PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Antonis Christodoulou]

Hi,

I have set up PostgreSQL according to this link:

https://www.cherryservers.com/blog/how-to-install-and-setup-postgresql-server-on-ubuntu-20-04
 


The issue is that after a few hours of operation, even if I don’t access the 
database at all, the Postgres process fails:

christan@vultr:~$ systemctl status postgresql*
● postgresql.service - PostgreSQL RDBMS
 Loaded: loaded (/lib/systemd/system/postgresql.service; disabled; vendor 
preset: enabled)
 Active: active (exited) since Sat 2022-12-31 19:56:56 UTC; 24h ago
Process: 3330722 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 3330722 (code=exited, status=0/SUCCESS)

● postgresql@12-main.service - PostgreSQL Cluster 12-main
 Loaded: loaded (/lib/systemd/system/postgresql@.service; enabled-runtime; 
vendor preset: enabled)
 Active: failed (Result: exit-code) since Sat 2022-12-31 21:33:52 UTC; 23h 
ago
Process: 3330697 ExecStart=/usr/bin/pg_ctlcluster --skip-systemctl-redirect 
12-main start (code=exited, status=0/SUCCESS)
Process: 3341739 ExecStop=/usr/bin/pg_ctlcluster --skip-systemctl-redirect 
-m fast 12-main stop (code=exited, status=2)
   Main PID: 3330702 (code=exited, status=0/SUCCESS)

Moreover, it looks like there is some process stuck into some eternal loop, 
eating up 4 cores:

christan@vultr:~$ ps -ef | grep postgres
postgres 3342383   1  0  2022 ?00:00:00 FzXlkULu
postgres 3344758   1 99  2022 ?3-14:39:11 OElid7Dp
postgres 3419125   1 18 13:57 ?01:17:03 tracepath
christan 3463982 3462489  0 20:44 pts/000:00:00 grep --color=auto postgres

christan@vultr:~$ top -p 3344758
PID USER  PR  NIVIRTRESSHR S  %CPU  %MEM TIME+ COMMAND  

  
3344758 postgres  20   0 2443428   2.3g  4 S 282.3  29.5   5201:46 OElid7Dp 

  

Doing just systemctl postgresql doesn’t restart the process, I have to manually 
kill all the above processes then do systemctl restart.

Lastly, in the journalctl I see the following logs:

Dec 31 21:33:35 vultr.guest sudo[3340093]: pam_unix(sudo:auth): conversation 
failed
Dec 31 21:33:35 vultr.guest sudo[3340093]: pam_unix(sudo:auth): auth could not 
identify password for [postgres]
Dec 31 21:33:35 vultr.guest sudo[3340093]: postgres : user NOT in sudoers ; 
TTY=unknown ; PWD=/var/lib/postgresql/12/main ; USER=root ; 
COMMAND=/usr/sbin/sysctl kernel.nmi_watchdog=0
Dec 31 21:33:52 vultr.guest crontab[3341582]: (postgres) LIST (postgres)
Dec 31 21:33:52 vultr.guest crontab[3341584]: (postgres) REPLACE (postgres)
Dec 31 21:33:52 vultr.guest crontab[3341585]: (postgres) LIST (postgres)
Dec 31 21:33:52 vultr.guest crontab[3341588]: (postgres) LIST (postgres)


What am I missing here, maybe I have to make sure that postgres user has sudo 
rights?

