diff options
| author | Christian Cleberg <hello@cleberg.net> | 2025-05-06 21:31:46 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-06 21:31:46 -0500 |
| commit | 95bf612c338dec8235e89ca6a1d9e5e8cad3f997 (patch) | |
| tree | 82cfd62fb145b7b686d4ae825ab2c2436343e590 /databases/postgres | |
| parent | d62f25007470fe546e0f9d2e38a26e84146f72c5 (diff) | |
| download | audit-tools-95bf612c338dec8235e89ca6a1d9e5e8cad3f997.tar.gz audit-tools-95bf612c338dec8235e89ca6a1d9e5e8cad3f997.tar.bz2 audit-tools-95bf612c338dec8235e89ca6a1d9e5e8cad3f997.zip | |
reorganize db dir (#6)
Diffstat (limited to 'databases/postgres')
| -rw-r--r-- | databases/postgres/README.org | 75 | ||||
| -rw-r--r-- | databases/postgres/admins.sql | 22 | ||||
| -rw-r--r-- | databases/postgres/passwords.sql | 18 |
3 files changed, 115 insertions, 0 deletions
diff --git a/databases/postgres/README.org b/databases/postgres/README.org new file mode 100644 index 0000000..e7cd062 --- /dev/null +++ b/databases/postgres/README.org @@ -0,0 +1,75 @@ +#+title: Postgres + +* =passwords.sql= + +#+begin_src sql +SELECT * +FROM pg_settings +WHERE name LIKE 'password_%'; +#+end_src + +#+begin_src +| name | setting | unit | category | short_desc | extra_desc | context | vartype | source | min_val | max_val | enumvals | boot_val | reset_val | sourcefile | sourceline | pending_restart | +|---------------------+---------------+------+-------------------------------------------------+-------------------------------------------------+------------+---------+---------+---------+---------+---------+---------------------+---------------+---------------+------------+------------+-----------------| +| password_encryption | scram-sha-256 | | Connections and Authentication / Authentication | Chooses the algorithm for encrypting passwords. | | user | enum | default | | | {md5,scram-sha-256} | scram-sha-256 | scram-sha-256 | | | false | +#+end_src + +#+begin_src sql +SELECT + usename AS user_name, + passwd AS password, + valuntil AS valid_until, + useconfig AS user_config +FROM pg_shadow; +#+end_src + +#+begin_src +| user_name | password | valid_until | user_config | +|-----------+---------------------------------------------------------------------------------------------------------------------------------------+------------------------+-------------| +| cmc | | | | +| testuser | SCRAM-SHA-256$4096:+NSpEU+8afhJ4BUTkzdKeg==$FGIRcTWr89b42qkLUl4Ntfp4RUpoc3GIpLHqJl/fWZE=:o1UM8YiEj5SLV5l/geMuqXMRi6onWazryn/l+LXYMxU= | 2025-12-31 00:00:00-06 | | +#+end_src + +* =admins.sql= + +#+begin_src sql +SELECT + r.rolname AS role_name, + r.rolsuper AS is_superuser, + r.rolinherit AS inherits_privileges, + r.rolcreaterole AS can_create_roles, + r.rolcreatedb AS can_create_db, + r.rolcanlogin AS can_login, + r.rolreplication AS can_replication, + r.rolconnlimit AS connection_limit, + r.rolvaliduntil AS valid_until, + ARRAY( + SELECT b.rolname + FROM pg_auth_members m + JOIN pg_roles b ON (m.roleid = b.oid) + WHERE m.member = r.oid + ) AS member_of +FROM pg_roles r; +#+end_src + +#+begin_src +| role_name | is_superuser | inherits_privileges | can_create_roles | can_create_db | can_login | can_replication | connection_limit | valid_until | member_of | +|-----------------------------+--------------+---------------------+------------------+---------------+-----------+-----------------+------------------+------------------------+--------------------------------------------------------------| +| cmc | true | true | true | true | true | true | -1 | | {} | +| pg_database_owner | false | true | false | false | false | false | -1 | | {} | +| pg_read_all_data | false | true | false | false | false | false | -1 | | {} | +| pg_write_all_data | false | true | false | false | false | false | -1 | | {} | +| pg_monitor | false | true | false | false | false | false | -1 | | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables} | +| pg_read_all_settings | false | true | false | false | false | false | -1 | | {} | +| pg_read_all_stats | false | true | false | false | false | false | -1 | | {} | +| pg_stat_scan_tables | false | true | false | false | false | false | -1 | | {} | +| pg_read_server_files | false | true | false | false | false | false | -1 | | {} | +| pg_write_server_files | false | true | false | false | false | false | -1 | | {} | +| pg_execute_server_program | false | true | false | false | false | false | -1 | | {} | +| pg_signal_backend | false | true | false | false | false | false | -1 | | {} | +| pg_checkpoint | false | true | false | false | false | false | -1 | | {} | +| pg_maintain | false | true | false | false | false | false | -1 | | {} | +| pg_use_reserved_connections | false | true | false | false | false | false | -1 | | {} | +| pg_create_subscription | false | true | false | false | false | false | -1 | | {} | +| testuser | false | true | false | false | true | false | -1 | 2025-12-31 00:00:00-06 | {} | +#+end_src diff --git a/databases/postgres/admins.sql b/databases/postgres/admins.sql new file mode 100644 index 0000000..6f9d320 --- /dev/null +++ b/databases/postgres/admins.sql @@ -0,0 +1,22 @@ +-- References:
+-- : https://www.postgresql.org/docs/current/user-manag.html
+-- : https://www.postgresql.org/docs/current/view-pg-roles.html
+-- : https://www.postgresql.org/docs/current/catalog-pg-auth-members.html
+
+SELECT
+ r.rolname AS role_name,
+ r.rolsuper AS is_superuser,
+ r.rolinherit AS inherits_privileges,
+ r.rolcreaterole AS can_create_roles,
+ r.rolcreatedb AS can_create_db,
+ r.rolcanlogin AS can_login,
+ r.rolreplication AS can_replication,
+ r.rolconnlimit AS connection_limit,
+ r.rolvaliduntil AS valid_until,
+ ARRAY(
+ SELECT b.rolname
+ FROM pg_auth_members m
+ JOIN pg_roles b ON (m.roleid = b.oid)
+ WHERE m.member = r.oid
+ ) AS member_of
+FROM pg_roles r;
\ No newline at end of file diff --git a/databases/postgres/passwords.sql b/databases/postgres/passwords.sql new file mode 100644 index 0000000..cb81cd6 --- /dev/null +++ b/databases/postgres/passwords.sql @@ -0,0 +1,18 @@ +-- References:
+-- : https://www.postgresql.org/docs/current/view-pg-shadow.html
+-- : https://www.postgresql.org/docs/current/auth-password.html
+-- : https://www.postgresql.org/docs/current/auth-password.html#AUTH-PASSWORD-ENCRYPTION
+-- : https://www.postgresql.org/docs/current/runtime-config.html
+
+-- Defined password configuration
+SELECT *
+FROM pg_settings
+WHERE name LIKE 'password_%';
+
+-- Users and their password configurations
+SELECT
+ usename AS user_name,
+ passwd AS password,
+ valuntil AS valid_until,
+ useconfig AS user_config
+FROM pg_shadow;
\ No newline at end of file |