Securing the Listener

Securing the Listener

 

The TNS listener should be password protected using the lsnrctl utility or the netmgr GUI. When using the lsnrctl utility, the change_password command is used to set the password for the first time, or to change an existing password.

LSNRCTL> change_password

Old password:

New password:

Reenter new password:

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=myserver.mydomain)(PORT=1521)))

Password changed for LISTENER

The command completed successfully

LSNRCTL>

The "Old password:" value should be left blank if the password is being set for the first time. Once the new password is set, the configuration should be saved using the save_config command.

LSNRCTL> save_config

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=myserver.mydomain)(PORT=1521)))

Saved LISTENER configuration parameters.

Listener Parameter File   /u01/app/oracle/product/10.1.0/db_1/network/admin/listener.ora

Old Parameter File   /u01/app/oracle/product/10.1.0/db_1/network/admin/listener.bak

The command completed successfully

LSNRCTL>

Once the password is set, subsequent attempts to perform privileged operations such as save_config and stop will fail unless the password is set using the set password command.

LSNRCTL> set password

Password:

The command completed successfully