STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.

DISA Rule

SV-213577r508024_rule

Vulnerability Number

V-213577

Group Title

SRG-APP-000109-DB-000049

Rule Version

PPS9-00-002300

Severity

CAT II

CCI(s)

CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

Fix Recommendation

Install PEM and configure an alert to shut down the PPAS server when the audit log mount point is at 99 percent full. Refer to the Supplemental Procedures document, supplied with this STIG, for guidance on configuring alerts.

Check Contents

If Postgres Enterprise Manager (PEM) is not installed and configured to shut down the database when the audit log is full, this is a finding.

Vulnerability Number

V-213577

Documentable

False

Rule Version

PPS9-00-002300

Severity Override Guidance

If Postgres Enterprise Manager (PEM) is not installed and configured to shut down the database when the audit log is full, this is a finding.

Check Content Reference

Target Key

3988

The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments