Oracle漏洞掃描安全加固

1、OraCIe日常維護(hù)：數(shù)據(jù)庫啟動(dòng)、關(guān)閉介紹關(guān)于操作系統(tǒng)和數(shù)據(jù)庫合規(guī)檢查漏洞的解決方案OraCIe數(shù)據(jù)庫分冊(cè)適用軟件版本OraCleIog 11g適用硬件版本主題關(guān)于操作系統(tǒng)和數(shù)據(jù)庫合規(guī)檢查漏洞的解決方案OraCle數(shù)據(jù)庫分冊(cè)1、問題描述與原因：OraCIe數(shù)據(jù)庫在合規(guī)檢查時(shí)被掃描出漏洞，要求對(duì)這些漏洞進(jìn)行解決。2、應(yīng)對(duì)措施：對(duì)存在漏洞進(jìn)行定制的安全加固操作。3、執(zhí)行條件/注意事項(xiàng)：加固前確保服務(wù)器、數(shù)據(jù)庫、網(wǎng)管運(yùn)行均正常。最好重啟下服務(wù)器、數(shù) 據(jù)庫和網(wǎng)管查看重啟后網(wǎng)管是否能運(yùn)行正常。如果加固前服務(wù)器本身有問題， 加固后服務(wù)器運(yùn)行異常會(huì)加大排查難度。本解決方案執(zhí)行完成后，需要重啟 OraCIe數(shù)

2、據(jù)庫來生效某些操作。本解決方案不必完全執(zhí)行，請(qǐng)根據(jù)系統(tǒng)掃描出的漏洞選擇對(duì)應(yīng)的漏洞條 目進(jìn)行操作。如無特殊說明，本文中的執(zhí)行用戶均為OraCIe4、操作步驟：漏洞清單（單擊可跳轉(zhuǎn)）：（注：漏洞名稱與配置項(xiàng)信息中的配置項(xiàng)名稱對(duì)應(yīng)。）漏洞1.檢查是否對(duì)用戶的屬性進(jìn)行控制（5）漏洞2.檢查是否配置OraCIe軟件賬戶的安全策略（2）漏洞3.檢查是否啟用數(shù)據(jù)字典保護(hù)漏洞4.檢查是否在數(shù)據(jù)庫對(duì)象上設(shè)置了 VPD和OLS（ 6）漏洞5.檢查是否存在 dvsys用戶dbms macadm寸象（14）漏洞6.檢查是否數(shù)據(jù)庫應(yīng)配置日志功能（11漏洞7.檢查是否記錄操作日志 （13漏洞8.檢杳是否記錄安全事件日志

3、（7）漏洞9.檢查是否根據(jù)業(yè)務(wù)要求制定數(shù)據(jù)庫審計(jì)策略漏洞10.檢查是否為監(jiān)聽設(shè)置密碼漏洞11.檢查是否限制可以訪問數(shù)據(jù)庫的地址（1）漏洞12.檢查是否使用加密傳輸（4）漏洞13.檢查是否設(shè)置超時(shí)時(shí)間（15）漏洞14.檢查是否設(shè)置DBA組用戶數(shù)量限制 （3）漏洞15.檢查是否刪除或者鎖定無關(guān)帳號(hào)漏洞16.檢查是否限制具備數(shù)據(jù)庫超級(jí)管理員（ SYSDBA權(quán)限的用戶遠(yuǎn)程登錄（10）漏洞仃.檢查口令強(qiáng)度設(shè)置 （17）漏洞18.檢查帳戶口令生存周期（12）漏洞19. 檢查是否設(shè)置記住歷史密碼次數(shù)（8）漏洞20. 檢查是否配置最大認(rèn)證失敗次數(shù)漏洞21.檢查是否在配置用戶所需的最小權(quán)限（9）漏洞22.檢查是

4、否使用數(shù)據(jù)庫角色（RoLE來管理對(duì)象的權(quán)限（16）漏洞23.檢查是否更改數(shù)據(jù)庫默認(rèn)帳號(hào)的密碼執(zhí)行OraCle安全加固操作前備份文件：bash-3.2$ CP $ORACLE_HOME/network/admi n/liste ner.ora $ORACLE_HOME/networkSIIi/admi n/liste IIibash-3.2$ CP $ORACLE_HOME/network/admi n/sql net.ora $ORACLE_HOME/network/i-iII Iadmi n/sql OraCIe數(shù)據(jù)庫漏洞的解決方案全部執(zhí)行完成后，

5、需要重啟OraCle實(shí)例來生效某些操作。漏洞1.檢查是否對(duì)用戶的屬性進(jìn)行控制類型：OraCIe數(shù)據(jù)庫類'MONI問題：SQL>seiectcount(username) from dba_USerStWhere- PrOfiTen6tn('DEFATORlNGPROFILE');iIi:COUNT(T.USERNAME)-I!I解決方案：暫時(shí)不處理。漏洞2. 檢查是否配置OraCle軟件賬戶的安全策略類型：OraCIe數(shù)據(jù)庫類問題：略解決方案：暫時(shí)不處理漏洞3.檢查是否啟用數(shù)據(jù)字典保護(hù)類型：OraCIe數(shù)據(jù)庫類問題：SQL>'seTecfVaTUe7

6、rdm_V$parameterwhere'name'TikeT%07_DrCTrONARY_ACCESSIBILIITy%'III!ISelect value from v$Parameter Where name like '%O7_DICTIONARY_ACCESSI 引 LITY%'IIIiII*IIiIIiERROR at li ne 1:iIIORA-01034: ORACLE not availableIIIiiPrOCeSS ID: 0iIItSeSSi on ID: 0 SeriaI nu mber: 0IiI*«n！-r m

7、r v H ! ："!*! upfl：« kt 0 Ta LK Ti: r Fis解決方案：在數(shù)據(jù)庫啟動(dòng)的情況下，通過下面的命令檢查o7_dictio nary_acceSSibiIity的參數(shù)值：15 i r WlV bb air w r srw a r b HrB a f a r B r hLBWB ib aes wMWBB r bBHIeB V air maB hsawba Wb h, FB av fSaq ! 9 B!m B r e a vE a 9 v0BaB hb TrV HK B19MVBer ULB"WHzIbaSh-3.2$ sqlplus Sy

8、Stem/oracle<SID>IIiSSQL*Plus: ReIeaSe .0 - PrOdUCtiOn on ThU Jan 9 11:33:56 2014ISIiCopyright (C) 1982, 2007, OraCle. All RightS Reserved.IIIiiIIIIIIiiConn ected to:OraCIe DatabaSe 10g En terprise Editi On ReIeaSe 102040 - PrOduCtiOnI1I1:IWith the Partitioning, OLA Data Mining and Real

9、 APPIiCation TeSting optionsIIIS:iI-ii；ISQL> show Parameter o7_dicti on ary_accessibility;NAMEITYPEVALUEO7 DlCTIONARY ACCESSIBILITY boolean FALSEI檢查出默認(rèn)的結(jié)果是FALS后，使用下面的命令退出SQL*PLUSIISQL> exitIii64bitISDiSConnected from OraCIe DatabaSe 11g Enterprise Edition ReIeaSe 1120.3.0 - iiiPrOdUCti oniIIii

10、With the Partitioning, OLAData Mining and ReaI APPIiCation TeSting optionsIiBJl BaBiBBBBM-BBa & _> “!£ BrB ! B-UB W4BjB !& BUB-« U _漏洞4.檢查是否在數(shù)據(jù)庫對(duì)象上設(shè)置了 VPD和OLS類型：OraCIe數(shù)據(jù)庫類問題：SQL> SeIeCt coun t(*) from v$vpd_policy;IJ；COUNT(*)0Ilai!BBa*BB a>EBaB *BBaa-Ii a*BB a BHa*BBaBBSAB

11、Haa>BBB a*BBB* a*BBB*B BaULHBJBBB a*BB*SB解決方案：暫時(shí)不處理。漏洞5. 檢查是否存在 dvsys用戶dbms_macadm寸象類型：OraCIe數(shù)據(jù)庫類問題： H !& _ = = *.|&1. _ BMBiSBMB _ 4 + SQL> SeIeCt COun t(*) from dba_USerS Where USer name='DVSYS'I1 COUNT(*)0Ii解決方案：暫時(shí)不處理。漏洞6.檢查是否數(shù)據(jù)庫應(yīng)配置日志功能類型：OraCIe數(shù)據(jù)庫類問題：SQL> SeIeCt coun t(*

12、) from dba_triggers t Where trim(t.triggeri ng_eve nt) = trim('ON');i!II COUNT(*)頁腳內(nèi)容42問題：SQL> SeIeCt COun t(*) from dba_triggers t Where trim(t.triggeri ng_eve nt) = trim('L ON');iI-Ii CoUNT(*)0VBBB H IlTB B B-B 解決方案：暫時(shí)不處理。漏洞9.檢查是否根據(jù)業(yè)務(wù)要求制定數(shù)據(jù)庫審計(jì)策略類型：OraCIe數(shù)據(jù)庫類問題：SQL> SeIeCt val

13、ue from v$Parameter t Where t.n ame = 'audit_trail'ii:iSelect value from v$Parameter t Where t.n ame = 'audit_trail'*!IERROR at li ne 1:ji；1iORA-01034: ORACLE not availableIiPrOCeSS ID: 0jSeSSiOn ID: 0 SeriaI nu mber: 0解決方案：暫時(shí)不處理。漏洞10.檢查是否為監(jiān)聽設(shè)置密碼類型：OraCIe數(shù)據(jù)庫類問題：$ Cat find $ORACLE_HOM

14、E -n ame sql net.ora' | grep -V "#"|grep -V "八$"!ifind: 0652-081 CannOt Cha nge directory to voracleappOraCle/dbhome_1/sysman : _con fig/pref>:iI:The file access PermiSSiOnS do not allow the SPeCified action.!Iii$ Cat 'find $ORACLE_HOME -name listener.ora' | grep -

15、V "#"|grep -V "$"iIjfind: 0652-081 CannOt Cha nge directory to voracleappOraCle/dbhome_1/sysmaIiIcon figpref>:iIICiiIS:The file access PermiSSions do not allow the SPeCified action.!jiISID LIST LlSTENER = IIIIII(SID_LIST=iIIIKiiII(SID_DESC =iIIiIIKi (SID_NAME = PLSEXtPrOC)iIEI

16、jE(ORACLE_HOME = /oracle/app/oracle/dbhome_1)IEIIKI(PROGRAM = extproc)i )III (SID_DESC =BIi(GLOBAL_DBNAME = minos)III(ORACLE_HOME = oracleappOraCle/dbhome_1)IiII(SID_NAME = minos)II:i )IiI )ISIiLlSTENER =:I!II (DESCRIPTION_LIST =IiII (DESCRIPTION =8I:II (ADDRESS = (PROTOCOL = TCP)(HOST = 100.92.255.

17、141)(PoRT = 15：ISIiI)IIiI1 )IADR_BASE_LISTENER = oracleappOraCleII解決方案：bash-3.2$ls nrctlIIIi:I!I-JAN-20LSNRCTL for IBM/AIX RISC SyStem/6000: VerSiO n .0 - PrOdUCtiOn Oni14 15:11:21COPyright (C) 1991,2011, Oracle. All rights reserved.IIIkiIIIIIIiIIIIIIIIiWelcome to LSNRCTL, type "help&qu

18、ot; for in formatio n.IIIiIiEIiIiILSNRCTlCha nge_paSSWOrdIKIiOld PaSSWord:如果之前沒有密碼則這里不填，直接按En ter鍵>iiIENeW PaSSWord:IIEIICIRee nter new PaSSWord:i IISIICo nn ect ing to (DESCRlPTloN=(ADDRESS=(PRoToCoL=TCP)(HoST=2)(PoRTiFi=1521)iIIIEIPaSSWOrd Chan ged for LISTENERiiIiiiIThe comma nd com

19、pleted SUCCeSSfullyiiSIILSNRCTL>ave_c onfigISIIEICo nn ect ing to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=2)(PORTI=1521)IIIS!Saved LISTENER con figurati on ParameterS.IjLiSte ner Parameter File /oracle/app/oracle//dbhome_1/ netWork/adm in/IRIIIiSte ner.oraiiIkiIEIjjQld Parame

20、ter File /oracle/app/oracle//dbhome_1/netWork/admi n/l iste:n er.bakIIEIThe comma nd completed SUCCeSSfullyIIILSNRCTLXitIIIII!Ibash-3.2$IIEIj:設(shè)置完成后通過下面的命令檢查：IIiDS"bash-3.2$ Cat $ORACLE_HOME/network/admi n/l iste ner.ora | grep "PASSWRII有輸出則說明已經(jīng)設(shè)置成功了。EIIBJB U M « Bd H « KB

21、 B BlB KB B N M-B B4 £ » U B « K-B B BiB B _ B BS漏洞11.檢查是否限制可以訪問數(shù)據(jù)庫的地址類型：OraCIe數(shù)據(jù)庫類問題：$ Cat 'find $ORACLE_HQME -n ame sql net.ora' j grep -V "#"|grep -V "$"IIIIifind: 0652-081 CannOt Change directory to voracleappOraCle/dbhome_1/sysmaiIj/con fig/pref>:II

22、!Iji:The file access PermiSSi OnS do not allow the SPeCified acti on.IIII$ Cat 'find $ORACLE_HOME -n ame liste ner.ora' grep -V "#"|grep -V "$"IIISIIBIjfind: 0652-081 CannOt Cha nge directory to </oracle/app/oracle/dbhome_1/sysmaii IIScon fig/pref>:II:The file acces

23、s PermiSSi ons do not allow the SPeCified acti on.SID LIST LISTENER =ji (SlDjjST =IEIIEII (SIDJDESC =IHIiSI(SIDJNAME = PLSEXtPrOC)IIII(ORACLEJHOME= oracleappOraCle/dbhome_1)IIiI(PRoGRAM = extproc)IiiIIii )IISIII!I (SIDJDESC =iII!IIiiI (GLOBALJDBNAME = min os)!iIiI(ORACLEJHOME = /oracle/app/oracle/db

24、home_1)? II!Ii(SIDJNAME = minos)IIIi )IiLISTENER =IiI (DESCRIPTIONJLIST =jiii (DESCRIPTION =IIiI(ADDRESS = (PROTOCOL = TCP)(HOST = 41)(PoRT = 1521)IIIiii )iIIIiIiI )iIIADR_BASE_LISTENER = oracleappOraCIeIl>iiBBa*BB a*BBj a*BB- aa*saa* aBi a*BB a解決方案： 檢査 $oRACLE_HOMEnetwrkdminSqinet.o文

25、件中是否有以下行：:IiITCPALlDNoDE CHECKING = YESIi；TCFTNVITED_NODES = (VhOSt_1>, VhOSt_2>,)其中<host x>是允許訪問本數(shù)據(jù)庫的IP地址。jI如果沒有，則根據(jù)需要在文件中添加，隨后重啟數(shù)據(jù)庫。i!重啟完成后，則數(shù)據(jù)庫只允許 TCFTNVITED_NOD列出的IP來訪問。I;IIIISII如果不存在sqlnet.ora文件，請(qǐng)使用以下命令創(chuàng)建此文件后再實(shí)施上面的操I作：IIIbash-3.2$touch $ORACLE_HOME/network/admi n/sql net.oraI!漏洞12.檢

26、查是否使用加密傳輸類型：OraCIe數(shù)據(jù)庫類問題:$ Cat 'find $ORACLE_HOME -n ame sql net.ora' grep -V "#"|grep -V "八$"!iI!find: 0652-081 CannOt Change directory to </oracle/app/oracle/dbhome_1/sysmacon fig/pref>:The file access PermiSSi OnS do not allow the SPeCified acti on.IIiI$ Cat '

27、;find $ORACLE_HOME -n ame Iiste ner.ora' grep -V "#"|grep -V "$"IIIiifind: 0652-081 CannOt Cha nge directory to </oracle/app/oracle/dbhome_1/sysmaIIIcon fig/pref>:II；:The file access PermiSSi ons do not allow the SPeCified acti on.iISID LIST LlSTENER =!-iiIII(SID_LIST =

28、iIIIiI(SID_DESC =II(SID_NAME= PLSEXtPrOC)iiIIii(ORACLE_HOME = /oracle/app/oracle/dbhome_1)iIiEII(PROGRAM= extproc)IIKIiS)IiI(SID_DESC =I(GLOBAL_DBNAME=min os)IIi(ORACLE_HOME = /oracle/app/oracle/dbhome_1)IiEIIiI (SID_NAME = minos)IiS1 )IIIE1 )SII!IiLISTENER =Ii (DESCRIPTloNjJST =IIIEI(DESCRIPTION =I

29、II (ADDRESS = (PROTOCOL = TCP)(HOST = 41)(PORT = 1521)I丨SII!iI )丨IIEIiEIIIIi )IIADRJBASEJLISTENER = oracleappOraCIe|IEII0 Hn wk «*! r* n Tc i"B *!« kt 0i : The file access PermiSSions do not allow the SPeCified action.H wev m Ta LK TU hr f-K"KH » *! !解決方案：暫時(shí)不處理。漏

30、洞13.檢查是否設(shè)置超時(shí)時(shí)間類型：OraCIe數(shù)據(jù)庫類問題：J B an an an a « . nn * B an an Kn :B an na mu * n an .$ Cat 'find $ORACLEJHOME -n ame sql net.ora' grep -V "#"|grep -V "$"iII II:Ifind: 0652-081 CannOt Cha nge directory to voracleappOraCle/dbhome_1/SySman iiIiIcon figpref>:IIIIiEi :

