STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233539r617333_rule
V-233539
SRG-APP-000133-DB-000200
CD12-00-003100
CAT II
10
Assign ownership of authorized objects to authorized object owner accounts.
#### Schema Owner
To create a schema owned by the user bob, run the following SQL:
$ sudo su - postgres
$ psql -c "CREATE SCHEMA test AUTHORIZATION bob"
To alter the ownership of an existing object to be owned by the user "bob", run the following SQL:
$ sudo su - postgres
$ psql -c "ALTER SCHEMA test OWNER TO bob"
Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s).
If any database objects are found to be owned by users not authorized to own database objects, this is a finding.
To check the ownership of objects in the database, as the database administrator, run the following SQL:
$ sudo su - postgres
$ psql -x -c "\dn *.*"
$ psql -x -c "\dt *.*"
$ psql -x -c "\ds *.*"
$ psql -x -c "\dv *.*"
$ psql -x -c "\df+ *.*"
If any object is not owned by an authorized role for ownership, this is a finding.
V-233539
False
CD12-00-003100
Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s).
If any database objects are found to be owned by users not authorized to own database objects, this is a finding.
To check the ownership of objects in the database, as the database administrator, run the following SQL:
$ sudo su - postgres
$ psql -x -c "\dn *.*"
$ psql -x -c "\dt *.*"
$ psql -x -c "\ds *.*"
$ psql -x -c "\dv *.*"
$ psql -x -c "\df+ *.*"
If any object is not owned by an authorized role for ownership, this is a finding.
M
5254