Hi my friends, I read that if I like a server secure I need install harden_suse. Yesterday I installed harden_suse-3.5-0.noarch.rpm, in my server I have Apache, my database in Postgresql, my scripts cron and my OS is SuSE 7.3 and kernel 2.4.4-4GB but now I have two problems: 1.- I restarted my machine and my services apache and postgres didn't to initialize I have to write as a root:rcpostgres start and rcapache start this method it's slow my work, I need information about a command that initialize my services, chkconfig didn't function if someone can to provide me about a command equal chkconfig I will thankfull. 2.- Before, that I installed harden_suse I worded fine with PostgreSQL I connected as user postgres with: #su - postgres and execute #psql hb and I entered to my Data base, but after that I installed harden_suse I can't connect as user postgres when I writted: su - postgres in my pront didn't show me postgres:~# I don't know what happend,maybe I executed postmaster and I have this message: "root execution of PostgreSQL backend is not permitted. The backend must be started under its own userid to prevent a possible system security comprise. See the Install file for more information on how properly start the postmaster". I try to execute as root: #psql hb I have this message:"psql: FATAL 1 :SetUserId: user "root" is not in pg_shadow". Before, I dind't have this problems I think that harden_suse cause this errors if someone can help me I will be thankfull, because I didn't enter to my database and this is important for me. Please help me Thansks :-( _________________________________________________________________ Descargue GRATUITAMENTE MSN Explorer en http://explorer.yupimsn.com/intl.asp.
Ricardo Javier Aranibar León wrote:
Yesterday I installed harden_suse-3.5-0.noarch.rpm, in my server I have Apache, my database in Postgresql, my scripts cron and my OS is SuSE 7.3 and kernel 2.4.4-4GB but now I have two problems:
1.- I restarted my machine and my services apache and postgres didn't to initialize I have to write as a root:rcpostgres start and rcapache start this method it's slow my work,
Did you change the START_* variables in /etc/rc.config?
2.- Before, that I installed harden_suse I worded fine with PostgreSQL I connected as user postgres with: #su - postgres and execute #psql hb and I entered to my Data base, but after that I installed harden_suse I can't connect as user postgres when I writted: su - postgres in my pront didn't show me postgres:~#
Could you check the contents of /etc/passwd for a valid entry for postgres? It seems that the login shell of that user is set to something different from /bin/bash
I don't know what happend,maybe I executed postmaster and I have this message: "root execution of PostgreSQL backend is not permitted. The backend must be started under its own userid to prevent a possible system security comprise. See the Install file for more information on how properly start the postmaster".
Always use the rcpostgresql command to start the Postgres DB
I try to execute as root: #psql hb I have this message:"psql: FATAL 1 :SetUserId: user "root" is not in pg_shadow".
I don't know which pgsql version you use, but "psql database username" works with 7.0 or newer and for older versions use "psql -u database" which prompts you for an username and password before you can access the database. Peter
1.- I restarted my machine and my services apache and postgres didn't to initialize I have to write as a root:rcpostgres start and rcapache start this method it's slow my work, I need information about a command that initialize my services, chkconfig didn't function if someone can to provide me about a command equal chkconfig I will thankfull.
check which initlevel your systems got /etc/inittab cd /etc/init.d/rc3.d for initlevel 3 ln -fs ../httpd S098httpd for apache ln -fs ../httpd K02httpd for apache ln -fs ../postgres S099postgres for postgres ln -fs ../postgres K01postgres for postgres to start via sys5 init-scripts
2.- Before, that I installed harden_suse I worded fine with PostgreSQL I connected as user postgres with: #su - postgres and execute #psql hb and I entered to my Data base, but after that I installed harden_suse I can't connect as user postgres when I writted: su - postgres in my pront didn't show me postgres:~# I don't know what happend,maybe I executed postmaster and I have this message:
Check whether user postgres is in /etc/passwd or not normal entry is: postgres:x:26:2:Postgres Database Admin:/var/lib/pgsql:/bin/bash Yours Michael Appeldorn
Hi Ricardo, hope, that I can help you at least to connect to your DB again. As far as I know, the clean way to connect to postgres would be (as root): su postgres psql <Database-Name> This should still work. Postgres is normally not very strict with access-privileges, any user can connect to the server with "psql template1 -U postgres". So if harden_suse fixes that, I'd not be surprised. Best regards, Ralf Ronneburger Ricardo Javier Aranibar León wrote:
Hi my friends, I read that if I like a server secure I need install harden_suse. Yesterday I installed harden_suse-3.5-0.noarch.rpm, in my server I have Apache, my database in Postgresql, my scripts cron and my OS is SuSE 7.3 and kernel 2.4.4-4GB but now I have two problems:
1.- I restarted my machine and my services apache and postgres didn't to initialize I have to write as a root:rcpostgres start and rcapache start this method it's slow my work, I need information about a command that initialize my services, chkconfig didn't function if someone can to provide me about a command equal chkconfig I will thankfull.
2.- Before, that I installed harden_suse I worded fine with PostgreSQL I connected as user postgres with: #su - postgres and execute #psql hb and I entered to my Data base, but after that I installed harden_suse I can't connect as user postgres when I writted: su - postgres in my pront didn't show me postgres:~# I don't know what happend,maybe I executed postmaster and I have this message: "root execution of PostgreSQL backend is not permitted. The backend must be started under its own userid to prevent a possible system security comprise. See the Install file for more information on how properly start the postmaster". I try to execute as root: #psql hb I have this message:"psql: FATAL 1 :SetUserId: user "root" is not in pg_shadow".
Before, I dind't have this problems I think that harden_suse cause this errors if someone can help me I will be thankfull, because I didn't enter to my database and this is important for me. Please help me
Thansks :-(
_________________________________________________________________ Descargue GRATUITAMENTE MSN Explorer en http://explorer.yupimsn.com/intl.asp.
* Ralf Ronneburger wrote on Thu, May 16, 2002 at 16:51 +0200:
This should still work. Postgres is normally not very strict with access-privileges, any user can connect to the server with "psql template1 -U postgres".
Postgres *is* strict - as strict as configured in pg_hdb.conf. The only thing that happens here: psql (the CLI) uses the user name as default for the database user name. postgres is by default the database admin account. But other users are not known. You can override the default with -U <user>, usually you need to specify a database (if you do not have a database called root :)) also. Since pg_hdb.conf configures localhost to be allowed w/o password authentication, psql can connect now. Usually it is not a good idea to have all databases accessible w/o password if you have local users on the machine, but you haven't I hope :)
So if harden_suse fixes that, I'd not be surprised.
What do you want to fix? Feel free to make pg_hba.conf more restrictive, but don't forget to set user passwords before ;) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (5)
-
Michael Appeldorn
-
Peter Wiersig
-
Ralf Ronneburger
-
Ricardo Javier Aranibar León
-
Steffen Dettmer