Configure Custom PostgreSQL ports with SELinux

  • Blog
  • Configure Custom PostgreSQL ports with SELinux

SELinux (Security-Enhanced Linux) is a great and powerful security feature that’s built into most RHEL based Linux distributions. It adds an extra layer of security by strictly controlling access to the files, system resources, and processes in your Linux server.

SELinux works by enforcing mandatory access control (MAC) which can limit the damage if a system is compromised. It also minimize potential vulnerabilities on a Linuix system through the principle of least privilege.

In this article we will look at how you can change the default service port in a system with SELinux running in enforcing mode.

SELinux Port contexts

In SELinux, port contexts are used to define security label that is associated with a network port. This allows SELinux to identify if traffic associated with a service in a network is legit and helping to prevent unauthorized access attempts to service.

List existing port contexts in your Linux machine using:

semanage port -l

We can check the port content associated with PostgreSQL service.

# semanage port -l | grep 5432
postgresql_port_t              tcp      5432, 9898

Configure Custom PostgreSQL ports with SELinux

If we need to make PostgreSQL service to use a non-standard port, we have to add the custom port to SELinux policy associated with standard port.

Suppose we want PostgreSQL to listen on port 5532, we will run:

sudo semanage port -a -t postgresql_port_t -p tcp 5532

Where:

  • semanage is the command used to manage SELinux policies.
  • port: This instructs semanage we are handling SELinux port definitions.
  • -a: Is a flag that informs semanage to add a new entry.
  • -t: Is used to define a security context associated with a port.
  • postgresql_port_t: This is a port context associated with PostgreSQL services.
  • -p tcp: The port we are adding is of type TCP.
  • 5532: The port number that we’re defining.

You can now check the port contexts associated with PostgreSQL service

$ sudo semanage port -l | grep -w postgresql_port_t
postgresql_port_t              tcp      5532, 5432, 9898

Here is another example for Redis service.

$ sudo semanage port -l | grep 6379
redis_port_t                   tcp      6379, 16379, 26379

$ sudo semanage port -a -t redis_port_t -p tcp 6479

You can then edit PostgreSQL listen port. Depending on your OS type, locate postgresql.conf file.

sudo find / -name postgresql.conf

Here is an example of setting it to listen on port 5532.

listen_addresses = '192.168.20.11:5532'

Conclusion

Adjusting SELinux polices and changing the listen port of PostgreSQL involves running commands and editing configuration file. While we covered the steps in a simplistic approach, the overall management of SELinux can be intricate.

If you require custom or complex SELinux configurations and you’re not sure about the process, don’t hesitate to get assistance from qualified security professionals from CloudSpinx.

You can Live chat or Send us a message now for further guidance.

Your IT Journey Starts Here!

Ready to level up your IT skills? Our new eLearning platform is coming soon to help you master the latest technologies.

  • Learn at your own pace
  • Access expert-led premium content
  • Gain in-demand IT certification tips and practice questions
  • Master essential skills: Linux, Scripting and Automation, Kubernetes, Cloud, IaC, GitOps, DevOps, Cybersecurity, and more.

Be the first to know when we launch! Join our waitlist now.

Join Waiting List
Twitter Facebook Linkedin Whatsapp Reddit

Join our Linux and open source community. Subscribe to our newsletter for tips, tricks, and collaboration opportunities!

Recent Post

Categories

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Post

Git PR vs MR vs Release vs RC vs Tag vs Branch

Let’s clarify the differences between merge requests (commonly called pull requests in GitHub), releases, release candidates (RCs), tags, and branches […]

  • NO COMMENTS
  • September 5, 2024
Set up Kind Kubernetes with Nginx Ingress using Terraform

Kind (which in full means “Kubernetes IN Docker”), is a command line tool that enables you to run Kubernetes clusters […]

  • NO COMMENTS
  • September 1, 2024
Migrate packages from one cPanel server to another

Are you looking for an easy way to migrate packages from one cPanel server to a new cPanel server? In […]

  • NO COMMENTS
  • August 28, 2024

You can connect with CloudSpinx using the following channels

Hosting Services  
Consultancy Services
Development Services
Networking Services
  • Structured Cabling
  • Firewall solutions
  • Smart Home Solutions
  • Internet filtering
  • Surveillance
  • Communication
Storage & Backup
  • NAS / SAN Storage
  • Software-defined storage (SDS)
  • OS / Apps Backups
  • CCTV Backups
  • Data Recovery
Office Services
Business Applications
  • ERP
  • CRM
  • POS
  • Project Management
  • Communication
  • Communication & Collaboration
  • Accounting & Finance
  • Asset Management
  • E-commerce Platforms
  • Business intelligence
Latest Articles
Newsletter
Follow Us
X-twitter Linkedin Facebook-f Github
Contact US
© Copyright 2024 CloudSpinx Limited
Download CloudSpinx Profile!

Cancellation Policy

Refund Policy

TOS

Let's Connect

Unleash the full potential of your business with CloudSpinx. Our expert solutions specialists are standing by to answer your questions and tailor a plan that perfectly aligns with your unique needs.
You will get a response from our solutions specialist within 12 hours
We understand emergencies can be stressful. For immediate assistance, chat with us now

Contact CloudSpinx today!

Download CloudSpinx Profile

Discover the full spectrum of our expertise and services by downloading our detailed Company Profile. Simply enter your first name, last name, and email address.