Regards,
Antonis

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Adrian Klaver]

On 1/1/23 12:51, Antonis Christodoulou wrote:

Hi,

I have set up PostgreSQL according to this link:

https://www.cherryservers.com/blog/how-to-install-and-setup-postgresql-server-on-ubuntu-20-04
 


The issue is that after a few hours of operation, even if I don’t access 
the database at all, the Postgres process fails:


*christan@vultr*:*~*$ systemctl status postgresql*
*●*postgresql.service - PostgreSQL RDBMS
      Loaded: loaded (/lib/systemd/system/postgresql.service; disabled; 
vendor preset: enabled)

      Active: *active (exited)*since Sat 2022-12-31 19:56:56 UTC; 24h ago
     Process: 3330722 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
    Main PID: 3330722 (code=exited, status=0/SUCCESS)

*●*postgresql@12-main.service  - 
PostgreSQL Cluster 12-main
      Loaded: loaded (/lib/systemd/system/postgresql@.service; 
enabled-runtime; vendor preset: enabled)
      Active: *failed*(Result: exit-code) since Sat 2022-12-31 21:33:52 
UTC; 23h ago
     Process: 3330697 ExecStart=/usr/bin/pg_ctlcluster 
--skip-systemctl-redirect 12-main start (code=exited, status=0/SUCCESS)
     Process: 3341739 ExecStop=/usr/bin/pg_ctlcluster 
--skip-systemctl-redirect -m fast 12-main stop *(code=exited, status=2)*

    Main PID: 3330702 (code=exited, status=0/SUCCESS)

Moreover, it looks like there is some process stuck into some eternal 
loop, eating up 4 cores:


*christan@vultr*:*~*$ ps -ef | grep postgres
*postgres*3342383       1  0  2022 ?        00:00:00 FzXlkULu
*postgres*3344758       1 99  2022 ?        3-14:39:11 OElid7Dp
*postgres*3419125       1 18 13:57 ?        01:17:03 tracepath
christan 3463982 3462489  0 20:44 pts/0    00:00:00 grep --color=auto 
*postgres*


The above and the below look weird.

Is this machine open to the world?


*
*
*christan@vultr*:*~*$ top -p 3344758
     PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ 
COMMAND
3344758 postgres  20   0 2443428   2.3g      4 S 282.3  29.5   5201:46 
OElid7Dp


Doing just systemctl postgresql doesn’t restart the process, I have to 
manually kill all the above processes then do systemctl restart.


Lastly, in the journalctl I see the following logs:

Dec 31 21:33:35 vultr.guest sudo[3340093]: *pam_unix(sudo:auth): 
co**nversation failed*
Dec 31 21:33:35 vultr.guest sudo[3340093]: *pam_unix(sudo:auth): auth 
could not identify password for [postgres]*
Dec 31 21:33:35 vultr.guest sudo[3340093]: *postgres : user NOT in 
sudoers ; TTY=unknown ; PWD=/var/lib/postgresql/12/main ; USER=root ; 
COMMAND=/usr/sbin/sysctl kernel.nmi_watchdog=0*

Dec 31 21:33:52 vultr.guest crontab[3341582]: (postgres) LIST (postgres)
Dec 31 21:33:52 vultr.guest crontab[3341584]: (postgres) REPLACE (postgres)
Dec 31 21:33:52 vultr.guest crontab[3341585]: (postgres) LIST (postgres)
Dec 31 21:33:52 vultr.guest crontab[3341588]: (postgres) LIST (postgres)


What am I missing here, maybe I have to make sure that postgres user has 
sudo rights?


Regards,
Antonis




--
Adrian Klaver
adrian.kla...@aklaver.com

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Antonis Christodoulou]

Hello Adrian,

No it’s not open, but the database itself has very simple credentials (I am 
just starting with PostgreSQL). What’s weird about the logs?

