Oracle监听器的各种问题总结:1)系统断电异常重启后导致Oracle的监听无法正常启动,此时可以通过手动修改一下,使用静态注册监听
Oracle监听器的各种问题总结:
1)系统断电异常重启后导致Oracle的监听无法正常启动,此时可以通过手动修改一下,使用静态注册监听:
如:
# listener.ora Network Configuration File: /var/local/u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /home/u01/app/oracle/product/11.2.0/dbhome_2)
(PROGRAM = extproc)
)
以下为增加的内容
(SID_DESC =
(GOLBAL_DBNAME = orcl)
(ORACLE_HOME = /home/u01/app/oracle/product/11.2.0/dbhome_2)
(SID_NAME = orcl)
)
)
以上为增加的内容
LISTENER =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
)
2)ora-3136
修改listener的inbound_connect_timeout参数的方法
方法一:
LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter “inbound_connect_timeout” set to 60
The command completed successfully
LSNRCTL> set inbound_connect_timeout 0
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter “inbound_connect_timeout” set to 0
The command completed successfully
LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter “inbound_connect_timeout” set to 0
The command completed successfully
LSNRCTL> set save_config_on_stop on #表示修改参数永久生效,否则只是临时生效,下次重启监听又还原为原来的值了
方法二:
修改listener.ora文件,加入: INBOUND_CONNECT_TIMEOUT_LISTENER_NAME=0
3)为了数据库的安全,,我们不仅可以限制远程登陆操作系统的ip,也可以限制通过监听连接数据库服务器的ip
在sqlnet.ora中增加如下配置 【Linux公社 】
tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.102,192.168.1.222,192.168.1.0/24) #表示只允许192.168.1.102和192.168.1.222以及192.168.1.0、24网段的地址通过监听连接数据库
别的地址连接就会报如下错误
ERROR:
ORA-12537: TNS: 连接关闭
4)禁止通过操作系统认证连接数据库(sqlplus / as sysdba)
在sqlnet.ora中加入如下内容:
SQLNET.AUTHENTICATION_SERVICES=NONE
或者SQLNET.AUTHENTICATION_SERVICES=(NTS)
此时使用sqlplus / as sysdba登录,就会报 ORA-01031: 权限不足错误
5)本人线上安全的监听服务配置文件如下:
–cat sqlnet.ora
# sqlnet.ora Network Configuration File: /home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
SQLNET.INBOUND_CONNECT_TIMEOUT = 0
SQLNET.RECV_TIMEOUT = 30
SQLNET.SEND_TIMEOUT = 30
DIAG_ADR_ENABLED = OFF
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.1.102,192.168.1.222,192.168.1.0/24)
ADR_BASE = /home/faxc/app/faxc
–cat listener.ora
# listener.ora Network Configuration File: /home/faxc/app/faxc/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /home/faxc/app/faxc/product/11.2.0/dbhome_1)
(PROGRAM = extproc)
)
(SID_DESC =
(GOLBAL_DBNAME = orcl)
(ORACLE_HOME = /home/faxc/app/faxc/product/11.2.0/dbhome_1)
(SID_NAME = orcl)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.222)(PORT = 1521))
)
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
)
)
ADR_BASE_LISTENER = /home/faxc/app/faxc
–cat tnsnames.ora
ORCL=
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.222)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)
200=
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.200)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = orcl)
)
)
6)如果允许的话,可以通过iptables禁止1521端口对外访问,只需本机通过1521端口访问即可
-A RH-Firewall-1-INPUT -s 127.0.0.1 -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT #只允许本机通过1521端口访问
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 1521 -j ACCEPT #允许外网和本机通过1521端口访问。
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至253000106@qq.com举报,一经查实,本站将立刻删除。
发布者:PHP中文网,转转请注明出处:https://www.chuangxiangniao.com/p/1916854.html
