红帽全球峰会8.6. Securing PostgreSQL by limiting access to authenticated local users
Secure your PostgreSQL database by configuring client authentication to limit access only to authenticated local users. This reduces the risks of unauthorized access and attacks.
PostgreSQL is an object-relational database management system (DBMS). In Red Hat Enterprise Linux, PostgreSQL is provided by the postgresql-server package.
The pg_hba.conf configuration file, stored in the database cluster’s data directory, specifies the client authentication settings. The following procedure details how to configure PostgreSQL for host-based authentication.
Procedure
Install PostgreSQL:
# dnf install postgresql-serverInitialize a database storage area using one of the following options:
Using the
initdbutility:$ initdb -D /home/postgresql/db1/The
initdbcommand with the-Doption creates the directory you specify if it does not already exist, for example/home/postgresql/db1/. This directory then contains all the data stored in the database and also the client authentication configuration file.Using the
postgresql-setupscript:$ postgresql-setup --initdbBy default, the script uses the
/var/lib/pgsql/data/directory. This script helps system administrators with basic database cluster administration.
To allow any authenticated local users to access any database with their usernames, modify the following line in the
pg_hba.conffile:local all all trustThis can be problematic when you use layered applications that create database users and no local users. If you do not want to explicitly control all user names on the system, remove the
localline entry from thepg_hba.conffile.Restart the database to apply the changes:
# systemctl restart postgresqlThe previous command updates the database and also verifies the syntax of the configuration file.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}