有个单机环境需要做个等保加固
1、执行如下sql
@?/rdbms/admin/utlpwdmg.sql
--alter profile default limit password_verify_function null;
Alter PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 90;
alter profile DEFAULT limit password_lock_time 30;
alter profile DEFAULT limit password_reuse_max 4;
alter profile DEFAULT limit failed_login_attempts 5;
alter system set resource_limit =TRUE;
alter profile DEFAULT limit IDLE_TIME 30;
ALTER SYSTEM SET audit_trail=DB,EXTENDED SCOPE=SPFILE;
alter system set audit_sys_operations=true scope=spfile;
配置后重启实例,
2、编辑$ORACLE_HOME/network/admin/sqlnet.ora增加如下内容
SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = MD5
3、确认密码过期时间,定期修改用户密码
set pagesize 199 linesize 199;
select username,profile,to_char(EXPIRY_DATE,'YYYY-MM-DD HH24:MI:SS') from dba_users
where ACCOUNT_STATUS <> 'EXPIRED '||chr(38)||' LOCKED' order by CREATED desc;
4、直接出重置密码的sql
set pagesize 199 linesize 199;
col USERNAME for a20;
col PASSWORD for a30;
SELECT 'alter user ' ||A.USERNAME ||' identified by values '||''''||B.PASSWORD||''''||' account unlock;' FROM DBA_USERS A, SYS.USER$ B WHERE A.USER_ID = B.USER# and A.ACCOUNT_STATUS <> 'EXPIRED '||chr(38)||' LOCKED';