[Ach] postgresql diff

L. Aaron Kaplan kaplan at cert.at
Tue Nov 26 20:21:39 CET 2013

On Nov 26, 2013, at 7:22 PM, Berg San <bs at cyontris.eu> wrote:

> On 11/26/2013 08:54 AM, christian mock wrote:
>> One minor thing:
>>> +To start in SSL mode the server.crt and server.key must exist in the server's data directory \$PGDATA.
>>> +Don't forget to set the right permission (0600) to your server.key.
>> What user must the key belong to? "postgres" or "root"?
> postgres
>> (Also, but that's a personal preference, I set my key file permissions
>> to 0400 to prevent me from accidentally messing with them)
> We have never mentioned the file permissions of the key and crt files for the other services.
> Therefore I've deleted the sentence.
> -Don't forget to set the right permission (0600) to your server.key.
> I've also added the section how to test and tested with version.
> Diff is attached.
Thanks!! Fantastic. It's really a joy to read this section. It's precise, short, quick to reed, I have all the info that I need and it works.

The patch is applied. Pls. git pull.

What about the other DBs? Do you think we can still make this? Anybody here with Oracle experience, can someone test Oracle settings? The T-Systems hardening guide has multiple pages on Oracle. Some of them related to crypto.


// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131126/0697106b/attachment.sig>

More information about the Ach mailing list