pg_integrity_check

pg_integrity_check — calculate and validate checksums for controlled files (certified edition only)

Synopsis

pg_integrity_check [connection-option...] [ -s | --system ] [ -u | --user ] [ -c | --catalog ] [ -o | --output ] [ -l filename | --log=filename ] [ --syslog ] [ -D datadir ] [ -C filename ] [ -v | --verbose ] [ -? | --help ]

Description

pg_integrity_check is a utility provided with Postgres Pro Enterprise that can calculate and validate checksums for the objects you would like to control. When running pg_integrity_check, you must specify at least one of the options that define the type of the controlled objects: -s, -u, or -c for read-only files, additional files, or system catalog tables, respectively.

If you use the -o option, pg_integrity_check calculates checksums and writes them into configuration files under the share/security/ directory. You must have write access to the corresponding files to perform this command. You cannot use the -o option together with the -s option, since a checksum for read-only files cannot be overwritten.

If you omit the -o option, pg_integrity_check compares the calculated checksums with the corresponding checksums in the configuration files. If the checksums differ for any of the controlled objects, pg_integrity_check displays a message indicating the difference.

For details on using pg_integrity_check, see Section 31.2.

Options

connection-options

Standard options for connecting to a database: -d, -h, -p, -U. You must specify -d and -U options when validating checksums for catalog tables with the -c option. For detailed description of connection options, see psql.

-s
--system

Validate checksums for read-only files. Checksums for read-only files control both file contents and file attributes.

-u
--user

Validate checksums for additional files. Checksums for additional files control both file contents and file attributes.

-c
--catalog

Validate checksums for system catalog tables. For the -c option to work correctly, you must also specify connection parameters for the database. The database server must be started and accept connections.

-o
--output

Recalculate checksums and write it into a file.

-l filename
--log=filename

Write checksum validation results into a log file.

--syslog

Write checksum validation results into the syslog.

-D datadir

Data directory of the database cluster. This option is required to define the filenames for the generated configuration files when using -u option.

-C filename

The absolute path to the configuration file used for integrity checks of system catalog tables of the selected database. If used with the -o option, pg_integrity_check writes into the specified file. If no other option is used, pg_integrity_check checks data against the specified file.

-v
--verbose

Print debugging information, including checksum values.

-?
--help

Print command-line help.

Return Values

0 — checksums are calculated or validated successfully.

1 — an error occurred during the initial checksum calculation for read-only files.

2 — checksum validation revealed changes in one or more of the controlled objects.

3 — an unexpected error occurred during checksum validation.

Examples

Compute checksums for additional files and write them into the share/security/_var_lib_pgpro_ent-17_data.user.conf configuration file:

pg_integrity_check -u -o -D /var/lib/pgpro/ent-17/data

Check integrity of all controlled objects in the postgres database on behalf of the postgres user:

pg_integrity_check -s -u -c -D /var/lib/pgpro/ent-17/data -d postgres -h localhost -p 5432 -U postgres