Skip to content
ANBOB

ANBOB

提供综合数据库运维服务与优化方案(不限Oracle、MySQL、PG及国产数据库), 微信/Tel:(+86)134-365-60330

  • 首页
  • 关于我
  • 联系我们

oracle 12c等待事件: Failed Logon Delay

2021-09-302018-05-30 by weejar zhang

Failed Logon Delay

昨天看到一份Oracle 12C R2的AWR top event是”Failed Logon Delay”, 发现12c 在安全方面又有几个参数的变化,简单的记录一下。

这个等待事件常常是因为有程序尝试使用错误的用户密码登录数据库, 如暴力破解程序.

这是一个安全特性用于控制延迟失败的登录,在oracle 11g版本是引入,但是在11g时常因为这个特性带来性能 问题,需要用event 28401 禁用密码延迟认证的特性。 控制认证失败尝试特性是有 sec_max_failed_login_attempts 和sec_protocol_error_further_Action 参数控制,但是在oracle 12c后对于以上参数值有了新的变化, sec_max_failed_login_attempts尝试失败次数(多个用户)11G是10次,在12ck中减少为3, 所以延迟的登录会更多, 这个参数不同于user profile中的失效次数主要是单个用户失败和多个用户失败。 sec_protocol_error_further_Action  这个参数控制失败后的处理方式,在11g时是CONTINUE 也就是可以继续,但是在12c 中默认改变为(DROP, 3), 为了系统稳定牺牲一个连接。

解决方法就是找错误尝试的主机,修正密码后即可。

查找方法可以使用audit

如 SQL>audit session whenever not successful;

查询aud$

或使用登录trigger(Note:可能会有一点点登录性能影响(<1%),找到源头后可以删除)

CREATE OR REPLACE TRIGGER logon_denied_to_alert
  AFTER servererror ON DATABASE
DECLARE
  -- author: anbob.com
  -- purpose: print logon fail to db alert due to passwd wrong
  message   VARCHAR2(168);
  ip        VARCHAR2(15);
  v_os_user VARCHAR2(80);
  v_db_user varchar2(50);
  v_module  VARCHAR2(50);
  v_action  VARCHAR2(50);
  v_pid     VARCHAR2(10);
  v_sid     NUMBER;
  v_program VARCHAR2(48);
BEGIN
  IF (ora_is_servererror(1017)) THEN

    -- get ip FOR remote connections :
    IF upper(sys_context('userenv', 'network_protocol')) = 'TCP' THEN
      ip := sys_context('userenv', 'ip_address');
    END IF;

    SELECT sid INTO v_sid FROM sys.v_$mystat WHERE rownum < 2;
    SELECT p.spid, v.program
      INTO v_pid, v_program
      FROM v$process p, v$session v
     WHERE p.addr = v.paddr
       AND v.sid = v_sid;

    v_os_user := sys_context('userenv', 'os_user');
	v_db_user := sys_context('userenv', 'SESSION_USER');
    dbms_application_info.read_module(v_module, v_action);

    message := to_char(SYSDATE, 'YYYYMMDD HH24MISS') ||
               ' logon denied from ' || nvl(ip, 'localhost') || ' OSPid:' ||
               v_pid || ' OS User:' || v_os_user || ' DB User:' || v_db_user ||' with ' || v_program || ' – ' ||
               v_module || ' ' || v_action;

    sys.dbms_system.ksdwrt(2, message);

  END IF;
END;
/

_sys_logon_delay

另外对于12c中引入的对于SYS用户的尝试失败登录后的延迟是有参数新的参数”_sys_logon_delay“控制的,默认为1秒,加大参数可以防止非法尝试,配置值为0 可以禁用该特性。

MORE

SEC_MAX_FAILED LOGIN_ATTEMPTS is a new feature in Oracle 11g. It specifies the number of authentication attempts that can be made by a client on a connection to the server process. This parameter target against brute force attacks. An intruder could start a server process first and then try to establish connection by guessing/Program generated password. Using that parameter it is possible to limit the number of failed login attempts. After the specified number of authentication attempts fails, the database processes drop the connection. This initialization parameter is designed to stop intruder from attacking application, it does not apply to valid user. It is not a dynamic parameter.

SEC_MAX_FAILED_LOGIN_ATTEMPTS only works application uses OCI Program. It does not work in sqlplus so a user can try unlimited time with guessing password from sqlplus even though the parameter is set but usually intruder attack using OCI program.

Categories Cloud, ORACLE 9i-23ai Tags _sys_logon_delay, Failed Logon Delay, sec_max_failed_login_attempts
MariaDB学习系列(一): MariaDB TX 3.0
Oracle 12cR2 RAC新特性”fast index split wait” 引入gc index split transaction增长导致ora-4031

