STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214135r508027_rule
V-214135
SRG-APP-000389-DB-000372
PGS9-00-010100
CAT II
10
Modify and/or configure PostgreSQL and related applications and tools so that users are always required to reauthenticate when changing role or escalating privileges.
To make a single user re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'
To make all users re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'
Determine all situations where a user must re-authenticate. Check if the mechanisms that handle such situations use the following SQL:
To make a single user re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'
To make all users re-authenticate, run the following:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'
If the provided SQL does not force re-authentication, this is a finding.
V-214135
False
PGS9-00-010100
Determine all situations where a user must re-authenticate. Check if the mechanisms that handle such situations use the following SQL:
To make a single user re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'
To make all users re-authenticate, run the following:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'
If the provided SQL does not force re-authentication, this is a finding.
M
3994