HBA Checker – KloudDB Shield 1.4

Table of Contents

What is klouddb_Shield ?

Klouddb_Shield is an open source security tool that checks for CIS compliance . Currently we check for 8 RDS controls , 40 controls(Postgres) , 46 MySQL controls – a total of 94 checks as of today and we plan to add more checks soon

Please see previous blog posts on this topic

Postgres release – https://klouddb.io/cis-benchmarks-for-postgres-klouddbshield-1-1/

MySQL release – https://klouddb.io/releasing-first-version-of-klouddb-shield-mysql-cis-benchmarks/

RDS release – https://klouddb.io/klouddb-shield-1-2-rds-cis-benchmarks/

HTML report release – https://klouddb.io/klouddb-shield-1-3-html-feature

Release 1.4 - What is new in this release ?

In this release we are introducing hba scanner feature . We perform about 9 different checks and generate a report (Total of 40 checks for Postgres)

HBA Scanner - Using pg_hba_file_rules

Internally we use pg_hba_file_rules to perform these checks . Please ensure that proper permissions are given to the user

For example a query like below can be used to check for presence of ‘all’ under database section

HBA Scanner - File scan

By default it uses pg_hba_file_rules and if this method fails it can use file scanner method. It can scan hba file and detect issues automatically (Our recommendation is to use pg_hba_file_rues method)

Sample run - How to produce hba report ?

After installing the package or cloning the repo , please run below command . Pick option 1 for Postgres , it will then prompt you ‘Do you also want to run HBA Scanner’ for which you will input ‘y’ as reply

HTML report for HBA scanner

HTML Report enhances user experience . Once you generate html report, you need to open it with a web browser . NOTE- Currently there are two different html reports being generated 1) postgressecreport.html 2) hbascannerreport.html

Below is sample output for hba scanner html report

Another very useful addon in this release is the + button . You can get detailed info about a particular control using + button

Future releases

Please try hba scanner and html report today – You will definitely like it. Please stay tuned – More exciting features coming up


We released KloudDB Shield 1.4 today . Please give it a try and pass your feedback . We spent ton of time to develop this tool and we plan to enhance this tool based on user feedback

Also check our performance articles –Pg_fincore and pg_buffercache to troubleshoot performance issues , Pgbouncer multiple instances(How we increased our TPS using multiple instances) , Postgres and temporary files , Pgpool and performance tuning, How we improved Lambda performance by 130x etc..

Share this Post :