On Wed, Dec 22, 2010 at 3:30 PM, Kevin Grittner <Kevin.Grittner@xxxxxxxxxxxx> wrote: > Josh <josh@xxxxxxxxxxxx> wrote: > >> I am looking for suggestions on how best to secure a server that >> is accessible via the internet. Even account creation for the >> database is open to the world. Does anybody have any extra changes >> they would make to postgresql.conf or OS changes they would >> suggest? Perhaps some default permissions that would be best >> revoked? >> >> The system setup is currently a Linux box running PostgreSQL 8.4 >> My pg_hba.conf already limits remote connections to one database >> and one particular role. > > The role can create databases but not access them? Odd. > > In no particular order, these come to mind: > > * Only allow SSL connections. > > * Use a non-standard port, to obscure what the service is. > > * Put the machine behind a firewall which only allows packets > through to the desired port. > > * Make sure you *don't* run the database service as root. > > * Make sure that the user which does run the database server doesn't > have access to anything more than it absolutely needs, directly or > through group membership. (In particular, sudo rights should be > carefully limited or non-existent.) In fact, I'd chroot / jail the postgres server in this instance. If they get in, you just copy back over the chrooted directory and you're up and running in minutes. -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
