From: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
---|---|
To: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov> |
Cc: | pgsql-admin(at)postgresql(dot)org, Josh <josh(at)saucetel(dot)com> |
Subject: | Re: Securing a remotely accessible PostgreSQL server |
Date: | 2010-12-22 22:38:49 |
Message-ID: | AANLkTimGJ9fLSfEhNu26eoMjj+7_p94d2s0XOO-Lm2Yd@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Wed, Dec 22, 2010 at 3:30 PM, Kevin Grittner
<Kevin(dot)Grittner(at)wicourts(dot)gov> wrote:
> Josh <josh(at)saucetel(dot)com> wrote:
>
>> I am looking for suggestions on how best to secure a server that
>> is accessible via the internet. Even account creation for the
>> database is open to the world. Does anybody have any extra changes
>> they would make to postgresql.conf or OS changes they would
>> suggest? Perhaps some default permissions that would be best
>> revoked?
>>
>> The system setup is currently a Linux box running PostgreSQL 8.4
>> My pg_hba.conf already limits remote connections to one database
>> and one particular role.
>
> The role can create databases but not access them? Odd.
>
> In no particular order, these come to mind:
>
> * Only allow SSL connections.
>
> * Use a non-standard port, to obscure what the service is.
>
> * Put the machine behind a firewall which only allows packets
> through to the desired port.
>
> * Make sure you *don't* run the database service as root.
>
> * Make sure that the user which does run the database server doesn't
> have access to anything more than it absolutely needs, directly or
> through group membership. (In particular, sudo rights should be
> carefully limited or non-existent.)
In fact, I'd chroot / jail the postgres server in this instance. If
they get in, you just copy back over the chrooted directory and you're
up and running in minutes.
From | Date | Subject | |
---|---|---|---|
Next Message | Craig James | 2010-12-23 00:05:56 | Re: Securing a remotely accessible PostgreSQL server |
Previous Message | Kevin Grittner | 2010-12-22 22:30:27 | Re: Securing a remotely accessible PostgreSQL server |