安全計(jì)算環(huán)境-二級(jí)等級(jí)保護(hù)測(cè)評(píng)指導(dǎo)和自動(dòng)化腳本
安全計(jì)算環(huán)境-二級(jí)等級(jí)保護(hù)測(cè)評(píng)指導(dǎo)和自動(dòng)化腳本
前言
在等級(jí)保護(hù)測(cè)評(píng)工作如何更快的進(jìn)行測(cè)評(píng)工作是一個(gè)問題,有的系統(tǒng)涉及很多設(shè)備手動(dòng)挨個(gè)去點(diǎn)擊和測(cè)試看結(jié)果會(huì)讓進(jìn)度非常緩慢,因此作者根據(jù)互聯(lián)網(wǎng)已有的腳本和二級(jí)測(cè)評(píng)要求來優(yōu)化總結(jié)出了一些安全計(jì)算環(huán)境的測(cè)評(píng)技術(shù)步驟和自動(dòng)化檢測(cè)基線。希望能夠幫助做等級(jí)保護(hù)測(cè)評(píng)的讀者提升一些工作效率。如文中有一些錯(cuò)誤還希望大家進(jìn)行私信更正,防止讓使用者出坑。
終端設(shè)備
Windows
將下方給出的腳本復(fù)制保存為.bat運(yùn)行即可,管理員權(quán)限運(yùn)行會(huì)自動(dòng)導(dǎo)出檢測(cè)結(jié)果。之后只看導(dǎo)出的結(jié)果可以快速填寫現(xiàn)場(chǎng)測(cè)評(píng)記錄。
@echo off
for /f "tokens=4" %%a in ('route print^|findstr 0.0.0.0.*0.0.0.0') do (
if not "%%a" == "默認(rèn)" set IPaddress=%%a
)
cd C:\
md %IPaddress%
cd %IPaddress%
echo 1.系統(tǒng)信息(CreatedbyG) > %IPaddress%
systeminfo >> %IPaddress%
echo 2.網(wǎng)卡信息(CreatedbyG) >> %IPaddress%
ipconfig >> %IPaddress%
echo 3.監(jiān)聽端口(CreatedbyG) >> %IPaddress%
netstat -an | find "LISTENING" >> %IPaddress%
echo 4.系統(tǒng)服務(wù)(CreatedbyG) >> %IPaddress%
net start >> %IPaddress%
echo 5.系統(tǒng)進(jìn)程(CreatedbyG) >> %IPaddress%
tasklist >> %IPaddress%
echo 6.軟件列表(CreatedbyG) >> %IPaddress%
for /f "tokens=3 delims=\" %%i in ('reg query HKLM\SOFTWARE') do (
>> %IPaddress% echo ******************
>> %IPaddress% echo 軟件名稱:%%i
>> %IPaddress% echo ******************
if not "%%i"=="Classes" for /f "tokens=4 delims=\" %%j in ('reg query HKLM\SOFTWARE\%%i 2^>nul') do (echo 軟件信息: %%j>> %IPaddress%)
)
echo 7.本地策略(CreatedbyG) >> %IPaddress%
secedit /export /cfg C:\temp.txt
echo ---密碼策略--- >> %IPaddress%
echo "0表示禁用,1表示啟用" >> %IPaddress%
echo *密碼必須符合復(fù)雜性要求* >> %IPaddress%
find "PasswordComplexity" C:\temp.txt |find "PasswordComplexity = ">> %IPaddress%
echo *密碼長度最小值* >> %IPaddress%
find "MinimumPasswordLength" C:\temp.txt|find "MinimumPasswordLength = " >> %IPaddress%
echo *密碼最短使用期限* >> %IPaddress%
find "MinimumPasswordAge" C:\temp.txt|find "MinimumPasswordAge = " >> %IPaddress%
echo *密碼最長使用期限* >> %IPaddress%
find "MaximumPasswordAge" C:\temp.txt|find "MaximumPasswordAge = " >> %IPaddress%
echo *強(qiáng)制密碼歷史* >> %IPaddress%
find "PasswordHistorySize" C:\temp.txt|find "PasswordHistorySize = " >> %IPaddress%
echo *用可還原的加密來存儲(chǔ)密碼* >> %IPaddress%
find "ClearTextPassword" C:\temp.txt|find "ClearTextPassword = " >> %IPaddress%
echo ---賬戶鎖定策略(無結(jié)果表示未開啟)--- >> %IPaddress%
echo *賬戶鎖定時(shí)間* >> %IPaddress%
find "LockoutDuration" C:\temp.txt |find "LockoutDuration" >> %IPaddress%
echo *復(fù)位賬戶鎖定計(jì)時(shí)器* >> %IPaddress%
find "ResetLockoutCount" C:\temp.txt |find "ResetLockoutCount">> %IPaddress%
echo *賬戶鎖定閾值* >> %IPaddress%
find "LockoutBadCount" C:\temp.txt |find "LockoutBadCount" >> %IPaddress%
echo ---審核策略--- >> %IPaddress%
echo ---0表示無審核,1表示成功審核,2表示失敗審核,3表示成功和失敗審核--- >> %IPaddress%
echo *審核帳戶管理* >> %IPaddress%
find "AuditAccountManage" C:\temp.txt | find "AuditAccountManage" >> %IPaddress%
echo *審核帳戶登錄事件* >> %IPaddress%
find "AuditAccountLogon" C:\temp.txt | find "AuditAccountLogon" >> %IPaddress%
echo *審核系統(tǒng)事件* >> %IPaddress%
find "AuditSystemEvents" C:\temp.txt | find "AuditSystemEvents" >> %IPaddress%
echo *審核目錄服務(wù)訪問* >> %IPaddress%
find "AuditDSAccess" C:\temp.txt | find "AuditDSAccess" >> %IPaddress%
echo *審核過程跟蹤* >> %IPaddress%
find "AuditProcessTracking" C:\temp.txt | find "AuditProcessTracking" >> %IPaddress%
echo *審核特權(quán)使用* >> %IPaddress%
find "AuditPrivilegeUse" C:\temp.txt | find "AuditPrivilegeUse" >> %IPaddress%
echo *審核對(duì)象訪問* >> %IPaddress%
find "AuditObjectAccess" C:\temp.txt | find "AuditObjectAccess" >> %IPaddress%
echo *審核登錄事件* >> %IPaddress%
find "AuditLogonEvents" C:\temp.txt | find "AuditLogonEvents" >> %IPaddress%
echo *審核策略更改* >> %IPaddress%
find "AuditPolicyChange" C:\temp.txt | find "AuditPolicyChange" >> %IPaddress%
echo ---安全選項(xiàng)--- >> %IPaddress%
echo *0表示已停用,1表示已啟用* >> %IPaddress%
echo *在掛起會(huì)話之前所需的空閑時(shí)間* >> %IPaddress%
find "AutoDisconnect" C:\temp.txt | find "AutoDisconnect" >> %IPaddress%
echo *不顯示上次登錄的用戶名* >> %IPaddress%
find "DontDisplayLastUserName" C:\temp.txt | find "DontDisplayLastUserName" >> %IPaddress%
echo *關(guān)機(jī)前清理虛擬內(nèi)存頁面* >> %IPaddress%
find "ClearPageFileAtShutdown" C:\temp.txt | find "ClearPageFileAtShutdown" >> %IPaddress%
echo *允許在未登錄前關(guān)機(jī)* >> %IPaddress%
find "ShutdownWithoutLogon" C:\temp.txt | find "ShutdownWithoutLogon" >> %IPaddress%
