STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-224197r508023_rule
V-224197
SRG-APP-000357-DB-000316
EP11-00-007900
CAT II
10
Allocate sufficient audit file space to the partition containing the EDB Audit directory to support peak demand.
Note that the EDB audit log directory is configured by the edb_audit_directory parameter. By default, the edb_audit_directory is set to "edb_audit", which results in an "edb_audit" directory being created under the EPAS cluster's data directory for audit logs if auditing is enabled.
Investigate whether there have been any incidents where the DBMS ran out of audit log space since the last time the space was allocated or other corrective measures were taken.
If there have been incidents, this is a finding.
To check how much storage capacity is available for audit records, first determine the location where the EDB audit logs are being written by executing the following command run from a Windows command prompt:
psql -d <database name> -U <database superuser name> -c "SHOW edb_audit_directory"
where, <database name> is any database in the EDB postgres instance and <database superuser name> is a database superuser. By default, a database named "edb" and a superuser named "enterprisedb" are installed with EDB Postgres Advanced Server (EPAS).
Note that the default location for the EDB postgresql data directory is found in the directory where EDB Postgres Advanced Server is installed. The location of the data directory for a running postgres instance can be found using the following command run from a Windows command prompt:
psql -d <database name> -U <database superuser name> -c "SHOW data_directory"
where, <database name> is any database in the EDB postgres instance and <database superuser name> is a database superuser. By default, a database named "edb" and a superuser named "enterprisedb" are installed with EDB Postgres Advanced Server (EPAS).
If the default path is used for the postgresql data directory and the default setting of "edb_audit" is used for the edb_audit_directory parameter, the path to the EDB audit directory would be <EDB Postgres data directory>\edb_audit. Depending on the version of EPAS installed, the options selected during installation, and the edb_audit_directory parameter setting, the path to the data directory and the EDB audit directory may be different.
With the EDB audit directory identified, note the disk on which this directory exists. Use the Windows Disk Management panel to determine how much space has been allocated to the disk and how much space remains. The Disk Management panel can be opened via "Start > Run > diskmgmt.msc". To determine the capacity, used, and free space on the disk via the Windows Explorer, right click to select the disk, and then select the "Properties" menu option. To determine how much space is currently being consumed by the audit log using Windows Explorer, right click select the audit directory and then select the "Properties" menu option.
If the remaining storage on the disk does not meet organizationally defined audit record storage requirements, this is a finding.
V-224197
False
EP11-00-007900
Investigate whether there have been any incidents where the DBMS ran out of audit log space since the last time the space was allocated or other corrective measures were taken.
If there have been incidents, this is a finding.
To check how much storage capacity is available for audit records, first determine the location where the EDB audit logs are being written by executing the following command run from a Windows command prompt:
psql -d <database name> -U <database superuser name> -c "SHOW edb_audit_directory"
where, <database name> is any database in the EDB postgres instance and <database superuser name> is a database superuser. By default, a database named "edb" and a superuser named "enterprisedb" are installed with EDB Postgres Advanced Server (EPAS).
Note that the default location for the EDB postgresql data directory is found in the directory where EDB Postgres Advanced Server is installed. The location of the data directory for a running postgres instance can be found using the following command run from a Windows command prompt:
psql -d <database name> -U <database superuser name> -c "SHOW data_directory"
where, <database name> is any database in the EDB postgres instance and <database superuser name> is a database superuser. By default, a database named "edb" and a superuser named "enterprisedb" are installed with EDB Postgres Advanced Server (EPAS).
If the default path is used for the postgresql data directory and the default setting of "edb_audit" is used for the edb_audit_directory parameter, the path to the EDB audit directory would be <EDB Postgres data directory>\edb_audit. Depending on the version of EPAS installed, the options selected during installation, and the edb_audit_directory parameter setting, the path to the data directory and the EDB audit directory may be different.
With the EDB audit directory identified, note the disk on which this directory exists. Use the Windows Disk Management panel to determine how much space has been allocated to the disk and how much space remains. The Disk Management panel can be opened via "Start > Run > diskmgmt.msc". To determine the capacity, used, and free space on the disk via the Windows Explorer, right click to select the disk, and then select the "Properties" menu option. To determine how much space is currently being consumed by the audit log using Windows Explorer, right click select the audit directory and then select the "Properties" menu option.
If the remaining storage on the disk does not meet organizationally defined audit record storage requirements, this is a finding.
M
4107