L van der Walt wrote:
> I would like to secure Postgres completly.
>
> Some issues that I don't know you to fix:
> 1. User postgres can use psql (...) to do anything.
> 2. User root can su to postgres and thus do anything.
> 3. Disable all tools like pg_dump
>
> How do I secure a database if I don't trust the administrators.
> The administrator will not break the db but they may not view
> any information in the databse.
It may be just me and my silly old-fashion attitudes, but I kind of
think that if your sys admin(s) cannot be trusted, you are pretty much
screwed. And your hiring process needs fixing,
But being that as it may, maintaining physical security, i.e., keeping
the host server in a locked room with restricted and recorded access and
that requires at least two persons present so that collusion is required
for tampering, disabling remote root login, granting limited sys admin
privileges with sudo (which records the sudoer activities, for auditing
purposes) might be a way to accomplish what you are looking for.