zoukankan      html  css  js  c++  java

  • Who is locking the DB account?

    Sometimes the database account is locket frequently. That is because someone was trying to login to the database with a wrong password.  So, you may want to find out the person and tell him/her to use a correct password. Below are the way to accomplish it.

    Before we start, you need to know you can enable audit to accomplish it. But audit may cause some performance issue, besides you need to reboot the database which is very inconvenient. So we will not use this way. We use trigger to do it.

    We are going to create a database trigger, this trigger will be fired when the invalid password error(1017) happen. After being fired it will record the corresponding information like username , host and so one. Below are the trigger body.

    1 CREATE OR REPLACE TRIGGER sys.logon_trigger
2 AFTER SERVERERROR ON DATABASE
3 BEGIN
4   IF (IS_SERVERERROR(1017)) THEN
5 INSERT INTO who_lck_account VALUES(SYS_CONTEXT(‘USERENV’, ‘AUTHENTICATED_IDENTITY’), SYS_CONTEXT(‘USERENV’, ‘HOST’),SYS_CONTEXT(‘USERENV’, ‘OS_USER’), SYS_CONTEXT(‘USERENV’, ‘IP_ADDRESS’),SYSDATE);
6 COMMIT;
7   END IF;
8 END;

    You may noticed that the trigger is using a table. So below are the DDL for that table.

    1 SQL> create table sys.who_lck_account
2   2  (
3   3  USERNAME VARCHAR2(30),
4   4  USERHOST VARCHAR2(128),
5   5  OSUSER VARCHAR2(28),
6   6  USERIP VARCHAR2(128),
7   7  TIMESTAMP DATE
8   8  );

    Ok. Try to login with a error password, you will find you a recorded in the table.

    For example, I login with scott and the wrong password.

        kramer[/export/home/oratop ] sqlplus scott/tig@c21upg10

    SQL*Plus: Release 10.2.0.3.0 – Production on Fri Mar 22 13:58:59 2013

    Copyright (c) 1982, 2006, Oracle.  All Rights Reserved.

    ERROR:
    ORA-01017: invalid username/password; logon denied

    Enter user-name: ^C

    Check the table who_lck_account.

        SQL> SELECT * FROM sys.who_lck_account;

    USERNAME   USERHOST             OSUSER               USERIP                       TIMESTAMP
    ———- ——————– ——————– —————————- —————————-
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:56
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:56
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:59
    scott      kramer             oratop               192.168.1.44                 2013-03-22 13:58:59
  • 相关阅读:
    qt动态加载UI文件
    Qt常见控件和操作
    MySQL
    tomcat
    linux iptables基础
    linux 网络基础
    linux CA及OpenSSL学习
    k8s 访问控制
    k8s 存储卷
    docker 安装部署
  • 原文地址:https://www.cnblogs.com/kramer/p/2975872.html
Copyright © 2011-2022 走看看