STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.

DISA Rule

SV-214133r508027_rule

Vulnerability Number

V-214133

Group Title

SRG-APP-000359-DB-000319

Rule Version

PGS9-00-009900

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.

Configure the system to notify appropriate support staff immediately upon storage volume utilization reaching 75%. 

PostgreSQL does not monitor storage, however, it is possible to monitor storage with a script. 

##### Example Monitoring Script 

#!/bin/bash 

PGDATA=/var/lib/psql/${PGVER?}/data 
CURRENT=$(df ${PGDATA?} | grep / | awk '{ print $5}' | sed 's/%//g') 
THRESHOLD=75 

if [ "$CURRENT" -gt "$THRESHOLD" ] ; then 
mail -s 'Disk Space Alert' mail@support.com << EOF 
The data directory volume is almost full. Used: $CURRENT 
%EOF 
fi 

Schedule this script in cron to run around the clock.

Check Contents

Review system configuration.

If no script/tool is monitoring the partition for the PostgreSQL log directories, this is a finding.

If appropriate support staff are not notified immediately upon storage volume utilization reaching 75%, this is a finding.

Vulnerability Number

V-214133

Documentable

False

Rule Version

PGS9-00-009900

Severity Override Guidance

Review system configuration.

If no script/tool is monitoring the partition for the PostgreSQL log directories, this is a finding.

If appropriate support staff are not notified immediately upon storage volume utilization reaching 75%, this is a finding.

Check Content Reference

M

Target Key

3994

Comments