STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

PostgreSQL must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

DISA Rule

SV-233516r617333_rule

Vulnerability Number

V-233516

Group Title

SRG-APP-000266-DB-000162

Rule Version

CD12-00-000600

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.

As the database administrator, edit "postgresql.conf":

$ sudo su - postgres
$ vi $PGDATA/postgresql.conf

Change the client_min_messages parameter to be "error":

client_min_messages = error

Reload the server with the new configuration (this just reloads settings currently in memory; it will not cause an interruption):

$ sudo systemctl reload postgresql-${PGVER?}

Check Contents

As the database administrator, run the following SQL:

SELECT current_setting('client_min_messages');

If client_min_messages is not set to error, this is a finding.

Vulnerability Number

V-233516

Documentable

False

Rule Version

CD12-00-000600

Severity Override Guidance

As the database administrator, run the following SQL:

SELECT current_setting('client_min_messages');

If client_min_messages is not set to error, this is a finding.

Check Content Reference

M

Target Key

5254

Comments