STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership.

DISA Rule

SV-214074r508027_rule

Vulnerability Number

V-214074

Group Title

SRG-APP-000133-DB-000200

Rule Version

PGS9-00-003100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Assign ownership of authorized objects to authorized object owner accounts. 

#### Schema Owner 

To create a schema owned by the user bob, run the following SQL: 

$ sudo su - postgres 
$ psql -c "CREATE SCHEMA test AUTHORIZATION bob"

To alter the ownership of an existing object to be owned by the user bob, run the following SQL: 

$ sudo su - postgres 
$ psql -c "ALTER SCHEMA test OWNER TO bob"

Check Contents

Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s).

If any database objects are found to be owned by users not authorized to own database objects, this is a finding.

To check the ownership of objects in the database, as the database administrator, run the following SQL:

$ sudo su - postgres
$ psql -x -c "\dn *.*"
$ psql -x -c "\dt *.*"
$ psql -x -c "\ds *.*"
$ psql -x -c "\dv *.*"
$ psql -x -c "\df+ *.*"

If any object is not owned by an authorized role for ownership, this is a finding.

Vulnerability Number

V-214074

Documentable

False

Rule Version

PGS9-00-003100

Severity Override Guidance

Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s).

If any database objects are found to be owned by users not authorized to own database objects, this is a finding.

To check the ownership of objects in the database, as the database administrator, run the following SQL:

$ sudo su - postgres
$ psql -x -c "\dn *.*"
$ psql -x -c "\dt *.*"
$ psql -x -c "\ds *.*"
$ psql -x -c "\dv *.*"
$ psql -x -c "\df+ *.*"

If any object is not owned by an authorized role for ownership, this is a finding.

Check Content Reference

M

Target Key

3994

Comments