STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214131r508027_rule
V-214131
SRG-APP-000380-DB-000360
PGS9-00-009600
CAT II
10
Configure PostgreSQL to enforce access restrictions associated with changes to the configuration of PostgreSQL or database(s).
Use ALTER ROLE to remove accesses from roles:
$ psql -c "ALTER ROLE <role_name> NOSUPERUSER"
Use REVOKE to remove privileges from databases and schemas:
$ psql -c "REVOKE ALL PRIVILEGES ON <table> FROM <role_name>"
To list all the permissions of individual roles, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "\du
If any role has SUPERUSER that should not, this is a finding.
Next, list all the permissions of databases and schemas by running the following SQL:
$ sudo su - postgres
$ psql -c "\l"
$ psql -c "\dn+"
If any database or schema has update ("W") or create ("C") privileges and should not, this is a finding.
V-214131
False
PGS9-00-009600
To list all the permissions of individual roles, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "\du
If any role has SUPERUSER that should not, this is a finding.
Next, list all the permissions of databases and schemas by running the following SQL:
$ sudo su - postgres
$ psql -c "\l"
$ psql -c "\dn+"
If any database or schema has update ("W") or create ("C") privileges and should not, this is a finding.
M
3994