STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214140r508027_rule
V-214140
SRG-APP-000220-DB-000149
PGS9-00-010600
CAT II
10
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
As the database administrator (shown here as "postgres"), edit postgresql.conf:
$ sudo su - postgres
$ vi $PGDATA/postgresql.conf
Set the following parameters to organizational requirements:
statement_timeout = 10000 #milliseconds
tcp_keepalives_idle = 10 # seconds
tcp_keepalives_interval = 10 # seconds
tcp_keepalives_count = 10
Now, as the system administrator, restart the server with the new configuration:
# SYSTEMD SERVER ONLY
$ sudo systemctl restart postgresql-${PGVER?}
# INITD SERVER ONLY
$ sudo service postgresql-${PGVER?} restart
As the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW tcp_keepalives_idle"
$ psql -c "SHOW tcp_keepalives_interval"
$ psql -c "SHOW tcp_keepalives_count"
$ psql -c "SHOW statement_timeout"
If these settings are not set, this is a finding.
V-214140
False
PGS9-00-010600
As the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW tcp_keepalives_idle"
$ psql -c "SHOW tcp_keepalives_interval"
$ psql -c "SHOW tcp_keepalives_count"
$ psql -c "SHOW statement_timeout"
If these settings are not set, this is a finding.
M
3994