STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

PostgreSQL must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records.

DISA Rule

SV-233536r617333_rule

Vulnerability Number

V-233536

Group Title

SRG-APP-000109-DB-000321

Rule Version

CD12-00-002800

Severity

CAT III

CCI(s)

• CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

10

Fix Recommendation

Establish a process with accompanying tools for monitoring available disk space and ensuring that sufficient disk space is maintained in order to continue generating audit logs, overwriting the oldest existing records if necessary.

Check Contents

If the AO approved system documentation states that system availability takes precedence, this requirement is not applicable (NA).

If an externally managed and monitored partition or logical volume that can be grown dynamically is being used for logging, this is not a finding.

If PostgreSQL is auditing to a directory that is not being actively checked for availability of disk space, and if a tool, utility, script, or other mechanism is not being used to ensure sufficient disk space is available for the creation of new audit logs, this is a finding.

If a tool, utility, script, or other mechanism is being used to rotate audit logs, and oldest logs are not being removed to ensure sufficient space for newest logs, or oldest logs are not being replaced by newest logs, this is a finding.

Vulnerability Number

V-233536

Documentable

False

Rule Version

CD12-00-002800

Severity Override Guidance

If the AO approved system documentation states that system availability takes precedence, this requirement is not applicable (NA).

If an externally managed and monitored partition or logical volume that can be grown dynamically is being used for logging, this is not a finding.

If PostgreSQL is auditing to a directory that is not being actively checked for availability of disk space, and if a tool, utility, script, or other mechanism is not being used to ensure sufficient disk space is available for the creation of new audit logs, this is a finding.

If a tool, utility, script, or other mechanism is being used to rotate audit logs, and oldest logs are not being removed to ensure sufficient space for newest logs, or oldest logs are not being replaced by newest logs, this is a finding.

Check Content Reference

M

Target Key

5254

Comments