Listener Security – Important Tips
- Turn on Logging
In order to know, which listener commands were executing, one should enable the logging by the following:
LSNRCTL> set log_directory …/log
LSNRCTL> set log_file Listener_<sid name>.log
LSNRCTL> set log_status on LSNRCTL> save_config
- Set the Listener Password
Setting Listener Password is strongly recommended in order to prevent the distinct attacks. There are two ways to do the same. Either by setting PASSWORDS_listenername parameter in listener.ora file (Password will be in a Clear Text – Not Recommended)Or By using lsnrctl set password command (Highly Recommended).
- Remove Unused Services
Since listener.ora files are usually copied between # of instances, they may contain old and redundant entries. Remove any services not currently being used.
- Set ADMIN_RESTRICTIONS in Listener.ora
Setting this parameter in Listener.ora file to ON will prevent any runtime modification. One can not execute any SET command either Locally or Remotely.
- Set Valid Node Checking
It is no doubt one of the powerful tools to restrict the Traffic from Listener. It can be achieved by the following:tcp.validnode_checking = yes (to enable Valid Nodes Checking)tcp.invited_nodes = (Nodes where Access Allowed)tcp.excluded_nodes= (Nodes Where Access Restricted)Either Use Invited_Nodes or Excluded_Nodes but Do Never Use the Both.
About the Author Muhammad Rawish Siddiqui
Master in Computer Science and Post-Graduation in MIS. EDRP (EC-Council Disaster Recovery Professional), Security+, OCP 7.3, 10, 11g, 12c, 11i, R12, OCE 11i System Administration, Linux and RAC 10g, 11g, and OCS in Performance Tuning. More than 18 years’ Information Technology consecutive hands-on experience, possess diversified business and technical background on a wide variety platforms, hardware and operating systems, in the Capacity of Sr. Team Lead Consultant, Sr. Database Administrator, Sr. Applications DBA, Sr. Resident Consultant and Manager Systems. Extensive experience in managing ERP environments and large Databases including Space Management, Backup and Recover, Performance Tuning, Routine Tasks Automation and Database/Applications Health Checks. Started Oracle related Career from Oracle 6. Worked on 7, 8, 9i, 10g, 11g, 12c & e-Business 11.0.3, 11.5.9, 11.5.10.2, R12 and R12.2. Distinct Technical Jobs such as installation, migration, implementation, upgrade, cloning, and maintenance were performed hundreds number of times. Database and Applications (Security & Performance) related Health Checks, RAC & Data Guard Implementation/Troubleshooting Switchover/Failover were also made during the tenure on the basis of As-When-Needed. Contact Me for Database/Applications Installation, Upgrade, Migration, Disaster Recovery, Troubleshooting and Health Checks.