Re: Securing a remotely accessible PostgreSQL server

On Wed, Dec 22, 2010 at 3:30 PM, Kevin Grittner
<Kevin(dot)Grittner(at)wicourts(dot)gov> wrote:
> Josh <josh(at)saucetel(dot)com> wrote:
>
>> I am looking for suggestions on how best to secure a server that
>> is accessible via the internet. Even account creation for the
>> database is open to the world. Does anybody have any extra changes
>> they would make to postgresql.conf or OS changes they would
>> suggest? Perhaps some default permissions that would be best
>> revoked?
>>
>> The system setup is currently a Linux box running PostgreSQL 8.4
>> My pg_hba.conf already limits remote connections to one database
>> and one particular role.
>
> The role can create databases but not access them?  Odd.
>
> In no particular order, these come to mind:
>
> * Only allow SSL connections.
>
> * Use a non-standard port, to obscure what the service is.
>
> * Put the machine behind a firewall which only allows packets
> through to the desired port.
>
> * Make sure you *don't* run the database service as root.
>
> * Make sure that the user which does run the database server doesn't
> have access to anything more than it absolutely needs, directly or
> through group membership.  (In particular, sudo rights should be
> carefully limited or non-existent.)

In fact, I'd chroot / jail the postgres server in this instance. If
they get in, you just copy back over the chrooted directory and you're
up and running in minutes.