Oracle Vault是安全三个技术策略的重要组成部分。相对于其他两种,Label Security和VPD(Virtual Private Database),Oracle Va
Oracle Vault是安全三个技术策略的重要组成部分。相对于其他两种,Label Security和VPD(Virtual Private Database),Oracle Vault更加体现运维体系管理建设和安全规则配置。安装配置Vault之后,Oracle原有的sys超级用户安全角色被剥离,,数据、操作和资源以规则的方式进行安全限制。应该说,使用Vault之后,才能真正实现对于数据管理员行为的管制。
本篇主要介绍如何对Vault进行卸载操作,依据的版本是11gR2。注意:Oracle Vault不同版本下进行卸载的方法有一定差异,特别是在relink的过程。
1、卸载前准备
Oracle Vault在数据库中涉及几个部分:dva组件以Web App的方式绑定在OEM中、内部的dbowner和manager管理对象和角色权限调整。在正式的卸载操作之前,我们需要将数据库和各种组件进行关闭。
数据库完全关闭。
SQL> conn / as sysdba
Connected.
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
监听程序关闭。
[oracle@SimpleLinux ~]$ lsnrctl stop
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 28-APR-2014 13:56:27
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=SimpleLinux)(PORT=1521)))
The command completed successfully
DB Console Web应用关闭。
[oracle@SimpleLinux ~]$ emctl stop dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.4.0
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
https://SimpleLinux:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 11g Database Control ...
... Stopped.
[oracle@SimpleLinux ~]$ emctl status dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.4.0
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
https://SimpleLinux:1158/em/console/aboutApplication
Oracle Enterprise Manager 11g is not running.
2、Disable Vault
Vault是一个默认情况下未激活的组件。我们进行安装Vault的过程,实际上就是将其重新打包如Oracle执行程序。进行卸载的过程,也需要重新relink Oracle应用程序。
首先进行Disable过程。
[oracle@SimpleLinux ~]$ cd $ORACLE_HOME/rdbms/lib
[oracle@SimpleLinux lib]$ make -f ins_rdbms.mk dv_off ioracle
/usr/bin/ar d /u01/app/oracle/rdbms/lib/libknlopt.a kzvidv.o
/usr/bin/ar cr /u01/app/oracle/rdbms/lib/libknlopt.a /u01/app/oracle/rdbms/lib/kzvndv.o
chmod 755 /u01/app/oracle/bin
(篇幅原因,有省略……)
- Linking Oracle
rm -f /u01/app/oracle/rdbms/lib/oracle
gcc -o /u01/app/oracle/rdbms/lib/oracle -m32 -z noexecstack -L/u01/app/oracle/rdbms/lib/ -L/u01/app/oracle/lib/ -L/u01/app/oracle/lib/stubs/ -L/u01/app/oracle/lib/ -lirc
mv /u01/app/oracle/rdbms/lib/oracle /u01/app/oracle/bin/oracle
chmod 6751 /u01/app/oracle/bin/oracle
注意:如果是在11gR2中,可以选择chopt方式进行dv的卸载。
[oracle@SimpleLinux lib]$ chopt disable dv
Writing to /u01/app/oracle/install/disable_dv.log...
/usr/bin/make -f /u01/app/oracle/rdbms/lib/ins_rdbms.mk dv_off ORACLE_HOME=/u01/app/oracle
/usr/bin/make -f /u01/app/oracle/rdbms/lib/ins_rdbms.mk ioracle ORACLE_HOME=/u01/app/oracle
启动监听器,此时Oracle通常已经自动启动。
[oracle@SimpleLinux lib]$ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 28-APR-2014 14:04:34
Copyright (c) 1991, 2013, Oracle. All rights reserved.
(篇幅原因,有省略……)
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully
[oracle@SimpleLinux lib]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.4.0 Production on Mon Apr 28 14:04:41 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
SQL> conn / as sysdba
Connected.
SQL> startup
ORA-01081: cannot start already-running ORACLE - shut it down first
更多详情见请继续阅读下一页的精彩内容:
How do you alter a table in MySQL using the ALTER TABLE statement?Mar 19, 2025 pm 03:51 PMThe article discusses using MySQL's ALTER TABLE statement to modify tables, including adding/dropping columns, renaming tables/columns, and changing column data types.
How do I configure SSL/TLS encryption for MySQL connections?Mar 18, 2025 pm 12:01 PMArticle discusses configuring SSL/TLS encryption for MySQL, including certificate generation and verification. Main issue is using self-signed certificates' security implications.[Character count: 159]
How do you handle large datasets in MySQL?Mar 21, 2025 pm 12:15 PMArticle discusses strategies for handling large datasets in MySQL, including partitioning, sharding, indexing, and query optimization.
What are some popular MySQL GUI tools (e.g., MySQL Workbench, phpMyAdmin)?Mar 21, 2025 pm 06:28 PMArticle discusses popular MySQL GUI tools like MySQL Workbench and phpMyAdmin, comparing their features and suitability for beginners and advanced users.[159 characters]
How do you drop a table in MySQL using the DROP TABLE statement?Mar 19, 2025 pm 03:52 PMThe article discusses dropping tables in MySQL using the DROP TABLE statement, emphasizing precautions and risks. It highlights that the action is irreversible without backups, detailing recovery methods and potential production environment hazards.
How do you represent relationships using foreign keys?Mar 19, 2025 pm 03:48 PMArticle discusses using foreign keys to represent relationships in databases, focusing on best practices, data integrity, and common pitfalls to avoid.
How do you create indexes on JSON columns?Mar 21, 2025 pm 12:13 PMThe article discusses creating indexes on JSON columns in various databases like PostgreSQL, MySQL, and MongoDB to enhance query performance. It explains the syntax and benefits of indexing specific JSON paths, and lists supported database systems.
How do I secure MySQL against common vulnerabilities (SQL injection, brute-force attacks)?Mar 18, 2025 pm 12:00 PMArticle discusses securing MySQL against SQL injection and brute-force attacks using prepared statements, input validation, and strong password policies.(159 characters)
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Zend Studio 13.0.1
Powerful PHP integrated development environment