31、 The file access PermiSSiOnS do not allow the SPeCified action.IIIISIIBI$ Cat 'find $ORACLEJHOME -n ame liSte ner.ora' grep -V "#"|grep -V "$"IIIEIiEifind: 0652-081 CannOt Cha nge directory to </oracle/app/oracle/dbhome_1/SySmaniIi con figpref>:SlDJJSTJJSTENER =IKII

32、EII(SIDJLIST =IHIiSI(SIDJDESC =iIIiiI (SIDJNAME = PLSEXtPrOC)!IiI(ORACLEJHOME = oracleappOraCle/dbhome_1)IiiII (PROGRAM = extproc)II!i)丨II!Iii(SID DESC =IIIII(GLOBALJDBNAME= min os)II!Ii(ORACLEJHOME= /oracle/app/oracle/dbhome_1)IIISII(SIDJNAME = minos)jIIIIIi)iji )iIIiLISTENER=jiii (DESCRIPTIONJLIST

33、 =IIiI(DESCRIPTION =III (ADDRESS = (PROTOCOL = TCP)(HOST = 41)(PoRT = 152")IIIiIiI )丨IIi )IIADR_BASE_LISTENER = oracleappOraCIe:IB 、,如果不存在sqlnet.ora文件，請(qǐng)使用以下命令創(chuàng)建此文件后再實(shí)施上面的操II作：II:bash-3.2$ touch $0RACLEJHOME/network/admi n/sql net.ora: 漏洞14.檢查是否設(shè)置DBA組用戶數(shù)量限制類型：OraCIe數(shù)據(jù)庫類問題:略解決方案:VB*&#

34、187;* ! +！*:*« K??！TV!«TE! m解決方案： 通過下面的命令檢查是否 設(shè)置了 SQLNET.EXPIRE的參黴值為10:In et.or|bash-3.2$ grep -i "SQLNET.EXPIRE_TIME" $0RACLEjHoME/network/admi n如果沒有設(shè)置，在 $0RACLEJHOME/network/admin/sqlnet.ora文件中添加一行JI-IISQLNET.EXPIREJTIME=101II隨后重新啟動(dòng)監(jiān)聽和數(shù)據(jù)庫。II手動(dòng)將其他非OraCIe的用戶從dba組中刪除，將OraCIe用戶從root

35、或SySteml 組中刪除。查詢用戶所屬組的命令是groups VuSername>。改變用戶所屬組的命令是 USermOd -G VgrOUP name1> , VgrOUP name2> VUSer name>漏洞15.檢查是否刪除或者鎖定無關(guān)帳號(hào)類型：OraCIe數(shù)據(jù)庫類問題： W « *!*!?。?quot;! M WW !« !（PT！（ LHTM"!?。。ㄕ?SQL> SeIeCt t.user name from dba_USerS t Where t.acco Un t_StatUS = 'OPEN'S

36、elect t.uSername from dba USerS t Where t.account StatUS = 'OPEN': 一 一iIi*II!iIERROR at Ii ne 1:IIIiIRORA-01034: ORACLE not availablePrOCeSS ID: 0iIiSeSSi on ID: 0 SeriaI nu mber: 0IIi解決方案：暫時(shí)不處理。漏洞16.檢查是否限制具備數(shù)據(jù)庫超級(jí)管理員（SYSDBA權(quán)限的用戶遠(yuǎn)程登 錄類型：OraCIe數(shù)據(jù)庫類問題：_LOGINSQL> SeIeCt t.VALUE from v$Paramet

37、er t Where upper(t.NAME) like '%REMOTPasswordfile%'；j:IVALUEii:iBJ-iI:II:IEXCLUSIVEi-II B BrB B IlrB B BTB B B B-B » VB ! BTB KB BrB B W BTB B » BTB »! B-B B » n B BIK BBBBfBBB B BTB B » BTB P B 解決方案：在數(shù)據(jù)庫啟動(dòng)時(shí)，通過下面的命令檢查remote_login_PaSSWOrdfiIe的參數(shù)j值：!bash-3.2$ sqlplus

