STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-213595r508024_rule

Vulnerability Number

V-213595

Group Title

SRG-APP-000142-DB-000094

Rule Version

PPS9-00-004100

Severity

CAT II

CCI(s)

CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

Fix Recommendation

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET port = <port>;
ALTER SYSTEM SET listen_addresses = <comma separated addresses>;

Execute the following operating system command as root:

systemctl restart ppas-9.5.service

Check Contents

Execute the following SQL as enterprisedb:

SHOW port;
SHOW listen_addresses;

If the port or addresses are not approved, this is a finding.

Vulnerability Number

V-213595

Documentable

False

Rule Version

PPS9-00-004100

Severity Override Guidance

Execute the following SQL as enterprisedb:

SHOW port;
SHOW listen_addresses;

If the port or addresses are not approved, this is a finding.

Check Content Reference

Target Key

3988

The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments