STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.

DISA Rule

SV-213599r508024_rule

Vulnerability Number

V-213599

Group Title

SRG-APP-000175-DB-000067

Rule Version

PPS9-00-004500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open "<postgresql data directory>/pg_hba.conf" in an editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

For any rows that have TYPE of "hostssl", append "clientcert=1" in the OPTIONS column at the end of the line.

Check Contents

Open "<postgresql data directory>/pg_hba.conf" in a viewer or editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If any rows have TYPE of "hostssl" but do not include "clientcert=1" in the OPTIONS column at the end of the line, this is a finding.

Vulnerability Number

V-213599

Documentable

False

Rule Version

PPS9-00-004500

Severity Override Guidance

Open "<postgresql data directory>/pg_hba.conf" in a viewer or editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If any rows have TYPE of "hostssl" but do not include "clientcert=1" in the OPTIONS column at the end of the line, this is a finding.

Check Content Reference

M

Target Key

3988

Comments