PostgreSQL is a powerful open source object-relational database system. This document provides some fixes for weak password vulnerability in using PostgreSQL.
Stop running PostgreSQL with root account. We recommend that you run the database with an independent account.
adduser dbuser sudo su - dbuser
Change the password of the database account to a strong password. For example,
alter user postgres with password 'aliyunSecurity1234*_*';
Enable password authentication.
Check whether the PostgreSQL configuration file
host all all 0.0.0.0/0 trust. If so, we recommend you change it to password authentication.
Check for any malicious UDFs.
select proname,prosrc from pg_proc where proname = 'exec111';
Check for any suspicious UDFs.
select proname,prosrc from pg_proc;
//Check which functions are not pre-set by the system, or not added by the administrator.
Check for any suspicious triggers.
select tgrelid from pg_trigger;
Check whether the
/tmp/testproxy.sofile exists on the server.