1. set listener password [recommended]
LSNRCTL> set current_listener
LSNRCTL> change_password
LSNRCTL> set password
LSNRCTL> save_config
2. turn on logging [recommended]
LSNRCTL> set current_listener
LSNRCTL> set password
LSNRCTL> set log_directory
LSNRCTL> set log_file
LSNRCTL> set log_status on
LSNRCTL> save_config
3. Set ADMIN_RESTRICTIONS [recommended]
add "ADMIN_RESTRICTIONS_
4. Apply Listener Patches [recommended]
5. Block SQL*Net on Firewalls [recommended]
6. Secure the $TNS_ADMIN Directory [recommended]
7. Remove Unused Services [recommended]
8. Setup Valid Node Checking [optional]
$ORACLE_HOME/network/admin/sqlnet.ora in Oracle 9i
$ORACLE_HOME/network/admin/protocol.ora in Oracle 8i/8
add
tcp.validnode_checking = yes
tcp.invited_nodes = (x.x.x.x | name, x.x.x.x | name)
tcp.excluded_nodes=( x.x.x.x | name, x.x.x.x | name)
use either invited_nodes or excluded_nodes, but not both. No wildcards or subnets are allowed.
9. Monitor the Logfile [optional]
on your own.
Some step may need to reload or restart listener. You can read the full guide on
ref: http://www.integrigy.com/info/Integrigy_OracleDB_Listener_Security.pdf
