| From: | JP Fletcher <jpfletch(at)ca(dot)afilias(dot)info> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | auditing pg_hba.conf |
| Date: | 2009-11-03 22:41:39 |
| Message-ID: | 4AF0B1A3.1080204@ca.afilias.info |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
We manage hundreds of clusters and a handful of distinct pg_hba.conf
files across several sites. We are mostly satisfied with our automated
method of management, but on occasion, someone will hand edit a
pg_hba.conf file, and some application will get locked out. This a bad.
We'd like to be able to do a few things related to auditing pg_hba.conf:
1. Store a copy of pg_hba.conf on server start or reload
2. Have an audit trail that shows when particular rules were loaded.
3. Compare the contents of pg_hba.conf to the rules that are actually
loaded.
4. Alert the DBA when the rules loaded differ from the file that was
previously loaded.
We can accomplish #1 and #2 by having a shell command copy the file, or
by storing rules in a db table. I'm not sure that #3 and #4 are
possible until we accomplish #1. I'm not aware of any function or
catalog table/view that stores pg_hba rules. I'm curious to know if
anyone has any suggestions, or has solved a similar problem.
Best Regards,
JP
--
JP Fletcher
Database Administrator
Afilias Canada
voice: 416.646.3304 ext. 4123
fax: 416.646.3305
mobile: 416.561.4763
jpfletch(at)ca(dot)afilias(dot)info
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Diehl | 2009-11-03 22:49:08 | PG gets slower over time |
| Previous Message | Raymond O'Donnell | 2009-11-03 22:16:43 | Re: pg_dump on Linux with pg_restore on Windows? |