STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Access to external executables must be disabled or restricted.

DISA Rule

SV-213594r508024_rule

Vulnerability Number

V-213594

Group Title

SRG-APP-000141-DB-000093

Rule Version

PPS9-00-004000

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

Review the EDB PPAS packages available in the installation guide here:

http://www.enterprisedb.com/docs/en/9.5/instguide/Postgres_Plus_Advanced_Server_Installation_Guide.1.14.html#

Uninstall any unneeded packages by running the following as root:

#> yum erase -y <package-name>

At a minimum, the ppas94-server-* packages are required, but other packages such as jdbc, postgis, pgpool and others may be required by applications that need the functionality provided in these additional packages

Check Contents

Run the following command as root:

yum list installed | grep ppas

If any packages are installed that are not needed, this is a finding.

Vulnerability Number

V-213594

Documentable

False

Rule Version

PPS9-00-004000

Severity Override Guidance

Run the following command as root:

yum list installed | grep ppas

If any packages are installed that are not needed, this is a finding.

Check Content Reference

Target Key

3988

Access to external executables must be disabled or restricted.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments