{"id":485,"date":"2021-09-11T00:48:15","date_gmt":"2021-09-10T16:48:15","guid":{"rendered":"http:\/\/dba.qishuo.xin\/?p=485"},"modified":"2021-12-04T16:29:38","modified_gmt":"2021-12-04T08:29:38","slug":"oraclerac%e9%98%b2%e7%81%ab%e5%a2%99%e9%85%8d%e7%bd%ae","status":"publish","type":"post","link":"http:\/\/dba.qishuo.xin\/?p=485","title":{"rendered":"OracleRAC\u9632\u706b\u5899\u914d\u7f6e"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-right counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<label for=\"ez-toc-cssicon-toggle-item-69f5ff100fb82\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69f5ff100fb82\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#1_%E5%AE%89%E8%A3%85%E5%B9%B6%E5%90%AF%E5%8A%A8%E9%98%B2%E7%81%AB%E5%A2%99%EF%BC%88%E7%95%A5%EF%BC%89\" >1. \u5b89\u88c5\u5e76\u542f\u52a8\u9632\u706b\u5899\uff08\u7565\uff09<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#2_%E7%AE%A1%E7%90%86%E5%8F%AF%E4%BF%A1%E4%BB%BB%E7%9A%84%E5%9F%9F\" >2. \u7ba1\u7406\u53ef\u4fe1\u4efb\u7684\u57df<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#21_%E5%88%9B%E5%BB%BA%E5%8F%AF%E4%BF%A1%E4%BB%BB%E7%9A%84%E5%9F%9F\" >2.1. \u521b\u5efa\u53ef\u4fe1\u4efb\u7684\u57df<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#22_%E7%A7%BB%E9%99%A4%E5%8F%AF%E4%BF%A1%E4%BB%BB%E7%9A%84%E5%9F%9F\" >2.2. \u79fb\u9664\u53ef\u4fe1\u4efb\u7684\u57df<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#3_%E8%AE%BE%E7%BD%AE%E5%85%AC%E5%85%B1%E5%9F%9F%E7%9A%84%E8%AE%BF%E9%97%AE\" >3. \u8bbe\u7f6e\u516c\u5171\u57df\u7684\u8bbf\u95ee<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#31_%E7%A7%BB%E9%99%A4%E5%85%AC%E5%85%B1%E5%9F%9F%E4%B8%ADssh%E7%99%BB%E5%BD%95\" >3.1. \u79fb\u9664\u516c\u5171\u57df\u4e2dssh\u767b\u5f55<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#32_%E5%85%81%E8%AE%B8%E7%89%B9%E5%AE%9AIP%E5%9C%B0%E5%9D%80ssh%E7%99%BB%E5%BD%95\" >3.2. \u5141\u8bb8\u7279\u5b9aIP\u5730\u5740ssh\u767b\u5f55<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#33_%E5%85%81%E8%AE%B8%E7%89%B9%E5%AE%9AIP%E5%9C%B0%E5%9D%80%E8%AE%BF%E9%97%AE%E6%95%B0%E6%8D%AE%E5%BA%93IP\" >3.3. \u5141\u8bb8\u7279\u5b9aIP\u5730\u5740\u8bbf\u95ee\u6570\u636e\u5e93IP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#34_%E7%A7%BB%E9%99%A4%E7%89%B9%E5%AE%9AIP%E5%9C%B0%E5%9D%80%E8%AE%BF%E9%97%AE%E6%95%B0%E6%8D%AE%E5%BA%93IP\" >3.4. \u79fb\u9664\u7279\u5b9aIP\u5730\u5740\u8bbf\u95ee\u6570\u636e\u5e93IP<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#4_ssh%E6%90%AD%E9%85%8Dpam_tally2\" >4. ssh\u642d\u914dpam_tally2<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#41_%E8%AE%A4%E8%AF%81%E9%80%89%E9%A1%B9\" >4.1. \u8ba4\u8bc1\u9009\u9879<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"http:\/\/dba.qishuo.xin\/?p=485\/#42_%E5%91%BD%E4%BB%A4%E8%A1%8C%E7%AE%A1%E7%90%86\" >4.2. \u547d\u4ee4\u884c\u7ba1\u7406<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p><code>NOTE:\u9488\u5bf9\u9632\u706b\u5899\u7684\u64cd\u4f5c\u9700\u8981\