STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233597r617333_rule
V-233597
SRG-APP-000380-DB-000360
CD12-00-009600
CAT II
10
Configure PostgreSQL to enforce access restrictions associated with changes to the configuration of PostgreSQL or database(s).
Use ALTER ROLE to remove accesses from roles:
$ psql -c "ALTER ROLE <role_name> NOSUPERUSER"
Use REVOKE to remove privileges from databases and schemas:
$ psql -c "REVOKE ALL PRIVILEGES ON <table> FROM <role_name>"
To list all the permissions of individual roles, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "\du
If any role has SUPERUSER that should not, this is a finding.
Next, list all the permissions of databases and schemas by running the following SQL:
$ sudo su - postgres
$ psql -c "\l"
$ psql -c "\dn+"
If any database or schema has update ("W") or create ("C") privileges and should not, this is a finding.
V-233597
False
CD12-00-009600
To list all the permissions of individual roles, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "\du
If any role has SUPERUSER that should not, this is a finding.
Next, list all the permissions of databases and schemas by running the following SQL:
$ sudo su - postgres
$ psql -c "\l"
$ psql -c "\dn+"
If any database or schema has update ("W") or create ("C") privileges and should not, this is a finding.
M
5254