Add Support for PostgreSQL #725
Conversation
|
Wow, that's awesome! Thank you! If you have any problems or questions, feel free to reach out! |
professormahi
force-pushed
the
master
branch
2 times, most recently
from
224aeae to
fcfe9c6
Compare
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
…lint Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>
|
I think the base version is ready for review after merging dev-sec/postgres-baseline#54. |
|
This PR is ready to review after the workflow approval. @rndmh3ro |
|
Thanks @professormahi, sounds awesome. I'll try to take a look next week! |
| ################################# | ||
| # POSTGRES-02 ################### | ||
| ################################# | ||
| - name: Get postgres version |
There was a problem hiding this comment.
Can we use the postgresql_info_module here? According to the docs, getting the version is supported by the module.
Or don't you want to do this because then we'd have to connect to the postgres?
There was a problem hiding this comment.
@professormahi What do you think about this?
| # POSTGRES-07/11/12/16 ########## | ||
| ################################# | ||
| - name: Secure postgresql.conf Configuration | ||
| ansible.builtin.lineinfile: |
There was a problem hiding this comment.
I'm not a fan of using lineinfile. I'd rather use template.
Now I guess templating the whole postgresql.conf-file would be inconvenient, can we use includes?
There was a problem hiding this comment.
@professormahi What do you think about this?
Co-authored-by: Sebastian Gumprich <[email protected]>
Co-authored-by: Sebastian Gumprich <[email protected]>
Co-authored-by: Sebastian Gumprich <[email protected]>
Co-authored-by: Sebastian Gumprich <[email protected]>
Co-authored-by: Sebastian Gumprich <[email protected]>
|
What's the status of this? |
Sorry for long delay. I will work on this issue in next week and hope to fix your comments soon. |
|
Good day. I've pulled this branch to extend the supported OSes for postgres hardening. I can address the comments that are still outstanding but it looks like there are some unsigned commits from @professormahi and the CI tool. I've specifically pulled @professormahi 's branch to avoid clobbering the work that he has done so far. Would you prefer that I wait until this PR is merged or can I extend this contribution after the unsigned commits are signed? |
|
@stroebel Please feel free to move forward independently of this PR. Be sure to resolve the unsigned commit issues, and if you're planning to add support for AL2023, I’m happy to assist with reviewing and verifying your changes. Since this PR is specific to Ubuntu, support for other operating systems doesn’t need to wait. Let’s keep the momentum going. |
5 participants
I'm working on adding PostgreSQL hardening role to this collection.