oracle 11g等保加固

有个单机环境需要做个等保加固

1、执行如下sql

@?/rdbms/admin/utlpwdmg.sql
--alter profile default limit password_verify_function null;
Alter PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 90;
alter profile DEFAULT limit password_lock_time 30;
alter profile DEFAULT limit password_reuse_max 4;
alter profile DEFAULT limit failed_login_attempts 5;
alter system set resource_limit =TRUE;
alter profile DEFAULT limit IDLE_TIME 30;  
ALTER SYSTEM SET audit_trail=DB,EXTENDED SCOPE=SPFILE;
alter system set audit_sys_operations=true scope=spfile;

配置后重启实例，

2、编辑$ORACLE_HOME/network/admin/sqlnet.ora增加如下内容

SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = MD5

3、确认密码过期时间，定期修改用户密码

set pagesize 199 linesize 199;
select username,profile,to_char(EXPIRY_DATE,'YYYY-MM-DD HH24:MI:SS') from dba_users
where ACCOUNT_STATUS <> 'EXPIRED '||chr(38)||' LOCKED'  order by CREATED desc;

4、直接出重置密码的sql
set pagesize 199 linesize 199;
col USERNAME for a20;
col PASSWORD for a30;
SELECT 'alter user ' ||A.USERNAME ||'  identified  by  values '||''''||B.PASSWORD||''''||'  account unlock;'   FROM DBA_USERS A, SYS.USER$ B  WHERE A.USER_ID = B.USER# and A.ACCOUNT_STATUS <> 'EXPIRED '||chr(38)||' LOCKED';