TODO
-
Pentest PostgreSQL database. See comment.
-
Set up logging and audit logging on the database and server. See below:
Types of events to collect logs for: (Create new topic once ready then move this list to that new topic)
- Authentication into PostgreSQL database logs (“Login Failed” message)
- Connection attempts to the PostgreSQL database, access of the account
- Log for queries made “ select usename, passwd from pg_shadow;“
- Clearing the log files
- Changes: to user privileges ie being able to INSERT, being able to UPDATE, etc
- Change to ACL, changes to environment variables, other configuration settings
- Creating/deleting table
Set up audit logging
- GitHub - EnterpriseDB/pgaudit: PostgreSQL Audit Extension
- GitHub - 2ndQuadrant/audit-trigger: Simple, easily customised trigger-based auditing for PostgreSQL (Postgres). See also pgaudit.
- Look into Postgres with encryption
Postgres Transparent Data Encryption - The patch can store all the files making up a PostgreSQL cluster securely on disk in encrypted format (data-at-rest encryption) and then decrypt blocks as they are read from disk. However the data is unencrypted in memory.
About PostgreSQL Logging
Logging body is made up of the following:
- MESSAGE: to set error message text
- HINT: to provide the hint message so that the root cause of the error is easier to be discovered.
- DETAIL: to give detailed information about the error.
- ERRCODE: to identify the error code, which can be either by condition name or directly five-character SQLSTATE code. See table of error codes and condition names.
ERROR messages contain HINT:
ERROR: Duplicate email: info@postgresqltutorial.com
HINT: Check the email again
PostgreSQL Logging Documentation
All about Error Reporting and Logging - PostgreSQL: Documentation: 13: 19.8. Error Reporting and Logging
Write Ahead Logging - PostgreSQL: Documentation: 13: 19.5. Write Ahead Log
Related: Set Up Logging