On 12/20/10 11:12 AM, Kenneth Buckler wrote:
Hello,
I am investigating security requirements for configuring a PostgreSQL
database on a Linux system.
One of the security requirements our organization would like to
implement is "trusted startup", in that PostgreSQL would verify the
authenticity of the binaries and configuration files before making the
database available to users. This would enable the database to detect
if the system has possibly been compromised.
Since this is a Linux system, I could keep a list of known good MD5
checksums and compare the checksums prior to startup by editing the
init script. The list would of course need to be updated any time I
make a configuration change or apply a patch.
Is there an alternative method of implementing such a requirement?
Possibly one already incorporated into PostgreSQL?
I would look into selinux. lock it down with this, and it will be much
harder to compromise.
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
