Why does pg_hba.conf sometimes have random rules added to it? (postgresql)
As you seem to have surmised, "pgdbadm" is an account created by hackers. It is the known account created a recent crypto-mining attacker who exploits unsecured postgresql superuser accounts. Changing the pg_hba.conf is also part of his MO.
In a standard Postgres installation, no rules are added to pg_hba.conf by any program whatsoever. All editing of this file is done manually.
You either have some person doing this or someone has added a program - either with benevolent or malicious intent - to do this for them.
You should solve this
- in your organisation by determining who is doing this; and
- by changing passwords and removing/revoking any SSH keys