echo ---用戶權(quán)利分配--- >> %IPaddress%
echo (Everyone:*S-1-1-0 Administrators:*S-1-5-32-544 Users:*S-1-5-32-545 Power Users:*S-1-5-32-547 Backup Operators:*S-1-5-32-551) >> %IPaddress%
echo *從遠(yuǎn)程系統(tǒng)強(qiáng)制關(guān)機(jī)* >> %IPaddress%
find "SeRemoteShutdownPrivilege" C:\temp.txt | find "SeRemoteShutdownPrivilege" >> %IPaddress%
echo *取得文件或其他對(duì)象所有權(quán)* >> %IPaddress%
find "SeTakeOwnershipPrivilege" C:\temp.txt | find "SeTakeOwnershipPrivilege" >> %IPaddress%
echo *從本地登錄此計(jì)算機(jī)* >> %IPaddress%
find "SeInteractiveLogonRight" C:\temp.txt | find "SeInteractiveLogonRight" >> %IPaddress%
echo *允許通過遠(yuǎn)程桌面服務(wù)登錄* >> %IPaddress%
find "SeRemoteInteractiveLogonRight" C:\temp.txt | find "SeRemoteInteractiveLogonRight" >> %IPaddress%
echo *調(diào)試程序* >> %IPaddress%
find "SeDebugPrivilege" C:\temp.txt | find "SeDebugPrivilege" >> %IPaddress%
echo *更改系統(tǒng)時(shí)間* >> %IPaddress%
find "SeSystemtimePrivilege" C:\temp.txt | find "SeSystemtimePrivilege" >> %IPaddress%
echo *管理審核和安全日志* >> %IPaddress%
find "SeSecurityPrivilege" C:\temp.txt | find "SeSecurityPrivilege" >> %IPaddress%
del C:\temp.txt
echo 8.系統(tǒng)用戶(CreatedbyG) >> %IPaddress%
net user >> %IPaddress%
for /f "skip=4 delims=" %%a in ('net user^|findstr /vx "命令成功完成。"') do for %%i in (%%a) do net user %%i >> %IPaddress%
net localgroup >> %IPaddress%
net localgroup Administrators >> %IPaddress%
net localgroup Guests >> %IPaddress%
echo 9.其它選項(xiàng)(CreatedbyG) >> %IPaddress%
echo *自動(dòng)播放* (oxff為關(guān)閉全部自動(dòng)播放,無結(jié)果則開啟) >> %IPaddress%
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun |find "NoDriveTypeAutoRun" >> %IPaddress%
echo ---屏幕保護(hù)程序--- >> %IPaddress%
echo *是否開啟屏保* (0關(guān),1開)>> %IPaddress%
reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive |find "ScreenSaveActive" >> %IPaddress%
echo *屏保時(shí)間*(單位秒)>> %IPaddress%
reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeOut |find "ScreenSaveTimeOut" >> %IPaddress%
echo *屏?;謴?fù)時(shí)使用密碼保護(hù)* (0否,1是)>> %IPaddress%
reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaverIsSecure |find "ScreenSaverIsSecure" >> %IPaddress%
echo *防火墻狀態(tài)*(1開,0關(guān))>> %IPaddress%
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall |find "EnableFirewall" >> %IPaddress%
echo *遠(yuǎn)程桌面* (0開,1關(guān)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections |find "fDenyTSConnections" >> %IPaddress%
echo *3389端口* (d3d:3389) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber |find "PortNumber" >> %IPaddress%
echo *遠(yuǎn)程協(xié)助* (0關(guān)(合規(guī)),1開) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Remote Assistance" /v fAllowToGetHelp |find "fAllowToGetHelp" >> %IPaddress%
echo *日志文件大小* >> %IPaddress%
echo *應(yīng)用日志文件大小*(0x2800000以上為合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v MaxSize |find "MaxSize" >> %IPaddress%
echo *達(dá)到事件日志最大大小時(shí)*(不存在或0均合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v Retention |find "Retention" >> %IPaddress%
echo *安全日志文件大小*(0x2800000以上為合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v MaxSize |find "MaxSize" >> %IPaddress%
echo *達(dá)到事件日志最大大小時(shí)*(不存在或0均合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v Retention |find "Retention" >> %IPaddress%
echo *系統(tǒng)日志文件大小*(0x2800000以上為合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v MaxSize |find "MaxSize" >> %IPaddress%
echo *達(dá)到事件日志最大大小時(shí)*(不存在或0均合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v Retention |find "Retention" >> %IPaddress%
echo *默認(rèn)共享*(注冊(cè)表 + net share查看) >> %IPaddress%
echo *分區(qū)共享*(存在且為0,為合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareServer |find "AutoShareServer" >> %IPaddress%
echo *ADMIN共享*(存在且為0,為合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareWks |find "AutoShareWks" >> %IPaddress%
echo *IPC共享* (存在且為1,為合規(guī)) >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous |find "restrictanonymous" >> %IPaddress%
echo *共享列表* >> %IPaddress%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\shares" >> %IPaddress%
echo *默認(rèn)共享* >> %IPaddress%
net share >> %IPaddress%
copy C:\Windows\WindowsUpdate.log .\
ren WindowsUpdate.log %IPaddress%.updatelog
reg save hklm\sam %IPaddress%.sam
reg save hklm\system %IPaddress%.system
pause
Windows的一些快速命令可以幫助提升測(cè)評(píng)時(shí)間的命令,因?yàn)橛幸恍y(cè)評(píng)項(xiàng)是需要打開Windows內(nèi)置的一些面板去看配置策略是否合規(guī)的,使用下方命令就不用鼠標(biāo)手動(dòng)點(diǎn)過去了,直接命令執(zhí)行快速打開面板!