> On 1 Jan 2023, at 11:00 PM, Adrian Klaver  wrote:
> 
> On 1/1/23 12:51, Antonis Christodoulou wrote:
>> Hi,
>> I have set up PostgreSQL according to this link:
>> https://www.cherryservers.com/blog/how-to-install-and-setup-postgresql-server-on-ubuntu-20-04
>>  
>> 
>>  
>> >  
>> >
>> The issue is that after a few hours of operation, even if I don’t access the 
>> database at all, the Postgres process fails:
>> *christan@vultr*:*~*$ systemctl status postgresql*
>> *●*postgresql.service - PostgreSQL RDBMS
>> Loaded: loaded (/lib/systemd/system/postgresql.service; disabled; vendor 
>> preset: enabled)
>> Active: *active (exited)*since Sat 2022-12-31 19:56:56 UTC; 24h ago
>> Process: 3330722 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
>> Main PID: 3330722 (code=exited, status=0/SUCCESS)
>> *●*postgresql@12-main.service  
>> > - 
>> PostgreSQL Cluster 12-main
>> Loaded: loaded (/lib/systemd/system/postgresql@.service; enabled-runtime; 
>> vendor preset: enabled)
>> Active: *failed*(Result: exit-code) since Sat 2022-12-31 21:33:52 UTC; 23h 
>> ago
>> Process: 3330697 ExecStart=/usr/bin/pg_ctlcluster --skip-systemctl-redirect 
>> 12-main start (code=exited, status=0/SUCCESS)
>> Process: 3341739 ExecStop=/usr/bin/pg_ctlcluster --skip-systemctl-redirect 
>> -m fast 12-main stop *(code=exited, status=2)*
>> Main PID: 3330702 (code=exited, status=0/SUCCESS)
>> Moreover, it looks like there is some process stuck into some eternal loop, 
>> eating up 4 cores:
>> *christan@vultr*:*~*$ ps -ef | grep postgres
>> *postgres*3342383 1  0  2022 ?  00:00:00 FzXlkULu
>> *postgres*3344758 1 99  2022 ?  3-14:39:11 OElid7Dp
>> *postgres*3419125 1 18 13:57 ?  01:17:03 tracepath
>> christan 3463982 3462489  0 20:44 pts/0  00:00:00 grep --color=auto 
>> *postgres*
> 
> The above and the below look weird.
> 
> Is this machine open to the world?
> 
>> *
>> *
>> *christan@vultr*:*~*$ top -p 3344758
>> PID USER  PR  NI  VIRT  RES  SHR S  %CPU  %MEM TIME+ COMMAND
>> 3344758 postgres  20 0 2443428 2.3g  4 S 282.3  29.5 5201:46 OElid7Dp
>> Doing just systemctl postgresql doesn’t restart the process, I have to 
>> manually kill all the above processes then do systemctl restart.
>> Lastly, in the journalctl I see the following logs:
>> Dec 31 21:33:35 vultr.guest sudo[3340093]: *pam_unix(sudo:auth): 
>> co**nversation failed*
>> Dec 31 21:33:35 vultr.guest sudo[3340093]: *pam_unix(sudo:auth): auth could 
>> not identify password for [postgres]*
>> Dec 31 21:33:35 vultr.guest sudo[3340093]: *postgres : user NOT in sudoers ; 
>> TTY=unknown ; PWD=/var/lib/postgresql/12/main ; USER=root ; 
>> COMMAND=/usr/sbin/sysctl kernel.nmi_watchdog=0*
>> Dec 31 21:33:52 vultr.guest crontab[3341582]: (postgres) LIST (postgres)
>> Dec 31 21:33:52 vultr.guest crontab[3341584]: (postgres) REPLACE (postgres)
>> Dec 31 21:33:52 vultr.guest crontab[3341585]: (postgres) LIST (postgres)
>> Dec 31 21:33:52 vultr.guest crontab[3341588]: (postgres) LIST (postgres)
>> What am I missing here, maybe I have to make sure that postgres user has 
>> sudo rights?
>> Regards,
>> Antonis
> 
> -- 
> Adrian Klaver
> adrian.kla...@aklaver.com 

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Adrian Klaver]

On 1/1/23 13:11, Antonis Christodoulou wrote:

Hello Adrian,

No it’s not open, but the database itself has very simple credentials (I 
am just starting with PostgreSQL). What’s weird about the logs?


