根据数据库等保要求：应重命名或删除默认账户，修改默认账户的默认口令。
部分安全公司给出了建议：修改sys,system默认账户名称，避免使用常见用户名称。

Oracle 11.2.0.2引入了隐含参数_enable_rename_user来开启用户rename功能，此功能可以在restrict模式下重命名普通用户，但无法用于SYS，SYSTEM用户。

有用户直接强行更新Oracle系统数据字典表USER$来重命名SYS，例如：

update user$ set name='KURU' where name='SYS';  

更新成功后，重启数据库会触发ORA-600 [kokasgi1]错误，数据库无法正常启动。

问题重现与定位

直接更新USER$模拟 :

SQL> update user$ set name='KURU' where name='SYS';  

1 row updated.

SQL> commit;

Commit complete.

SQL> alter system flush buffer_cache;

System altered.

SQL> select name from user$ where user#=0;

NAME
------------------------------
KURU

关闭数据库并重新启动：

SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning option
[oracle@recover-db ~]$ sqlplus "/as sysdba"

SQL*Plus: Release 11.2.0.4.0 Production on Wed Dec 2 11:28:32 2020

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to an idle instance.

SQL> startup mount;
ORACLE instance started.

Total System Global Area 3624542208 bytes
Fixed Size          2258440 bytes
Variable Size        1342179832 bytes
Database Buffers     2264924160 bytes
Redo Buffers           15179776 bytes
Database mounted.
SQL> alter session set events='10046 trace name context forever , level 12'; 

Session altered.

SQL> alter database open;
alter database open
*
ERROR at line 1:
ORA-01092: ORACLE instance terminated. Disconnection forced
ORA-00600: internal error code, arguments: [kokasgi1], [], [], [], [], [], [],
[], [], [], [], []
Process ID: 11248
Session ID: 1563 Serial number: 3


SQL> exit

10046 trace部分内容:

===================== 
PARSING IN CURSOR #47615205346312 len=189 dep=1 uid=0 oct=3 lid=0 tim=1606889873758962 hv=186852205 ad='11f8d9df8' sqlid='2tkw12w5k68vd'
select user#,password,datats#,tempts#,type#,defrole,resource$, ptime,decode(defschclass,NULL,'DEFAULT_CONSUMER_GROUP',defschclass),spare1,spare4,ext_username,spare2 from user$ where name=:1
END OF STMT
PARSE #47615205346312:c=35,e=661,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=4,plh=0,tim=1606889873758961
BINDS #47615205346312:
 Bind#0
  oacdty=01 mxl=32(03) mxlc=00 mal=00 scl=00 pre=00
  oacflg=18 fl2=0001 frm=01 csi=873 siz=32 off=0
  kxsbbbfp=2b4e476687b8  bln=32  avl=03  flg=05
  value="SYS"
EXEC #47615205346312:c=880,e=949,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=4,plh=1457651150,tim=1606889873760024
WAIT #47615205346312: nam='db file sequential read' ela= 20 file#=1 block#=417 blocks=1 obj#=46 tim=1606889873760110
FETCH #47615205346312:c=87,e=86,p=1,cr=1,cu=0,mis=0,r=0,dep=1,og=4,plh=1457651150,tim=1606889873760145
STAT #47615205346312 id=1 cnt=0 pid=0 pos=1 obj=22 op='TABLE ACCESS BY INDEX ROWID USER$ (cr=1 pr=1 pw=0 time=87 us)'
STAT #47615205346312 id=2 cnt=0 pid=1 pos=1 obj=46 op='INDEX UNIQUE SCAN I_USER1 (cr=1 pr=1 pw=0 time=86 us)'
CLOSE #47615205346312:c=5,e=5,dep=1,type=0,tim=1606889873760250
Incident 192178 created, dump file: /u01/app/oracle/diag/rdbms/testdb11/testdb11/incident/incdir_192178/testdb11_ora_11248_i192178.trc
ORA-00600: internal error code, arguments: [kokasgi1], [], [], [], [], [], [], [], [], [], [], []

ORA-00600: internal error code, arguments: [kokasgi1], [], [], [], [], [], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [kokasgi1], [], [], [], [], [], [], [], [], [], [], []

可以看出启动过程中基础数据字典内容校验时出现了错误，导致数据库无法正常打开。
从这里也可推断出，SYS用户在Oracle程序中会被硬编码在逻辑中，强行更改会导致系统异常。
针对这种错误，可以使用gdb挂起启动过程，然后强行修改数据字典进行修复，不影响数据库的健康运行。