SV-233589r617333_rule
V-233589
SRG-APP-000092-DB-000208
CD12-00-008600
CAT II
10
Configure PostgreSQL to enable auditing.
To ensure logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.
For session logging, using pgaudit is recommended. For instructions on how to setup pgaudit, see supplementary content APPENDIX-B.
As the database administrator (shown here as "postgres"), check the current settings by running the following SQL:
$ sudo su - postgres
$ psql -c "SHOW shared_preload_libraries"
If pgaudit is not in the current setting, this is a finding.
As the database administrator (shown here as "postgres"), check the current settings by running the following SQL:
$ psql -c "SHOW log_destination"
If stderr or syslog are not in the current setting, this is a finding.
V-233589
False
CD12-00-008600
As the database administrator (shown here as "postgres"), check the current settings by running the following SQL:
$ sudo su - postgres
$ psql -c "SHOW shared_preload_libraries"
If pgaudit is not in the current setting, this is a finding.
As the database administrator (shown here as "postgres"), check the current settings by running the following SQL:
$ psql -c "SHOW log_destination"
If stderr or syslog are not in the current setting, this is a finding.
M
5254