12c密码加固

简介:

关于Oracle12c 密码加固金融行业都是有要求的,这里做一个测试记录。

1、创建一个用户
SYS@orcl1> create user roidba identified by roidba;
create user roidba identified by roidba
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password same as or similar to user  --出现报错,提示密码验证失败。

2、查看profile
SYS@orcl1> select * from dba_profiles;

PROFILE            RESOURCE_NAME                  RESOURCE_TYPE    LIMIT           COMMON
------------------ ------------------------------ ---------------- --------------- ------
DEFAULT            COMPOSITE_LIMIT                KERNEL           UNLIMITED       NO
DEFAULT            SESSIONS_PER_USER              KERNEL           UNLIMITED       NO
DEFAULT            CPU_PER_SESSION                KERNEL           UNLIMITED       NO
DEFAULT            CPU_PER_CALL                   KERNEL           UNLIMITED       NO
DEFAULT            LOGICAL_READS_PER_SESSION      KERNEL           UNLIMITED       NO
DEFAULT            LOGICAL_READS_PER_CALL         KERNEL           UNLIMITED       NO
DEFAULT            IDLE_TIME                      KERNEL           UNLIMITED       NO
DEFAULT            CONNECT_TIME                   KERNEL           UNLIMITED       NO
DEFAULT            PRIVATE_SGA                    KERNEL           UNLIMITED       NO
DEFAULT            FAILED_LOGIN_ATTEMPTS          PASSWORD         10              NO
DEFAULT            PASSWORD_LIFE_TIME             PASSWORD         180             NO
DEFAULT            PASSWORD_REUSE_TIME            PASSWORD         UNLIMITED       NO
DEFAULT            PASSWORD_REUSE_MAX             PASSWORD         UNLIMITED       NO
DEFAULT            PASSWORD_VERIFY_FUNCTION       PASSWORD         VERIFY_FUNCTION NO
DEFAULT            PASSWORD_LOCK_TIME             PASSWORD         1               NO
DEFAULT            PASSWORD_GRACE_TIME            PASSWORD         7               NO
ORA_STIG_PROFILE   COMPOSITE_LIMIT                KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   SESSIONS_PER_USER              KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   CPU_PER_SESSION                KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   CPU_PER_CALL                   KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   LOGICAL_READS_PER_SESSION      KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   LOGICAL_READS_PER_CALL         KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   IDLE_TIME                      KERNEL           15              NO
ORA_STIG_PROFILE   CONNECT_TIME                   KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   PRIVATE_SGA                    KERNEL           DEFAULT         NO
ORA_STIG_PROFILE   FAILED_LOGIN_ATTEMPTS          PASSWORD         3               NO
ORA_STIG_PROFILE   PASSWORD_LIFE_TIME             PASSWORD         60              NO
ORA_STIG_PROFILE   PASSWORD_REUSE_TIME            PASSWORD         365             NO
ORA_STIG_PROFILE   PASSWORD_REUSE_MAX             PASSWORD         10              NO
ORA_STIG_PROFILE   PASSWORD_VERIFY_FUNCTION       PASSWORD         ORA12C_STRONG_V NOERIFY_FUNCTION     --使用了12c密码验证策略

ORA_STIG_PROFILE   PASSWORD_LOCK_TIME             PASSWORD         UNLIMITED       NO
ORA_STIG_PROFILE   PASSWORD_GRACE_TIME            PASSWORD         5               NO

32 rows selected.

SYS@orcl1> 

3、密码验证策略要求

ora12c_strong_verify_function Function Password Requirements
The ora12c_strong_verify_function function fulfills the Department of Defense Database Security Technical Implementation Guide requirements.

This function checks for the following requirements when users create or modify passwords:

The password must contain at least 2 upper case characters, 2 lower case characters, 2 numeric characters, and 2 special characters. These special characters are as follows:
--要求至少2个大写,两个小写,2个数字,2个特殊字符
‘ ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ / < > , . ; ? ' : | (space) 
The password must differ from the previous password by at least 4 characters.

The following internal checks are also applied:

The password contains no fewer than nine characters and does not exceed 30 characters.
The password does not contain the double-quotation character ("). It can be surrounded by double-quotation marks, however.

4、根据要求重新创建一个用户

SYS@orcl1> create user roidba identified by "FXlv12!@";

User created.
SYS@orcl1> grant connect to roidba;

Grant succeeded.

SYS@orcl1> conn roidba/"FXlv12!@"
Connected.
ROIDBA@orcl1>

5、取消密码复杂度验证

SYS@orcl1> ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION NULL;

Profile altered.

SYS@orcl1> alter user roidba identified by roidba;

User altered.

SYS@orcl1> 

6、设置密码复杂度验证操作过程

Enabling Password Complexity Verification
The utlpwdmg.sql script can be customized to enable password complexity verification.

Log in to SQL*Plus with administrative privileges.
For example:

CONNECT SYSTEM
Enter password: password
Run the utlpwdmg.sql script (or your modified version of this script) to create the password complexity functions in the SYS schema.
@$ORACLE_HOME/rdbms/admin/utlpwdmg.sql
Grant any users who must use this function the EXECUTE privilege on it.
For example:

GRANT pmsith EXECUTE ON ora12c_strong_verify_function;
In the default profile or the user profile, set the PASSWORD_VERIFY_FUNCTION setting to either the sample password complexity function in the utlpwdmg.sql script, or to your customized function. Use one of the following methods:
Log in to SQL*Plus with administrator privileges and use the CREATE PROFILE or ALTER PROFILE statement to enable the function. Ensure that you have the EXECUTE privilege on the function.

For example, to update the default profile to use the ora12c_strong_verify_function function:

ALTER PROFILE default LIMIT 
 PASSWORD_VERIFY_FUNCTION ora12c_strong_verify_function;









本文转自 roidba 51CTO博客,原文链接:http://blog.51cto.com/roidba/2060114,如需转载请自行联系原作者

目录
相关文章
|
3月前
|
存储 监控 算法
强密码策略 防止暴力破解
【8月更文挑战第14天】
173 2
|
网络安全 数据安全/隐私保护 计算机视觉
《网络安全0-100》口令系统
《网络安全0-100》口令系统
130 0
|
安全 前端开发 JavaScript
代码审计——硬编码口令/弱口令详解
代码审计——硬编码口令/弱口令详解
465 0
|
数据安全/隐私保护 Python
用户登录程序防破解
用户登录程序防破解
104 0
|
安全 数据安全/隐私保护
锁群管理系统v2.0存在弱口令漏洞
锁群管理系统v2.0存在弱口令漏洞
锁群管理系统v2.0存在弱口令漏洞
|
XML 安全 Shell
SSH 密码暴力破解及防御实战_2 | 学习笔记
快速学习 SSH 密码暴力破解及防御实战_2
657 0
SSH 密码暴力破解及防御实战_2 | 学习笔记
|
安全 Shell Linux
SSH 密码暴力破解及防御实战_3 | 学习笔记
快速学习 SSH密码暴力破解及防御实战_3
297 0
SSH 密码暴力破解及防御实战_3 | 学习笔记
|
安全 网络协议 关系型数据库
SSH 密码暴力破解及防御实战_1 | 学习笔记
快速学习 SSH 密码暴力破解及防御实战_1
807 0
SSH 密码暴力破解及防御实战_1 | 学习笔记
|
安全 Linux Shell
Linux服务器总是被猜测密码怎么办?这个脚本帮你简单加固
Linux服务器总是被猜测密码怎么办?这个脚本帮你简单加固
Linux服务器总是被猜测密码怎么办?这个脚本帮你简单加固
|
安全 JavaScript 数据安全/隐私保护
网站安全-浅谈用户密码暴力破解
网站安全里,用户密码被暴力破解,尤其网站的用户登录页面,以及网站后台管理登录页面,都会遭到攻击者的暴力破解,常见的网站攻击分SQL语句注入攻击,密码弱口令攻击,用户密码暴力破解攻击,跨站攻击XSS等等网站攻击方式。
1620 1