A-A+

ORALCE安全之RAC配置Class of Secure Transport(COST)

2013年01月12日 DG&RAC&OGG 暂无评论阅读 1,615 次

ORALCE安全之RAC配置Class of Secure Transport(COST)
--参照文档
--Using Class of Secure Transport (COST) to Restrict Instance Registration in Oracle RAC [ID 1340831.1]

[oracle@rac1 ~]$ crs_stat -t
Name Type Target State Host
------------------------------------------------------------
ora....SM1.asm application ONLINE ONLINE rac1
ora....C1.lsnr application ONLINE ONLINE rac1
ora.rac1.gsd application ONLINE ONLINE rac1
ora.rac1.ons application ONLINE ONLINE rac1
ora.rac1.vip application ONLINE ONLINE rac1
ora....SM2.asm application ONLINE ONLINE rac2
ora....C2.lsnr application ONLINE ONLINE rac2
ora.rac2.gsd application ONLINE ONLINE rac2
ora.rac2.ons application ONLINE ONLINE rac2
ora.rac2.vip application ONLINE ONLINE rac2
ora.racdb.db application ONLINE ONLINE rac2
ora....b1.inst application ONLINE ONLINE rac1
ora....b2.inst application ONLINE ONLINE rac2

--创建cost存放目录（所有节点）
[oracle@rac1 ~]$ mkdir /opt/ora10g/product/database/network/admin/cost
--创建密钥（所有节点）
[oracle@rac1 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost
Enter password:

Enter password again:

[oracle@rac1 ~]$ orapki wallet add -wallet /opt/ora10g/product/database/network/admin/cost -self_signed -dn "cn=secure_register" -keysize 1024 -validity 3650
Enter wallet password:
[oracle@rac1 ~]$ orapki wallet display -wallet /opt/ora10g/product/database/network/admin/cost
Enter wallet password:

Requested Certificates:
User Certificates:
Subject: CN=secure_register
Trusted Certificates:
Subject: CN=GTE CyberTrust Root,O=GTE Corporation,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: CN=secure_register
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 2000 Entrust.net Limited,OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US

[oracle@rac2 ~]$ mkdir /opt/ora10g/product/database/network/admin/cost
[oracle@rac1 cost]$ scp /opt/ora10g/product/database/network/admin/cost/*.* rac2:/opt/ora10g/product/database/network/admin/cost/
ewallet.p12 100% 10KB 9.8KB/s 00:00

--各自节点分别创建密钥
[oracle@rac1 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost -auto_login
Enter wallet password:
[oracle@rac2 ~]$ orapki wallet create -wallet /opt/ora10g/product/database/network/admin/cost -auto_login
Enter wallet password:

--修改监听配置（所有节点）
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.

LISTENER_RAC1 =
(DESCRIPTION_LIST =
(DESCRIPTION =
# (ADDRESS = (PROTOCOL = IPC)(KEY = REGISTER))
(ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521)(IP = FIRST))
(ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523)(IP = FIRST))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521)(IP = FIRST))
)
)

#cost add
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
)
)

#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
#SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)

SID_LIST_LISTENER_RAC1 =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /opt/ora10g/product/database)
(PROGRAM = extproc)
)
)

[oracle@rac2 admin]$ cat listener.ora
# listener.ora.rac2 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac2
# Generated by Oracle configuration tools.

LISTENER_RAC2 =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521)(IP = FIRST))
(ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523)(IP = FIRST))
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.152)(PORT = 1521)(IP = FIRST))
)
)

#cost add
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
)
)

#SECURE_REGISTER_LISTENER_RAC2 = (TCP,TCPS)

SID_LIST_LISTENER_RAC2 =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /opt/ora10g/product/database)
(PROGRAM = extproc)
)
)

#LISTENER =
# (DESCRIPTION_LIST =
# (DESCRIPTION =
# (ADDRESS = (PROTOCOL = TCP)(HOST = rac2)(PORT = 1521))
# )
# )

--重启各自节点监听
[oracle@rac1 ~]$ srvctl stop listener -n rac1
[oracle@rac1 ~]$ srvctl start listener -n rac1
[oracle@rac1 ~]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:10:18

[oracle@rac2 ~]$ srvctl stop listener -n rac2
[oracle@rac2 ~]$ srvctl start listener -n rac2
[oracle@rac2 ~]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:11:33

--所有节点配置sqlnet.ora
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat sqlnet.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
)
)

[oracle@rac1 admin]$ scp sqlnet.ora rac2:/opt/ora10g/product/database/network/admin/
sqlnet.ora 100% 151 0.2KB/s 00:00

--查看remote_listener配置
[oracle@rac1 ~]$ sqlplus /nolog

SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 15:19:38 2012

SQL> conn /as sysdba
Connected.
SQL> show parameter remote_listener

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_listener string LISTENERS_RACDB

--修改所有节点tnsnames.ora
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat tnsnames.ora
# tnsnames.ora Network Configuration File: /opt/ora10g/product/database/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.

RACDB1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = racdb)
(INSTANCE_NAME = racdb1)
)
)

RACDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = racdb)
)
)

LISTENERS_RACDB =
(ADDRESS_LIST =
# (ADDRESS = (PROTOCOL = TCP)(HOST = rac1-vip)(PORT = 1521))
# (ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = rac1-vip)(PORT = 1523))
(ADDRESS = (PROTOCOL = TCPS)(HOST = rac2-vip)(PORT = 1523))
)

EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)

RACDB2 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.152)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = racdb2)
)
)

[oracle@rac2 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac2 admin]$ cat tnsnames.ora
# tnsnames.ora Network Configuration File: /opt/ora10g/product/database/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.

RACDB2 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = rac2-vip)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = racdb)
(INSTANCE_NAME = racdb2)
)
)

EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)

RACDB1 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.137.151)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = racdb1)
)
)
100% 1297 1.3KB/s 00:00

--远程重启各个节点
[oracle@rac1 ~]$ srvctl stop instance -d racdb -i racdb2 -o immediate
[oracle@rac1 ~]$ srvctl start instance -d racdb -i racdb2
[oracle@rac2 ~]$ srvctl stop instance -d racdb -i racdb1 -o immediate
[oracle@rac2 ~]$ srvctl start instance -d racdb -i racdb1

--确认各个节点监听配置是否正确
[oracle@rac1 ~]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:45:52

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER_RAC1
Version TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date 12-SEP-2012 15:10:12
Uptime 0 days 0 hr. 35 min. 39 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
Instance "racdb1", status READY, has 2 handler(s) for this service...
Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
Instance "racdb1", status READY, has 1 handler(s) for this service...
Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
Instance "racdb1", status READY, has 2 handler(s) for this service...
Instance "racdb2", status READY, has 1 handler(s) for this service...
The command completed successfully

[oracle@rac2 ~]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 15:45:35

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER_RAC2
Version TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date 12-SEP-2012 15:11:27
Uptime 0 days 0 hr. 34 min. 7 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File /opt/ora10g/product/database/network/log/listener_rac2.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.154)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.154)(PORT=1523)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
Instance "+ASM2", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
Instance "+ASM2", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
Instance "racdb1", status READY, has 1 handler(s) for this service...
Instance "racdb2", status READY, has 2 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
Instance "racdb1", status READY, has 1 handler(s) for this service...
Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
Instance "racdb1", status READY, has 1 handler(s) for this service...
Instance "racdb2", status READY, has 2 handler(s) for this service...
The command completed successfully

--使cost配置生效
取消各个节点listener.ora中的注释行
SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)

--验证cost
--参考Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
--对于TCP协议的验证（只能走TCP协议）
--修改监听配置文件（只允许TCP协议）
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.

#cost add
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
)
)

#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
#SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)

SID_LIST_LISTENER_RAC1 =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /opt/ora10g/product/database)
(PROGRAM = extproc)
)
)
--重启监听，并查看注册的服务信息
[oracle@rac1 admin]$ lsnrctl reload

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:02:29

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
[oracle@rac1 admin]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:02:36

--手动注册服务，并查看监听注册信息
[oracle@rac1 admin]$ sqlplus /nolog

SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 23:02:59 2012

SQL> conn /as sysdba
Connected.
SQL> alter system register;

System altered.

SQL> !
[oracle@rac1 admin]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:03:15

--验证期间观察监听日志（无报错及拒绝注册的信息）
[oracle@rac1 admin]$ tail -20 /opt/ora10g/product/database/network/log/listener_rac1.log
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:02:22 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
System parameter file is /opt/ora10g/product/database/network/admin/listener.ora
Log messages written to /opt/ora10g/product/database/network/log/listener_rac1.log
Trace information written to /opt/ora10g/product/database/network/trace/listener_rac1.trc
Trace level is currently 0
12-SEP-2012 23:02:29 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=reload)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * reload * 0
12-SEP-2012 23:02:36 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:03:03 * (CONNECT_DATA=(SERVICE_NAME=racdb1)(CID=(PROGRAM=oracle)(HOST=rac2)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=25687)) * establish * racdb1 * 12514
TNS-12514: TNS:listener does not currently know of service requested in connect descriptor
12-SEP-2012 23:03:09 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:09 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:15 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:03:20 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:03:22 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport

--注：实例注册失败，监听日志出现TNS-01194: The listener command did not arrive in a secure transport
--得证

--恢复TCP验证
--修改监听配置文件
[oracle@rac1 admin]$ pwd
/opt/ora10g/product/database/network/admin
[oracle@rac1 admin]$ cat listener.ora
# listener.ora.rac1 Network Configuration File: /opt/ora10g/product/database/network/admin/listener.ora.rac1
# Generated by Oracle configuration tools.

