오라클 리스너 패스워드 설정 방법

OS환경 : Oracle Linux 6.8 (64bit)

DB 환경 : Oracle Database 11.2.0.4

방법 : 오라클 리스너 패스워드 설정 방법

현재 리스너 확인

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

$ lsnrctl status LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:20:45 Copyright (c) 1991, 2013, Oracle.  All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521))) STATUS of the LISTENER ------------------------ Alias                     LISTENER Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production Start Date                09-JAN-2020 04:52:33 Uptime                    134 days 4 hr. 28 min. 11 sec Trace Level               off Security                  ON: Local OS Authentication SNMP                      OFF Listener Parameter File   /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora Listener Log File         /oracle/app/oracle/diag/tnslsnr/ORACLE11/listener/alert/log.xml Listening Endpoints Summary...   (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ORACLE11)(PORT=1521)))   (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) Services Summary... Service "ORCL11" has 1 instance(s).   Instance "ORCL11", status READY, has 1 handler(s) for this service... The command completed successfully

리스너 정지

$ lsnrctl stop
 
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:21:37
 
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
 
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
The command completed successfully

리스너 파일 수정

리스너 확인시 나오는 Listener Parameter File 을 보고 확인

$ vi /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# listener.ora Network Configuration File: /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
 
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ORACLE11)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
 
ADR_BASE_LISTENER = /oracle/app/oracle

LOCAL_OS_AUTHENTICATION_LISTENER = OFF 를 추가 후 저장

$ vi /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# listener.ora Network Configuration File: /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
 
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ORACLE11)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
 
ADR_BASE_LISTENER = /oracle/app/oracle
LOCAL_OS_AUTHENTICATION_LISTENER = OFF

리스너 기동

$ lsnrctl start
 
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:24:48
 
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
 
Starting /oracle/app/oracle/product/11.2.0/db_1/bin/tnslsnr: please wait...
 
TNSLSNR for Linux: Version 11.2.0.4.0 - Production
System parameter file is /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Log messages written to /oracle/app/oracle/diag/tnslsnr/ORACLE11/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ORACLE11)(PORT=1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
 
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                22-MAY-2020 09:24:48
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  OFF
SNMP                      OFF
Listener Parameter File   /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File         /oracle/app/oracle/diag/tnslsnr/ORACLE11/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ORACLE11)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully

현재 Security OFF 상태

lsnrctl 접속 후 change_password

Old password는 비운채로 엔터

새로운 패스워드 oracle1! 를 입력 후 엔터

이후 꼭 save_config 입력(save_config를 입력하지 않을 경우 패스워드가 등록되지 않음)

$ lsnrctl
 
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:25:24
 
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
 
Welcome to LSNRCTL, type "help" for information.
 
LSNRCTL> change_password
Old password: 
New password: 
Reenter new password: 
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File   /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Old Parameter File   /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.bak
The command completed successfully

정상적으로 설정됨

리스너 파일 확인

$ vi /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# listener.ora Network Configuration File: /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
 
LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ORACLE11)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
  )
 
ADR_BASE_LISTENER = /oracle/app/oracle
LOCAL_OS_AUTHENTICATION_LISTENER = OFF
 
#----ADDED BY TNSLSNR 22-MAY-2020 09:25:24---
PASSWORDS_LISTENER = 373C511F8C082638
#--------------------------------------------

PASSWORDS_LISTENER에 암호화된 패스워드가 저장됨

리스너 상태 확인

$ lsnrctl status
 
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:28:33
 
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
 
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
TNS-01169: The listener has not recognized the password

패스워드를 입력하지 않아 상태 확인이 안됨

리스너 정지 시도

$ lsnrctl stop
 
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:30:34
 
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
 
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
TNS-01169: The listener has not recognized the password

패스워드를 입력하지 않아 정지가 되지 않음

리스너 상태 재확인

lsnrctl 접속 후 set password 후 패스워드 입력 후 리스너 상태 조회

$ lsnrctl
 
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:29:36
 
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
 
Welcome to LSNRCTL, type "help" for information.
 
LSNRCTL> set password
Password: 
The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                22-MAY-2020 09:24:48
Uptime                    0 days 0 hr. 5 min. 0 sec
Trace Level               off
Security                  ON: Password
SNMP                      OFF
Listener Parameter File   /oracle/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File         /oracle/app/oracle/diag/tnslsnr/ORACLE11/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ORACLE11)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "ORCL11" has 1 instance(s).
  Instance "ORCL11", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL> 

정상적으로 조회됨

리스너 정지 재시도

lsnrctl 접속 후 set password 후 패스워드 입력 후 리스너 정지

$ lsnrctl
 
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 22-MAY-2020 09:31:10
 
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
 
Welcome to LSNRCTL, type "help" for information.
 
LSNRCTL> set password
Password: 
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ORACLE11)(PORT=1521)))
The command completed successfully

정상적으로 중지됨

참고

Oracle Database 12 c 릴리스 2 (12.2)부터 리스너 패스워드 기능이 더 이상 지원되지 않음

로컬 운영 체제 인증을 통해 인증이 시행되므로 보안 손실이 발생하지 않음

참조 : https://aozjffl.tistory.com/324

https://docs.oracle.com/en/database/oracle/oracle-database/19/netag/configuring-and-administering-oracle-net-listener.html#GUID-C3C40DBA-4282-41E1-9562-4B8B10947C4E