STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233579r617333_rule
V-233579
SRG-APP-000441-DB-000378
CD12-00-007200
CAT II
10
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
Implement protective measures against unauthorized disclosure and modification during preparation for transmission.
To configure PostgreSQL to use SSL, as a database administrator (shown here as "postgres"), edit postgresql.conf:
$ sudo su - postgres
$ vi ${PGDATA?}/postgresql.conf
Add the following parameter:
ssl = on
Next, as the system administrator, reload the server with the new configuration:
$ sudo systemctl reload postgresql-${PGVER?}
For more information on configuring PostgreSQL to use SSL, see supplementary content APPENDIX-G.
If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.
As the database administrator (shown here as "postgres"), verify SSL is enabled by running the following SQL:
$ sudo su - postgres
$ psql -c "SHOW ssl"
If SSL is not enabled, this is a finding.
If PostgreSQL does not employ protective measures against unauthorized disclosure and modification during preparation for transmission, this is a finding.
V-233579
False
CD12-00-007200
If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.
As the database administrator (shown here as "postgres"), verify SSL is enabled by running the following SQL:
$ sudo su - postgres
$ psql -c "SHOW ssl"
If SSL is not enabled, this is a finding.
If PostgreSQL does not employ protective measures against unauthorized disclosure and modification during preparation for transmission, this is a finding.
M
5254