Pentest PostgreSQL database. See comment.
Set up logging and audit logging on the database and server. See below:
Types of events to collect logs for: (Create new topic once ready then move this list to that new topic)
- Authentication into PostgreSQL database logs (“Login Failed” message)
- Connection attempts to the PostgreSQL database, access of the account
- Log for queries made “ select usename, passwd from pg_shadow;“
- Clearing the log files
- Changes: to user privileges ie being able to INSERT, being able to UPDATE, etc
- Change to ACL, changes to environment variables, other configuration settings
- Creating/deleting table
Set up audit logging
- Look into Postgres with encryption
Postgres Transparent Data Encryption - The patch can store all the files making up a PostgreSQL cluster securely on disk in encrypted format (data-at-rest encryption) and then decrypt blocks as they are read from disk. However the data is unencrypted in memory.
About PostgreSQL Logging
Logging body is made up of the following:
- MESSAGE: to set error message text
- HINT: to provide the hint message so that the root cause of the error is easier to be discovered.
- DETAIL: to give detailed information about the error.
- ERRCODE: to identify the error code, which can be either by condition name or directly five-character SQLSTATE code. See table of error codes and condition names.
ERROR messages contain HINT:
ERROR: Duplicate email: firstname.lastname@example.org HINT: Check the email again
PostgreSQL Logging Documentation
All about Error Reporting and Logging - https://www.postgresql.org/docs/13/runtime-config-logging.html
Write Ahead Logging - https://www.postgresql.org/docs/13/runtime-config-wal.html
Related: Set Up Logging