calc 計(jì)算器
notepad 記事本
taskmgr 任務(wù)管理器
osk 打開屏幕鍵盤
gpedit.msc 組策略
services.msc 本地服務(wù)
compmgmt.msc 計(jì)算機(jī)管理
devmgmt.msc 設(shè)備管理器
winver 查看系統(tǒng)版本
magnify 放大鏡實(shí)用程序
eventvwr 事件查看器
Regedit 打開注冊(cè)表
resmon 資源監(jiān)視器
WMIC BIOS get releasedate 查看電腦生產(chǎn)日期
Linux
復(fù)制另存為.sh文件給與相應(yīng)執(zhí)行權(quán)限執(zhí)行會(huì)自動(dòng)導(dǎo)出結(jié)果到文本文件。可能還是有一些測(cè)評(píng)項(xiàng)沒有包括在下方腳本內(nèi),使用者可以根據(jù)自己的情況對(duì)此進(jìn)行優(yōu)化和添加。
#!/bin/sh
#網(wǎng)絡(luò)信息
echo -----------@ifconfig -a >> check.txt
ifconfig -a >> check.txt
#系統(tǒng)內(nèi)核、名稱和版本
echo -----------@uname -a >> check.txt
uname -a >> check.txt
echo -----------@cat /etc/redhat-release >> check.txt
cat /etc/redhat-release >> check.txt
#系統(tǒng)登錄是否需要密碼
echo -----------@cat /etc/passwd >> check.txt
cat /etc/passwd >> check.txt
#系統(tǒng)hosts.equiv是否存在主機(jī)和用戶
echo -----------@cat /etc/hosts.equiv >> check.txt
cat /etc/hosts.equiv >> check.txt
#密碼長度和更換周期
echo -----------@cat /etc/login.defs >> check.txt
cat /etc/login.defs >> check.txt
echo -----------@cat /etc/security/pwquality.conf
cat /etc/security/pwquality.conf
#密碼復(fù)雜度和登錄失敗處理功能
echo -----------@cat /etc/pam.d/system-auth >> check.txt
cat /etc/pam.d/system-auth >> check.txt
#是否關(guān)閉telnet
echo -----------@cat /etc/xinetd/krb5-telnet >> check.txt
cat /etc/xinetd/krb5-telnet >> check.txt
#查看主機(jī)運(yùn)行端口
echo -----------@netstat -an >> check.txt
netstat -an >> check.txt
#查看是否有多余的、過期的賬戶
echo -----------@cat /etc/shadow >> check.txt
cat /etc/shadow >> check.txt
#查看審計(jì)功能有沒有開啟
echo -----------@service rsyslog status >> check.txt
service rsyslog status >> check.txt
#查看審計(jì)功能有沒有開啟守護(hù)進(jìn)程
echo -----------@service auditd status >> check.txt
service auditd status >> check.txt
#查看審計(jì)功能記錄
echo -----------@cat /etc/syslog.conf >> check.txt
cat /etc/syslog.conf >> check.txt
#版本不同查詢不同
echo -----------@cat /etc/rsyslog.conf >> check.txt
cat /etc/rsyslog.conf >> check.txt
#系統(tǒng)啟動(dòng)后的信息和錯(cuò)誤日志及所在文件中的權(quán)限
echo -----------@cat /var/log/message >> check.txt
cat /var/log/message >> check.txt
echo -----------@ls -l /var/log/message >> check.txt
ls -l /var/log/message >> check.txt
#系統(tǒng)安全相關(guān)的日志信息及所在文件中的權(quán)限
echo -----------@cat /var/log/secure >> check.txt
cat /var/log/secure >> check.txt
echo -----------@ls -l /var/log/secure >> check.txt
ls -l /var/log/secure >> check.txt
#系統(tǒng)守護(hù)進(jìn)程啟動(dòng)和停止相關(guān)的日志消息及所在文件中的權(quán)限
echo -----------@cat /var/log/boot.log >> check.txt
cat /var/log/boot.log >> check.txt
echo -----------@ls -l /var/log/ >> check.txt
ls -l /var/log/ >> check.txt
#系統(tǒng)最小安裝原則
echo -----------@cat /etc/redhat-release >> check.txt
cat /etc/redhat-release >> check.txt
#系統(tǒng)安裝的軟件包
echo -----------@rpm -q redhat-release >> check.txt
cat /etc/redhat-release >> check.txt
#終端登錄方式
echo -----------@cat /etc/securetty >> check.txt
cat /etc/securetty >> check.txt
echo -----------@cat /etc/ssh/sshd_config >> check.txt
cat /etc/ssh/sshd_config >> check.txt
#終端超時(shí)鎖定,查看TMOUT
echo -----------@cat /etc/profile >> check.txt
cat /etc/profile >> check.txt
#最大最小資源使用限制
echo -----------@cat /etc/security/limits.conf >> check.txt
cat /etc/security/limits.conf >> check.txt
#Linux系統(tǒng)主要目錄的權(quán)限設(shè)置情況
echo -----------@ls -l /etc/passwd >> check.txt
echo -----------@ls -l /etc/shadow >> check.txt
echo -----------@ls -l /etc/login.defs >> check.txt
echo -----------@ls -l /etc/profile >> check.txt
echo -----------@ls -l /etc/group >> check.txt
