Table of Contents
What is klouddb_Shield ?
Klouddb_Shield is an open source security tool that checks for CIS compliance . Currently we check for 8 RDS controls , 40 controls(Postgres) , 46 MySQL controls – a total of 94 checks as of today and we plan to add more checks soon
Please see previous blog posts on this topic
Postgres release – https://klouddb.io/cis-benchmarks-for-postgres-klouddbshield-1-1/
MySQL release – https://klouddb.io/releasing-first-version-of-klouddb-shield-mysql-cis-benchmarks/
RDS release – https://klouddb.io/klouddb-shield-1-2-rds-cis-benchmarks/
HTML report release – https://klouddb.io/klouddb-shield-1-3-html-feature
Release 1.4 - What is new in this release ?
In this release we are introducing hba scanner feature . We perform about 9 different checks and generate a report (Total of 40 checks for Postgres)
![](https://klouddb.io/wp-content/uploads/2023/04/Picture-1.jpg)
![](https://klouddb.io/wp-content/uploads/2023/04/Picture-2.jpg)
HBA Scanner - Using pg_hba_file_rules
Internally we use pg_hba_file_rules to perform these checks . Please ensure that proper permissions are given to the user
For example a query like below can be used to check for presence of ‘all’ under database section
![](https://klouddb.io/wp-content/uploads/2023/04/Picture-3.jpg)
HBA Scanner - File scan
By default it uses pg_hba_file_rules and if this method fails it can use file scanner method. It can scan hba file and detect issues automatically (Our recommendation is to use pg_hba_file_rues method)
Sample run - How to produce hba report ?
After installing the package or cloning the repo , please run below command . Pick option 1 for Postgres , it will then prompt you ‘Do you also want to run HBA Scanner’ for which you will input ‘y’ as reply
![](https://klouddb.io/wp-content/uploads/2023/04/Picture-4.jpg)
![](https://klouddb.io/wp-content/uploads/2023/04/Picture-5.jpg)
HTML report for HBA scanner
HTML Report enhances user experience . Once you generate html report, you need to open it with a web browser . NOTE- Currently there are two different html reports being generated 1) postgressecreport.html 2) hbascannerreport.html
Below is sample output for hba scanner html report
![](https://klouddb.io/wp-content/uploads/2023/04/Picture-6.jpg)
Another very useful addon in this release is the + button . You can get detailed info about a particular control using + button
![](https://klouddb.io/wp-content/uploads/2023/04/Picture-7.jpg)
Future releases
Please try hba scanner and html report today – You will definitely like it. Please stay tuned – More exciting features coming up
Conclusion
We released KloudDB Shield 1.4 today . Please give it a try and pass your feedback . We spent ton of time to develop this tool and we plan to enhance this tool based on user feedback
Also check our performance articles –Pg_fincore and pg_buffercache to troubleshoot performance issues , Pgbouncer multiple instances(How we increased our TPS using multiple instances) , Postgres and temporary files , Pgpool and performance tuning, How we improved Lambda performance by 130x etc..