forked from lesovsky/pgscv
-
-
Notifications
You must be signed in to change notification settings - Fork 5
Security considerations
Mikhail Grigorev edited this page Feb 11, 2024
·
1 revision
For collecting metrics and auto-discovery pgSCV requires some kind of privileges. pgSCV uses the following sources for collecting metrics:
- reading
procfs
andsysfs
pseudo-filesystems - reading Postgres and Pgbouncer log files
- reading Postgres stats views beginning from
pg_stat
prefix - reading Postgres system catalog tables
- executing Postgres functions for reading configs, stats, files metadata, etc.
- walking on filesystem paths inside Postgres data directory (auto-discovery)
- walking filesystem paths in /etc (auto-discovery)
- reading Pgbouncer stats from
pgbouncer
built-in database.
System access
- regular, unprivileged system user is sufficient to read all necessary stats.
- this user must have access to Postgres/Pgbouncer log directories
Postgres access
- regular, unprivileged database role is NOT sufficient to read all necessary stats
- at least
pg_monitor
andpg_read_server_files
roles must be granted to the role (available since Postgres 10) - an
EXECUTE
privilege must be granted onpg_current_logfile()
function in database used for connecting (default ispostgres
)
Pgbouncer access
- user specified in
stats_users
ofpgbouncer.ini
is sufficient to read all necessary stats.
Metrics exposition
In case of running in public or untrusted networks, /metrics
endpoint could be protected with Basic authentication and TLS encryption.