Security considerations - CHERTS/pgscv GitHub Wiki

Security considerations

For collecting metrics and auto-discovery pgSCV requires some kind of privileges. pgSCV uses the following sources for collecting metrics:

• reading procfs and sysfs pseudo-filesystems
• reading Postgres and Pgbouncer log files
• reading Postgres stats views beginning from pg_stat prefix
• reading Postgres system catalog tables
• executing Postgres functions for reading configs, stats, files metadata, etc.
• walking on filesystem paths inside Postgres data directory (auto-discovery)
• walking filesystem paths in /etc (auto-discovery)
• reading Pgbouncer stats from pgbouncer built-in database.

System access

• regular, unprivileged system user is sufficient to read all necessary stats.
• this user must have access to Postgres/Pgbouncer log directories

Postgres access

• regular, unprivileged database role is NOT sufficient to read all necessary stats
• at least pg_monitor and pg_read_server_files roles must be granted to the role (available since Postgres 10)
• an EXECUTE privilege must be granted on pg_current_logfile() function in database used for connecting (default is postgres)

Pgbouncer access

• user specified in stats_users of pgbouncer.ini is sufficient to read all necessary stats.

Metrics exposition In case of running in public or untrusted networks, /metrics endpoint could be protected with Basic authentication and TLS encryption.