动态注册dynamic registry和静态注册是Oracle实例和监听器之间建立联系的重要方式。从现在趋势看,默认监听器+动态注册已经成为默认Oracle标准配置。在一些场景下,处于安全的原因可能需要修改标准监听配置和注册方式。本篇主要介绍如何实现非1521端口进行动态注册方法。
1、默认监听与1521端口
Oracle Net Service核心三个配置文件:listener.ora、tnsnames.ora和sqlnet.ora。其中,listener.ora文件为监听器相关信息的配置文件。关于监听器个性化参数内容,均在该文件中设置。
在默认安装情况下,我们一般在$ORACLE_HOME/network/admin目录中是可以没有listener.ora文件的。
[oracle@aaalife admin]$ ls -l
-rw-r-----. 1 oracle oinstall 332 Aug 7 01:44 tnsnames.ora
此时,Oracle会在1521默认端口,支持一个默认配置文件的监听器程序。并且,该程序支持动态注册功能。
[oracle@aaalife admin]$ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:08:10
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Log messages written to /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:08:10
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
--此处没有说明监听器配置文件路径。
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
The listener supports no services
The command completed successfully
对注册行为另一端的Oracle实例而言,默认情况下Oracle实例会进行动态注册动作,会向1521端口监听的监听程序进行注册动作。
[oracle@aaalife admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:14:54
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:08:10
Uptime 0 days 0 hr. 6 min. 43 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Services Summary...
Service "aaadb" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
Service "aaadbXDB" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
The command completed successfully
2、非默认端口监听器
在一些安全需求场景下,我们会被要求修改监听端口到非1521端口,从而避免被扫描入侵。其实,这对于攻击扫描程序来讲,意义不大,因为一般黑客攻击都会扫描所有端口。
如果我们需要修改端口号,就必须创建专门的listener.ora文件内容来进行配置。下面内容可以配置一个非标准监听器程序。
[oracle@aaalife admin]$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
MY_LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1531))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1531))
)
)
ADR_BASE_LISTENER = /u01/app/oracle
配置文件中,包括一个1531端口的监听程序。下面查看监听器情况。
[oracle@aaalife admin]$ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:27:53
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.4.0 - Production
System parameter file is /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
The listener supports no services
The command completed successfully
默认显示的还有1521端口监听程序。同时,发现其实当前服务器上是由两个监听器运行的。
[oracle@aaalife admin]$ lsnrctl status listener
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:30:13
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:27:53
Uptime 0 days 0 hr. 2 min. 19 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))
Services Summary...
Service "aaadb" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
Service "aaadbXDB" has 1 instance(s).
Instance "aaadb", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@aaalife admin]$
[oracle@aaalife admin]$ lsnrctl status my_listener
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:30:29
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1531)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date 07-SEP-2015 01:17:52
Uptime 0 days 0 hr. 12 min. 37 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1531)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1531)))
The listener supports no services
The command completed successfully
上面信息显示出几个细节: