https://hackernoon.com/8-crucial-tips-for-hardening-postgresql-144-servers-in-2022
-
Set listen_address to localhost. This will block connections from exterior networks
-
Lock down any ports other than database and management ports
-
Disable remote access in pg_hba.conf. Remote access is still possible if ssh to server then local connect
-
Hash data that you don’t need reversed.
-
Create user groups
-
Enable query tracking for databases. Install pg_stat_statements extension first
-
Pg_basebackup or pgBackRest to create backups.