STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Unused database components, EDB Postgres Advanced Server software, and database objects must be removed.

DISA Rule

SV-213592r508024_rule

Vulnerability Number

V-213592

Group Title

SRG-APP-000141-DB-000091

Rule Version

PPS9-00-003800

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

If any components are required for operation of applications that will be accessing the DBMS, include them in the system documentation.

To uninstall and unused package (using ppas-odbc-devel-09.03.0400.02-1.rhel7.x86_64 as an example), execute the following command as root:

yum erase -y ppas-odbc-devel-09.03.0400.02-1.rhel7.x86_64

Check Contents

Review the list of components and features installed with the database.

If unused components are installed and are not documented and authorized, this is a finding.

RPM can also be used to check to see what is installed:

yum list installed | grep ppas

This returns EDB database packages that have been installed. If any packages displayed by this command are not being used, this is a finding.

Vulnerability Number

V-213592

Documentable

False

Rule Version

PPS9-00-003800

Severity Override Guidance

Review the list of components and features installed with the database.

If unused components are installed and are not documented and authorized, this is a finding.

RPM can also be used to check to see what is installed:

yum list installed | grep ppas

This returns EDB database packages that have been installed. If any packages displayed by this command are not being used, this is a finding.

Check Content Reference

M

Target Key

3988

Comments