devbox
小桥流水78
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

oracle数据库安全基线自动检测脚本_oracle 安全配置基线检测脚本

作者:小桥流水78 | 2024-08-09 18:55:24

oracle 安全配置基线检测脚本
  1. #!/bin/bash
  2.  
  3. #version 2.1 此脚本在rhel,centos,oel系统均已测试通过,适用于9i 10g 11g。但未在aix,solaris,unix测试,如果遇到问题请自行微调。
  4.  
  5. #Author: jn
  6. #Date: 2016.8
  7. HOSTNAME=`hostname`
  8. echo $HOSTNAME > orack.res.lst
  9. SQLPLUS=$ORACLE_HOME/bin/sqlplus
  10.  
  11. $SQLPLUS "/ as sysdba" << EOF
  12. -------  设置行宽、叶宽  ----------
  13. set line 150
  14. set pagesize 1000
  15. set feed off
  16. spool orack.res.lst
  17. -------  脚本开始运行的时间  ------------
  18. select 'Started On ' || to_char(sysdate,'yyyy-mm-dd hh24:mi:ss') started_time from dual;
  19. -------  Oracle的版本  ------------
  20. select banner from v\$version;
  21. #select banner from v$version;
  22. ------- 查看Oracle登录认证方式 ----------
  23. show parameter remote_login_passwordfile
  24. ------- 查看 oracle 用户密码HASH值 -----------
  25. select name,password from user\$;
  26. select name,password from user\$ where name in ( select username from dba_users where account_status='OPEN');
  27. -------  查看出于Active状态的帐号  ------------
  28. col username for a20
  29. col profile for a20
  30. select username,profile from dba_users where account_status='OPEN';
  31.  
  32. set line 150
  33. set pagesize 1000
  34. col profile for a20
  35. col resource_name for a30
  36. col resource for a25
  37. col limit for a30
  38. select * from dba_profiles;
  39. select * from dba_profiles where profile='DEFAULT';
  40. -------  查看是否开启了资源限制  ------------
  41. show parameter resource_limit
  42. -------查看审计开启情况-----
  43. show parameter audit
  44. -------  查看密码方面的限制  ------------
  45. col resource_name for a40
  46. col limit for a20
  47. col profile for a40
  48. select resource_name,limit,profile from dba_profiles where resource_type='PASSWORD';
  49. ------- 查看哪些用户具有DBA权限  ---------------
  50. col grantee for a15
  51. col granted_role for a15
  52. col admin_option for a15
  53. col default_role for a15
  54. select * from dba_role_privs where grantee in ( select username from dba_users where account_status='OPEN') and granted_role='DBA' order by grantee;
  55. ------- 查询视图dba_tab_privs被授予了public角色和执行权限表的数量 -------
  56. select count(*) table_name from dba_tab_privs where grantee='PUBLIC' and privilege='EXECUTE' and table_name in ('UTL_FILE', 'UTL_TCP', 'UTL_HTTP', 'UTL_SMTP', 'DBMS_LOB', 'DBMS_SYS_SQL', 'DBMS_JOB');
  57. ------- 查看激活用户的配置情况 -------
  58. select * from dba_profiles where profile in (select profile from dba_users where account_status='OPEN') and  limit NOT IN('DEFAULT','UNLIMITED','NULL');
  59. ------- 查看第三方审计工具的安装情况 -------
  60. SELECT * FROM V\$OPTION WHERE PARAMETER = 'Oracle Database Vault';
  61. #SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
  62. ------- 查看oracle最大连接数-------
  63. show parameter processes;
  64. ------- 查看非系统用户角色被授予dba的用户的数量 -------
  65. select count(a.username) from  dba_users a left join dba_role_privs b on a.username = b.grantee where granted_role = 'DBA' and a.username not in ('SYS','SYSMAN','SYSTEM');
  66. ------- 查看数据库会话 -------
  67. show parameter sessions;
  68. ------- 当sql92_security被设置成TRUE时,对表执行UPDATE/DELETE操作时会检查当前用户是否具备相应表的SELECT权限 --------
  69. show parameter sql92_security;
  70. ------- O7_DICTIONARY_ACCESSIBILITY参数控制对数据字典的访问.设置为true,如果用户被授予了如select any table等any table权限,用户即使不是dba或sysdba用户也可以访问数据字典,建议为false -------
  71. show parameter O7_DICTIONARY_ACCESSIBILITY;
  72. spool off
  73. EOF
  74.  
  75. # Oracle Port Number
  76. echo -e "\n\n" >> orack.res.lst
  77. echo "----------Port 1521 in listener.ora----------" >> orack.res.lst
  78. echo "" >> orack.res.lst
  79. LISTEN_ORA=$ORACLE_HOME/network/admin/listener.ora
  80. SQLNET_ORA=$ORACLE_HOME/network/admin/sqlnet.ora
  81. if [ -f $LISTEN_ORA ];then
  82.    grep 1521 $LISTEN_ORA >> orack.res.lst
  83. else
  84.    echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lst
  85. fi
  86.  
  87. # Listener Password
  88. echo -e "\n" >> orack.res.lst
  89. echo "----------Listener Password in listener.ora----------" >> orack.res.lst
  90. echo "" >> orack.res.lst
  91. if [ -f $LISTEN_ORA ];then
  92.    grep -i PASSWORDS_LISTENER $LISTEN_ORA >> orack.res.lst
  93. else
  94.    echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lst
  95. fi
  96.  
  97. # SQLNET TIMEOUT
  98. echo -e "\n" >> orack.res.lst
  99. echo "----------sqlnet timeout in sqlnet.ora----------" >> orack.res.lst
  100. echo "" >> orack.res.lst
  101. if [ -f $SQLNET_ORA ];then
  102.    grep -i SQLNET.EXPIRE_TIME $SQLNET_ORA >> orack.res.lst
  103. else
  104.    echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lst
  105. fi
  106.  
  107. # SQLNET Trusted IP 
  108. echo -e "\n" >> orack.res.lst
  109. echo "----------sqlnet trusted IP in sqlnet.ora----------" >> orack.res.lst
  110. echo "" >> orack.res.lst
  111. if [ -f $SQLNET_ORA ];then
  112.    egrep -i "tcp.validnode_checking|tcp.invited_nodes|tcp.excluded_nodes" $SQLNET_ORA >> orack.res.lst
  113. else
  114.    echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lst
  115. fi
  116.  
  117. echo -e "\n\n" >> orack.res.lst
  118. echo "==========================  End On `date`  ==========================" >> orack.res.lst

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小桥流水78/article/detail/954650
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号