STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

DISA Rule

SV-224130r508023_rule

Vulnerability Number

V-224130

Group Title

SRG-APP-000001-DB-000031

Rule Version

EP11-00-000100

Severity

CAT II

CCI(s)

CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

Fix Recommendation

Execute the following SQL as enterprisedb:

SELECT rolname, rolconnlimit FROM pg_roles;

For any roles where rolconnlimit is -1 or larger than the system documentation limits, execute this SQL as enterprisedb:

ALTER USER <role> WITH CONNECTION LIMIT <desired connection limit>;

Check Contents

Determine whether the system documentation specifies limits on the number of concurrent DBMS sessions per account by type of user. If it does not, assume a limit of 10 for database administrators and 2 for all other users.

Execute the following SQL as enterprisedb:

SELECT rolname, rolconnlimit FROM pg_roles;

If rolconnlimit is -1 or larger than the system documentation limits for any rolname, this is a finding.

Vulnerability Number

V-224130

Documentable

False

Rule Version

EP11-00-000100

Severity Override Guidance

Check Content Reference

Target Key

4107

The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments