/
Message template (english)
My YunoHost server
Hardware: VPS bought online
YunoHost version: x.x.x11.2.12 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hello,
I have a Yunohost server running Postgresql on it. There is an intermittent postgres user password change on my server that is not done by me.
I found this in the authlog logs:
May 20 02:07:23 server sshd[648317]: User postgres from 182.156.254.122 not allowed because none of user's groups are listed in AllowGroups
May 20 02:07:23 server sshd[648317]: Disconnected from invalid user postgres 182.156.254.122 port 24401 [preauth]
May 20 02:10:04 server sshd[648547]: User postgres from 218.56.160.82 not allowed because none of user's groups are listed in AllowGroups
May 20 02:10:05 server sshd[648547]: Disconnected from invalid user postgres 218.56.160.82 port 11364 [preauth]
May 20 02:11:32 server sshd[648605]: User postgres from 14.63.221.137 not allowed because none of user's groups are listed in AllowGroups
May 20 02:11:32 server sshd[648605]: Disconnected from invalid user postgres 14.63.221.137 port 45968 [preauth]
May 20 02:14:26 server sshd[648743]: User postgres from 182.156.254.122 not allowed because none of user's groups are listed in AllowGroups
May 20 02:14:26 server sshd[648743]: Disconnected from invalid user postgres 182.156.254.122 port 29908 [preauth]
May 20 02:15:41 server sshd[648806]: User postgres from 81.70.56.77 not allowed because none of user's groups are listed in AllowGroups
May 20 02:15:42 server sshd[648806]: Disconnected from invalid user postgres 81.70.56.77 port 59584 [preauth]
May 20 02:16:42 server sshd[648848]: User postgres from 14.63.221.137 not allowed because none of user's groups are listed in AllowGroups
May 20 02:16:42 server sshd[648848]: Disconnected from invalid user postgres 14.63.221.137 port 50144 [preauth]
May 20 02:17:49 server sshd[648906]: User postgres from 176.53.161.33 not allowed because none of user's groups are listed in AllowGroups
May 20 02:17:49 server sshd[648906]: Disconnected from invalid user postgres 176.53.161.33 port 56930 [preauth]
May 20 02:27:16 server sshd[649380]: User postgres from 101.35.217.65 not allowed because none of user's groups are listed in AllowGroups
May 20 02:27:16 server sshd[649380]: Disconnected from invalid user postgres 101.35.217.65 port 53676 [preauth]
May 20 02:27:50 server sshd[649399]: User postgres from 146.235.59.55 not allowed because none of user's groups are listed in AllowGroups
May 20 02:27:50 server sshd[649399]: Disconnected from invalid user postgres 146.235.59.55 port 55307 [preauth]
May 20 02:30:12 server sshd[649469]: User postgres from 81.70.56.77 not allowed because none of user's groups are listed in AllowGroups
May 20 02:30:12 server sshd[649469]: Disconnected from invalid user postgres 81.70.56.77 port 55336 [preauth]
May 20 05:49:51 server sshd[655303]: User postgres from 43.163.210.233 not allowed because none of user's groups are listed in AllowGroups
May 20 05:49:52 server sshd[655303]: Disconnected from invalid user postgres 43.163.210.233 port 58894 [preauth]
May 20 05:56:23 server sshd[655495]: User postgres from 43.134.29.154 not allowed because none of user's groups are listed in AllowGroups
May 20 05:56:23 server sshd[655495]: Disconnected from invalid user postgres 43.134.29.154 port 49326 [preauth]
May 20 06:12:16 server sshd[656003]: User postgres from 119.188.168.235 not allowed because none of user's groups are listed in AllowGroups
May 20 06:12:16 server sshd[656003]: Disconnected from invalid user postgres 119.188.168.235 port 32958 [preauth]
May 20 06:14:16 server sshd[656052]: User postgres from 211.217.253.234 not allowed because none of user's groups are listed in AllowGroups
May 20 06:14:16 server sshd[656052]: Disconnected from invalid user postgres 211.217.253.234 port 19359 [preauth]
May 20 06:27:19 server sshd[656571]: User postgres from 117.199.152.239 not allowed because none of user's groups are listed in AllowGroups
May 20 06:27:19 server sshd[656571]: Disconnected from invalid user postgres 117.199.152.239 port 34754 [preauth]
May 20 06:38:35 server sudo: root : TTY=pts/0 ; PWD=/var/lib/postgresql ; USER=postgres ; COMMAND=/bin/bash --login -c psql -cALTER\ user\ postgres\ WITH\ PASSWORD\ \'*********************\' postgres
May 20 06:38:35 server sudo: pam_unix(sudo:session): session opened for user postgres(uid=122) by (uid=0)
May 20 06:38:35 server sudo: pam_unix(sudo:session): session closed for user postgres
May 20 11:27:09 server sshd[666688]: User postgres from 159.223.55.122 not allowed because none of user's groups are listed in AllowGroups
May 20 11:27:10 server sshd[666688]: Disconnected from invalid user postgres 159.223.55.122 port 39390 [preauth]
May 20 11:40:51 server sshd[667274]: User postgres from 129.226.215.3 not allowed because none of user's groups are listed in AllowGroups
May 20 11:40:51 server sshd[667274]: Disconnected from invalid user postgres 129.226.215.3 port 36222 [preauth]
Users access this database via webapp and mobile clients. The database is only open to local access and is used with a local user account and password.
How should I take precautions for this vulnerability. What is the way to keep my system safe.
Thanks for you attention.