Re: Baseline configurations

On Thu, Aug 30, 2012 at 12:18:11PM -0700, Mike Orr wrote:
> Does PostgreSQL have any baseline security configuration documents?
> (Aka "hardened" configuration "benchmark" checklist.) My organization
> is asking for official or vendor-supported baseline configurations for
> all our software. I looked through the PG manual, the security page on
> the website, and in Google and found some discussions about
> customizing role permissions and SSL connections, but nothing that
> covered the entirety of the software like this one for MySQL:
>
> http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.mysql.102
> (Center for Internet Security). I can't link directly to the document
> because it's behind a download form, but the TOC outline covers: OS
> level configuration, file system permissions, logging, general
> (default test databases, accounts), database/table permissions,
> configuration options, backup/recovery. Each recommendation specifies
> whether it's scoreable (verifiable by an audit program), and its
> tradeoffs (i.e., whether it might be too burdensome or a bad idea in
> various situations).
>
> If I can't find such a checklist for PostgreSQL I can write my own,
> but it would be more authoritative if it were an official PostgreSQL
> document or supported by a vendor or organization.
>
> Thanks in advance. I've been a happy PostgreSQL user for two or three years now.

I have never seen such a documents. If you want to write it, perhaps on
our wiki, we can then reference is for other users.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +