STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233517r617333_rule
V-233517
SRG-APP-000133-DB-000179
CD12-00-000700
CAT II
10
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
As the database administrator (shown here as "postgres"), change the ownership and permissions of configuration files in PGDATA:
$ sudo su - postgres
$ chown postgres:postgres ${PGDATA?}/postgresql.conf
$ chmod 0600 ${PGDATA?}/postgresql.conf
As the server administrator, change the ownership and permissions of shared objects in /usr/pgsql-${PGVER?}/*.so
$ sudo chown root:root /usr/pgsql-${PGVER?}/lib/*.so
$ sudo chmod 0755 /usr/pgsql-${PGVER?}/lib/*.so
As the service administrator, change the ownership and permissions of executables in /usr/pgsql-${PGVER?}/bin:
$ sudo chown root:root /usr/pgsql-${PGVER?}/bin/*
$ sudo chmod 0755 /usr/pgsql-${PGVER?}/bin/*
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
As the database administrator (shown here as "postgres"), check the permissions of configuration files for the database:
$ sudo su - postgres
$ ls -la ${PGDATA?}
If any files are not owned by the database owner or have permissions allowing others to modify (write) configuration files, this is a finding.
As the server administrator, check the permissions on the shared libraries for PostgreSQL:
$ sudo ls -la /usr/pgsql-${PGVER?}
$ sudo ls -la /usr/pgsql-${PGVER?}/bin
$ sudo ls -la /usr/pgsql-${PGVER?}/include
$ sudo ls -la /usr/pgsql-${PGVER?}/lib
$ sudo ls -la /usr/pgsql-${PGVER?}/share
If any files are not owned by root or have permissions allowing others to modify (write) configuration files, this is a finding.
V-233517
False
CD12-00-000700
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
As the database administrator (shown here as "postgres"), check the permissions of configuration files for the database:
$ sudo su - postgres
$ ls -la ${PGDATA?}
If any files are not owned by the database owner or have permissions allowing others to modify (write) configuration files, this is a finding.
As the server administrator, check the permissions on the shared libraries for PostgreSQL:
$ sudo ls -la /usr/pgsql-${PGVER?}
$ sudo ls -la /usr/pgsql-${PGVER?}/bin
$ sudo ls -la /usr/pgsql-${PGVER?}/include
$ sudo ls -la /usr/pgsql-${PGVER?}/lib
$ sudo ls -la /usr/pgsql-${PGVER?}/share
If any files are not owned by root or have permissions allowing others to modify (write) configuration files, this is a finding.
M
5254