change it in snmp.ora
which is in clear text on the Unix server.....
protect that file!
- "Mercadante, Thomas F" <Thomas.Mercadante_at_Labor.State.Ny.Us> wrote:
> Hey All,
>
> Anyone remember how to change the DBSNMP password? I know I can
> change it
> in the db easily enough, but how does the server/DBSNMP listener
> process
> know what the new password is? Must be stored in an OS file
> someplace.
>
> I was just poking around trying to figure it out. The docs have the
> answer
> hidden someplace and Google is not responding to search requests.
>
> Just curious.
>
> And Jim, the first thing I do when I come upon an instance with these
> "default" accounts established, is to lock them (alter user account
> lock) so
> that someone cannot connect using them.
>
> Thanks!
>
> Tom Mercadante
> Oracle Certified Professional
>
>
> -----Original Message-----
> Sent: Thursday, January 31, 2002 11:43 AM
> To: Multiple recipients of list ORACLE-L
>
>
> Speaking of default accounts with default passwords, here is my list
> that I
> check for. Anyone want to compare notes :) i.e. have I missed any?
>
> Thanks,
>
> Jim
>
>
> perfstat/perfstat
> TRACESVR ??? is only used with 7.x Databases
> REPADMIN ???
> CTXSYS/CTXSYS
> DBSNMP/DBSNMP
> INTERNAL/ORACLE
> MDSYS/MDSYS
> MTSSYS/MTSSYS
> ORDPLUGINS/ORDPLUGINS
> ORDSYS/ORDSYS
> OUTLN/OUTLN
> SYS/CHANGE_ON_INSTALL
> SYSTEM/MANAGER
> SCOTT/TIGER
>
>
>
>
> -----Original Message-----
> Kirti
> Sent: 31 January 2002 15:25
> To: Multiple recipients of list ORACLE-L
>
>
> Stephane,
> Thanks. Yes, we are properly fenced....
> None of the databases have those default accounts with default
> passwords.
> We do not use OEM and that agent. Passwords of critical accounts get
> changed
> regularly and often. Database user ids are generated & approved by
> Data
> Security group before DBAs can add them to databases (so others do
> not know
> and can not guess who has what id), and they request reports of
> access
> privileges when least expected.
> So, it's all how you manage your set up. When I joined this company
> I was
> going nuts about such things (remote_os_authent, default links by
> virtue of
> Oracle Names etc), but as I learned the environment I was
> comfortable.. And
> it is helping us more than creating problems and concerns.
>
> Cheers !
>
> - Kirti
>
> -----Original Message-----
> Sent: Thursday, January 31, 2002 2:20 AM
> To: Multiple recipients of list ORACLE-L
>
>
> "Deshpande, Kirti" wrote:
> >
> > We use REMOTE_OS_AUTHENT in many of our databases. I know we
> shouldn't do
> > this, but we have to, and that's another topic...
> >
> > We also use a specific auth prefix.
> >
> > Now, can someone show me how a Windoze user, 'GOD' get in the
> database
> when
> > I do not have a user, '<Auth_Prefix>GOD' in my database.
> >
> > I say, I have nothing to worry about this setup as long as 'GOD'
> user in
> my
> > database is controlled appropriately via roles, grants, profile
> etc....
> >
> > Sure, if I had <auth_prefix>GOD in the database, I will be looking
> for
> > another job....
> > Right?
> >
> > - Kirti
> >
>
> The problem as I see it is that it's fairly easy to get the names of
> users on a database. The number of databases you can connect to using
> dbsnmp/dbsnmp or outln/outln is desperately high, and from there you
> can
> query ALL_USERS. I must say that I am truly hopeless with any
> Microsoft
> OS, so you could safely let me with admin rights on the box when I
> feel
> at my most mischievous. But imagine I come with Linux on my laptop, I
> plug (like many 'nomad' users often do) into your network, manage to
> connect (as a less-than-nothing user), check the user list, spot
> something looking like a prefix, and use this information to add with
> linuxconf a suitably named account to my machine? I am certain that
> in
> your case everything is correctly fenced, but I have met many many
> many
> databases where the standard in terms of grants was 'TO PUBLIC', and
> where database links were PUBLIC as well, and usually connected to
> the
> other database as the owner of most tables (even as DBA).
> IMHO, if you really want to be secure, you must first know Oracle and
> your environment well, and also audit sensitive information.
>
> --
> Regards,
>
> Stephane Faroult
> Oriole Ltd
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Stephane Faroult
> INET: sfaroult_at_oriole.com
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Deshpande, Kirti
> INET: kirti.deshpande_at_verizon.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing
> Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: James McCann
> INET: james_at_openet-telecom.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing
> Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Mercadante, Thomas F
> INET: Thomas.Mercadante_at_Labor.State.Ny.Us
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing
> Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
=== message truncated ===
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: wisernet100_at_yahoo.com
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Thu Jan 31 2002 - 12:40:23 CST
