STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed.

DISA Rule

SV-214084r508027_rule

Vulnerability Number

V-214084

Group Title

SRG-APP-000454-DB-000389

Rule Version

PGS9-00-004300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Use package managers (RPM or apt-get) for installing PostgreSQL. Unused software is removed when updated.

Check Contents

To check software installed by packages, as the system administrator, run the following command:

# RHEL/CENT Systems
$ sudo rpm -qa | grep postgres

If multiple versions of postgres are installed but are unused, this is a finding.

Vulnerability Number

V-214084

Documentable

False

Rule Version

PGS9-00-004300

Severity Override Guidance

To check software installed by packages, as the system administrator, run the following command:

# RHEL/CENT Systems
$ sudo rpm -qa | grep postgres

If multiple versions of postgres are installed but are unused, this is a finding.

Check Content Reference

M

Target Key

3994

Comments