一个带有postgres 9.4的linux虚拟机被入侵了。 (两个进程占用100%cpu,/ tmp中的奇怪文件,在kill(s)和重启后没有重新发生。)决定在新机器上安装系统(使用postgres 9.6)。唯一需要的数据是postgres数据库之一。攻击发生后<{>>数据库的pg_dump 。
无论数据是否 - 表/行/等。 - 在攻击期间被修改:在新系统中恢复数据库是否安全?
我考虑将pg_restore与-O选项一起使用(忽略用户权限)
答案 0 :(得分:1)
The two dangers are:
important data could have been modified
back doors could have been installed in your database
With the first, you're on your own how to verify that your data are ok. The safest thing would be to use a backup from before the machine was compromized, but this would mean data loss.
For the second, I would run a pg_dumpall -s and spend a day reading it carefully. Compare it with a dump from a backup made before the breach. Watch out for weird object and column names and functions with SECURITY DEFINER.