Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> Retrieve listener status.
        
(Message started by: Pete Finnigan on Sep 7th, 2007, 1:27am)
Title: Retrieve listener status.
Post by Pete Finnigan on Sep 7th, 2007, 1:27am
Hi All,

If my listener.ora file do not set LOCAL_OS_AUTHENTICATION_LISTENER (hence this defaults to ON) and also do not set the PASSWORDS_<LISTENER>, then is there any way to retrieve the status information from a remote box.

This question is specific to oracle verion 10g and beyond.

Regards,
Riz.
Title: Re: Retrieve listener status.
Post by Pete Finnigan on Sep 8th, 2007, 8:33pm
Hi,

There is no easy way to do this at the TNS level without being able to authenticate to the listener.

What do you need to get the status information for?

If its just to see if the listener is up then use tnsping which should work - i cannot confirm as i dont have a remote instance to test with tonight.

The other option if you want to get a status output is to have a look at the "expect" tool - its a TCL extension that allows you to stream commands to a program and use this with ssh and connect to the listener like that, i.e. run TCL to ssh to the box, run lsnrctl status and get the output and disconnect.

hth

cheers

Pete
Title: Re: Retrieve listener status.
Post by Pete Finnigan on Sep 10th, 2007, 6:00pm
Hi Pete,

Thanks a lot for clarifying this. This definitely helps.

Regards,
Riz.
Title: Re: Retrieve listener status.
Post by Pete Finnigan on Nov 25th, 2007, 12:14pm
"If my listener.ora file do not set LOCAL_OS_AUTHENTICATION_LISTENER (hence this defaults to ON) and also do not set the PASSWORDS_<LISTENER>, then is there any way to retrieve the status information from a remote box. This question is specific to oracle verion 10g and beyond." = "shields down"

With LOCAL_OS_AUTHENTICATION_LISTENER off and PASSWORDS_<LISTENER> not set... your listener is exposed to (almost) all major "retrieval" actions.  Setting admin password will prevent unauthorised admin actions done via lsnrctl (if you have the password then it's considered you are authorised) but it's still possible to gather a lot of details about.
OS authentification switched on will pass to OS the mission to reject connections to machine - in base based on OS settings / options (if that user have options to get OS authorisation to hit a port then ... listener will be exposed also).
So shields up and watch out for incomming "do nothing" connections...  :)


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board