STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

PostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.

DISA Rule

SV-233542r617333_rule

Vulnerability Number

V-233542

Group Title

SRG-APP-000101-DB-000044

Rule Version

CD12-00-003500

Severity

CAT II

CCI(s)

• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Weight

10

Fix Recommendation

Configure PostgreSQL audit settings to include all organization-defined detailed information in the audit records for audit events identified by type, location, or subject.

Using pgaudit, PostgreSQL can be configured to audit these requests. See supplementary content APPENDIX-B for documentation on installing pgaudit.

To ensure that logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.

Check Contents

Note: The following instructions use the PGDATA and PGLOG environment variables. See supplementary content APPENDIX-F and APPENDIX-I for instructions on configuring them.

Review the system documentation to identify what additional information the organization has determined necessary.

Check PostgreSQL settings by examining ${PGDATA?}/postgresql.conf to ensure additional auditing is configured and then examine existing audit records in ${PGLOG?}/<latest.log> to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject after executing SQL commands that fall under the additional audit classes.

If any additional information is defined and is not contained in the audit records, this is a finding.

Vulnerability Number

V-233542

Documentable

False

Rule Version

CD12-00-003500

Severity Override Guidance

Note: The following instructions use the PGDATA and PGLOG environment variables. See supplementary content APPENDIX-F and APPENDIX-I for instructions on configuring them.

Review the system documentation to identify what additional information the organization has determined necessary.

Check PostgreSQL settings by examining ${PGDATA?}/postgresql.conf to ensure additional auditing is configured and then examine existing audit records in ${PGLOG?}/<latest.log> to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject after executing SQL commands that fall under the additional audit classes.

If any additional information is defined and is not contained in the audit records, this is a finding.

Check Content Reference

M

Target Key

5254

Comments