38、sys/oracle<SID> as SySdbaiSQL*Plus: ReIeaSe 10.2.040 - PrOdUCtiOn on ThU Jan 9 11:33:56 2014IiJ-COPyright (C) 1982, 2007, Oracle. All RightS Reserved.iriI:iiCOnn ected to:II:II'-IiI'OraCIe DatabaSe 10g En terprise Editi On ReIeaSe .0 - PrOdUCtiOniJ-With the Partitioning, OLADat

39、a Mining and Real APPIiCation TeSting optionsIB!IBiaiIiSQL>show ParameterS remote_logi n_pasSWOrdfile;NAMETYPE VALUEIIi:i-Ii:IremOte_lOg in _PaSSWOrdfiIeStri ng EXCLUSIVEi-III:I如果參數(shù)值為NoNE則默認(rèn)滿足安全要求。否則，通過下面的SQL語句修I:；改參數(shù)值為NONEIBI-SQL>alter SyStem Set remoteOgi n_passwordfile=NONE SCOPe=SPfile;:i；

40、ISyStem altered.i:I'-IBII:Ii修改后重啟數(shù)據(jù)庫：IIiSQL> ShUtdOW n immediateIISIiiiDatabaSe closed.I:II-IiSDatabaSe dism Oun ted.:II:IIORACLE in Sta nce ShUt dow n.IinI:iIbaSh-3.2$ export ORACLE_SID=<SID>1II-I:IIbash-3.2$ sqlplus /no IOgII:IIiIIiiiiQL*Plus: ReIeaSe .0 - PrOdUCtiOn on TUe Ma

41、y 20 11:01:55 2014COPyright (C) 1982, 2010, Oracle. All RightS Reserved.IIjiJiI:SQL> COnn / as SySdbaiIiCOnn ected to an idle in Sta nce.IIIISQL> StartUPII!IORACLE in Sta nce started.i:SIijITotal SyStem Global Area 8589934592 bytesFiXed SiZeI2065744 bytesIi'IVariabIe SiZeII-F3238009520 byt

42、esiIDatabaSe BUfferSIIa5301600256 bytes-IiRedo BUfferSr48259072 bytesDatabaSe moun ted.I:I:IDatabaSe ope ned.ISISql>:IiI【檢查參數(shù)值是否修改成功：II:IISQL> show ParameterS remote_log in _PaSSWOrdfile;NAMETYPEVALUEIremOte_lOg in _PaSSWOrdfiIeStri ngNONE:-II；修改成功后退出SQL*PLUSI»-IK:SQL> exitiDiSC Onn ec

43、ted from OraCIe DatabaSe 10g En terprise Editi On ReIeaSe 102040IICtiOn!iIIWith the Partitioning, OLAData Mining and Real APPIiCation TeSting optionsj 漏洞17.檢查口令強(qiáng)度設(shè)置類型：OraCIe數(shù)據(jù)庫類問題：SQL>seIect cou nt(*) from dba_profiles Where resource_name = 'PASSWORD, I-:FUNCTlON' and limit = 'NULL

44、9;iI COUNT(*)ProduERIFY_1解決方案：暫時(shí)不處理。漏洞18.檢查帳戶口令生存周期類型：OraCIe數(shù)據(jù)庫類問題：SQL>seieCf Timit from dba_pr6files t 一 Where - resourCe_name 三 'PASSWORD_LTFE_TIMEL一一一I ;IIiIiSLlMIT!:ZIIIIII!I!iUNLIMITEDIIIiIDEFAULTIiIiDEFAULTIB WBTBBBra B B B VB BBIB BBTB B WB arBWB B * B!BB B HB m WB B nB BEBB ra V Bn H

45、BTBB KBB VB解決方案：暫時(shí)不處理。漏洞19.檢查是否設(shè)置記住歷史密碼次數(shù)類型：OraCIe數(shù)據(jù)庫類問題：I LK Bnr！B*u bn m !*!噲01! m «f0-B » sr m ！FK!* : BTB ！-B!ir n:W TB n v n nr«n TB n 0 ,SQL> SeIeCt limit from dba profiles t Where resource name = 'PASSWORD REJSE MAI!X'；i, JICIIEILIMITjIIUNLIMlTEDIIDEFAULTI!IIDEFAULTIJI解決方案：暫時(shí)不處理。漏洞20.檢查是否配置最大認(rèn)證失敗次數(shù)類型：OraCIe數(shù)據(jù)庫類問題:SQL> SeIeCt limit from dba profiles t Where resource name = 'FAILED LOGlNLIPts'；IIiIKIPTS'Select limit from dba profiles t Where resource name = 'FAILED LOGIN ATTEMSLEICiIK