Not the logs the ps output. I would expect to see something like:

ps -ef | grep postgres
postgres  395382   1  0  2022 ?00:03:31 
/usr/lib/postgresql/14/bin/postgres -D /var/lib/postgresql/14/main -c 
config_file=/etc/postgresql/14/main/postgresql.conf
postgres  395384  395382  0  2022 ?00:00:01 postgres: 14/main: 
checkpointer
postgres  395385  395382  0  2022 ?00:00:26 postgres: 14/main: 
background writer
postgres  395386  395382  0  2022 ?00:00:26 postgres: 14/main: 
walwriter
postgres  395387  395382  0  2022 ?00:01:45 postgres: 14/main: 
autovacuum launcher
postgres  395388  395382  0  2022 ?00:00:05 postgres: 14/main: 
archiver last was 0001000300B9.0028.backup
postgres  395389  395382  0  2022 ?00:01:37 postgres: 14/main: 
stats collector
postgres  395390  395382  0  2022 ?00:02:24 postgres: 14/main: 
pg_cron launcher
postgres  395391  395382  0  2022 ?00:00:01 postgres: 14/main: 
logical replication launcher


This:

postgres 3342383   1  0  2022 ?00:00:00 FzXlkULu
postgres 3344758   1 99  2022 ?3-14:39:11 OElid7Dp
postgres 3419125   1 18 13:57 ?01:17:03 tracepath

just does not look right.


--
Adrian Klaver
adrian.kla...@aklaver.com

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Rob Sargent]

On 1/1/23 14:48, Adrian Klaver wrote:

On 1/1/23 13:11, Antonis Christodoulou wrote:

Hello Adrian,

No it’s not open, but the database itself has very simple credentials 
(I am just starting with PostgreSQL). What’s weird about the logs?


Not the logs the ps output. I would expect to see something like:

ps -ef | grep postgres
postgres  395382   1  0  2022 ?    00:03:31 
/usr/lib/postgresql/14/bin/postgres -D /var/lib/postgresql/14/main -c 
config_file=/etc/postgresql/14/main/postgresql.conf
postgres  395384  395382  0  2022 ?    00:00:01 postgres: 14/main: 
checkpointer
postgres  395385  395382  0  2022 ?    00:00:26 postgres: 14/main: 
background writer
postgres  395386  395382  0  2022 ?    00:00:26 postgres: 14/main: 
walwriter
postgres  395387  395382  0  2022 ?    00:01:45 postgres: 14/main: 
autovacuum launcher
postgres  395388  395382  0  2022 ?    00:00:05 postgres: 14/main: 
archiver last was 0001000300B9.0028.backup
postgres  395389  395382  0  2022 ?    00:01:37 postgres: 14/main: 
stats collector
postgres  395390  395382  0  2022 ?    00:02:24 postgres: 14/main: 
pg_cron launcher
postgres  395391  395382  0  2022 ?    00:00:01 postgres: 14/main: 
logical replication launcher


This:

postgres 3342383   1  0  2022 ?    00:00:00 FzXlkULu
postgres 3344758   1 99  2022 ?    3-14:39:11 OElid7Dp
postgres 3419125   1 18 13:57 ?    01:17:03 tracepath

just does not look right.



At the very least disconnect that machine from the internet.  Completely.

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Antonis Christodoulou]

I just added postgres to the sudoers list, nothing, same issue (slightly 
different journalctl logs)

This is a machine in the cloud, I can’t disconnect it.

And yes the ps looks like this precisely when I do a fresh restart. I kill all 
postgres processes and restart:

christan@vultr:~$ for i in `ps -ef | grep postgres | awk '{print $2}'`; do sudo 
kill $i; done
christan@vultr:~$ sudo systemctl restart postgresql

