STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

EDB Postgres Advanced Server software modules, to include stored procedures, functions, and triggers must be monitored to discover unauthorized changes.

DISA Rule

SV-224155r508023_rule

Vulnerability Number

V-224155

Group Title

SRG-APP-000133-DB-000179

Rule Version

EP11-00-003210

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Regularly run a check similar to this:

move <postgresql data directory>\latest.schema <postgresql data directory>\previous.schema

C:\Program Files\edb\as<version>\bin\pg_dump -s -d edb -f <postgresql data directory>\latest.schema

FC <postgresql data directory>\previous.schema <postgresql data directory>\latest.schema

If any differences are shown, ensure the differences are expected.

Check Contents

Review monitoring procedures and implementation evidence to verify monitoring of changes to database software libraries, related applications, and configuration files is being performed.

If the database schema (includes functions, procedures, schemas, extensions, etc.) is not being regularly checked for changes, this is a finding.

Vulnerability Number

V-224155

Documentable

False

Rule Version

EP11-00-003210

Severity Override Guidance

Review monitoring procedures and implementation evidence to verify monitoring of changes to database software libraries, related applications, and configuration files is being performed.

If the database schema (includes functions, procedures, schemas, extensions, etc.) is not being regularly checked for changes, this is a finding.

Check Content Reference

M

Target Key

4107

Comments