STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed.

DISA Rule

SV-214084r508027_rule

Vulnerability Number

V-214084

Group Title

SRG-APP-000454-DB-000389

Rule Version

PGS9-00-004300

Severity

CAT II

CCI(s)

CCI-002617 - The organization removes organization-defined software components (e.g., previous versions) after updated versions have been installed.

Weight

Fix Recommendation

Use package managers (RPM or apt-get) for installing PostgreSQL. Unused software is removed when updated.

Check Contents

To check software installed by packages, as the system administrator, run the following command:

# RHEL/CENT Systems
$ sudo rpm -qa | grep postgres

If multiple versions of postgres are installed but are unused, this is a finding.

Vulnerability Number

V-214084

Documentable

False

Rule Version

PGS9-00-004300

Severity Override Guidance

Check Content Reference

Target Key

3994

When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments