Configuring the PostgreSQL or Postgres Pro server for working with Kaspersky Security Center Linux

Kaspersky Security Center Linux supports PostgreSQL and Postgres Pro DBMSs. If you use one of these DBMSs, consider configuring the DBMS server parameters to optimize the DBMS work with Kaspersky Security Center Linux.

The default path to the configuration file is: /etc/postgresql/<VERSION>/main/postgresql.conf

Recommended parameters for PostgreSQL and Postgres Pro:

• shared_buffers = N

  N = 25% of the RAM value of the device where the DBMS is installed. If RAM is less than 1 GB, then leave the default value.

• max_stack_depth = maximum stack size (execute the 'ulimit -s' command to obtain this value in KB) minus the 1 MB safety margin
• temp_buffers = 24MB
• work_mem = 16MB
• max_connections = 151
• max_parallel_workers_per_gather = 0
• maintenance_work_mem = 128MB

Make sure the standard_conforming_strings parameter is set to its default value of on. Reload configuration or restart the server after updating the postgresql.conf file. Refer to the PostgreSQL documentation for details.

If you use a cluster Postgres DBMS, specify the max_connections parameter for all DBMS servers as well as in the cluster configuration.

If you use Postgres Pro 15.7 or Postgres Pro 15.7.1, disable the enable_compound_index_stats parameter:

enable_compound_index_stats = off

For detailed information about PostgreSQL and Postgres Pro server parameters and on how to specify the parameters, refer to the corresponding DBMS documentation.

Refer to the following topic for details on how to create and configure accounts for PostgreSQL and Postgres Pro: Configuring accounts for work with PostgreSQL and Postgres Pro.

Highly available cluster support

Highly available MariaDB and PostgreSQL clusters are supported with the following settings:

Replication type: synchronous.

Minimum number of nodes: 3.

Maximum number of nodes: 15.

The Postgres role used by the Server to access the DBMS needs to have privileges to read the following views (enabled by default):

• pg_stat_replication
• pg_stat_wal_receiver

When using a Postgres Highly Available cluster (version 14 or later) as the database, the database user must have the pg_read_all_stats privilege. You can grant this privilege by running the following command:

GRANT pg_read_all_stats TO "%1";

Where %1 is the name of the database user.

The user name is specified during the Administration Server installation in the KLSRV_UNATT_DBMS_LOGIN parameter.

Page top