I am currently in the process of implementing several items out of the Secure Configuration Guide for Oracle E-Business Suite Release 12 document (MOS 403537.1). As I am researching items and testing them against our development and test instances, I am running into items that were not included in the instructions that were discovered through trial and error.
We will start with adding IP restrictions to the database listener. This is not a bad idea, especially if you keep abreast and current of any new machines that would need to access your database. The instructions say this:
"Middle-tier applications include web servers, forms servers, concurrent managers, discoverer, terminal
servers, central administrator machines and any remote monitoring tool that uses SQL*Net."
You may use IP addresses or hostnames. You may also use IP addresses with wildcards, such as 1.1.1.*.
What they don't out and out specify is that this list of servers to add needs to include: the database server and your OEM server (if you use it).
Also, you must stop and start the database listener for these changes to take effect. The reload command will work as well (lsnrctl reload <LISTENER_NAME> - if you want an economy of command-line computing). A successfully restricted database listener will return an ORA-12547: TNS:lost contact message.
No comments:
Post a Comment