数据库安不安全?有没有入侵?
检查主机登录信息,查看近期有无异常访问情况
last|tail -100
检查当前端口访问情况
netstat -ano
检查当前登录情况,有无异常用户访问
w
检查数据库是否安装最新补丁
$ORACLE_HOME/OPatch/opatch lsinv
数据库默认侦听端口是否为默认的1521,为了提高安全性,推荐采用非默认端口
lsnrctl stat
查看侦听日志有无非法IP连接记录(建议查看最近10000条)
grep "HOST=.*establish.*\* 0" listener.log | awk -F'*' '{match($3,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/); ip = substr($3,RSTART,RLENGTH);cnt[ip]+=1;last[ip]=$1;}END {for (i in cnt) printf "%-16s %9s %19s\n",i,cnt[i],last[i];}' | sort -k 1
检查数据库用户有无异常,建议锁定不用的用户并更改默认密码
set lin 200 pages 100
col username for a22
col PROFILE for a30
select username,account_status,lock_date,expiry_date,profile,created from dba_users order by 1;
检查用户权限是否符合最小化要求
col grantee for a30
select GRANTEE,PRIVILEGE from dba_sys_privs where grantee in (select username from dba_users where account_status='OPEN' and username not in ('SYS','SYSTEM')) order by 1;
col GRANTED_ROLE for a30
select GRANTEE,GRANTED_ROLE from dba_role_privs where grantee in (select username from dba_users where account_status='OPEN' and username not in ('SYS','SYSTEM')) order by 1;
col owner for a20
col table_name for a30
col privilege for a20
select grantee,owner,table_name,privilege from dba_tab_privs where grantee in (select username from dba_users where account_status='OPEN' and username not in ('SYS','SYSTEM')) order by 1;
检查密码验证函数是否开启
col limit for a40
select * from dba_profiles where RESOURCE_NAME='PASSWORD_VERIFY_FUNCTION';
检查密码最近一次修改日期
select name,to_char(ptime,'yyyy-mm-dd hh24:mi:ss') pwd_time from user$ where type#=1 order by 2;
检查拥有DBA角色用户,禁止除了sys、system以外的普通用户拥有dba角色
select grantee from dba_role_privs where granted_role='DBA';
检查数据库是否开启日志,日志内容是否完整
show parameter audit
检查数据库审计日志,查看有无异常访问(如果审计日志表aud$>30G,可能需要30分钟返回结果)
col obj_name for a30
col SQL_TEXT for a40
select * FROM (select username,
to_char(timestamp,'yyyymmdd HH24:MI') tm,
obj_name,
action_name,
replace(substr(sql_text,1,80),chr(34),'') as sql_text
from dba_audit_trail where action_name not in ('LOGON','LOGOFF') AND timestamp > SYSDATE - 15
ORDER BY timestamp desc) v
WHERE ROWNUM<50;
检查语句是否有异常的条件(火眼金睛时刻到了)
select sql_text from v$sqlarea where rownum<10001 order by 1;
sql注入病毒检测
select 'drop ' || object_type || ' ' || owner || '.' || object_name || ';'
from dba_objects
where object_name in ('DBMS_SUPPORT_DBMONITOR', 'DBMS_SUPPORT_DBMONITORP');
检查文件路径参数是否设置为*(12c以下版本)
show parameter utl_file_dir
暴力测试sys、system密码是否弱口令
conn system/system
conn system/oracle
结束,收工。
阅读(1834) | 评论(0) | 转发(0) |
