STIGQter STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

PostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

DISA Rule

SV-233524r617333_rule

Vulnerability Number

V-233524

Group Title

SRG-APP-000180-DB-000115

Rule Version

CD12-00-001400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To drop a role, as the database administrator (shown here as "postgres"), run the following SQL:

$ sudo su - postgres
$ psql -c "DROP ROLE <role_to_drop>"

To create a role, as the database administrator, run the following SQL:

$ sudo su - postgres
$ psql -c "CREATE ROLE <role name> LOGIN"

For the complete list of permissions allowed by roles, see the official documentation: https://www.postgresql.org/docs/current/static/sql-createrole.html

Check Contents

PostgreSQL uniquely identifies and authenticates PostgreSQL users through the use of DBMS roles.

To list all roles in the database, as the database administrator (shown here as "postgres"), run the following SQL:

$ sudo su - postgres
$ psql -c "\du"

If users are not uniquely identified per organizational documentation, this is a finding.

Vulnerability Number

V-233524

Documentable

False

Rule Version

CD12-00-001400

Severity Override Guidance

PostgreSQL uniquely identifies and authenticates PostgreSQL users through the use of DBMS roles.

To list all roles in the database, as the database administrator (shown here as "postgres"), run the following SQL:

$ sudo su - postgres
$ psql -c "\du"

If users are not uniquely identified per organizational documentation, this is a finding.

Check Content Reference

M

Target Key

5254

Comments