Good day! I am new to this list and PostgeSQL for that matter. I've messed
with it (and php) a little and really like what I see so far. In the past
several months I've also been working on Linux system security.
Question 1:
My Linux system serves as the "Internet" server in my office and also
hosts the PostgreSQL database. I want to "hide" PostgreSQL from my external
network card (eth1).
eth0 = 192.168.0.2 (Internal)
eth1 = 63.110.172.162 (external)
In the config file /var/lib/pgsql/data/pg_hba.conf I have given it the
following:
<snip>
# By default, allow anything over UNIX domain sockets and localhost.
local all trust
host all 63.110.172.162 255.255.255.255 reject
host all 127.0.0.1 255.255.255.255 crypt
host all 192.168.0.0 255.255.255.0 crypt
As a stop gap measure, I have also setup firewall rules (ipchains) to
block connections coming from my External Network card (eth1) to port 5432.
Is there a better way to config PostgreSQL so that it NEVER show up on an
Nmap scan of the External Network card?
Question 2:
I have been reading in the doc's about the PostgreSQL.conf file. I
installed my copy of PostgreSQL from RedHat 7.0 .rpm files:
Postgresql-7.0.2-17
Postgresql-server-7.0.2-17
Postgresql-devel-7.0.2-17
I don't seem to have an PostgreSQL.conf file. Is it safe to create one in
/var/lib/pgsql/data or is there a specific place it needs to go? More
importantly,
*IS* it even needed?
Any help with these issues is greatly appreciated. I ran these questions
by the gurus on out local LUG (Kalamazoo Linux Users Group) with several of
them being veteran PostgreSQL users and they were also clueless as to how to
"Hide" the server.
Thank you in advance for any suggestions, comments, etc.
Richard
Richard Zimmerman Richard@knbpower.com
Information Systems Manager ke4rit@earthlink.net
K&B Transport, Inc.
Elkhart, Indiana Advanced SKYWARN weather spotter
Support Operation Lifesaver
www.oli.org