#cost add
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /opt/ora10g/product/database/network/admin/cost)
)
)

#SECURE_REGISTER_LISTENER_RAC1 = (IPC)
SECURE_REGISTER_LISTENER_RAC1 = (TCP,TCPS)

SID_LIST_LISTENER_RAC1 =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /opt/ora10g/product/database)
(PROGRAM = extproc)
)
)
--重启监听，并查看服务注册信息
[oracle@rac1 admin]$ lsnrctl reload

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:06:44

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
[oracle@rac1 admin]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:06:48

--手动注册服务，并查看监听注册信息
[oracle@rac1 admin]$ sqlplus /nolog

SQL*Plus: Release 10.2.0.5.0 - Production on Wed Sep 12 23:07:09 2012

SQL> conn /as sysdba
Connected.
SQL> alter system register;

System altered.

SQL> !
[oracle@rac1 admin]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.5.0 - Production on 12-SEP-2012 23:07:25

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER_RAC1
Version TNSLSNR for Linux: Version 10.2.0.5.0 - Production
Start Date 12-SEP-2012 22:45:47
Uptime 0 days 0 hr. 21 min. 38 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /opt/ora10g/product/database/network/admin/listener.ora
Listener Log File /opt/ora10g/product/database/network/log/listener_rac1.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.153)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.137.153)(PORT=1523)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.151)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "+ASM_XPT" has 1 instance(s).
Instance "+ASM1", status BLOCKED, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "racdb" has 2 instance(s).
Instance "racdb1", status READY, has 2 handler(s) for this service...
Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdbXDB" has 2 instance(s).
Instance "racdb1", status READY, has 1 handler(s) for this service...
Instance "racdb2", status READY, has 1 handler(s) for this service...
Service "racdb_XPT" has 2 instance(s).
Instance "racdb1", status READY, has 2 handler(s) for this service...
Instance "racdb2", status READY, has 1 handler(s) for this service...
The command completed successfully

--查看监听日志
[oracle@rac1 admin]$ tail -20 /opt/ora10g/product/database/network/log/listener_rac1.log
12-SEP-2012 23:06:20 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
12-SEP-2012 23:06:23 * service_register_NSGR * 1194
TNS-01194: The listener command did not arrive in a secure transport
System parameter file is /opt/ora10g/product/database/network/admin/listener.ora
Log messages written to /opt/ora10g/product/database/network/log/listener_rac1.log
Trace information written to /opt/ora10g/product/database/network/trace/listener_rac1.trc
Trace level is currently 0
12-SEP-2012 23:06:44 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=reload)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * reload * 0
12-SEP-2012 23:06:48 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:07:10 * service_register * racdb1 * 0
12-SEP-2012 23:07:10 * service_update * racdb1 * 0
12-SEP-2012 23:07:10 * service_register * racdb1 * 0
12-SEP-2012 23:07:20 * service_update * racdb1 * 0
12-SEP-2012 23:07:20 * service_update * racdb1 * 0
12-SEP-2012 23:07:20 * service_register * +ASM1 * 0
12-SEP-2012 23:07:23 * service_register * racdb2 * 0
12-SEP-2012 23:07:25 * (CONNECT_DATA=(CID=(PROGRAM=)(HOST=rac1)(USER=oracle))(COMMAND=status)(ARGUMENTS=64)(SERVICE=LISTENER)(VERSION=169870592)) * status * 0
12-SEP-2012 23:08:04 * (CONNECT_DATA=(SERVICE_NAME=racdb1)(CID=(PROGRAM=oracle)(HOST=rac2)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.137.152)(PORT=25710)) * establish * racdb1 * 12514
TNS-12514: TNS:listener does not currently know of service requested in connect descriptor

--注：监听恢复正常。
--得证

YallonKing

不积跬步无以至千里，不积小流无以成江海

ORALCE安全之RAC配置Class of Secure Transport(COST)

给我留言取消回复