echo -----------@ls -l /etc/xinetd.conf >> check.txt
echo -----------@ls -l /etc/security/limits.conf >> check.txt
echo -----------@ls -l /etc/ssh/sshd_config >> check.txt
ls -l /etc/passwd >> check.txt
ls -l /etc/shadow >> check.txt
ls -l /etc/login.defs >> check.txt
ls -l /etc/profile >> check.txt
ls -l /etc/group >> check.txt
ls -l /etc/xinetd.conf >> check.txt
ls -l /etc/security/limits.conf >> check.txt
ls -l /etc/ssh/sshd_config >> check.txt
#Linux系統(tǒng)主要目錄的權(quán)限設(shè)置情況
echo -----------@ls -l /etc | grep pam.d >> check.txt
ls -l /etc | grep pam.d>> check.txt
#Linux系統(tǒng)主要目錄的權(quán)限設(shè)置情況
echo -----------@ls -l /etc | grep security >> check.txt
ls -l /etc | grep security>> check.txt
#訪問控制列表
echo -----------@iptables -L -n -v >> check.txt
iptables -L -n -v >> check.txt
#查看可登錄用戶名
echo -----------@cat /etc/passwd|grep -v nologin|grep -v sync|grep -v halt|grep -v shutdown|awk -F":" '{ print $1"|"$3"|"$4 }'|more >> check.txt
cat /etc/passwd|grep -v nologin|grep -v sync|grep -v halt|grep -v shutdown|awk -F":" '{ print $1"|"$3"|"$4 }'|more >> check.txt
#三權(quán)分立
echo -----------@cat /etc/sudoers >> check.txt
cat /etc/sudoers >> check.txt
#地址限定
echo -----------@cat /etc/hosts.deny >> check.txt
cat /etc/hosts.deny >> check.txt
echo -----------@cat /etc/hosts.allow >> check.txt
cat /etc/hosts.allow >> check.txt
#密碼復(fù)雜度
echo -----------@cat /etc/security/pwquality.conf >> check.txt
cat /etc/security/pwquality.conf >> check.txt
數(shù)據(jù)庫
SQL Server
微軟的mssql數(shù)據(jù)庫大體的一些需要命令測(cè)評(píng)項(xiàng)是這樣,別的直接可視化登錄mssql官方的客戶端進(jìn)行鼠標(biāo)點(diǎn)擊進(jìn)行評(píng)測(cè)即可
####mssql數(shù)據(jù)庫測(cè)試相關(guān)命令####
##身份鑒別##
#1、右鍵點(diǎn)擊服務(wù)器,“屬性”-“安全性”,查看服務(wù)器身份驗(yàn)證。
#2、在Microsoft SQL Server Management Studio中選擇服務(wù)器組并展開,選擇“安全性->登錄名”項(xiàng),右鍵點(diǎn)擊管理員用戶的“屬性”,在“常規(guī)”中 查看“強(qiáng)制實(shí)施密碼策略”和“強(qiáng)制密碼過期”
#3、在Microsoft SQL Server Management Studio中登錄服務(wù)器并展開,右鍵點(diǎn)擊服務(wù)器,選擇“屬性”,選擇“高級(jí)”項(xiàng),查看登錄超時(shí)設(shè)定
或輸入“sp_configure”查看數(shù)據(jù)庫啟動(dòng)的配置參數(shù);其中remote login timeout為遠(yuǎn)程登錄超時(shí)設(shè)定。
##訪問控制##
#查看是否存在默認(rèn)賬戶
select * from syslogins
#查看所有數(shù)據(jù)庫登錄用戶的信息及其權(quán)限
exec sp_helplogins
##安全審計(jì)##
在Microsoft SQL Server Management Studio中登錄服務(wù)器并展開,右鍵點(diǎn)擊服務(wù)器,選擇“屬性”,選擇“安全性”項(xiàng),查看登錄審核和是否啟用C2 審計(jì)跟蹤。
#查看“c2 audit mode”項(xiàng)的值,“0”是未開啟C2審計(jì),“1”是開啟C2審計(jì)
sp_configure
MySQL
#身份鑒別
1)嘗試登錄數(shù)據(jù)庫,執(zhí)行mysql -u root -p查看是否提示輸入口令鑒別用戶身份
2)使用如下命令查詢賬號(hào)
select user, host FROM mysql.user
結(jié)果輸出用戶列表,查看是否存在相同用戶名
3)執(zhí)行如下語句查詢是否在空口令用:
select * from mysql.user where length(password)= 0 or password is null
輸出結(jié)果是否為空
4)執(zhí)行如下語句查看用戶口令復(fù)雜度相關(guān)配置:
show variables like 'validate%'; 或show VARIABLES like "%password“
1)詢問管理員是否采取其他手段配置數(shù)據(jù)庫登錄失敗處理功能。
2)執(zhí)行
show variables like %max_connect_errors%";或核查my.cnf文件,應(yīng)設(shè)置如下參數(shù):
max_connect_errors=100
3) show variables like ”%timeout%“,查看返回值
1)是否采用加密等安全方式對(duì)系統(tǒng)進(jìn)行遠(yuǎn)程管理
2)執(zhí)行
show variables like %have_ssl%"
查看是否支持ssl的連接特性,若為disabled說明此功能沒有激活,或執(zhí)行\(zhòng)s查看是否啟用SSL;
3)如果采用本地管理方式,該項(xiàng)為不適用
#訪問控制
1)執(zhí)行語句select user,host FROM mysql.user
輸出結(jié)果是否為網(wǎng)絡(luò)管理員,安全管理員,系統(tǒng)管理員創(chuàng)建了不同賬戶:
2)執(zhí)行show grants for' XXXX'@' localhost':
查看網(wǎng)絡(luò)管理員,安全管理員、系統(tǒng)管理員用戶賬號(hào)的權(quán)限,權(quán)限間是否分離并相互制約
1)執(zhí)行select user,host FROM mysql.user
輸出結(jié)果查看root用戶是否被重命名或被刪除
2)若root賬戶未被刪除,是否更改其默認(rèn)口令,避免空口令或弱口令.
