PostgreSQL Credentials
Service Name: PostgreSQL
Service Description: PostgreSQL is an advanced, enterprise-class open-source relational database system that supports both SQL (relational) and JSON (non-relational) querying. It is highly extensible and compliant with SQL standards.
Service Address: https://www.postgresql.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the pg_hba.conf file to limit connections by IP address or range.
Secret Access Scope: Grants access to PostgreSQL databases with permissions defined by the user role. Can allow reading, writing, modifying, and deleting data, as well as creating and modifying database structures.
Secret Revokement URL: Does not exist (managed through database commands)
Secret Example: postgresql://username:p@ssw0rd123@hostname:5432/database
Suspicious Activity Investigation Instructions:
- Review database logs for unusual query patterns or login attempts
- Check for unexpected high-volume data transfers or schema changes
- Monitor for unusual access times or locations
- Examine user activity logs for privilege escalation attempts
- Look for creation of unexpected users or role modifications
- Investigate any unusual stored procedures or triggers that have been created
Mitigation Instructions:
- Immediately change the password for the affected user: ALTER USER username WITH PASSWORD 'new_password';
- Revoke unnecessary privileges: REVOKE ALL PRIVILEGES ON DATABASE database_name FROM username;
- Consider temporarily locking the account: ALTER USER username WITH NOLOGIN;
- Review and update IP restrictions in pg_hba.conf file
- Implement connection pooling with proper authentication
- Enable SSL for database connections
- Audit all database objects created or modified by the compromised account
- Implement more granular role-based access control
- Set up logging for all database activities