Re: security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 03/11/14 13:30, Dustin Kempter wrote:
> Hi,
> 
> we have a server (CentOS 6.4) running PostgreSQL, recently someone
> shut the db down and we want to find out who did this...
> 
> I see the db shutdown request in the postgresql log, and I suspect
> it was run as root (as a service) because we do not see any
> relevant shutdown commands in the postgres user's bash history
> file
> 
> Can someone point me in the right direction per figuring this out,
> who ran the command (I suspect it was root)? If so, where did the
> offending login come from (I.P.)? etc...
> 

My first thought is how is that server accessed?  SSH?  Telnet?
Physical access?  If you know the ways it can be accessed, then you
can focus on logins.  Can you tell us what ways it can be accessed? If
it was run as root, that's a concern.  It limits you to who has either
sudo access (you /do/ have root ssh access disabled, right?) or
physical access to the machine.  I'd look in the logs specifically for
sudo calls.

Is it possible postgres was configured with a threshold that, when
reached, would trigger a db shutdown?  Say a stored procedure?  You
should check /var/log/secure, that tells you (if configured, which our
CentOS 6.5 postgres server is) what IP logged in and how.

HTH.


- -- 
Mark Haney
Network/Systems Administrator
Practichem
W: (919) 714-8428
Fedora release 20 (Heisenbug) 3.13.4-200.fc20.x86_64
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTH0u/AAoJEM/YzwEAv6e79zEH/2pmnyXVG578uDksRnrkMPK2
0td37zDE++ELJbteHSAPbkbWy5K93bFp/3FO1618RnDmfG6qK+LIW7Ymm9A8RClv
ygLs442G50coi4abdyplyEb/zltypCsVLZABYOVfDQ/l1Pqth2/WCEDdQOLyJibI
TwBv+POy6jKKnhTvfZO9W7zByf2a4Ofv6gYyN8ya8NpHnVmzGzm1VJNJfuQ3Dbbh
2BLXDwpzXXUlsal0eMhPNJ9seKIM2sOGtYOsRj+NvfIylcmSCaiPpT2TeRV3WE/0
t1U2cyNy5XPiGI8sSVMz9SLigzp3kayB+AaLGi0SxBZQIAqCWTMtWE+UutWPD7c=
=57vJ
-----END PGP SIGNATURE-----

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux