STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

DISA Rule

SV-213561r508024_rule

Vulnerability Number

V-213561

Group Title

SRG-APP-000001-DB-000031

Rule Version

PPS9-00-000100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Execute the following SQL as enterprisedb:

SELECT rolname, rolconnlimit FROM pg_roles;

For any roles where rolconnlimit is -1 or larger than the system documentation limits, execute this SQL as enterprisedb:.

ALTER USER <role> WITH CONNECTION LIMIT <desired connection limit>;

Check Contents

Determine whether the system documentation specifies limits on the number of concurrent DBMS sessions per account by type of user. If it does not, assume a limit of 10 for database administrators and 2 for all other users.

Execute the following SQL as enterprisedb:

SELECT rolname, rolconnlimit FROM pg_roles;

If rolconnlimit is -1 or larger than the system documentation limits for any rolname, this is a finding.

Vulnerability Number

V-213561

Documentable

False

Rule Version

PPS9-00-000100

Severity Override Guidance

Determine whether the system documentation specifies limits on the number of concurrent DBMS sessions per account by type of user. If it does not, assume a limit of 10 for database administrators and 2 for all other users.

Execute the following SQL as enterprisedb:

SELECT rolname, rolconnlimit FROM pg_roles;

If rolconnlimit is -1 or larger than the system documentation limits for any rolname, this is a finding.

Check Content Reference

M

Target Key

3988

Comments