- Turn on Logging
In order to know, which listener commands were executing, one should enable the logging by the following:
LSNRCTL> set log_directory …/log
LSNRCTL> set log_file Listener_<sid name>.log
LSNRCTL> set log_status on LSNRCTL> save_config
- Set the Listener Password
Setting Listener Password is strongly recommended in order to prevent the distinct attacks. There are two ways to do the same. Either by setting PASSWORDS_listenername parameter in listener.ora file (Password will be in a Clear Text – Not Recommended)Or By using lsnrctl set password command (Highly Recommended).
- Remove Unused Services
Since listener.ora files are usually copied between # of instances, they may contain old and redundant entries. Remove any services not currently being used.
- Set ADMIN_RESTRICTIONS in Listener.ora
Setting this parameter in Listener.ora file to ON will prevent any runtime modification. One can not execute any SET command either Locally or Remotely.
- Set Valid Node Checking
It is no doubt one of the powerful tools to restrict the Traffic from Listener. It can be achieved by the following:tcp.validnode_checking = yes (to enable Valid Nodes Checking)tcp.invited_nodes = (Nodes where Access Allowed)tcp.excluded_nodes= (Nodes Where Access Restricted)Either Use Invited_Nodes or Excluded_Nodes but Do Never Use the Both.