From: | John R Pierce <pierce(at)hogranch(dot)com> |
---|---|
To: | PostgreSQL <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: PostgreSQL Trusted Startup |
Date: | 2010-12-20 20:43:17 |
Message-ID: | 4D0FBFE5.2050408@hogranch.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 12/20/10 11:12 AM, Kenneth Buckler wrote:
> Hello,
>
> I am investigating security requirements for configuring a PostgreSQL
> database on a Linux system.
> One of the security requirements our organization would like to
> implement is "trusted startup", in that PostgreSQL would verify the
> authenticity of the binaries and configuration files before making the
> database available to users. This would enable the database to detect
> if the system has possibly been compromised.
> Since this is a Linux system, I could keep a list of known good MD5
> checksums and compare the checksums prior to startup by editing the
> init script. The list would of course need to be updated any time I
> make a configuration change or apply a patch.
> Is there an alternative method of implementing such a requirement?
> Possibly one already incorporated into PostgreSQL?
I would look into selinux. lock it down with this, and it will be much
harder to compromise.
From | Date | Subject | |
---|---|---|---|
Next Message | Scott Marlowe | 2010-12-20 20:48:25 | Re: PostgreSQL Trusted Startup |
Previous Message | Scott Marlowe | 2010-12-20 20:31:23 | Re: PostgreSQL Trusted Startup |