实现Oracle非1521标准端口动态注册

动态注册dynamic registry和静态注册是Oracle实例和监听器之间建立联系的重要方式。从现在趋势看,默认监听器+动态注册已经成为默认Oracle标准配置。在一些场景下,处于安全的原因可能需要修改标准监听配置和注册方式。本篇主要介绍如何实现非1521端口进行动态注册方法。

1、默认监听与1521端口

Oracle Net Service核心三个配置文件:listener.ora、tnsnames.ora和sqlnet.ora。其中,listener.ora文件为监听器相关信息的配置文件。关于监听器个性化参数内容,均在该文件中设置。

在默认安装情况下,我们一般在$ORACLE_HOME/network/admin目录中是可以没有listener.ora文件的。

[oracle@aaalife admin]$ ls -l

-rw-r-----. 1 oracle oinstall  332 Aug  7 01:44 tnsnames.ora

此时,Oracle会在1521默认端口,支持一个默认配置文件的监听器程序。并且,该程序支持动态注册功能。

[oracle@aaalife admin]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:08:10

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.4.0 - Production

Log messages written to /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml

Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))

STATUS of the LISTENER

------------------------

Alias                    LISTENER

Version                  TNSLSNR for Linux: Version 11.2.0.4.0 - Production

Start Date                07-SEP-2015 01:08:10

Uptime                    0 days 0 hr. 0 min. 0 sec

Trace Level              off

Security                  ON: Local OS Authentication

SNMP                      OFF

--此处没有说明监听器配置文件路径。

Listener Log File        /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))

The listener supports no services

The command completed successfully

对注册行为另一端的Oracle实例而言,默认情况下Oracle实例会进行动态注册动作,会向1521端口监听的监听程序进行注册动作。

[oracle@aaalife admin]$ lsnrctl status

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:14:54

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))

STATUS of the LISTENER

------------------------

Alias                    LISTENER

Version                  TNSLSNR for Linux: Version 11.2.0.4.0 - Production

Start Date                07-SEP-2015 01:08:10

Uptime                    0 days 0 hr. 6 min. 43 sec

Trace Level              off

Security                  ON: Local OS Authentication

SNMP                      OFF

Listener Log File        /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))

Services Summary...

Service "aaadb" has 1 instance(s).

Instance "aaadb", status READY, has 1 handler(s) for this service...

Service "aaadbXDB" has 1 instance(s).

Instance "aaadb", status READY, has 1 handler(s) for this service...

The command completed successfully

2、非默认端口监听器

在一些安全需求场景下,我们会被要求修改监听端口到非1521端口,从而避免被扫描入侵。其实,这对于攻击扫描程序来讲,意义不大,因为一般黑客攻击都会扫描所有端口。

如果我们需要修改端口号,就必须创建专门的listener.ora文件内容来进行配置。下面内容可以配置一个非标准监听器程序。

[oracle@aaalife admin]$ cat listener.ora

# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

# Generated by Oracle configuration tools.

MY_LISTENER =

(DESCRIPTION_LIST =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1531))

(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1531))

)

)

ADR_BASE_LISTENER = /u01/app/oracle

配置文件中,包括一个1531端口的监听程序。下面查看监听器情况。

[oracle@aaalife admin]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:27:53

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.4.0 - Production

System parameter file is /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Log messages written to /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml

Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))

STATUS of the LISTENER

------------------------

Alias                    LISTENER

Version                  TNSLSNR for Linux: Version 11.2.0.4.0 - Production

Start Date                07-SEP-2015 01:27:53

Uptime                    0 days 0 hr. 0 min. 0 sec

Trace Level              off

Security                  ON: Local OS Authentication

SNMP                      OFF

Listener Parameter File  /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Listener Log File        /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))

The listener supports no services

The command completed successfully

默认显示的还有1521端口监听程序。同时,发现其实当前服务器上是由两个监听器运行的。

[oracle@aaalife admin]$ lsnrctl status listener

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:30:13

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))

STATUS of the LISTENER

------------------------

Alias                    LISTENER

Version                  TNSLSNR for Linux: Version 11.2.0.4.0 - Production

Start Date                07-SEP-2015 01:27:53

Uptime                    0 days 0 hr. 2 min. 19 sec

Trace Level              off

Security                  ON: Local OS Authentication

SNMP                      OFF

Listener Parameter File  /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Listener Log File        /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521)))

Services Summary...

Service "aaadb" has 1 instance(s).

Instance "aaadb", status READY, has 1 handler(s) for this service...

Service "aaadbXDB" has 1 instance(s).

Instance "aaadb", status READY, has 1 handler(s) for this service...

The command completed successfully

[oracle@aaalife admin]$

[oracle@aaalife admin]$ lsnrctl status my_listener

LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 07-SEP-2015 01:30:29

Copyright (c) 1991, 2013, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1531)))

STATUS of the LISTENER

------------------------

Alias                    LISTENER

Version                  TNSLSNR for Linux: Version 11.2.0.4.0 - Production

Start Date                07-SEP-2015 01:17:52

Uptime                    0 days 0 hr. 12 min. 37 sec

Trace Level              off

Security                  ON: Local OS Authentication

SNMP                      OFF

Listener Parameter File  /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora

Listener Log File        /u01/app/oracle/diag/tnslsnr/aaalife/listener/alert/log.xml

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1531)))

(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1531)))

The listener supports no services

The command completed successfully

上面信息显示出几个细节:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/0206b8de9e46774c73a11451bea7e975.html