--1、查询非被锁状态下的用户、过期时间、profile、密码
set lines 400 pagesize 100
select username, profile,account_status,EXPIRY_DATE,password from dba_users where account_status not like '%LOCK%';
select name,password from sys.user$ where name in (select username from dba_users where account_status='OPEN');
select * from dba_profiles where RESOURCE_NAME in ('PASSWORD_REUSE_TIME','PASSWORD_REUSE_MAX');
--2、回退安全加固
alter profile default limit PASSWORD_REUSE_MAX unlimited;
alter profile default limit PASSWORD_REUSE_TIME unlimited;
alter profile MONITORING_PROFILE limit PASSWORD_REUSE_MAX unlimited;
alter profile MONITORING_PROFILE limit PASSWORD_REUSE_TIME unlimited;
--3、刷新密码(执行以下sql)
select 'alter user ' name ' identified by values ''' password ''';' from sys.user$ where name in ( select username from dba_users where account_status not like '%LOCK%');
--4、安全加固
alter profile default limit PASSWORD_REUSE_MAX 5;
alter profile default limit PASSWORD_REUSE_TIME 1800;
alter profile MONITORING_PROFILE limit PASSWORD_REUSE_MAX 5;
alter profile MONITORING_PROFILE limit PASSWORD_REUSE_TIME 1800;
--5、检查用户过期日期及安全加固机制
select username, profile,account_status,EXPIRY_DATE,password from dba_users where account_status not like '%LOCK%';
select from dba_profiles where profile='DEFAULT';
网友评论