Archives

  • August 2025 (2)
  • July 2025 (7)
  • June 2025 (5)
  • May 2025 (8)
  • April 2025 (11)
  • March 2025 (5)
  • February 2025 (3)
  • January 2025 (8)
  • December 2024 (13)
  • November 2024 (17)
  • October 2024 (17)
  • September 2024 (13)
  • August 2024 (12)
  • July 2024 (13)
  • June 2024 (14)
  • May 2024 (11)
  • April 2024 (10)
  • March 2024 (10)
  • February 2024 (8)
  • January 2024 (12)
  • December 2023 (15)
  • November 2023 (8)
  • October 2023 (13)
  • September 2023 (10)
  • August 2023 (7)
  • July 2023 (14)
  • June 2023 (15)
  • May 2023 (12)
  • April 2023 (8)
  • March 2023 (10)
  • February 2023 (7)
  • January 2023 (8)
  • December 2022 (12)
  • November 2022 (6)
  • October 2022 (6)
  • September 2022 (9)
  • August 2022 (8)
  • July 2022 (11)
  • June 2022 (5)
  • May 2022 (7)
  • April 2022 (11)
  • March 2022 (6)
  • February 2022 (4)
  • January 2022 (8)
  • December 2021 (9)
  • November 2021 (9)
  • October 2021 (3)
  • September 2021 (4)
  • August 2021 (11)
  • July 2021 (7)
  • June 2021 (8)
  • May 2021 (3)
  • April 2021 (4)
  • March 2021 (8)
  • January 2021 (4)
  • December 2020 (7)
  • November 2020 (5)
  • October 2020 (2)
  • September 2020 (11)
  • August 2020 (7)
  • July 2020 (13)
  • June 2020 (16)
  • May 2020 (24)
  • April 2020 (7)
  • March 2020 (11)
  • February 2020 (6)
  • January 2020 (10)
  • December 2019 (3)
  • November 2019 (6)
  • October 2019 (8)
  • September 2019 (5)
  • August 2019 (10)
  • July 2019 (3)
  • June 2019 (8)
  • May 2019 (2)
  • April 2019 (3)
  • March 2019 (6)
  • February 2019 (9)
  • January 2019 (1)
  • December 2018 (6)
  • November 2018 (5)
  • October 2018 (2)
  • September 2018 (6)
  • August 2018 (5)
  • July 2018 (4)
  • June 2018 (1)
  • May 2018 (6)
  • April 2018 (1)
  • March 2018 (3)
  • January 2018 (4)
  • December 2017 (5)
  • November 2017 (2)
  • October 2017 (1)
  • September 2017 (2)
  • August 2017 (6)
  • July 2017 (2)
  • June 2017 (3)
  • May 2017 (3)
  • April 2017 (6)
  • March 2017 (13)
  • February 2017 (6)
  • January 2017 (5)
  • December 2016 (8)
  • November 2016 (9)
  • October 2016 (2)
  • September 2016 (7)
  • August 2016 (10)
  • July 2016 (3)
  • June 2016 (4)
  • May 2016 (3)
  • April 2016 (4)
  • March 2016 (4)
  • February 2016 (2)
  • January 2016 (1)
  • December 2015 (2)
  • November 2015 (2)
  • October 2015 (6)
  • September 2015 (4)
  • August 2015 (6)
  • July 2015 (5)
  • June 2015 (9)
  • May 2015 (8)
  • April 2015 (3)
  • March 2015 (2)
  • February 2015 (4)
  • January 2015 (7)
  • December 2014 (11)
  • November 2014 (5)
  • October 2014 (5)
  • September 2014 (6)
  • August 2014 (5)
  • July 2014 (7)
  • June 2014 (1)
  • May 2014 (5)
  • April 2014 (6)
  • March 2014 (8)
  • February 2014 (11)
  • January 2014 (6)
  • December 2013 (6)
  • November 2013 (5)
  • October 2013 (6)
  • September 2013 (7)
  • August 2013 (8)
  • July 2013 (5)
  • June 2013 (7)
  • May 2013 (5)
  • April 2013 (8)
  • March 2013 (9)
  • February 2013 (1)
  • January 2013 (12)
  • December 2012 (20)
  • November 2012 (10)
  • October 2012 (9)
  • September 2012 (9)
  • August 2012 (8)
  • July 2012 (22)
  • June 2012 (11)
  • May 2012 (17)
  • April 2012 (8)
  • March 2012 (13)
  • February 2012 (7)
  • January 2012 (9)
  • December 2011 (19)
  • November 2011 (16)
  • October 2011 (15)
  • September 2011 (21)
  • August 2011 (23)
  • July 2011 (22)
  • June 2011 (37)
  • May 2011 (39)
  • April 2011 (31)
  • March 2011 (26)
  • February 2011 (14)
  • January 2011 (23)
  • December 2010 (30)
  • November 2010 (17)
  • December 2009 (1)
  • November 2009 (1)
  • September 2009 (1)

标签

19C BACKUP/RECOVERY DataGuard dblink exadata Goldengate HAIP lob mysql oceanbase OGG ora-600 ORA-1017 ORA-4031 ora-7445 ORACLE11g oracle 12.2 ORACLE 12C ORACLE ADMIN ORACLE ADMIN oracle asm oracle dataguard oracle goldengate oracle internal oracle oem oracle plsql/sql oracle rac ORACLE安全 oracle安装 oracle 异常 oracle教材 oracle 权限管理 oracle管理 OS Command OS Command partition Performance tuning postgresql Redis row cache lock shell Troubleshooting Troubleshooting 备份与恢复 年终总结
版权所有© 2008-2027 weizhao.zhang (ANBOB.COM)

禁止未经授权的数据爬取行为,并保留追究法律责任的权利。