| From: | Christophe <christophe(at)kryskool(dot)org> |
|---|---|
| To: | JP Fletcher <jpfletch(at)ca(dot)afilias(dot)info> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: auditing pg_hba.conf |
| Date: | 2009-11-04 21:46:43 |
| Message-ID: | 4AF1F643.5030003@kryskool.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi
Why don't use etckeeper ?
Regards,
http://joey.kitenet.net/code/etckeeper/
Le 03/11/09 23:41, JP Fletcher a écrit :
> Hi,
>
> We manage hundreds of clusters and a handful of distinct pg_hba.conf
> files across several sites. We are mostly satisfied with our
> automated method of management, but on occasion, someone will hand
> edit a pg_hba.conf file, and some application will get locked out.
> This a bad. We'd like to be able to do a few things related to
> auditing pg_hba.conf:
>
> 1. Store a copy of pg_hba.conf on server start or reload
>
> 2. Have an audit trail that shows when particular rules were loaded.
>
> 3. Compare the contents of pg_hba.conf to the rules that are actually
> loaded.
>
> 4. Alert the DBA when the rules loaded differ from the file that was
> previously loaded.
>
> We can accomplish #1 and #2 by having a shell command copy the file,
> or by storing rules in a db table. I'm not sure that #3 and #4 are
> possible until we accomplish #1. I'm not aware of any function or
> catalog table/view that stores pg_hba rules. I'm curious to know if
> anyone has any suggestions, or has solved a similar problem.
>
> Best Regards,
>
> JP
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-11-04 22:09:52 | Re: Where I can find "SSL specification"? |
| Previous Message | Raimon Fernandez | 2009-11-04 21:41:53 | Where I can find "SSL specification"? |