STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

PostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

DISA Rule

SV-214061r508027_rule

Vulnerability Number

V-214061

Group Title

SRG-APP-000180-DB-000115

Rule Version

PGS9-00-001400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To drop a role, as the database administrator (shown here as "postgres"), run the following SQL:

$ sudo su - postgres
$ psql -c "DROP ROLE <role_to_drop>"

To create a role, as the database administrator, run the following SQL:

$ sudo su - postgres
$ psql -c "CREATE ROLE <role name> LOGIN"

For the complete list of permissions allowed by roles, see the official documentation: https://www.postgresql.org/docs/current/static/sql-createrole.html

Check Contents

PostgreSQL uniquely identifies and authenticates PostgreSQL users through the use of DBMS roles.

To list all roles in the database, as the database administrator (shown here as "postgres"), run the following SQL:

$ sudo su - postgres
$ psql -c "\du"

If users are not uniquely identified as per organizational documentation, this is a finding.

Vulnerability Number

V-214061

Documentable

False

Rule Version

PGS9-00-001400

Severity Override Guidance

PostgreSQL uniquely identifies and authenticates PostgreSQL users through the use of DBMS roles.

To list all roles in the database, as the database administrator (shown here as "postgres"), run the following SQL:

$ sudo su - postgres
$ psql -c "\du"

If users are not uniquely identified as per organizational documentation, this is a finding.

Check Content Reference

M

Target Key

3994

Comments