STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214145r508027_rule
V-214145
SRG-APP-000224-DB-000384
PGS9-00-011400
CAT II
10
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
To configure PostgreSQL to use SSL, as a database owner (shown here as "postgres"), edit postgresql.conf:
$ sudo su - postgres
$ vi ${PGDATA?}/postgresql.conf
Add the following parameter:
ssl = on
Now, as the system administrator, reload the server with the new configuration:
# SYSTEMD SERVER ONLY
$ sudo systemctl reload postgresql-${PGVER?}
# INITD SERVER ONLY
$ sudo service postgresql-${PGVER?} reload
For more information on configuring PostgreSQL to use SSL, see supplementary content APPENDIX-G.
For further SSL configurations, see the official documentation: https://www.postgresql.org/docs/current/static/ssl-tcp.html
To check if PostgreSQL is configured to use ssl, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW ssl"
If this is not set to on, this is a finding.
V-214145
False
PGS9-00-011400
To check if PostgreSQL is configured to use ssl, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW ssl"
If this is not set to on, this is a finding.
M
3994