STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233601r617333_rule
V-233601
SRG-APP-000389-DB-000372
CD12-00-010100
CAT II
10
Modify and/or configure PostgreSQL and related applications and tools so that users are always required to reauthenticate when changing role or escalating privileges.
To make a single user re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'
To make all users re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'
Determine all situations where a user must re-authenticate. Check if the mechanisms that handle such situations use the following SQL:
To make a single user re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'
To make all users re-authenticate, run the following:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'
If the provided SQL does not force re-authentication, this is a finding.
V-233601
False
CD12-00-010100
Determine all situations where a user must re-authenticate. Check if the mechanisms that handle such situations use the following SQL:
To make a single user re-authenticate, the following must be present:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'
To make all users re-authenticate, run the following:
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'
If the provided SQL does not force re-authentication, this is a finding.
M
5254