STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233604r617333_rule
V-233604
SRG-APP-000095-DB-000039
CD12-00-010400
CAT II
10
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER.
To ensure that logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.
If logging is enabled the following configurations must be made to log connections, date/time, username and session identifier.
First, edit the postgresql.conf file as a privileged user:
$ sudo su - postgres
$ vi ${PGDATA?}/postgresql.conf
Edit the following parameters based on the organization's needs (minimum requirements are as follows):
log_connections = on
log_disconnections = on
log_line_prefix = '< %m %u %d %c: >'
Now, as the system administrator, reload the server with the new configuration:
$ sudo systemctl reload postgresql-${PGVER?}
As the database administrator (shown here as "postgres"), verify the current log_line_prefix setting:
$ sudo su - postgres
$ psql -c "SHOW log_line_prefix"
Verify that the current settings are appropriate for the organization.
The following is what is possible for logged information:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session processes
If the audit record does not log events required by the organization, this is a finding.
Next, verify the current settings of log_connections and log_disconnections by running the following SQL:
$ psql -c "SHOW log_connections"
$ psql -c "SHOW log_disconnections"
If either setting is off, this is a finding.
V-233604
False
CD12-00-010400
As the database administrator (shown here as "postgres"), verify the current log_line_prefix setting:
$ sudo su - postgres
$ psql -c "SHOW log_line_prefix"
Verify that the current settings are appropriate for the organization.
The following is what is possible for logged information:
# %a = application name
# %u = user name
# %d = database name
# %r = remote host and port
# %h = remote host
# %p = process ID
# %t = timestamp without milliseconds
# %m = timestamp with milliseconds
# %i = command tag
# %e = SQL state
# %c = session ID
# %l = session line number
# %s = session start timestamp
# %v = virtual transaction ID
# %x = transaction ID (0 if none)
# %q = stop here in non-session processes
If the audit record does not log events required by the organization, this is a finding.
Next, verify the current settings of log_connections and log_disconnections by running the following SQL:
$ psql -c "SHOW log_connections"
$ psql -c "SHOW log_disconnections"
If either setting is off, this is a finding.
M
5254