1)在sqlplus中執(zhí)行命令: select username,account_status from dba_users
2)執(zhí)行下列語句:
select * from mysql.user where user=""
select user, host FROM mysql.user
依次核查列出的賬戶,是否存在無關(guān)的賬戶。
3)訪談網(wǎng)絡(luò)管理員,安全管理員、系統(tǒng)管理員不同用戶是否采用不同賬戶登錄系統(tǒng)
"1.訪談管理員是否制定了訪問控制策略
2.執(zhí)行語句:
selcec * from mysql.user\G -檢查用戶權(quán)限列
selcec * from mysql.db\G --檢查數(shù)據(jù)庫權(quán)限列
selcec * from mysql.tables_priv\G 一檢查用戶表權(quán)限列
selcec * from mysql.columns_privi\G -檢查列權(quán)限列管理員
輸出的權(quán)限列是是否與管理員制定的訪問控制策略及規(guī)則一致
3)登錄不同的用戶,驗(yàn)證是否存在越權(quán)訪問的情形"
"1)執(zhí)行下列語句:
selcec * from mysql.user\G -檢查用戶權(quán)限列
selcec * from mysql.db\G --檢查數(shù)據(jù)庫權(quán)限列
2)訪談管理員并核查訪問控制粒度主體是否為用戶級(jí),客體是否為數(shù)據(jù)庫表級(jí)"
#安全審計(jì)
"1)執(zhí)行下列語句:
show variables like 'log_%'
查看輸出的日志內(nèi)容是否覆蓋到所有用戶,記錄審計(jì)記錄覆蓋內(nèi)容
2)核查是否采取第三方工具增強(qiáng)MySQL日志功能。若有,記錄第三方審計(jì)工具的審計(jì)內(nèi)容,查看是否包括事件的日期和時(shí)間、用戶、事件類型、事件是否成功及其他與審計(jì)相關(guān)的信息"
#入侵防范
"訪談MySQL補(bǔ)丁升級(jí)機(jī)制,查看補(bǔ)丁安裝情況:
1)執(zhí)行如下命令查看當(dāng)前補(bǔ)于版本:
show variables where variable name like ""version""
2)訪談數(shù)據(jù)庫是否為企業(yè)版,是否定期進(jìn)行漏洞掃描,針對(duì)高風(fēng)險(xiǎn)漏洞是否評(píng)估補(bǔ)丁并經(jīng)測(cè)試后再進(jìn)行安裝"
檢查是否對(duì)錯(cuò)誤日志進(jìn)行管理:
show variables like 'log_error';
檢查是否配置二進(jìn)制日志:
show variables like 'log_bin';
show binary logs;
檢查是否配置通用查詢?nèi)罩景踩?/span>
show variables like '%general%';
檢查是否設(shè)置禁止MySQL對(duì)本地文件存取:
show variables like 'local_infile';
load data local infile 'sqlfile.txt' into table users fields terminated by ',';
檢查test是否已被刪除:
show databases;
檢查是否對(duì)無關(guān)賬號(hào)進(jìn)行管理:
SELECT user,host FROM mysql.user WHERE user = '';
檢查是否對(duì)user授權(quán)表進(jìn)行控制:
SELECT * FROM mysql.user\G;
SELECT user,host from mysql.user where (select_priv='Y') or (insert_priv='Y') or (update_priv='Y') or (create_priv='Y') or (drop_priv='Y');
select user, host from mysql.user where File_priv = 'Y';
select user, host from mysql.user where Process_priv = 'Y';
select user, host from mysql.user where Super_priv = 'Y';
SELECT user, host FROM mysql.user WHERE Shutdown_priv = 'Y';
SELECT user, host FROM mysql.user WHERE Create_user_priv = 'Y';
SELECT user, host FROM mysql.user WHERE Reload_priv = 'Y';
SELECT user, host FROM mysql.db WHERE Grant_priv = 'Y';
檢查是否對(duì)db授權(quán)表進(jìn)行控制:
SELECT * FROM mysql.db\G;
SELECT user, host FROM mysql.db WHERE db='mysql' AND ((select_priv='Y') OR (insert_priv='Y') OR (update_priv='Y') OR (delete_priv='Y') OR (create_priv='Y') OR (drop_priv='Y'));
SELECT user,host,db FROM mysql.db WHERE select_priv='Y' OR insert_priv='Y' OR update_priv='Y' OR delete_priv='Y' OR create_priv='Y' OR drop_priv='Y' OR alter_priv='Y';
檢查是否對(duì)賬號(hào)運(yùn)行權(quán)限進(jìn)行管理:
select * from mysql.user\G;
show grants;
檢查是否配置了單個(gè)用戶最大連接數(shù):
show variables like '%max_connections%'; //整個(gè)服務(wù)器
show variables like 'max_user_connections'; //單個(gè)用戶最大連接數(shù)
檢查默認(rèn)管理員賬號(hào)是否已更名:
SELECT * from MySQL.user where user='root';
select user,host from user;
檢查是否使用默認(rèn)端口:
show global variables like 'port';
Oracle
###oracle數(shù)據(jù)庫檢測(cè)相關(guān)命令####
##身份鑒別##
#查看數(shù)據(jù)庫所有用戶信息
select * from sys.dba_profile;
#查看賬戶修改時(shí)間(CTIME:創(chuàng)建時(shí)間、PTIME:修改時(shí)間、EXPTIME:過期時(shí)間、LTIME:鎖定時(shí)間)
select * from dba_profiles, dba_users
where dba_profiles.profile = dba_users.profile
and dba_users.account_status='OPEN'
and resource_name='PASSWORD_GRACE_TIME';
#檢查Oracle是否啟用口令復(fù)雜度函數(shù)。
select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_VERIFY_FUNCTION';
#查看該口令復(fù)雜度函數(shù)的中對(duì)長度的要求:
select text from dba_source where name= 'PASSWORD_VERIFY_FUNCTION' order by line;
#查看管理員賬戶所對(duì)應(yīng)概要文件的FAILED_LOGIN_ATTEMPTS(登錄失敗次數(shù))的參數(shù)值
select limit from dba_profiles where profile='DEFAULT' and resource_name='FAILED_LOGIN_ATTEMPTS';
select * from dba_profiles order by 1;
