On Mon, Dec 20, 2010 at 12:12 PM, Kenneth Buckler
<kenneth.buckler@gmail.com> wrote:
> Hello,
>
> I am investigating security requirements for configuring a PostgreSQL
> database on a Linux system.
> One of the security requirements our organization would like to implement is
> "trusted startup", in that PostgreSQL would verify the authenticity of the
> binaries and configuration files before making the database available to
> users. This would enable the database to detect if the system has possibly
> been compromised.
But, if the script is run on the same machine as postgresql is on, the
scripts that check for changes could be compromised as well and then
you'd never know.
> Since this is a Linux system, I could keep a list of known good MD5
> checksums and compare the checksums prior to startup by editing the init
> script. The list would of course need to be updated any time I make a
> configuration change or apply a patch.
> Is there an alternative method of implementing such a requirement? Possibly
> one already incorporated into PostgreSQL?
pgsql doesn't do any of that, but I'm sure you can roll your own so to
speak. I would tend to write some kind of nagios plugin that could be
called remotely that would notify you whenever it changes so you would
know as soon as a change occurred rather than later when trying to
restart the database during a midday outage while the boss screams
"get the system back up now! We're losing money!"
Generally, if the db's been compromised, someone's already gotten to
an app server or two, and might be sniffing traffic anyway, so it's
likely a lost cause by then.
