Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Voyager

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Voyager
    3. Knowledge Articles
    4. Restricting the Oracle® Listener by IP Address

    Restricting the Oracle® Listener by IP Address

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Problem symptoms
    2. Cause
    3. Resolution
    4. Additional Information
    • Product: Voyager
    • Product Version: All
    • Relevant for Installation Type: Dedicated-Direct; Direct; Local; Total Care

    Problem symptoms

    • Remote user can obtain sensitive information about the system, such as product version numbers and the physical installation path.
    • Any user who can send packets to the listener port on the server has the potential to exploit this vulnerability.

    Cause

    Listener is unrestricted.

    Resolution

    Oracle customers can help protect against unauthorized access by ensuring that the Oracle Listener is running as a low, privileged user account. Where possible, customers should limit access to their Oracle Listener to trusted users, hosts, and networks.

    Ex Libris suggests using firewall or router ACLs (access control lists) to restrict connections to the TCP port used by Oracle Listeners.

    Further protection can be acheived by setting TCP valid node checking. See Additional Information for solution steps by version, and if additional questions or assistance needed, open a Case with Ex Libris Customer Support.

    Additional Information

    1. Log into the server as "oracle"
    2. Open the following file in a text editor: $ORA_NET/sqlnet.ora (environment variable $ORA_NET contains path to file)
    3. Add the following two lines to the end of this file, replacing "[allowed IP's]" with a comma delimited list of permitted IP addresses:

    tcp.validnode_checking = yes
    tcp.invited_nodes = ( 127.0.0.1, [allowed IP's] )

    1. Restart the listener (path may vary and version number - 12.1.0.2 in the example below) may change:

    $ORACLE_HOME/bin/lsnrctl stop
    $ORACLE_HOME/bin/lsnrctl start


    • Article last edited: 16-Oct-2018
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Restrict Record Maintenance in Voyager SYSADMIN Patron Groups tab prevents staff from viewing patron record of who has the item checked out
      • Restructure Current Ledger and/or Fund Hierarchy
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Voyager
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved