1. 修复Oracle TNS 监听器远程中毒漏洞
1.1 修改监听文件
vi $ORACLE_HOME/network/admin/listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = ods)
(ORACLE_HOME = /u01/app/oracle/product/11.2.0/db_1)
(SID_NAME = ods)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = IP或主机名)(PORT = 1521))
# (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) --注释掉,一般不会使用ipc,绝大部分应用使用tcp连接数据库
)
)
ADR_BASE_LISTENER = /u01/app/oracle
# 单实例只需要新增下面这一行就OK
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1
# RAC需要新增下面三行,有多少个LISTENER_SCAN监听就添加几个
VALID_NODE_CHECKING_REGISTRATION_LISTENER=ON
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=ON
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=(添加rac节点的所有public IP,包括主机IP,VIP,SCANIP)
1.2 重新加载监听
lsnrctl reload
lsnrctl reload listener_scan1 # RAC实例还需要执行该命令