OraMatt: YABAOracle

Yet Another Blog About Oracle

, , ,

Quick Lockdown Script

Just a little script to lockdown default Oracle accounts and randomly change passwords

function lock_default_oracle_accounts()
{
export RANDPWD=`date +%s | sha256sum | base64 | head -c 12`
sqlplus / as sysdba <<EOF
spool /tmp/account_status.log
select username from DBA_USERS_WITH_DEFPWD;
spool off
set sqlprompt ' '
set echo off
set feedback off
set timing off
set heading off
set pagesize 0
set linesize 9999
set trimspool on
set tab off
set recsep off
spool /tmp/lock_accounts.sql
select 'alter user ' || username || ' account lock ;' from DBA_USERS_WITH_DEFPWD;
select 'alter user ' || username || ' identified by ${RANDPWD} ;' from DBA_USERS_WITH_DEFPWD;
select 'alter user ' || username || ' password expire ;' from DBA_USERS_WITH_DEFPWD;
spool off;
@/tmp/lock_accounts.sql
set lines 200
spool /tmp/account_status1.log
select username from DBA_USERS_WITH_DEFPWD;
select username, account_status from dba_users;
spool off;
exit
EOF
}

2 responses to “Quick Lockdown Script”

  1. Better Lockdown Script « OraMatt…YABAOracle

    […] I was thinking about the lockdown script I wrote yesterday and noticed an attack […]

    Reply
  2. Charmain Avatar
    Charmain

    I read this post completely on the topic of the difference of latest and preceding technologies, it’s amazing article.

    Reply

Leave a reply to Charmain Cancel reply

Navigation

About

I’m Matt and I do Oracle things.