Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle 11g will have SHA-1 hashed passwords and case sensitive passwords"] [Next entry: "Happy new year!!"]

Integrigy have released a completely new version of their listener check tool

Integrigy have just released a complete re-write of this tool as version 2.2. This is a great tool now with a lot of new features. The original 3 checks have been enhanced and the complete list of checks includes:-

1) The listener version
2) Whether the listener password is set
3) Whether ADMIN_RESTRICTIONS are set
4) Whether listener logging is on and
5) Whether LOCAL_OS_AUTHENTICATION is on or off.

The tool also includes a set of FNDFS Oracle Applications 11i listener checks. Oracle Applications includes a seperate listener, defaulted on port 1626 in addition to the database listener. This listener is an Oracle 8.0.6 listener.

The tool also includes a SID enumeration tool and also a TNSNAMES.ORA security check. Also if you dig deep and venture to the about page you are rewarded with an extra link that takes you to a page that can be used to generate TNS names entries, 10g connect strings (the new short ones) and JDBC connect strings.

I have updated my Oracle security tools page and you can download the Oracle database listener check tool from Integrigy.