Cybersecurity Triage
Check Whether Databases Listen Publicly
You need to know whether PostgreSQL or MySQL is exposed beyond localhost.
Command
ss -ltnp | awk '$4 ~ /:(5432|3306)$/ {print}'What changed
Nothing changes. ss and awk print matching listening sockets.
Danger
safe
When to use it
Use during hardening, breach triage, VPS audits, and deploy reviews.
When not to use it
Do not treat localhost binding as complete security; credentials, firewall rules, and tunnels still matter.
Undo or recovery
No undo needed because this command is read-only.
Expected output
Listening socket rows for ports 5432 and 3306, including bind addresses.
demo script
Disposable terminal steps
ss -ltnpss -ltnp | awk '$4 ~ /:(5432|3306)$/ {print}'ss -ltnp | awk '$4 ~ /^(0[.]0[.]0[.]0|[[]::[]]|[*]):(5432|3306)$/ {print}'
simulated output
What it looks like
::fixture-ready::
$ ss -ltnp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:5432 0.0.0.0:* users:(("postgres",pid=421,fd=5))
LISTEN 0 151 0.0.0.0:3306 0.0.0.0:* users:(("mysqld",pid=733,fd=22))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=71,fd=3))
::exit-code::0
$ ss -ltnp | awk '$4 ~ /:(5432|3306)$/ {print}'
LISTEN 0 128 127.0.0.1:5432 0.0.0.0:* users:(("postgres",pid=421,fd=5))
LISTEN 0 151 0.0.0.0:3306 0.0.0.0:* users:(("mysqld",pid=733,fd=22))
::exit-code::0
$ ss -ltnp | awk '$4 ~ /^(0[.]0[.]0[.]0|[[]::[]]|[*]):(5432|3306)$/ {print}'
LISTEN 0 151 0.0.0.0:3306 0.0.0.0:* users:(("mysqld",pid=733,fd=22))
::exit-code::0
YouTube Short
Check database exposure.
Before touching credentials, check whether Postgres or MySQL is listening on a public interface.
LinkedIn hook
The fastest database security check is the listening address.
Question: Do you check database bind addresses during VPS security reviews?
experiments
A/B tests to run
Metric: short_save_rate
A: The fastest database security check is the listening address.
B: Check whether your database is listening publicly.