STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server.

DISA Rule

SV-213600r508024_rule

Vulnerability Number

V-213600

Group Title

SRG-APP-000176-DB-000068

Rule Version

PPS9-00-004600

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Run these commands:

1) "chown enterprisedb <postgresql data directory>/server.key"

2) "chgrp enterprisedb <postgresql data directory>/server.key"

3) "chmod 600 <postgresql data directory>/server.key"

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Check Contents

Verify User ownership, Group ownership, and permissions on the “server.key” file:
> ls –alL <postgresql data directory>/server.key
If the User owner is not “enterprisedb”, this is a finding
If the Group owner is not “enterprisedb”, this is a finding.
If the file is more permissive than 600, this is a finding.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Vulnerability Number

V-213600

Documentable

False

Rule Version

PPS9-00-004600

Severity Override Guidance

Verify User ownership, Group ownership, and permissions on the “server.key” file:
> ls –alL <postgresql data directory>/server.key
If the User owner is not “enterprisedb”, this is a finding
If the Group owner is not “enterprisedb”, this is a finding.
If the file is more permissive than 600, this is a finding.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Check Content Reference

M

Target Key

3988

Comments