STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233523r617333_rule
V-233523
SRG-APP-000133-DB-000362
CD12-00-001300
CAT II
10
As the database administrator, revoke any permissions from a role that are deemed unnecessary by running the following SQL:
ALTER ROLE bob NOCREATEDB;
ALTER ROLE bob NOCREATEROLE;
ALTER ROLE bob NOSUPERUSER;
ALTER ROLE bob NOINHERIT;
REVOKE SELECT ON some_function FROM bob;
Note: The following instructions use the PGDATA environment variable. See supplementary content APPENDIX-F for instructions on configuring PGDATA.
As the database administrator (shown here as "postgres"), list all users and their permissions by running the following SQL:
$ sudo su - postgres
$ psql -c "\dp *.*"
Verify that all objects have the correct privileges. If they do not, this is a finding.
Next, as the database administrator (shown here as "postgres"), verify the permissions of the database directory on the filesystem:
$ ls -la ${PGDATA?}
If permissions of the database directory are not limited to an authorized user account, this is a finding.
V-233523
False
CD12-00-001300
Note: The following instructions use the PGDATA environment variable. See supplementary content APPENDIX-F for instructions on configuring PGDATA.
As the database administrator (shown here as "postgres"), list all users and their permissions by running the following SQL:
$ sudo su - postgres
$ psql -c "\dp *.*"
Verify that all objects have the correct privileges. If they do not, this is a finding.
Next, as the database administrator (shown here as "postgres"), verify the permissions of the database directory on the filesystem:
$ ls -la ${PGDATA?}
If permissions of the database directory are not limited to an authorized user account, this is a finding.
M
5254