search cancel

Configuring Network Discover to scan PostgreSQL databases

book

Article ID: 202247

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

You want to scan a PostgreSQL database and need to know the necessary steps to configure Network Discover.

 

Note: This is not a supported scan target for DLP, however with the appropriate changes to the sqldatabasecrawler.properties and your postgres database it can work.  This is a "Best Effort" solution only.  For supported database targets please refer to published documentation. 

Resolution

  1. Download a supported version of the PostgreSQL JDBC Driver
  2. Copy the jar file to the jdbc directory
    [Windows] C:\Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\lib\jdbc
    [Linux] /opt/Symantec/DataLossPrevention/DetectionServer/<version>/Protect/lib/jdbc
  3. Edit the sqldatabasecrawler.properties file
    [Windows] C:\Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\config\sqldatabasecrawler.properties
    [Linux] /opt/Symantec/DataLossPrevention/DetectionServer/<version>/Protect/config/sqldatabasecrawler.properties
  4. Add the following lines (note the default entry for postgres can be similarly modified and will work just as well.  However the below lines  will allow for standard postgresql connection strings)
    # Postgresql
    driver_class.postgresql = org.postgresql.Driver
    driver_subprotocol.postgresql = postgresql
    driver_jar.postgresql = postgresql-42.4.0.jar
    driver_table_query.postgresql = SELECT tablename FROM pg_tables WHERE tableowner = current_user
    driver_row_selector.postgresql = SELECT {1} FROM {0} LIMIT {2}
    quote_table_names.postgresql = false
  5. From the Enforce Console > Manage > Discover Scanning > Discover Targets > New Target > SQL Database
  6. On the Scanned Content tab, provide credentials and configure the content root as postgresql://<ip_address>:<port>/<database>
    postgresql://HOST:5432/DatabaseName
    Configure any other parameters as desired and then test the scan target. 

Additional Information

Enable the PostgreSQL database server to allow connections from the Network Discover Server

  1. Edit the pg_hba.conf
    [Windows] C:\Program Files\PostgreSQL\13\data\pg_hba.conf
  2. Add the discover server IP address or hostname
    # TYPE  DATABASE        USER            ADDRESS                 METHOD
    host all     all   myDiscoverServer   scram-sha-256