STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

PostgreSQL must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

DISA Rule

SV-214135r508027_rule

Vulnerability Number

V-214135

Group Title

SRG-APP-000389-DB-000372

Rule Version

PGS9-00-010100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Modify and/or configure PostgreSQL and related applications and tools so that users are always required to reauthenticate when changing role or escalating privileges.

To make a single user re-authenticate, the following must be present:

SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'

To make all users re-authenticate, the following must be present:

SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'

Check Contents

Determine all situations where a user must re-authenticate. Check if the mechanisms that handle such situations use the following SQL:

To make a single user re-authenticate, the following must be present:

SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'

To make all users re-authenticate, run the following:

SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'

If the provided SQL does not force re-authentication, this is a finding.

Vulnerability Number

V-214135

Documentable

False

Rule Version

PGS9-00-010100

Severity Override Guidance

Determine all situations where a user must re-authenticate. Check if the mechanisms that handle such situations use the following SQL:

To make a single user re-authenticate, the following must be present:

SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user='<username>'

To make all users re-authenticate, run the following:

SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE user LIKE '%'

If the provided SQL does not force re-authentication, this is a finding.

Check Content Reference

M

Target Key

3994

Comments