#查看管理員賬戶所對(duì)應(yīng)概要文件的PASSWORD_LOCK_TIME(鎖定時(shí)間)的參數(shù)值。
select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LOCK_TIME';
#超時(shí)的空閑遠(yuǎn)程連接是否自動(dòng)斷開
根據(jù)實(shí)際需要設(shè)置合適的數(shù)值。
在$ORACLE_HOME/network/admin/sqlnet.ora中設(shè)置下面參數(shù):
SQLNET.EXPIRE_TIME=10
##訪問控制##
#查看所有賬戶(是否存在默認(rèn)或空口令賬戶:sys,system,dbsnmp,sysman,mgmt_view5)
select username,password from dba_users;
##查看管理用戶權(quán)限分配情況##
#查看被賦予DBA角色的賬戶
select * from DBA_ROLE_PRIVS where GRANTED_ROLE='DBA';
#查看賬戶“USERNAME”所擁有的角色
select * from dba_role_privs where GRANTEE='USERNAME';
#查看賬戶“ROLENAME”所擁有的角色
select * from dba_role_privs where GRANTEE='ROLENAME';
#查看賬戶名為“USERNAME”以及該賬戶擁有的角色“ROLENAME”的系統(tǒng)權(quán)限;
select * from DBA_SYS_PRIVS where GRANTEE='USERNAME’or GRANTEE='ROLENAME’;
#查看賬戶名為“USERNAME”以及該賬戶擁有的角色“ROLENAME”的對(duì)象權(quán)限。
select * from DBA_TAB_PRIVS where GRANTEE='USERNAME’or GRANTEE='ROLENAME’;
#查看數(shù)據(jù)庫重要的表的訪問控制權(quán)限(A為表名)
select * from dba_tab_privs where table_name = A;
##安全審計(jì)##
#查看系統(tǒng)的審計(jì)功能是否開啟(None/False未開啟,DB/TURE開啟,DB只記錄連接信息,DB,Extended除連接信#息還包含當(dāng)時(shí)執(zhí)行的具體語句’,OS審計(jì)寫入一個(gè)操作系統(tǒng)文件)
show parameters audit_trail;
select value from v$parameter where name='audit_trail';
#查看是否對(duì)所有sys用戶的操作進(jìn)行了記錄;
show parameter audit_sys_operations;
#查看是否對(duì)sel,upd,del,ins操作進(jìn)行了審計(jì)
select sel,upd,del,ins from DBA_OBJ_AUDIT_OPTS;
#查看針對(duì)權(quán)限的審計(jì)規(guī)則配置情況
select * from DBA_PRIV_AUDIT_OPTS;
##入侵防范
#設(shè)定信任IP集
cat $ORACLE_HOME/network/admin/sqlnet.ora
1.限制超級(jí)管理員遠(yuǎn)程登錄
檢查方法:
使用sqlplus檢查參數(shù)設(shè)置。
SQL> show parameter REMOTE_LOGIN_PASSWORDFILE,參數(shù)REMOTE_LOGIN_PASSWORDFILE設(shè)置為NONE;
修訂算法:
SQL> alter system set remote_login_passwordfile=none scope=spfile;
SQL> shutdown immediate
SQL> startup
2.用戶屬性控制
檢查方法:
查詢視圖dba_profiles和dba_users來檢查profile是否創(chuàng)建。
SQL> Select profile from dba_profiles;
SQL> Select profile from dba_users;
存在default以外的profile即可
修訂算法:
SQL> create profile maintenance limit PASSWORD_VERIFY_FUNCTION F_PASSWORD_VERIFY
PASSWORD_REUSE_MAX 5
PASSWORD_GRACE_TIME 60
FAILED_LOGIN_ATTEMPTS 6
PASSWORD_LIFE_TIME 90;
3.數(shù)據(jù)字典訪問權(quán)限
檢查方法:
使用sqlplus檢查參數(shù),
SQL> show parameter O7_DICTIONARY_ACCESSIBILITY
參數(shù)O7_DICTIONARY_ACCESSIBILITY設(shè)置為FALSE
修訂算法:
SQL> alter system set O7_DICTIONARY_ACCESSIBILITY=FALSE scope=spfile;
SQL> shutdown immediate
SQL> startup
4.賬戶口令的生存期
檢查方法:
執(zhí)行
select dba_profiles.profile,resource_name, limit
from dba_profiles, dba_users
where dba_profiles.profile = dba_users.profile
and dba_users.account_status='OPEN'
and resource_name='PASSWORD_GRACE_TIME';
查詢結(jié)果中PASSWORD_GRACE_TIME小于等于90。
修訂算法:
SQL> alter profile default limit PASSWORD_GRACE_TIME 60;
5.重復(fù)口令使用
檢查方法:
執(zhí)行
select dba_profiles.profile,resource_name, limit
from dba_profiles, dba_users
where dba_profiles.profile = dba_users.profile
and dba_users.account_status='OPEN'
and resource_name='PASSWORD_REUSE_MAX';
查詢結(jié)果中PASSWORD_REUSE_MAX大于等于5。
修訂算法:
SQL> alter profile default limit PASSWORD_REUSE_MAX 5;
6.認(rèn)證控制
檢查方法:
執(zhí)行
select dba_profiles.profile,resource_name, limit
from dba_profiles, dba_users
where dba_profiles.profile = dba_users.profile
and dba_users.account_status='OPEN'
and resource_name='FAILED_LOGIN_ATTEMPTS';
查詢結(jié)果中FAILED_LOGIN_ATTEMPTS等于6。
修訂算法:
SQL>alter profile default limit FAILED_LOGIN_ATTEMPTS 6;
7.更改默認(rèn)帳戶密碼
檢查方法:
sqlplus '/as sysdba'
conn system/system
conn system/manager
conn sys/sys
conn sys/cHAnge_on_install
conn scott/scott
conn scott/tiger
conn dbsnmp/dbsnmp
conn rman/rman
conn xdb/xdb
以上均不能成功登錄
修訂算法:
不要有空口令和弱口令
8.密碼更改策略
檢查方法:
執(zhí)行
select profile,limit from dba_profiles
where resource_name='PASSWORD_LIFE_TIME'
and profile in (select profile from dba_users where account_status='OPEN');
查詢結(jié)果中PASSWORD_LIFE_TIME小于等于90。
修訂算法:
SQL> alter profile default limit PASSWORD_LIFE_TIME 90;
9.密碼復(fù)雜度策略
檢查方法:
執(zhí)行
select limit from dba_profiles
where resource_name = 'PASSWORD_VERIFY_FUNCTION'
and profile in (select profile from dba_users where account_status = 'OPEN');
select text from dba_source where name='PASSWORD_VERIFY_FUNCTION';
查詢結(jié)果中不為“NULL”且策略為口令長度至少8位,并包括數(shù)字、小寫字母、大寫字母和特殊符號(hào)4類中至少3類
修訂算法:
創(chuàng)建復(fù)雜度策略
使用 sys 用戶登錄,執(zhí)行如下腳本:
D:\app\administrator\product\11.2.0\dbhome_1\RDBMS\ADMIN\utlpwdmg.sql
oracle 10g, 必須使用sys用戶登錄,oracle 11g,可以使用 system創(chuàng)建;
然后執(zhí)行如下腳本:
ALTER PROFILE DEFAULT LIMIT
PASSWORD_LIFE_TIME 90
PASSWORD_GRACE_TIME 60
PASSWORD_REUSE_TIME UNLIMITED
PASSWORD_REUSE_MAX 5
FAILED_LOGIN_ATTEMPTS 6
PASSWORD_LOCK_TIME 1
PASSWORD_VERIFY_FUNCTION verify_function;
10.數(shù)據(jù)庫審計(jì)策略
檢查方法:
1.使用參數(shù)設(shè)置,
SQL> show parameter audit_trail
參數(shù)audit_trail不為NONE。
檢查dba_audit_trail視圖中或$ORACLE_BASE/admin/adump目錄下是否有數(shù)據(jù)。
2.查看審計(jì)表,檢查是否有用戶登錄、操作記錄
select * from LOGON_AUDIT.LOGON_AUDIT;
修訂算法:
SQL> alter system set audit_trail=os scope=spfile;
SQL> shutdown immediate
SQL> startup
11.設(shè)置監(jiān)聽器密碼
檢查方法:
檢查$ORACLE_HOME/network/admin/listener.ora文件中是否設(shè)置參數(shù)PASSWORDS_LISTENER。
修訂算法:
$ ps -ef|grep tns
$ lsnrctl
LSNRCTL> set current_listener listener
LSNRCTL> change_password
LSNRCTL> save_config
LSNRCTL> set password
LSNRCTL> exit
12.限制用戶數(shù)量
檢查方法:
檢查文件/etc/group,確認(rèn)除oracle安裝用戶無其它用戶在DBA組中。
修訂算法:
13.使用數(shù)據(jù)庫角色(ROLE)來管理對(duì)象的權(quán)限
檢查方法:
檢查應(yīng)用用戶未授予dba角色:
select * from dba_role_privs where granted_role='DBA';
修訂算法:
create role
grant 角色 to username;
revoke DBA from username;
14.連接超時(shí)設(shè)置
檢查方法:
檢查sqlnet.ora文件:
$ cat $ORACLE_HOME/network/admin/sqlnet.ora
查看文件中設(shè)置參數(shù)SQLNET.EXPIRE_TIME=15。
修訂算法:
$ vi sqlnet.ora
SQLNET.EXPIRE_TIME=10
15.安全補(bǔ)丁
檢查方法:
查看oracle補(bǔ)丁是否為最新,
$ opatch lsinventory
修訂算法:
升級(jí)為最新補(bǔ)丁,需要Oracle Metalink 帳號(hào)下載安全補(bǔ)丁。
16.可信IP地址訪問控制
檢查方法:
1.檢查sqlnet.ora中是否設(shè)置
tcp.validnode_checking = yes,
tcp.invited_nodes :
$ cat $ORACLE_HOME/network/admin/sqlnet.ora
修訂算法:
$ vi sqlnet.ora
tcp.validnode_checking = yes
tcp.invited_nodes = (ip1,ip2…)
17.資源控制
檢查方法:
查看空閑超時(shí)設(shè)置:
select profile,limit from dba_profiles where profile='DEFAULT' and resource_name='IDLE_TIME';
修訂算法:
IDLE_TIME返回結(jié)果應(yīng)大于0
18.重要信息資源設(shè)置敏感標(biāo)記
檢查方法:
1、詢問數(shù)據(jù)庫管理員是否對(duì)重要數(shù)據(jù)設(shè)置了敏感標(biāo)記
2、檢查是否安裝Oracle Label Security 模塊:select username from dba_users;
3、查看是否創(chuàng)建策略:select policy_name,status from dba_sa_policies;
4、查看是否創(chuàng)建級(jí)別:select * from dba_sa_levels order by level_num;
5、查看標(biāo)簽創(chuàng)建情況:select * from dba_sa_labels;
6、詢問重要數(shù)據(jù)存儲(chǔ)表格名稱
7、查看策略與模式、表對(duì)應(yīng)關(guān)系:select * from dba_sa_table_policies;判斷是否針對(duì)重要信息資源設(shè)置敏感標(biāo)簽。
修訂算法:
1、安裝了Oracle Label Security模塊
2、可以查詢到Oracle Label Security對(duì)象的用戶LBACSYS
3、創(chuàng)建了相應(yīng)的策略
4、創(chuàng)建了相應(yīng)的級(jí)別
5、創(chuàng)建了標(biāo)簽
6、針對(duì)重要數(shù)據(jù)設(shè)置了敏感標(biāo)記
附一個(gè)作者收集的Oracle自動(dòng)化基線檢測(cè)腳本,大家可以進(jìn)一步優(yōu)化。
#!/bin/bash
#version 2.1 此腳本在rhel,centos,oel系統(tǒng)均已測(cè)試通過,適用于9i 10g 11g。但未在aix,solaris,unix測(cè)試,如果遇到問題請(qǐng)自行微調(diào)。
#Author: jn
#Date: 2016.8
HOSTNAME=`hostname`
echo $HOSTNAME > orack.res.lst
SQLPLUS=$ORACLE_HOME/bin/sqlplus
$SQLPLUS "/ as sysdba" << EOF
------- 設(shè)置行寬、葉寬 ----------
set line 150
set pagesize 1000
set feed off
spool orack.res.lst
------- 腳本開始運(yùn)行的時(shí)間 ------------
select 'Started On ' || to_char(sysdate,'yyyy-mm-dd hh24:mi:ss') started_time from dual;
------- Oracle的版本 ------------
select banner from v\$version;
#select banner from v$version;
------- 查看Oracle登錄認(rèn)證方式 ----------
show parameter remote_login_passwordfile
------- 查看 oracle 用戶密碼HASH值 -----------
select name,password from user\$;
