STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

DISA Rule

SV-213596r508024_rule

Vulnerability Number

V-213596

Group Title

SRG-APP-000148-DB-000103

Rule Version

PPS9-00-004200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open "<postgresql data directory>/pg_hba.conf" in an editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If any rows have "trust" specified for the "METHOD" column, delete the rows or change them to other authentication methods.

Permitted methods in preferred order are: peer (local only), cert, ldap, sspi, pam, md5

Check Contents

Open "<postgresql data directory>/pg_hba.conf" in a viewer or editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If any rows have "trust" specified for the "METHOD" column, this is a finding.

Vulnerability Number

V-213596

Documentable

False

Rule Version

PPS9-00-004200

Severity Override Guidance

Open "<postgresql data directory>/pg_hba.conf" in a viewer or editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If any rows have "trust" specified for the "METHOD" column, this is a finding.

Check Content Reference

M

Target Key

3988

Comments