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u6267\u884c\uff01<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"1_%E5%AE%89%E8%A3%85%E5%B9%B6%E5%90%AF%E5%8A%A8%E9%98%B2%E7%81%AB%E5%A2%99%EF%BC%88%E7%95%A5%EF%BC%89\"><\/span>1. \u5b89\u88c5\u5e76\u542f\u52a8\u9632\u706b\u5899\uff08\u7565\uff09<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"2_%E7%AE%A1%E7%90%86%E5%8F%AF%E4%BF%A1%E4%BB%BB%E7%9A%84%E5%9F%9F\"><\/span>2. \u7ba1\u7406\u53ef\u4fe1\u4efb\u7684\u57df<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><span class=\"ez-toc-section\" id=\"21_%E5%88%9B%E5%BB%BA%E5%8F%AF%E4%BF%A1%E4%BB%BB%E7%9A%84%E5%9F%9F\"><\/span>2.1. \u521b\u5efa\u53ef\u4fe1\u4efb\u7684\u57df<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code class=\"language-shell line-numbers\">~]# firewall-cmd --permanent --add-source=192.168.10.0\/24 --zone=trusted\nsuccess\n~]# firewall-cmd --permanent --add-source=172.16.36.0\/24 --zone=trusted\nsuccess\n~]#  firewall-cmd --permanent --add-source=172.16.38.0\/24 --zone=trusted\nsuccess\n~]# firewall-cmd --reload\nsuccess\n~]# firewall-cmd --list-sources --zone=trusted\n192.168.10.0\/24 172.16.36.0\/24\n<\/code><\/pre>\n<h4><span class=\"ez-toc-section\" id=\"22_%E7%A7%BB%E9%99%A4%E5%8F%AF%E4%BF%A1%E4%BB%BB%E7%9A%84%E5%9F%9F\"><\/span>2.2. \u79fb\u9664\u53ef\u4fe1\u4efb\u7684\u57df<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code class=\"language-shell line-numbers\">~]# firewall-cmd --permanent --remove-source=172.16.37.0\/24 --zone=trusted\nsuccess\n\n~]# firewall-cmd --reload\nsuccess\n\n~]# firewall-cmd --list-sources --zone=trusted\n<\/code><\/pre>\n<h3><span class=\"ez-toc-section\" id=\"3_%E8%AE%BE%E7%BD%AE%E5%85%AC%E5%85%B1%E5%9F%9F%E7%9A%84%E8%AE%BF%E9%97%AE\"><\/span>3. \u8bbe\u7f6e\u516c\u5171\u57df\u7684\u8bbf\u95ee<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><span class=\"ez-toc-section\" id=\"31_%E7%A7%BB%E9%99%A4%E5%85%AC%E5%85%B1%E5%9F%9F%E4%B8%ADssh%E7%99%BB%E5%BD%95\"><\/span>3.1. \u79fb\u9664\u516c\u5171\u57df\u4e2dssh\u767b\u5f55<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code class=\"language-shell line-numbers\">~]# firewall-cmd --permanent --remove-service=ssh --zone=public\nsuccess\n~]# firewall-cmd --reload\nsuccess\n<\/code><\/pre>\n<h4><span class=\"ez-toc-section\" id=\"32_%E5%85%81%E8%AE%B8%E7%89%B9%E5%AE%9AIP%E5%9C%B0%E5%9D%80ssh%E7%99%BB%E5%BD%95\"><\/span>3.2. \u5141\u8bb8\u7279\u5b9aIP\u5730\u5740ssh\u767b\u5f55<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code class=\"language-shell line-numbers\">~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=192.168.70.26\/32 service name=ssh accept' --zone=public\nsuccess\n~]# firewall-cmd --reload\nsuccess\n<\/code><\/pre>\n<h4><span class=\"ez-toc-section\" id=\"33_%E5%85%81%E8%AE%B8%E7%89%B9%E5%AE%9AIP%E5%9C%B0%E5%9D%80%E8%AE%BF%E9%97%AE%E6%95%B0%E6%8D%AE%E5%BA%93IP\"><\/span>3.3. \u5141\u8bb8\u7279\u5b9aIP\u5730\u5740\u8bbf\u95ee\u6570\u636e\u5e93IP<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code