STIGQter STIGQter: STIG Summary: VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

In the event of a system failure, the vROps PostgreSQL DB must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

DISA Rule

SV-98921r1_rule

Vulnerability Number

V-88271

Group Title

SRG-APP-000226-DB-000147

Rule Version

VROM-PG-000255

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

At the command prompt, execute the following commands:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET <name> TO 'on';"
# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();"

Note: Substitute <name> with the incorrectly set parameter.

Check Contents

At the command prompt, execute the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT name, setting FROM pg_settings WHERE name IN ('fsync','full_page_writes','synchronous_commit');"

If "fsync", "full_page_writes", and "synchronous_commit" are not set to "on", this is a finding.

The command should return the below lines:
name | setting
---------------------------+---------
fsync | on
full_page_writes | on
synchronous_commit | on
(3 rows)

Vulnerability Number

V-88271

Documentable

False

Rule Version

VROM-PG-000255

Severity Override Guidance

At the command prompt, execute the following command:

# /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT name, setting FROM pg_settings WHERE name IN ('fsync','full_page_writes','synchronous_commit');"

If "fsync", "full_page_writes", and "synchronous_commit" are not set to "on", this is a finding.

The command should return the below lines:
name | setting
---------------------------+---------
fsync | on
full_page_writes | on
synchronous_commit | on
(3 rows)

Check Content Reference

M

Target Key

3445

Comments