查系统默认的策略,连续验证10次错误帐户即会被锁
SQL> select resource_name, limit from dba_profiles where profile='DEFAULT';
RESOURCE_NAME LIMIT
-------------------------------- ----------------------------------------
COMPOSITE_LIMIT UNLIMITED
SESSIONS_PER_USER UNLIMITED
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL UNLIMITED
LOGICAL_READS_PER_SESSION UNLIMITED
LOGICAL_READS_PER_CALL UNLIMITED
IDLE_TIME UNLIMITED
CONNECT_TIME UNLIMITED
PRIVATE_SGA UNLIMITED
FAILED_LOGIN_ATTEMPTS 10
PASSWORD_LIFE_TIME 180
RESOURCE_NAME LIMIT
-------------------------------- ----------------------------------------
PASSWORD_REUSE_TIME UNLIMITED
PASSWORD_REUSE_MAX UNLIMITED
PASSWORD_VERIFY_FUNCTION NULL
PASSWORD_LOCK_TIME 1
PASSWORD_GRACE_TIME 7
16 rows selected.
查看用户被锁状态
SQL> select username,account_status from dba_users where username='USER1';
USERNAME ACCOUNT_STATUS
------------------------------ --------------------------------
USER1 LOCKED(TIMED)
SQL> select name,lcount from user$ where;
NAME LCOUNT
------------------------------ ----------
USER1 10
先处理问题,将验证错误次数改为不受限制,解锁用户
SQL> alter profile default limit FAILED_LOGIN_ATTEMPTS unlimited;
Profile altered.
SQL> alter user user1 account unlock;
User altered.
再查看用户验证的错误次数,如果此帐户一直在验证,可以看到次数一直在增加
SQL> select name,lcount from user$ where;
通过日志文件/u01/app/Oracle/diag/tnslsnr/localhost/listener/alert/log.xml追查请求来源ip,但是效果不理想
1.看不到请求的用户名,看不到请求结果,对请求来源ip判断可能有误
2.日志过多,暂时想不到关键字过滤
[oracle@localhost adump]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 12-MAY-2016 11:46:39
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=iZ11y546tzlZ)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 10-MAY-2016 09:44:40
Uptime 2 days 2 hr. 1 min. 59 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/localhost/listener/alert/log.xml
Listening Endpoints Summary...
[oracle@localhost ~]$ tail -f /u01/app/oracle/diag/tnslsnr/localhost/listener/alert/log.xml
<msg time='2016-05-12T11:52:33.423+08:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='localhost'
host_addr='10.174.70.172'>
<txt>12-MAY-2016 11:52:33 * (CONNECT_DATA=(SERVICE_NAME=orcl)(CID=(PROGRAM=C:\Program?Files??x86?\PremiumSoft\Navicat?Premium\navicat.exe)(HOST=HUJF-PC)(USER=hujf))) * (ADDRESS=(PROTOCOL=tcp)(HOST=110.82.160.106)(PORT=59584)) * establish * orcl * 0
</txt>
</msg>
设置格式,查returncode为1017的,可以很清楚看到验证的用户(userid)计算机名(userhost,局域网有用)请求来源ip(comment$text)
SQL> set pagesize 100;
SQL> set linesize 150;
SQL> select sessionid,userid,userhost,comment$text,spare1,ntimestamp# from aud$ where returncode=1017;
53080 USER1
WORKGROUP\HUJF-PC
Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=110.82.160.106)(PORT=59584))
hujf
12-MAY-16 03.52.34.569085 AM
53085 SYSTEM
WORKGROUP\HUJF-PC
Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=110.82.160.106)(PORT=6720))
hujf
12-MAY-16 03.55.39.857892 AM