Postgres with Replication security hardening

Keywords: PostgreSQL - Google Cloud Platform - How to - Other
Description:
Hello Bitnami support,

We are using PostgreSQL with Replication from GCP marketplace.
Image: bitnami-postgresql-10-9-0-0-linux-debian-9-x86-64-mt-nami

  1. I would like to ask if you have a Security hardening guide that we can follow? As this is required by our Client.
  2. I would like to know where is the home directory for postgres user. we need to set the umask to 077? its current value is 0022.
  3. We need to install pgaudit extension in our Database. I’m wondering if you have a guide that we can follow since the postgres DB is given as an image from the marketplace.

Thanks,
Aaron

Hi @aaron.victorino,

We build and configure our application having security and performance in mind. Is there any specific configuration that your user is looking for? We would like to take a look at the requirements to know if we should add them by default in our installation.

This post should help you

https://serverfault.com/a/166250/384560

We do not have any guide to install and configure pgaudit in our stacks. You will need to follow the official documentation of the package.

Thanks

Hello Bitnami support,

We are currently practicing the CIS standard CIS_PostgreSQL_10_Benchmark_v1.0.0. however we don’t find it fit for the Bitnami image: bitnami-postgresql-10-9-0-0-linux-debian-9-x86-64-mt-nami. so I’m wondering if there is a hardening guide that we can follow tailored for Bitnami Images in the GCP marketplace.

Thanks,
Aaron

Hi @aaron.victorino,

We do not have any hardening guide to configure our solutions but we could help you to customize the Bitnami solution once you are using it. We have some guides in which we explain how the solution is configured and how to perform some actions in the server, did you take a look at our documentation?

https://docs.bitnami.com/google-templates/infrastructure/postgresql/

If you have any questions about how to modify the default PostgreSQL configuration or how we configure the solution, please let us know.

Hello Jota,

Good day, I there a way to attach a pdf file or a zip file for new Users?so I can show you what we are looking for. we would like to at least get the “scored” steps in CIS standard CIS_PostgreSQL_10_Benchmark_v1.0.0

Thanks in Advance!

Regards,
Aaron

Hi @aaron.victorino,

I just increased your Trust Level so you should be able to attach files. Remember this is a public blog so don’t attach anything confidential.

Regards,
Tomas

Hello Thomas/ Jota,

This is the CIS benchmark that we are following and hoping to at least get the Scored one in the GCP Bitnami instance.
CIS Benchmark.zip (913.5 KB)

Thanks,
Aaron

Hi,

I just take a look at the shared file. Mainly it’s a checklist with different items, each item contains an “audit” and “remediation” sections, you can access to the instance via SSH and execute the “audit” commands if the result is not the expected one you can execute the “remediation” actions if you consider opportune. Take into account that some paths, file locations, etc can be different from a standard installation, you can find all the information in the documentation link share some comments above.

At this time we don’t have an automated tool to provide this kind of audits.

Best Regards,
Carlos R. Hernández

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.