Disable/Enable Oracle Database Vault

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:Disable/Enable Oracle Database Vault

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

一、Disable Oracle Database Vault 

[oracle@node1 ~]$ sqlplus sys/xifenfei@ora11g as sysdba
 
SQL*Plus: Release 10.2.0.5.0 – Production on Fri Nov 4 09:09:00 2011
 
Copyright (c) 1982, 2010, Oracle.  All Rights Reserved.
 
 
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
 
SQL> col parameter for a30
SQL> col value for a10
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
 
PARAMETER                      VALUE
—————————— ———-
Oracle Database Vault          TRUE
 
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
 
[oracle@node1 ~]$ emctl stop dbconsole
[oracle@node1 ~]$ lsnrctl stop
[oracle@node1 ~]$ cd $ORACLE_HOME/rdbms/lib
[oracle@node1 lib]$ pwd
/opt/oracle/product/11.2.0/db_1/rdbms/lib
[oracle@node1 lib]$ make -f ins_rdbms.mk dv_off ioracle
/usr/bin/ar d /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a kzvidv.o
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzvndv.o 
chmod 755 /opt/oracle/product/11.2.0/db_1/bin
 
 - Linking Oracle 
rm -f /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle
gcc  -o /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle -m64 -L/opt/oracle/product/11.2.0/db_1/rdbms/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/stubs/   -Wl,-E /opt/oracle/product/11.2.0/db_1/rdbms/lib/opimai.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ssoraed.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ttcsoi.o  -Wl,–whole-archive -lperfsrv11 -Wl,–no-whole-archive /opt/oracle/product/11.2.0/db_1/lib/nautab.o /opt/oracle/product/11.2.0/db_1/lib/naeet.o /opt/oracle/product/11.2.0/db_1/lib/naect.o /opt/oracle/product/11.2.0/db_1/lib/naedhs.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/config.o  -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11  -lrt -lplp11 -lserver11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11  -lrt -lplp11 -ljavavm11 -lserver11  -lwwg  `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11   -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/opt/oracle/product/11.2.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11  -loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged  -lippsmerged -lippcore  -lippcpemerged -lippcpmerged  -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11  -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio    `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -Wl,-rpath,/opt/oracle/product/11.2.0/db_1/lib -lm    `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -ldl -lm   -L/opt/oracle/product/11.2.0/db_1/lib
test ! -f /opt/oracle/product/11.2.0/db_1/bin/oracle ||\
           mv -f /opt/oracle/product/11.2.0/db_1/bin/oracle /opt/oracle/product/11.2.0/db_1/bin/oracleO
mv /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle /opt/oracle/product/11.2.0/db_1/bin/oracle
chmod 6751 /opt/oracle/product/11.2.0/db_1/bin/oracle
 
[oracle@node1 lib]$ sqlplus / as sysdba
 
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 09:21:39 2011
 
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
 
Connected to an idle instance.
 
SQL> startup
ORACLE instance started.
 
Total System Global Area 2137886720 bytes
Fixed Size                  2230072 bytes
Variable Size            1241516232 bytes
Database Buffers          889192448 bytes
Redo Buffers                4947968 bytes
Database mounted.
Database opened.
SQL> col parameter for a30
SQL> col value for a10
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
 
PARAMETER                      VALUE
—————————— ———-
Oracle Database Vault          FALSE

二、Enable Oracle Database Vault 

[oracle@node1 ~]$ sqlplus / as sysdba
 
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 12:50:40 2011
 
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
 
 
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
 
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
[oracle@node1 ~]$  cd $ORACLE_HOME/rdbms/lib
[oracle@node1 lib]$  make -f ins_rdbms.mk dv_on lbac_on ioracle
/usr/bin/ar d /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a kzvndv.o
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzvidv.o 
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzlilbac.o 
chmod 755 /opt/oracle/product/11.2.0/db_1/bin
 
 - Linking Oracle 
rm -f /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle
gcc  -o /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle -m64 -L/opt/oracle/product/11.2.0/db_1/rdbms/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/stubs/   -Wl,-E /opt/oracle/product/11.2.0/db_1/rdbms/lib/opimai.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ssoraed.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ttcsoi.o  -Wl,–whole-archive -lperfsrv11 -Wl,–no-whole-archive /opt/oracle/product/11.2.0/db_1/lib/nautab.o /opt/oracle/product/11.2.0/db_1/lib/naeet.o /opt/oracle/product/11.2.0/db_1/lib/naect.o /opt/oracle/product/11.2.0/db_1/lib/naedhs.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/config.o  -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11  -lrt -lplp11 -lserver11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11  -lrt -lplp11 -ljavavm11 -lserver11  -lwwg  `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11   -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/opt/oracle/product/11.2.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11  -loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged  -lippsmerged -lippcore  -lippcpemerged -lippcpmerged  -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11  -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio    `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -Wl,-rpath,/opt/oracle/product/11.2.0/db_1/lib -lm    `cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -ldl -lm   -L/opt/oracle/product/11.2.0/db_1/lib
test ! -f /opt/oracle/product/11.2.0/db_1/bin/oracle ||\
           mv -f /opt/oracle/product/11.2.0/db_1/bin/oracle /opt/oracle/product/11.2.0/db_1/bin/oracleO
mv /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle /opt/oracle/product/11.2.0/db_1/bin/oracle
chmod 6751 /opt/oracle/product/11.2.0/db_1/bin/oracle
[oracle@node1 lib]$ sqlplus / as sysdba
 
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 12:52:51 2011
 
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
 
Connected to an idle instance.
 
SQL> startup
ORACLE instance started.
 
Total System Global Area  622149632 bytes
Fixed Size                  2230912 bytes
Variable Size             201328000 bytes
Database Buffers          411041792 bytes
Redo Buffers                7548928 bytes
Database mounted.
Database opened.
 
SQL> col parameter for a30
SQL> col value for a10    
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
 
PARAMETER                      VALUE
—————————— ———-
Oracle Database Vault          TRUE
 
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
 
[oracle@node1 lib]$ lsnrctl start
[oracle@node1 lib]$ emctl start dbconsole

三、Oracle Database Vault启用关闭总机
1、关闭实例/EM/监听
2、修改Oracle Database Vault
   cd $ORACLE_HOME/rdbms/lib
   make -f ins_rdbms.mk dv_off ioracle  –关闭
   make -f ins_rdbms.mk dv_on lbac_on ioracle  –开启
3、开启实例/EM/监听

此条目发表在 Oracle 分类目录。将固定链接加入收藏夹。

Disable/Enable Oracle Database Vault》有 3 条评论

  1. 惜分飞 说:

    jarry,
    你好,你的这个需求不能通过Database Vault简单实现,建议你参考Oracle Encryption Wallet

  2. jarry 说:

    请教一下,安装了database vault之后,如果对某个表进行了保护,然后dba把数据文件全部copy到另外一个机器上恢复,是否就可以直接看这个表里面的数据了?
    换句话说,database vault不能保护拷走这种情况?

  3. zivon 说:

    没有简单关闭/启用vault的方法吗?