SV-214148r508027_rule
V-214148
SRG-APP-000340-DB-000304
PGS9-00-011700
CAT I
10
Configure PostgreSQL security to protect all privileged functionality.
If pl/R and pl/Python are used, document their intended use, document users that have access to pl/R and pl/Python, as well as their business use case, such as data-analytics or data-mining. Because of the risks associated with using pl/R and pl/Python, their use must have AO risk acceptance.
To remove unwanted extensions, use:
DROP EXTENSION <extension_name>
To remove unwanted privileges from a role, use the REVOKE command.
See the PostgreSQL documentation for more details: http://www.postgresql.org/docs/current/static/sql-revoke.html
Review the system documentation to obtain the definition of the PostgreSQL functionality considered privileged in the context of the system in question.
Review the PostgreSQL security configuration and/or other means used to protect privileged functionality from unauthorized use.
If the configuration does not protect all of the actions defined as privileged, this is a finding.
If PostgreSQL instance uses procedural languages, such as pl/Python or pl/R, without AO authorization, this is a finding.
V-214148
False
PGS9-00-011700
Review the system documentation to obtain the definition of the PostgreSQL functionality considered privileged in the context of the system in question.
Review the PostgreSQL security configuration and/or other means used to protect privileged functionality from unauthorized use.
If the configuration does not protect all of the actions defined as privileged, this is a finding.
If PostgreSQL instance uses procedural languages, such as pl/Python or pl/R, without AO authorization, this is a finding.
M
3994