STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.

DISA Rule

SV-213623r508024_rule

Vulnerability Number

V-213623

Group Title

SRG-APP-000359-DB-000319

Rule Version

PPS9-00-008000

Severity

CAT II

CCI(s)

• CCI-001855 - The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Weight

10

Fix Recommendation

Install PEM and configure a probe to monitor "<postgresql data directory>" and notify appropriate support staff upon storage volume utilization reaching 75 percent.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Example steps for creating a probe are below, using the thin client (browser) PEM interface. Refer also to the Supplemental Procedures document, supplied with this STIG.

Open the PEM web console in a browser

- Log in
- Click on the agent for the machine to be monitored
- Select "Management | Probe Configuration"
- Select "Disk Space" and set the check interval as you like
- Select "Management | Alerting"
- Name the definition "Audit Log Full"
- Select Template "Disk Consumption Percentage"
- Set Frequency, Comparison Operator, and Thresholds (1 minute, >,
95/96/97 for example)
- Enter the Mount Point for where the audit log is
- Click Notification tab
- Click Email all alerts
- Click "Execute Script" on Monitored Server
- Enter script to showdown postgres, generally "service ppas-95 stop"
- Click Add/Change to save, click "OK" to exit dialog box

Check Contents

If Postgres Enterprise Manager (PEM) or another similar monitoring capability is not installed and configured to probe storage volume utilization of "<postgresql data directory>" and notify appropriate support staff upon storage volume utilization reaching 75 percent, this is a finding.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Vulnerability Number

V-213623

Documentable

False

Rule Version

PPS9-00-008000

Severity Override Guidance

If Postgres Enterprise Manager (PEM) or another similar monitoring capability is not installed and configured to probe storage volume utilization of "<postgresql data directory>" and notify appropriate support staff upon storage volume utilization reaching 75 percent, this is a finding.

(The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

Check Content Reference

M

Target Key

3988

Comments