From: | Tim Cross <theophilusx(at)gmail(dot)com> |
---|---|
To: | erempel(at)uvic(dot)ca |
Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: How to revoke privileged from PostgreSQL's superuser |
Date: | 2018-08-15 04:21:28 |
Message-ID: | CAC=50j-4EfdwedS9OeVJArX9yWw2y1ivxx6Pgq07n=Ec2f6C=g@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin pgsql-general |
On Wed, 15 Aug 2018 at 13:50, Evan Rempel <erempel(at)uvic(dot)ca> wrote:
> In my opinion that is exactly why you log to syslog. The syslog
> infrastructure can also
> forward in real time the log events to a remote log collector that the
> DBAs don't even
> have access to. This method provides for a secure and prestine log
> stream for archiving
> and audit review processes.
>
> Evan.
>
> On 08/14/2018 08:44 PM, dangal wrote:
> > From what I saw pgaudit records the postgres log, any dba can modify
> that log
> >
> >
> >
> > --
> > Sent from:
> http://www.postgresql-archive.org/PostgreSQL-admin-f2076596.html
> >
>
> +1 wrt syslog and remote logging. In any environment where security and
> access monitoring is important should always have logs copied to a remote,
> secure server with access limited to individuals who are not also
> responsible for administering key systems, such as the database server.
>
When compromising a system, it is normal to attempt to cover up your
activity by modifying or deleting log files. Having these copied to a
separate system means the threat actor has to now compromise multiple
servers.
Another useful setup is the 'ELK' stack, which uses logstash and eleastic
search to provide a powerful log storage and querying infrastructure (which
can also unify logs from different sources). This can make auditing and
monitoring much more powerful.
Tim
--
regards,
Tim
--
Tim Cross
From | Date | Subject | |
---|---|---|---|
Next Message | Andrey Zhidenkov | 2018-08-15 04:24:02 | PostgreSQL keeps WAL segments not required by any replication slot |
Previous Message | Evan Rempel | 2018-08-15 03:50:27 | Re: How to revoke privileged from PostgreSQL's superuser |
From | Date | Subject | |
---|---|---|---|
Next Message | 김세훈 | 2018-08-15 14:09:58 | using graph model with PostgreSQL |
Previous Message | Evan Rempel | 2018-08-15 03:50:27 | Re: How to revoke privileged from PostgreSQL's superuser |