Обсуждение: tracking down breakins?
Running PostgreSQL 7.2.1 on RedHat Linux 7.2
A similar question to what David Siebert was
asking - I am trying to locate users that are trying
to log in as someone else in PostgreSQL.
I have the postmaster running the debug with level 2
and when I review my logs, I see this:
[snip from logs]
Jan 6 09:11:46 test_srv postgres[30134]: [228919] FATAL 1: Password
authentication failed for user "Admin"
[/snip from logs]
How can I trace back *who* is trying to log in as 'Admin' and how
can I stop it? If I run debug on any higher level, the response is
much slower; perhaps there is another way?
Thanks!
-X
----- Original Message -----From: Johnson, ShaunnRunning PostgreSQL 7.2.1 on RedHat Linux 7.2
A similar question to what David Siebert was
asking - I am trying to locate users that are trying
to log in as someone else in PostgreSQL.I have the postmaster running the debug with level 2
and when I review my logs, I see this:[snip from logs]
Jan 6 09:11:46 test_srv postgres[30134]: [228919] FATAL 1: Password
authentication failed for user "Admin"[/snip from logs]
How can I trace back *who* is trying to log in as 'Admin' and how
can I stop it? If I run debug on any higher level, the response is
much slower; perhaps there is another way?
"Johnson, Shaunn" <SJohnson6@bcbsm.com> writes:
> A similar question to what David Siebert was
> asking - I am trying to locate users that are trying
> to log in as someone else in PostgreSQL.
Again, I think log_connections is what you're looking for.
Note that a failed connection attempt is *not* necessarily a sign of
evil intent. For example, I believe that psql does not prompt the
user for a password unless its initial attempt to connect is rejected
by the server with a "password required" error. So you will see a
failed attempt and then a (hopefully) successful attempt a few seconds
later, whenever you are using password authentication.
regards, tom lane