Then this is the output of me ps:

christan@vultr:~$ ps -ef | grep postgres
postgres 3504795   1  0 05:51 ?00:00:00 
/usr/lib/postgresql/12/bin/postgres -D /var/lib/postgresql/12/main -c 
config_file=/etc/postgresql/12/main/postgresql.conf
postgres 3504797 3504795  0 05:51 ?00:00:00 postgres: 12/main: 
checkpointer   
postgres 3504798 3504795  0 05:51 ?00:00:00 postgres: 12/main: 
background writer   
postgres 3504799 3504795  0 05:51 ?00:00:00 postgres: 12/main: 
walwriter   
postgres 3504800 3504795  0 05:51 ?00:00:00 postgres: 12/main: 
autovacuum launcher   
postgres 3504801 3504795  0 05:51 ?00:00:00 postgres: 12/main: stats 
collector   
postgres 3504802 3504795  0 05:51 ?00:00:00 postgres: 12/main: logical 
replication launcher   
christan 3504902 3504620  0 05:59 pts/000:00:00 grep --color=auto postgres

After a couple of hours, all these go away and I just see that weird ps output… 
:(

Then this is what I see in journalctl:

Jan 01 21:36:03 vultr.guest systemd[1]: Starting PostgreSQL Cluster 12-main...
Jan 01 21:36:06 vultr.guest systemd[1]: Started PostgreSQL Cluster 12-main.
Jan 01 22:58:44 vultr.guest sudo[3472381]: postgres : TTY=unknown ; 
PWD=/var/lib/postgresql/12/main ; USER=root ; COMMAND=/usr/sbin/sysctl 
kernel.nmi_watchdog=0
Jan 01 22:58:44 vultr.guest sudo[3472381]: pam_unix(sudo:session): session 
opened for user root by (uid=0)
Jan 01 22:58:44 vultr.guest sudo[3472381]: pam_unix(sudo:session): session 
closed for user root
Jan 01 22:58:57 vultr.guest crontab[3473870]: (postgres) LIST (postgres)
Jan 01 22:58:57 vultr.guest crontab[3473873]: (postgres) LIST (postgres)
…
…
…
Jan 01 22:58:57 vultr.guest crontab[3474021]: (postgres) LIST (postgres)
Jan 01 22:58:57 vultr.guest crontab[3474024]: (postgres) LIST (postgres)
Jan 01 22:58:57 vultr.guest crontab[3474026]: (postgres) REPLACE (postgres)
Jan 01 22:58:57 vultr.guest postgresql@12-main[3474027]: Cluster is not running.
Jan 01 22:58:57 vultr.guest systemd[1]: postgresql@12-main.service: Control 
process exited, code=exited, status=2/INVALIDARGUMENT
Jan 01 22:58:57 vultr.guest systemd[1]: postgresql@12-main.service: Failed with 
result 'exit-code'.


I may just install the same way into a dedicated AWS instance, just to see if 
I’m getting the same behavior there... 


> On 1 Jan 2023, at 11:50 PM, Rob Sargent  wrote:
> 
> On 1/1/23 14:48, Adrian Klaver wrote:
>> On 1/1/23 13:11, Antonis Christodoulou wrote: 
>>> Hello Adrian, 
>>> 
>>> No it’s not open, but the database itself has very simple credentials (I am 
>>> just starting with PostgreSQL). What’s weird about the logs? 
>> 
>> Not the logs the ps output. I would expect to see something like: 
>> 
>> ps -ef | grep postgres 
>> postgres  395382   1  0  2022 ?00:03:31 
>> /usr/lib/postgresql/14/bin/postgres -D /var/lib/postgresql/14/main -c 
>> config_file=/etc/postgresql/14/main/postgresql.conf 
>> postgres  395384  395382  0  2022 ?00:00:01 postgres: 14/main: 
>> checkpointer 
>> postgres  395385  395382  0  2022 ?00:00:26 postgres: 14/main: 
>> background writer 
>> postgres  395386  395382  0  2022 ?00:00:26 postgres: 14/main: 
>> walwriter 
>> postgres  395387  395382  0  2022 ?00:01:45 postgres: 14/main: 
>> autovacuum launcher 
>> postgres  395388  395382  0  2022 ?00:00:05 postgres: 14/main: 
>> archiver last was 0001000300B9.0028.backup 
>> postgres  395389  395382  0  2022 ?00:01:37 postgres: 14/main: stats 
>> collector 
>> postgres  395390  395382  0  2022 ?00:02:24 postgres: 14/main: 
>> pg_cron launcher 
>> postgres  395391  395382  0  2022 ?00:00:01 postgres: 14/main: 
>> logical replication launcher 
>> 
>> This: 
>> 
>> postgres 3342383   1  0  2022 ?00:00:00 FzXlkULu 
>> postgres 3344758   1 99  2022 ?3-14:39:11 OElid7Dp 
>> postgres 3419125   1 18 13:57 ?01:17:03 tracepath 
>> 
>> just does not look right. 
>> 
>> 
> At the very least disconnect that machine from the internet.  Completely.  
> 