class=\"language-shell line-numbers\">~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=210.26.116.109\/32 port port=1521 protocol=tcp accept' --zone=public\nsuccess\n~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=192.168.70.26\/32 port port=1521 protocol=tcp accept' --zone=public\nsuccess\n~]# firewall-cmd --reload\nsuccess\n<\/code><\/pre>\n<h4><span class=\"ez-toc-section\" id=\"34_%E7%A7%BB%E9%99%A4%E7%89%B9%E5%AE%9AIP%E5%9C%B0%E5%9D%80%E8%AE%BF%E9%97%AE%E6%95%B0%E6%8D%AE%E5%BA%93IP\"><\/span>3.4. \u79fb\u9664\u7279\u5b9aIP\u5730\u5740\u8bbf\u95ee\u6570\u636e\u5e93IP<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code class=\"language-shell line-numbers\">~]# firewall-cmd --permanent --remove-rich-rule 'rule family=ipv4 source address=192.168.70.26\/32 port port=1521 protocol=tcp accept' --zone=public\nsuccess\n~]# firewall-cmd --reload\nsuccess\n<\/code><\/pre>\n<p>\u6700\u7ec8\u914d\u7f6e\u7684\u4e24\u4e2a\u57df\u7684\u9632\u706b\u5899\u7b56\u7565\u4e3a\uff1a<br \/>\n<a href=\"http:\/\/dba.qishuo.xin\/wp-content\/uploads\/2021\/09\/wp_editor_md_b6c2e8a2e8a83b03448903b62b7415a2.jpg\" data-fancybox=\"images\" data-fancybox=\"images\"><img decoding=\"async\" src=\"http:\/\/dba.qishuo.xin\/wp-content\/uploads\/2021\/09\/wp_editor_md_b6c2e8a2e8a83b03448903b62b7415a2.jpg\" alt=\"\" \/><\/a><\/p>\n<p><code>\u867d\u7136\u64cd\u4f5c\u7cfb\u7edf\u5728\u9632\u706b\u5899\u5c42\u505a\u4e86\u9650\u5236\uff0c\u4f46\u662f\u51b3\u5b9a\u80fd\u5426\u8bbf\u95ee\u6570\u636e\u5e93\u7aef\u53e3\u7684\u7b2c\u4e00\u8981\u7d20\u4ecd\u7136\u662f\u7f51\u7edc\u5c42\u6709\u6ca1\u6709\u505a\u9650\u5236\u3002<\/code><\/p>\n<h3><span class=\"ez-toc-section\" id=\"4_ssh%E6%90%AD%E9%85%8Dpam_tally2\"><\/span>4. ssh\u642d\u914dpam_tally2<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a href=\"http:\/\/dba.qishuo.xin\/wp-content\/uploads\/2021\/09\/wp_editor_md_8504ee2a02d62ab7a74a52690ef73acf.jpg\" data-fancybox=\"images\" data-fancybox=\"images\"><img decoding=\"async\" src=\"http:\/\/dba.qishuo.xin\/wp-content\/uploads\/2021\/09\/wp_editor_md_8504ee2a02d62ab7a74a52690ef73acf.jpg\" alt=\"\" \/><\/a><\/p>\n<p>\u4e0a\u56fe\u4e2d\u663e\u793a<\/p>\n<h4><span class=\"ez-toc-section\" id=\"41_%E8%AE%A4%E8%AF%81%E9%80%89%E9%A1%B9\"><\/span>4.1. \u8ba4\u8bc1\u9009\u9879<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>deny  \u6307\u5b9a\u6700\u5927\u51e0\u6b21\u8ba4\u8bc1\u9519\u8bef\uff0c\u5982\u679c\u8d85\u51fa\u6b64\u9519\u8bef\uff0c\u5c06\u6267\u884c\u540e\u9762\u7684\u7b56\u7565\u3002\u5982\u9501\u5b9aN\u79d2\uff0c\u5982\u679c\u540e\u9762\u6ca1\u6709\u5176\u4ed6\u7b56\u7565\u6307\u5b9a\u65f6\uff0c\u9ed8\u8ba4\u6c38\u8fdc\u9501\u5b9a\uff0c\u9664\u975e\u624b\u52a8\u89e3\u9501\u3002<\/li>\n<li>lock_time  \u4e00\u6b21\u5931\u8d25\uff0c\u9501\u5b9a\u591a\u957f\u65f6\u95f4\uff0c\u6309\u79d2\u4e3a\u5355\u4f4d\uff1b<\/li>\n<li>unlock_time \u6307\u5b9a\u8ba4\u8bc1deny\u6b21\u6570\u88ab\u9501\u540e\uff0c\u591a\u957f\u65f6\u95f4\u81ea\u52a8\u89e3\u9501\u7528\u6237\uff1b<\/li>\n<li>magic_root \u5982\u679c\u7528\u6237uid\uff1d0\uff08\u5373root\u8d26\u6237\u6216\u76f8\u5f53\u4e8eroot\u7684\u5e10\u6237\uff09\u5728\u5e10\u6237\u8ba4\u8bc1\u65f6\u8c03\u7528\u8be5\u6a21\u5757\u53d1\u73b0\u5931\u8d25\u65f6\uff0c\u4e0d\u8ba1\u5165\u7edf\u8ba1\uff1b<\/li>\n<li>no_lock_time \u4e0d\u4f7f\u7528.fail_locktime\u9879\u5728\/var\/log\/faillog \u4e2d\u8bb0\u5f55\u7528\u6237 \uff0d\uff0d\uff0d\u6309\u82f1\u6587\u76f4\u8bd1\u4e0d\u592a\u660e\u767d\uff0c\u4e2a\u4eba\u7406\u89e3\u5373\u4e0d\u8fdb\u884c\u7528\u6237\u9501\u5b9a\uff1b<\/li>\n<li>even_deny_root    root\u7528\u6237\u5728\u8ba4\u8bc1\u51fa\u9519\u65f6\uff0c\u4e00\u6837\u88ab\u9501\u5b9a\uff08\u8be5\u529f\u80fd\u614e\u7528\uff0c\u641e\u4e0d\u597d\u5c31\u8981\u5355\u7528\u6237\u65f6\u89e3\u9501\u4e86\uff09<\/li>\n<li>root_unlock_time  root\u7528\u6237\u5728\u5931\u8d25\u65f6\uff0c\u9501\u5b9a\u591a\u957f\u65f6\u95f4\u3002\u8be5\u9009\u9879\u4e00\u822c\u662f\u914d\u5408even_deny_root \u4e00\u8d77\u4f7f\u7528\u7684\u3002<\/li>\n<\/ul>\n<h4><span class=\"ez-toc-section\" id=\"42_%E5%91%BD%E4%BB%A4%E8%A1%8C%E7%AE%A1%E7%90%86\"><\/span>4.2. \u547d\u4ee4\u884c\u7ba1\u7406<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre><code class=\"line-numbers\">pam_tally2  \u67e5\u770b\u6240\u6709\u7528\u6237\u5931\u8d25\u72b6\u6001\npam_tally2 --user=root   \u6307\u5b9a\u67e5\u770b\u8be5\u7528\u6237\u5931\u8d25\u72b6\u6001  \u7b80\u5199  pam_tally2  -u root\npam_tally2 --user=root  --reset   \u89e3\u9664\u7528\u6237\u9650\u5236  \u7b80\u5199  pam_tally2  -r -u root\n<\/code><\/pre>\n<p><a href=\"http:\/\/dba.qishuo.xin\/wp-content\/uploads\/2021\/09\/wp_editor_md_2286b747bf243b0a66ca5879cf008c45.jpg\" data-fancybox=\"images\" data-fancybox=\"images\"><img decoding=\"async\" src=\"http:\/\/dba.qishuo.xin\/wp-content\/uploads\/2021\/09\/wp_editor_md_2286b747bf243b0a66ca5879cf008c45.jpg\" alt=\"\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NOTE:\u9488\u5bf9\u9632\u706b\u5899\u7684\u64cd\u4f5c\u9700\u8981\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\u6267\u884c\uff01 &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,24,27],"tags":[16,63,64],"class_list":{"0":"post-485","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-oracle","7":"category-24","9":"tag-oracle","10":"tag-rac","11":"tag-64"},"_links":{"self":[{"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=\/wp\/v2\/posts\/485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=485"}],"version-history":[{"count":3,"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=\/wp\/v2\/posts\/485\/revisions"}],"predecessor-version":[{"id":1160,"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=\/wp\/v2\/posts\/485\/revisions\/1160"}],"wp:attachment":[{"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=485"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/dba.qishuo.xin\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}