Postgres user / server security

:uk:/:us: Message template (english)

My YunoHost server

Hardware: VPS bought online
YunoHost version: x.x.x11.2.12 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello,
I have a Yunohost server running Postgresql on it. There is an intermittent postgres user password change on my server that is not done by me.
I found this in the authlog logs:

May 20 02:07:23 server sshd[648317]: User postgres from 182.156.254.122 not allowed because none of user's groups are listed in AllowGroups
May 20 02:07:23 server sshd[648317]: Disconnected from invalid user postgres 182.156.254.122 port 24401 [preauth]
May 20 02:10:04 server sshd[648547]: User postgres from 218.56.160.82 not allowed because none of user's groups are listed in AllowGroups
May 20 02:10:05 server sshd[648547]: Disconnected from invalid user postgres 218.56.160.82 port 11364 [preauth]
May 20 02:11:32 server sshd[648605]: User postgres from 14.63.221.137 not allowed because none of user's groups are listed in AllowGroups
May 20 02:11:32 server sshd[648605]: Disconnected from invalid user postgres 14.63.221.137 port 45968 [preauth]
May 20 02:14:26 server sshd[648743]: User postgres from 182.156.254.122 not allowed because none of user's groups are listed in AllowGroups
May 20 02:14:26 server sshd[648743]: Disconnected from invalid user postgres 182.156.254.122 port 29908 [preauth]
May 20 02:15:41 server sshd[648806]: User postgres from 81.70.56.77 not allowed because none of user's groups are listed in AllowGroups
May 20 02:15:42 server sshd[648806]: Disconnected from invalid user postgres 81.70.56.77 port 59584 [preauth]
May 20 02:16:42 server sshd[648848]: User postgres from 14.63.221.137 not allowed because none of user's groups are listed in AllowGroups
May 20 02:16:42 server sshd[648848]: Disconnected from invalid user postgres 14.63.221.137 port 50144 [preauth]
May 20 02:17:49 server sshd[648906]: User postgres from 176.53.161.33 not allowed because none of user's groups are listed in AllowGroups
May 20 02:17:49 server sshd[648906]: Disconnected from invalid user postgres 176.53.161.33 port 56930 [preauth]
May 20 02:27:16 server sshd[649380]: User postgres from 101.35.217.65 not allowed because none of user's groups are listed in AllowGroups
May 20 02:27:16 server sshd[649380]: Disconnected from invalid user postgres 101.35.217.65 port 53676 [preauth]
May 20 02:27:50 server sshd[649399]: User postgres from 146.235.59.55 not allowed because none of user's groups are listed in AllowGroups
May 20 02:27:50 server sshd[649399]: Disconnected from invalid user postgres 146.235.59.55 port 55307 [preauth]
May 20 02:30:12 server sshd[649469]: User postgres from 81.70.56.77 not allowed because none of user's groups are listed in AllowGroups
May 20 02:30:12 server sshd[649469]: Disconnected from invalid user postgres 81.70.56.77 port 55336 [preauth]
May 20 05:49:51 server sshd[655303]: User postgres from 43.163.210.233 not allowed because none of user's groups are listed in AllowGroups
May 20 05:49:52 server sshd[655303]: Disconnected from invalid user postgres 43.163.210.233 port 58894 [preauth]
May 20 05:56:23 server sshd[655495]: User postgres from 43.134.29.154 not allowed because none of user's groups are listed in AllowGroups
May 20 05:56:23 server sshd[655495]: Disconnected from invalid user postgres 43.134.29.154 port 49326 [preauth]
May 20 06:12:16 server sshd[656003]: User postgres from 119.188.168.235 not allowed because none of user's groups are listed in AllowGroups
May 20 06:12:16 server sshd[656003]: Disconnected from invalid user postgres 119.188.168.235 port 32958 [preauth]
May 20 06:14:16 server sshd[656052]: User postgres from 211.217.253.234 not allowed because none of user's groups are listed in AllowGroups
May 20 06:14:16 server sshd[656052]: Disconnected from invalid user postgres 211.217.253.234 port 19359 [preauth]
May 20 06:27:19 server sshd[656571]: User postgres from 117.199.152.239 not allowed because none of user's groups are listed in AllowGroups
May 20 06:27:19 server sshd[656571]: Disconnected from invalid user postgres 117.199.152.239 port 34754 [preauth]
May 20 06:38:35 server sudo:     root : TTY=pts/0 ; PWD=/var/lib/postgresql ; USER=postgres ; COMMAND=/bin/bash --login -c psql -cALTER\ user\ postgres\ WITH\ PASSWORD\ \'*********************\' postgres
May 20 06:38:35 server sudo: pam_unix(sudo:session): session opened for user postgres(uid=122) by (uid=0)
May 20 06:38:35 server sudo: pam_unix(sudo:session): session closed for user postgres
May 20 11:27:09 server sshd[666688]: User postgres from 159.223.55.122 not allowed because none of user's groups are listed in AllowGroups
May 20 11:27:10 server sshd[666688]: Disconnected from invalid user postgres 159.223.55.122 port 39390 [preauth]
May 20 11:40:51 server sshd[667274]: User postgres from 129.226.215.3 not allowed because none of user's groups are listed in AllowGroups
May 20 11:40:51 server sshd[667274]: Disconnected from invalid user postgres 129.226.215.3 port 36222 [preauth]

Users access this database via webapp and mobile clients. The database is only open to local access and is used with a local user account and password.

How should I take precautions for this vulnerability. What is the way to keep my system safe.
Thanks for you attention.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.