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Tom Lane]

Antonis Christodoulou  
 
writes:
> This is a machine in the cloud, I can’t disconnect it.

In that case, you need to be taking nonzero security precautions.

> And yes the ps looks like this precisely when I do a fresh restart. I kill 
> all postgres processes and restart:
> Then this is the output of me ps:

That looks fine ... but this doesn't:

>>> postgres 3342383   1  0  2022 ?00:00:00 FzXlkULu 
>>> postgres 3344758   1 99  2022 ?3-14:39:11 OElid7Dp 
>>> postgres 3419125   1 18 13:57 ?01:17:03 tracepath 

Somebody is hacking into your system and commandeering it to run
something resource-intensive, possibly a bitcoin miner.  Whatever
it is, it's trying to obscure its process name which is hardly
a sign of good intentions.

I'd counsel taking a hard look at your pg_hba.conf to be sure
it's not allowing non-credentialed logins from anywhere.  And
for pete's sake don't use a guessable password.

regards, tom lane

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Ahmet Demir]

And I can suggest checking cron jobs both on root and postgres, killing
those processes and changing root postgres passwords.

Ahmet

On Mon, 2 Jan 2023 at 09:19, Tom Lane  wrote:

> Antonis Christodoulou  <
> vi1p193mb051005c8be974502a0d4a315e1...@vi1p193mb0510.eurp193.prod.outlook.com>
> writes:
> > This is a machine in the cloud, I can’t disconnect it.
>
> In that case, you need to be taking nonzero security precautions.
>
> > And yes the ps looks like this precisely when I do a fresh restart. I
> kill all postgres processes and restart:
> > Then this is the output of me ps:
>
> That looks fine ... but this doesn't:
>
> >>> postgres 3342383   1  0  2022 ?00:00:00 FzXlkULu
> >>> postgres 3344758   1 99  2022 ?3-14:39:11 OElid7Dp
> >>> postgres 3419125   1 18 13:57 ?01:17:03 tracepath
>
> Somebody is hacking into your system and commandeering it to run
> something resource-intensive, possibly a bitcoin miner.  Whatever
> it is, it's trying to obscure its process name which is hardly
> a sign of good intentions.
>
> I'd counsel taking a hard look at your pg_hba.conf to be sure
> it's not allowing non-credentialed logins from anywhere.  And
> for pete's sake don't use a guessable password.
>
> regards, tom lane
>
>
>

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Antonis Christodoulou]

Hmm wow, never thought this could be the case. Yes I am using postgres/postgres 
for my db, and I am indeed allowing full remote access in my pg_hba.conf (I 
would definitely change this, just wanted to start testing it…)

