This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
zsszlama
Contributor
‎2023-05-19 12:20 AM
Jump to solution

cp_postgres added to root group

Hi Guys,

I've encountered that sometimes the cp_postgres user has been added to the root group. Here is an output from my lab:

 

[Expert@zsszlama-cp-mgmt2:0]# grep -i root sec*

secure.2:Apr 20 14:04:35 2023 zsszlama-cp-mgmt2 usermod[9277]: add `cp_postgres' to group `root'

secure.2:Apr 20 14:04:35 2023 zsszlama-cp-mgmt2 usermod[9277]: add `cp_postgres' to shadow group `root'

secure.3:Feb 13 14:23:12 2023 zsszlama-cp-mgmt2 usermod[9470]: add `cp_postgres' to group `root'

secure.3:Feb 13 14:23:12 2023 zsszlama-cp-mgmt2 usermod[9470]: add `cp_postgres' to shadow group `root'

secure.4:Feb  6 11:10:06 2023 zsszlama-cp-mgmt2 useradd[20669]: new group: name=dockerroot, GID=103

secure.4:Feb  6 11:10:06 2023 zsszlama-cp-mgmt2 useradd[20669]: new user: name=dockerroot, UID=103, GID=103, home=/usr/com/docker, shell=/sbin/nologin

secure.4:Feb  6 11:16:55 2023 zsszlama-cp-mgmt2 usermod[9475]: add `cp_postgres' to group `root'

secure.4:Feb  6 11:16:55 2023 zsszlama-cp-mgmt2 usermod[9475]: add `cp_postgres' to shadow group `root'

[Expert@zsszlama-cp-mgmt2:0]#

 

I've double checked that at some of our customers and I could also see those processes at them.

 

Could you please enlighten me what is the purpose of these process and what is triggering it? I was not able to find an SK about it?


Thanks in advance!

Zsolt

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2023-05-19 02:06 AM
Jump to solution

This is the database daemon for different GAiAs PostgreSQLdatabases, that contain OS configuration, SmartEvent / Eventia Analyzer / SmartReporter data. See sk92366: The data files $RTDIR/events_db/ are not re-created after re-registering the 'Analyzer' dat...The 'cp_postgresuser must be a member of the groups 'rootand 'bin.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

1 Reply
G_W_Albrecht
Legend Legend
Legend
‎2023-05-19 02:06 AM
Jump to solution

This is the database daemon for different GAiAs PostgreSQLdatabases, that contain OS configuration, SmartEvent / Eventia Analyzer / SmartReporter data. See sk92366: The data files $RTDIR/events_db/ are not re-created after re-registering the 'Analyzer' dat...The 'cp_postgresuser must be a member of the groups 'rootand 'bin.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events