STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

EDB Postgres Advanced Server software modules, to include stored procedures, functions and triggers must be monitored to discover unauthorized changes.

DISA Rule

SV-213586r508024_rule

Vulnerability Number

V-213586

Group Title

SRG-APP-000133-DB-000179

Rule Version

PPS9-00-003210

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Configure an EDB Postgres timed job that automatically checks all system and user-defined procedures, functions and triggers for being modified, and in the event of such changes informs the proper personnel for evaluation and possible action.

Check Contents

Check the EDB Postgres configuration for a timed job that automatically checks all system and user-defined procedures, functions and triggers for being modified by running the following EDB Postgres query:
select job, what from ALL_JOBS;

(Alternatively, in Postgres Enterprise Manager, navigate to the "Jobs" node of the database and examine the job from there.)

If a timed job or some other method is not implemented to check for Triggers being modified, this is a finding.

Vulnerability Number

V-213586

Documentable

False

Rule Version

PPS9-00-003210

Severity Override Guidance

Check the EDB Postgres configuration for a timed job that automatically checks all system and user-defined procedures, functions and triggers for being modified by running the following EDB Postgres query:
select job, what from ALL_JOBS;

(Alternatively, in Postgres Enterprise Manager, navigate to the "Jobs" node of the database and examine the job from there.)

If a timed job or some other method is not implemented to check for Triggers being modified, this is a finding.

Check Content Reference

M

Target Key

3988

Comments