+420 774 447 953   [email protected]
The cart is empty

How to Configure SELinux to Allow Remote Connection to PostgreSQL on CentOS 7

How to Configure SELinux to Allow Remote Connection to PostgreSQL on CentOS 7

Introduction

SELinux (Security-Enhanced Linux) is a Linux security module that provides a mechanism to support access control security policies. The default SELinux settings on CentOS 7 may restrict access to the PostgreSQL database server from remote machines. To enable remote access to PostgreSQL, several configuration steps need to be taken to ensure secure connections while maintaining SELinux security features.

Prerequisites

  • Installed and running CentOS 7
  • Installed PostgreSQL server
  • Basic knowledge of working with the terminal and SELinux

1. Check SELinux Status

The first step is to determine whether SELinux is enabled and in what mode it is operating. This can be done using the command:

getenforce

If the command returns Enforcing, SELinux is active and enforcing security policies. Permissive means SELinux logs policy violations but does not block them. Disabled means SELinux is turned off.

2. Configure PostgreSQL for Remote Access

Before making changes in SELinux, ensure that PostgreSQL allows remote connections. In the postgresql.conf file, typically located in /var/lib/pgsql/data/, set:

listen_addresses = '*'

In the pg_hba.conf file, add rules for remote access, for example:

host    all             all             0.0.0.0/0               md5

3. Set SELinux to Allow Remote Connections

SELinux may require adjustment to allow remote connections to PostgreSQL. The following steps show how to achieve this:

  • Allow network communication for PostgreSQL
setsebool -P postgresql_can_network_connect_db 1
  • Set proper SELinux contexts on PostgreSQL files
semanage fcontext -a -t postgresql_db_t "/var/lib/pgsql/data(/.*)?"
restorecon -Rv /var/lib/pgsql/data

4. Restart Services

After configuring SELinux and PostgreSQL, it is necessary to restart the PostgreSQL service to apply the changes:

systemctl restart postgresql

Conclusion

Properly configuring SELinux and PostgreSQL is crucial for securing and ensuring proper functionality of remote connections to the database server. By following the above steps, you can enable secure remote access to your PostgreSQL instance on CentOS 7 while preserving the SELinux security policies provided. It is important to note that any changes to SELinux configuration should be made with consideration for the security implications across the entire system.

Best sellers

2,6 €

1,5 €

29 €

32 €