STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

DISA Rule

SV-213566r508024_rule

Vulnerability Number

V-213566

Group Title

SRG-APP-000090-DB-000065

Rule Version

PPS9-00-001100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Run these commands:

1) "chown enterprisedb <postgresql data directory>/postgresql*.conf"

2) "chgrp enterprisedb <postgresql data directory>/postgresql*.conf"

3) "chmod 600 <postgresql data directory>/postgresql*.conf"

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Check Contents

Run the command "ls -al <postgresql data directory>/postgresql*.conf" to show file permissions. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If the files are not owned by enterprisedb(user)/enterprisedb(group) or does not have RW permission for the user only, this is a finding.

Vulnerability Number

V-213566

Documentable

False

Rule Version

PPS9-00-001100

Severity Override Guidance

Run the command "ls -al <postgresql data directory>/postgresql*.conf" to show file permissions. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If the files are not owned by enterprisedb(user)/enterprisedb(group) or does not have RW permission for the user only, this is a finding.

Check Content Reference

M

Target Key

3988

Comments