# Remote database connections
host all postgres 0.0.0.0/0 md5

> On 2 Jan 2023, at 8:29 AM, Ahmet Demir  wrote:
> 
> And I can suggest checking cron jobs both on root and postgres, killing those 
> processes and changing root postgres passwords.
> 
> Ahmet
> 
> On Mon, 2 Jan 2023 at 09:19, Tom Lane  > wrote:
> Antonis Christodoulou  > 
>   
> >
>  writes:
> > This is a machine in the cloud, I can’t disconnect it.
> 
> In that case, you need to be taking nonzero security precautions.
> 
> > And yes the ps looks like this precisely when I do a fresh restart. I kill 
> > all postgres processes and restart:
> > Then this is the output of me ps:
> 
> That looks fine ... but this doesn't:
> 
> >>> postgres 3342383   1  0  2022 ?00:00:00 FzXlkULu 
> >>> postgres 3344758   1 99  2022 ?3-14:39:11 OElid7Dp 
> >>> postgres 3419125   1 18 13:57 ?01:17:03 tracepath 
> 
> Somebody is hacking into your system and commandeering it to run
> something resource-intensive, possibly a bitcoin miner.  Whatever
> it is, it's trying to obscure its process name which is hardly
> a sign of good intentions.
> 
> I'd counsel taking a hard look at your pg_hba.conf to be sure
> it's not allowing non-credentialed logins from anywhere.  And
> for pete's sake don't use a guessable password.
> 
> regards, tom lane
> 
> 

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Antonis Christodoulou]

And for the record, Ahmet, here’s a weird cron job:

christan@vultr:~$ sudo crontab -l -u postgres
13 * * * * 
/var/lib/postgresql/.systemd-private-x8C8W8llVk0Rzccy9N0ggCOI2VBAc.sh > 
/dev/null 2>&1 &

Had no idea somebody can add something like this externally...

> On 2 Jan 2023, at 8:34 AM, Antonis Christodoulou  
> wrote:
> 
> Hmm wow, never thought this could be the case. Yes I am using 
> postgres/postgres for my db, and I am indeed allowing full remote access in 
> my pg_hba.conf (I would definitely change this, just wanted to start testing 
> it…)
> 
> # Remote database connections
> host all postgres 0.0.0.0/0 md5
> 
>> On 2 Jan 2023, at 8:29 AM, Ahmet Demir > > wrote:
>> 
>> And I can suggest checking cron jobs both on root and postgres, killing 
>> those processes and changing root postgres passwords.
>> 
>> Ahmet
>> 
>> On Mon, 2 Jan 2023 at 09:19, Tom Lane > > wrote:
>> Antonis Christodoulou > > 
>> >  
>> >
>>  writes:
>> > This is a machine in the cloud, I can’t disconnect it.
>> 
>> In that case, you need to be taking nonzero security precautions.
>> 
>> > And yes the ps looks like this precisely when I do a fresh restart. I kill 
>> > all postgres processes and restart:
>> > Then this is the output of me ps:
>> 
>> That looks fine ... but this doesn't:
>> 
>> >>> postgres 3342383   1  0  2022 ?00:00:00 FzXlkULu 
>> >>> postgres 3344758   1 99  2022 ?3-14:39:11 OElid7Dp 
>> >>> postgres 3419125   1 18 13:57 ?01:17:03 tracepath 
>> 
>> Somebody is hacking into your system and commandeering it to run
>> something resource-intensive, possibly a bitcoin miner.  Whatever
>> it is, it's trying to obscure its process name which is hardly
>> a sign of good intentions.
>> 
>> I'd counsel taking a hard look at your pg_hba.conf to be sure
>> it's not allowing non-credentialed logins from anywhere.  And
>> for pete's sake don't use a guessable password.
>> 
>> regards, tom lane
>> 
>> 
> 

Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours

[Matthias Apitz]

El día lunes, enero 02, 2023 a las 08:53:32a. m. +0200, Antonis Christodoulou 
escribió:

> And for the record, Ahmet, here’s a weird cron job:
> 
> christan@vultr:~$ sudo crontab -l -u postgres
> 13 * * * * 
> /var/lib/postgresql/.systemd-private-x8C8W8llVk0Rzccy9N0ggCOI2VBAc.sh > 
> /dev/null 2>&1 &
> 
> Had no idea somebody can add something like this externally...

Please post the content of this script.

matthias


-- 
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub