On Thu, Aug 30, 2012 at 12:18:11PM -0700, Mike Orr wrote: > Does PostgreSQL have any baseline security configuration documents? > (Aka "hardened" configuration "benchmark" checklist.) My organization > is asking for official or vendor-supported baseline configurations for > all our software. I looked through the PG manual, the security page on > the website, and in Google and found some discussions about > customizing role permissions and SSL connections, but nothing that > covered the entirety of the software like this one for MySQL: > > http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.mysql.102 > (Center for Internet Security). I can't link directly to the document > because it's behind a download form, but the TOC outline covers: OS > level configuration, file system permissions, logging, general > (default test databases, accounts), database/table permissions, > configuration options, backup/recovery. Each recommendation specifies > whether it's scoreable (verifiable by an audit program), and its > tradeoffs (i.e., whether it might be too burdensome or a bad idea in > various situations). > > If I can't find such a checklist for PostgreSQL I can write my own, > but it would be more authoritative if it were an official PostgreSQL > document or supported by a vendor or organization. > > Thanks in advance. I've been a happy PostgreSQL user for two or three years now. I have never seen such a documents. If you want to write it, perhaps on our wiki, we can then reference is for other users. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
