, perform following as an Oracle user:

$ lsnrctl
LSNRCTL> change_password
Old password: {press enter here}
New password: {enter new password}
Reenter new password: {reenter password}

You will get following message once done

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
Password changed for LISTENER
The command completed successfully

Once you get the message, just save the cconfiguration in the listener.ora file.

LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
Saved LISTENER configuration parameters.
Listener Parameter File D:\oracle\product\10.2.0\db_1\network\admin\listener.ora
Old Parameter File D:\oracle\product\10.2.0\db_1\network\admin\listener.bak
The command completed successfully

That's it, and you have a password protected listener.

P.S. In Oracle 9i you need to give following command before saving the configuration in listener.ora file.

LSNRCTL> set password
Password:{the password you chose}
The command completed successfully

In Oracle 10g it is not required. Reason: In Oracle 10g, operating system authentication for the listener has been implemented. The listener checks to make sure you are part of the privileged dba group, and if so it will grant you access to change the password, save configuration, stop the listener, etc.

Now you are safe from all the unauthorized shutdowns of listener and other kind of security breaches.

3 comments:

Anonymous said...

I have learn several excellent stuff here. Certainly price bookmarking for revisiting.
I surprise how a lot effort you put to make this
kind of fantastic informative website.

My site: reverse osmosis filtration

Anonymous said...

Hi there are using Wordpress for your site platform?
I'm new to the blog world but I'm trying to get started and create my own.
Do you require any html coding knowledge to make your own blog?
Any help would be greatly appreciated!

Here is my blog post; jack la lane power juicer

Anonymous said...

Good day! Would you mind if I share your blog with my myspace group?

There's a lot of folks that I think would really appreciate your content. Please let me know. Cheers

Look at my page ... http://ultimatecommodores.com/wiki/index.php?title=User:ScottyPJM