STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-213604r508024_rule
V-213604
SRG-APP-000231-DB-000154
PPS9-00-005700
CAT II
10
Create an encrypted partition to host the "<postgresql data directory>" directory. This can be done at the OS level with a technology such as db-crypt or other encryption technologies provided by third-party tools.
One option is to use LUKS as documented here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Encryption.html
(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)
If the application owner and Authorizing Official have determined that encryption of data at rest is NOT required, this is not a finding.
Execute the following command as root:
> df
If the mounted filesystem where "<postgresql data directory>" exists is not located on an encrypted disk partition, this is a finding.
(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)
V-213604
False
PPS9-00-005700
If the application owner and Authorizing Official have determined that encryption of data at rest is NOT required, this is not a finding.
Execute the following command as root:
> df
If the mounted filesystem where "<postgresql data directory>" exists is not located on an encrypted disk partition, this is a finding.
(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)
M
3988