联系:手机/微信(+86 17813235971) QQ(107644445)
标题:Disable/Enable Oracle Database Vault
作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]
一、Disable Oracle Database Vault
[oracle@node1 ~]$ sqlplus sys/xifenfei@ora11g as sysdba
SQL*Plus: Release 10.2.0.5.0 – Production on Fri Nov 4 09:09:00 2011
Copyright (c) 1982, 2010, Oracle. All Rights Reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
SQL> col parameter for a30
SQL> col value for a10
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
PARAMETER VALUE
—————————— ———-
Oracle Database Vault TRUE
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
[oracle@node1 ~]$ emctl stop dbconsole
[oracle@node1 ~]$ lsnrctl stop
[oracle@node1 ~]$ cd $ORACLE_HOME/rdbms/lib
[oracle@node1 lib]$ pwd
/opt/oracle/product/11.2.0/db_1/rdbms/lib
[oracle@node1 lib]$ make -f ins_rdbms.mk dv_off ioracle
/usr/bin/ar d /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a kzvidv.o
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzvndv.o
chmod 755 /opt/oracle/product/11.2.0/db_1/bin
- Linking Oracle
rm -f /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle
gcc -o /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle -m64 -L/opt/oracle/product/11.2.0/db_1/rdbms/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/stubs/ -Wl,-E /opt/oracle/product/11.2.0/db_1/rdbms/lib/opimai.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ssoraed.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ttcsoi.o -Wl,–whole-archive -lperfsrv11 -Wl,–no-whole-archive /opt/oracle/product/11.2.0/db_1/lib/nautab.o /opt/oracle/product/11.2.0/db_1/lib/naeet.o /opt/oracle/product/11.2.0/db_1/lib/naect.o /opt/oracle/product/11.2.0/db_1/lib/naedhs.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/config.o -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11 -lrt -lplp11 -lserver11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11 -lrt -lplp11 -ljavavm11 -lserver11 -lwwg `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/opt/oracle/product/11.2.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged -lippsmerged -lippcore -lippcpemerged -lippcpmerged -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -Wl,-rpath,/opt/oracle/product/11.2.0/db_1/lib -lm `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -ldl -lm -L/opt/oracle/product/11.2.0/db_1/lib
test ! -f /opt/oracle/product/11.2.0/db_1/bin/oracle ||\
mv -f /opt/oracle/product/11.2.0/db_1/bin/oracle /opt/oracle/product/11.2.0/db_1/bin/oracleO
mv /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle /opt/oracle/product/11.2.0/db_1/bin/oracle
chmod 6751 /opt/oracle/product/11.2.0/db_1/bin/oracle
[oracle@node1 lib]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 09:21:39 2011
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 2137886720 bytes
Fixed Size 2230072 bytes
Variable Size 1241516232 bytes
Database Buffers 889192448 bytes
Redo Buffers 4947968 bytes
Database mounted.
Database opened.
SQL> col parameter for a30
SQL> col value for a10
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
PARAMETER VALUE
—————————— ———-
Oracle Database Vault FALSE
二、Enable Oracle Database Vault
[oracle@node1 ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 12:50:40 2011
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
[oracle@node1 ~]$ cd $ORACLE_HOME/rdbms/lib
[oracle@node1 lib]$ make -f ins_rdbms.mk dv_on lbac_on ioracle
/usr/bin/ar d /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a kzvndv.o
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzvidv.o
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzlilbac.o
chmod 755 /opt/oracle/product/11.2.0/db_1/bin
- Linking Oracle
rm -f /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle
gcc -o /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle -m64 -L/opt/oracle/product/11.2.0/db_1/rdbms/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/stubs/ -Wl,-E /opt/oracle/product/11.2.0/db_1/rdbms/lib/opimai.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ssoraed.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ttcsoi.o -Wl,–whole-archive -lperfsrv11 -Wl,–no-whole-archive /opt/oracle/product/11.2.0/db_1/lib/nautab.o /opt/oracle/product/11.2.0/db_1/lib/naeet.o /opt/oracle/product/11.2.0/db_1/lib/naect.o /opt/oracle/product/11.2.0/db_1/lib/naedhs.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/config.o -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11 -lrt -lplp11 -lserver11 -lclient11 -lvsn11 -lcommon11 -lgeneric11 `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11 -lrt -lplp11 -ljavavm11 -lserver11 -lwwg `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/opt/oracle/product/11.2.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged -lippsmerged -lippcore -lippcpemerged -lippcpmerged -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -Wl,-rpath,/opt/oracle/product/11.2.0/db_1/lib -lm `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -ldl -lm -L/opt/oracle/product/11.2.0/db_1/lib
test ! -f /opt/oracle/product/11.2.0/db_1/bin/oracle ||\
mv -f /opt/oracle/product/11.2.0/db_1/bin/oracle /opt/oracle/product/11.2.0/db_1/bin/oracleO
mv /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle /opt/oracle/product/11.2.0/db_1/bin/oracle
chmod 6751 /opt/oracle/product/11.2.0/db_1/bin/oracle
[oracle@node1 lib]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 12:52:51 2011
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 622149632 bytes
Fixed Size 2230912 bytes
Variable Size 201328000 bytes
Database Buffers 411041792 bytes
Redo Buffers 7548928 bytes
Database mounted.
Database opened.
SQL> col parameter for a30
SQL> col value for a10
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
PARAMETER VALUE
—————————— ———-
Oracle Database Vault TRUE
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
[oracle@node1 lib]$ lsnrctl start
[oracle@node1 lib]$ emctl start dbconsole
三、Oracle Database Vault启用关闭总机
1、关闭实例/EM/监听
2、修改Oracle Database Vault
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_off ioracle –关闭
make -f ins_rdbms.mk dv_on lbac_on ioracle –开启
3、开启实例/EM/监听
jarry,
你好,你的这个需求不能通过Database Vault简单实现,建议你参考Oracle Encryption Wallet
请教一下,安装了database vault之后,如果对某个表进行了保护,然后dba把数据文件全部copy到另外一个机器上恢复,是否就可以直接看这个表里面的数据了?
换句话说,database vault不能保护拷走这种情况?
没有简单关闭/启用vault的方法吗?