select name,password from user\$ where name in ( select username from dba_users where account_status='OPEN');
------- 查看出于Active狀態(tài)的帳號(hào) ------------
col username for a20
col profile for a20
select username,profile from dba_users where account_status='OPEN';
set line 150
set pagesize 1000
col profile for a20
col resource_name for a30
col resource for a25
col limit for a30
select * from dba_profiles;
select * from dba_profiles where profile='DEFAULT';
------- 查看是否開啟了資源限制 ------------
show parameter resource_limit
-------查看審計(jì)開啟情況-----
show parameter audit
------- 查看密碼方面的限制 ------------
col resource_name for a40
col limit for a20
col profile for a40
select resource_name,limit,profile from dba_profiles where resource_type='PASSWORD';
------- 查看哪些用戶具有DBA權(quán)限 ---------------
col grantee for a15
col granted_role for a15
col admin_option for a15
col default_role for a15
select * from dba_role_privs where grantee in ( select username from dba_users where account_status='OPEN') and granted_role='DBA' order by grantee;
------- 查詢視圖dba_tab_privs被授予了public角色和執(zhí)行權(quán)限表的數(shù)量 -------
select count(*) table_name from dba_tab_privs where grantee='PUBLIC' and privilege='EXECUTE' and table_name in ('UTL_FILE', 'UTL_TCP', 'UTL_HTTP', 'UTL_SMTP', 'DBMS_LOB', 'DBMS_SYS_SQL', 'DBMS_JOB');
------- 查看激活用戶的配置情況 -------
select * from dba_profiles where profile in (select profile from dba_users where account_status='OPEN') and limit NOT IN('DEFAULT','UNLIMITED','NULL');
------- 查看第三方審計(jì)工具的安裝情況 -------
SELECT * FROM V\$OPTION WHERE PARAMETER = 'Oracle Database Vault';
#SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
------- 查看oracle最大連接數(shù)-------
show parameter processes;
------- 查看非系統(tǒng)用戶角色被授予dba的用戶的數(shù)量 -------
select count(a.username) from dba_users a left join dba_role_privs b on a.username = b.grantee where granted_role = 'DBA' and a.username not in ('SYS','SYSMAN','SYSTEM');
------- 查看數(shù)據(jù)庫會(huì)話 -------
show parameter sessions;
------- 當(dāng)sql92_security被設(shè)置成TRUE時(shí),對(duì)表執(zhí)行UPDATE/DELETE操作時(shí)會(huì)檢查當(dāng)前用戶是否具備相應(yīng)表的SELECT權(quán)限 --------
show parameter sql92_security;
------- O7_DICTIONARY_ACCESSIBILITY參數(shù)控制對(duì)數(shù)據(jù)字典的訪問.設(shè)置為true,如果用戶被授予了如select any table等any table權(quán)限,用戶即使不是dba或sysdba用戶也可以訪問數(shù)據(jù)字典,建議為false -------
show parameter O7_DICTIONARY_ACCESSIBILITY;
spool off
EOF
# Oracle Port Number
echo -e "\n\n" >> orack.res.lst
echo "----------Port 1521 in listener.ora----------" >> orack.res.lst
echo "" >> orack.res.lst
LISTEN_ORA=$ORACLE_HOME/network/admin/listener.ora
SQLNET_ORA=$ORACLE_HOME/network/admin/sqlnet.ora
if [ -f $LISTEN_ORA ];then
grep 1521 $LISTEN_ORA >> orack.res.lst
else
echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lst
fi
# Listener Password
echo -e "\n" >> orack.res.lst
echo "----------Listener Password in listener.ora----------" >> orack.res.lst
echo "" >> orack.res.lst
if [ -f $LISTEN_ORA ];then
grep -i PASSWORDS_LISTENER $LISTEN_ORA >> orack.res.lst
else
echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lst
fi
# SQLNET TIMEOUT
echo -e "\n" >> orack.res.lst
echo "----------sqlnet timeout in sqlnet.ora----------" >> orack.res.lst
echo "" >> orack.res.lst
if [ -f $SQLNET_ORA ];then
grep -i SQLNET.EXPIRE_TIME $SQLNET_ORA >> orack.res.lst
else
echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lst
fi
# SQLNET Trusted IP
echo -e "\n" >> orack.res.lst
echo "----------sqlnet trusted IP in sqlnet.ora----------" >> orack.res.lst
echo "" >> orack.res.lst
if [ -f $SQLNET_ORA ];then
egrep -i "tcp.validnode_checking|tcp.invited_nodes|tcp.excluded_nodes" $SQLNET_ORA >> orack.res.lst
else
echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lst
fi
echo -e "\n\n" >> orack.res.lst
echo "========================== End On `date` ==========================" >> orack.res.lst