Terminating a rogue connection
Assuming a *nix server: if a monitoring program determines that an
established connection appears to be trying to so something
inappropriate, what's the best way of terminating that session rapidly?
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
On Fri, Jul 27, 2012 at 6:27 PM, Mark Morgan Lloyd
<markMLl.pgsql-general@telemetry.co.uk> wrote:
Assuming a *nix server: if a monitoring program determines that an
established connection appears to be trying to so something inappropriate,
what's the best way of terminating that session rapidly?
select pg_terminate_backend(procpid) from pg_stat_activity where .....
The main difficulty is recognizing which PID to terminate, though.
There's a good lot of information available in pg_stat_activity;
logins, application names, and connection IP addresses are handy here.
But ultimately, it's just pg_terminate_backend.
ChrisA
Hi all,
in elderly versions, where pg_terminate_backend is missing, you'd
issue a kill -15 <pid> from the command line.
Bèrto
On 27 July 2012 09:33, Chris Angelico <rosuav@gmail.com> wrote:
On Fri, Jul 27, 2012 at 6:27 PM, Mark Morgan Lloyd
<markMLl.pgsql-general@telemetry.co.uk> wrote:Assuming a *nix server: if a monitoring program determines that an
established connection appears to be trying to so something inappropriate,
what's the best way of terminating that session rapidly?select pg_terminate_backend(procpid) from pg_stat_activity where .....
The main difficulty is recognizing which PID to terminate, though.
There's a good lot of information available in pg_stat_activity;
logins, application names, and connection IP addresses are handy here.
But ultimately, it's just pg_terminate_backend.ChrisA
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Chris Angelico wrote:
On Fri, Jul 27, 2012 at 6:27 PM, Mark Morgan Lloyd
<markMLl.pgsql-general@telemetry.co.uk> wrote:Assuming a *nix server: if a monitoring program determines that an
established connection appears to be trying to so something inappropriate,
what's the best way of terminating that session rapidly?select pg_terminate_backend(procpid) from pg_stat_activity where .....
The main difficulty is recognizing which PID to terminate, though.
Exactly :-)
I'd add that this is a hypothetical situation at present, I'm just
trying to plan ahead.
There's a good lot of information available in pg_stat_activity;
logins, application names, and connection IP addresses are handy here.
But ultimately, it's just pg_terminate_backend.ChrisA
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
On Fri, Jul 27, 2012 at 7:09 PM, Mark Morgan Lloyd
<markMLl.pgsql-general@telemetry.co.uk> wrote:
Chris Angelico wrote:
On Fri, Jul 27, 2012 at 6:27 PM, Mark Morgan Lloyd
<markMLl.pgsql-general@telemetry.co.uk> wrote:Assuming a *nix server: if a monitoring program determines that an
established connection appears to be trying to so something
inappropriate,
what's the best way of terminating that session rapidly?select pg_terminate_backend(procpid) from pg_stat_activity where .....
The main difficulty is recognizing which PID to terminate, though.
Exactly :-)
I'd add that this is a hypothetical situation at present, I'm just trying to
plan ahead.
Something I've been developing at work lately combines this with
editing pg_hba.conf to ensure that a kicked connection cannot
reconnect. Services register themselves with a particular user name,
then SET USER to switch to the one actual user who owns tables and
stuff, so my overlording monitor can kick off any service based on IP
and usename (note the spelling - it's not "username" in the table).
Rewrite pg_hba.conf, SIGHUP, then pg_terminate_backend in a searched
SELECT as seen above.
This may be overkill for what you're doing, though. It's part of our
"prevent split-brain problems" technique.
ChrisA
Chris Angelico wrote:
On Fri, Jul 27, 2012 at 7:09 PM, Mark Morgan Lloyd
<markMLl.pgsql-general@telemetry.co.uk> wrote:Chris Angelico wrote:
On Fri, Jul 27, 2012 at 6:27 PM, Mark Morgan Lloyd
<markMLl.pgsql-general@telemetry.co.uk> wrote:Assuming a *nix server: if a monitoring program determines that an
established connection appears to be trying to so something
inappropriate,
what's the best way of terminating that session rapidly?select pg_terminate_backend(procpid) from pg_stat_activity where .....
The main difficulty is recognizing which PID to terminate, though.
Exactly :-)
I'd add that this is a hypothetical situation at present, I'm just trying to
plan ahead.Something I've been developing at work lately combines this with
editing pg_hba.conf to ensure that a kicked connection cannot
reconnect. Services register themselves with a particular user name,
then SET USER to switch to the one actual user who owns tables and
stuff, so my overlording monitor can kick off any service based on IP
and usename (note the spelling - it's not "username" in the table).
Rewrite pg_hba.conf, SIGHUP, then pg_terminate_backend in a searched
SELECT as seen above.This may be overkill for what you're doing, though. It's part of our
"prevent split-brain problems" technique.
One problem there is that if somebody is doing something that causes a
significant CPU or memory overcommit, it might be some while before
SIGHUP etc. works. I'm currently eyeballing the Linux capabilities
stuff, it looks as though if a monitor has CAP_NET_ADMIN that it will be
able to temporarily add a firewall rule that blocks the rogue client's
traffic.
I'm hoping to be able to avoid "on the fly" editing of configuration
files, there's too much could go wrong. Which I suppose leads into
another question...
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]