[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PostgreSQL Question


Sorry about stating the obvious to you.  I guess I should have read the
whole note.

I may be wrong, but nmap only looks to see if the port is open.  The
application (postgres) should still reject remote users according to
its pg_hba.conf file.

______________________________________________________________________
Mark Szidik
System Administrator           Ph: 517.694.4242 x17  Fax: 517.694.9303
Michigan Library Consortium    http://www.mlc.lib.mi.us

On Wed, 4 Apr 2001, Richard Zimmerman wrote:

>  I did this... In my original message I posted the excerpt from MY
> pg_hba.conf file.  I have already defined it to only look at 127.0.0.1 &
> 192.168.0.2 per the pg_hba.conf file instructions. However Nmap scans still
> see it on eth1 (63.110.172.162)
>
> I did add the following until I can figure out how to keep it from showing
> up in the first place:
> host     all     63.110.172.162     255.255.255.255     reject
>
> I did learn something though.... Set the 'local all' directive to reject and
> psql can't logon !!!!! <G>
>
> Goose
>
>
> ----- Original Message -----
> From: "Mark Szidik" <szidikm@mlc.lib.mi.us>
> To: "Richard Zimmerman" <Richard@knbpower.com>
> Cc: "Klug" <members@kalamazoolinux.org>
> Sent: Wednesday, April 04, 2001 1:39 PM
> Subject: Re: PostgreSQL Question
>
>
> >
> > Check out your pg_hba.conf file.  (at least in the 6.5.x version)
> >
> > # Example PostgreSQL host access control file. # #
> > # This file controls what hosts are allowed to connect to what databases
> > # and specifies some options on how users on a particular host are
> > # Bidentified.
> > # It is read each time a host tries to make a connection to a database.
> >
> >
> >
> > -Mark
> >
> >
> > > I've got a PostgreSQL Question:
> > >
> > >    In my continuing effort to secure my system (and brush up for my
> > > presentation Tuesday) I'm running nmap to check for open ports on eth1
> > > (Internet Gateway). I'm finding that port 5432 (PostgreSQL) is open to
> the
> > > world! In investigating the docs @
> > >
> http://postgresql.readysetnet.com/devel-corner/docs/admin/runtime-config.htm
> > > l They state that a config file called postgresql.conf should be on my
> > > system. (I did an .rpm install) I ran 'locate postgresql.conf ' but it
> comes
> > > back with nothing. I did locate a config file in
> > > /var/lib/pgsql/data/postmaster.opts which holds some command line config
> > > options.
> > >
> > >    My real question is how do I tell PosrgreSQL to listen to 127.0.0.1 &
> > > 192.168.0.2 ONLY!
> > >
> > >    I did find the config file /var/lib/pgsql/data/pg_hba.conf and it is
> > > listed below:
> > >
> > > <snip>
> > > # By default, allow anything over UNIX domain sockets and localhost.
> > >
> > > local        all
> > > trust
> > > host         all         127.0.0.1     255.255.255.255     crypt
> > > host         all         192.168.0.0   255.255.255.0       crypt
> > >
> > > I'm really clueless at this point and the doc's I have read are not
> helping
> > > at this point so if anyone has any suggestions, they would be
> appreciated!
> > >
> > > Thanks!
> > >
> > > Richard
> > >
> > > Richard Zimmerman
> Richard@knbpower.com
> > > Information Systems Manager                      ke4rit@earthlink.net
> > > K&B Transport, Inc.
> > > Elkhart, Indiana                     Advanced SKYWARN weather spotter
> > >
> > > Support Operation Lifesaver
> > > www.oli.org
> > >
> > >
> > >
> >
> >
>
>